NetExp: VXLAN on Tailscale as backbone for IGP
The network had been alive for quite a few years.
It had experienced from ZeroTier (being warned from IX for the crazy ARP packets) to manual Wireguard (painfully configuring each and every node's Pubkey and Privkey) to some hacky Python script to set up mesh for me.
[https://github.com/YuetAu-Network/bird]
The script works by detecting the hostname of the node and check which other nodes it should be connecting. By using a set of two Pub/Priv keys, it will determine which set it will be using and the other node will be using by the initials of the node. After that, it will try resolve the IP for the other side and create the Wireguard tunnel.
However, it is useless for nodes that is behind NAT. Tailscale comes in and helps us paved the road for going past NAT, but since it operates in Layer 3, it cannot forward traffic with IP not assign by them.
Hence, in order to be used for backbone, we need to lay VXLAN on top of Tailscale to be also to forward the traffic.
Code Time
Disclaimer
The following code is for your reference only. Author does not bear any responsibility of the result on misusing, copy-and-paste behavior. For any codes you try to copy into your terminal, please read thoroughly before executing.
You have been warned.
To create a new VXLAN on top of Tailscale
ip link add [Interface Name] type vxlan id [1-65534] dstport [1-65534] local [Node Tailscale IP]
Do NOT add
dev tailscale0at the back of the command. MTU will be clamp down to 1280 and unable to forward IPv6 traffic.
Connect it to other node
Since Tailscale doesn't support multicast packets, you will need to tell the VXLAN where are the other nodes.
bridge fdb append to 00:00:00:00:00:00 dst [Other Node Tailscale IP] dev [Interface Name]
Repeat this command until all other nodes is added into the FDB table
This command tells VXLAN where to connect to each other and
00:00:00:00:00:00tells it learn the MAC address by itself.
Set VXLAN Up and IP address
ip link set [Interface Name] up
ip address add fe80::1111 dev [Interface Name]
Since I am using Multi-Protocol BGP and IPv6 Extended Nexthop for IPv4. I will be adding only Link-Local IPv6 Address. Your millage may vary.
After you have executed commands on all nodes, you should be able to ping each and other with the following command.
ping [Node LL IPv6]%[Interface Name]
BIRD 2.15.1 ready.
bird> s p
Name Proto Table State Since Info
NET_ROUTE Static master4 up 2024-11-29 14:17:01
NET_ROUTEv6 Static master6 up 2024-11-29 14:17:01
RPKI_CloudFlare RPKI --- up 2024-12-01 10:40:11 Established
Device Device --- up 2024-11-29 14:17:01
NET_GugeNET_v6 BGP --- up 2024-11-29 14:17:24 Established
IBGP_DUMMY Direct --- up 2024-11-29 14:17:01
IBGP_HKG_VXLAN BGP --- up 2024-12-01 01:55:09 Established
IBGP_MCI_VXLAN BGP --- up 2024-11-29 17:39:30 Established
IBGP_SIN_VXLAN BGP --- up 2024-11-29 15:10:53 Established
IBGP_TPE_VXLAN BGP --- up 2024-11-29 15:11:01 Established
Kernel Kernel master4 up 2024-11-29 14:17:01
Kernelv6 Kernel master6 up 2024-11-29 14:17:01
From now on, I don't have to worry about Wireguard being disconnected and the whole network got partitioned anymore. Yay!