Would we still create Nebula today?

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  • superhighway84

    USENET-inspired, uncensorable, decentralized internet discussion system running on IPFS & OrbitDB

  • https://github.com/gravitl/netmaker

    Honorable mention:

    SuperHighway84 - more of a Usenet-inspired darknet, but I love the concept + the author's personal website:

    https://github.com/mrusme/superhighway84

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo
  • tinc

    a VPN daemon

  • But both Nebula and tinc max out at around 1 Gbit/s on my Hetzner servers, thus not using most of my 10 Gbit/s connectivity. This is because they cap out at 100% of 1 CPU. The Nebula issue about that was closed due to "inactivity" [2].

    I also observed that when Nebula operates at 100% CPU usage, you get lots of package loss. This causes software that expects reasonable timings on ~0.2ms links to fail (e.g. consensus software like Consul, or Ceph). This in turn led to flakiness / intermittent outages.

    I had to resolve to move the big data pushing softwares like Ceph outside of the VPN to get 10 Gbit/s speed for those, and to avoid downtimes due to the packet loss.

    Such software like Ceph has its own encryption, but I don't trust it, and that mistrust was recently proven right again [3].

    So I'm currently looking to move the Ceph into WireGuard.

    Summary: For small-data use, tinc and Nebula are fine, but if you start to push real data, they break.

    [1]: https://github.com/gsliepen/tinc/issues/218

    [2]: https://github.com/slackhq/nebula/issues/637

    [3]: https://github.com/google/security-research/security/advisor...

  • Nebula

    A scalable overlay networking tool with a focus on performance, simplicity and security

  • But both Nebula and tinc max out at around 1 Gbit/s on my Hetzner servers, thus not using most of my 10 Gbit/s connectivity. This is because they cap out at 100% of 1 CPU. The Nebula issue about that was closed due to "inactivity" [2].

    I also observed that when Nebula operates at 100% CPU usage, you get lots of package loss. This causes software that expects reasonable timings on ~0.2ms links to fail (e.g. consensus software like Consul, or Ceph). This in turn led to flakiness / intermittent outages.

    I had to resolve to move the big data pushing softwares like Ceph outside of the VPN to get 10 Gbit/s speed for those, and to avoid downtimes due to the packet loss.

    Such software like Ceph has its own encryption, but I don't trust it, and that mistrust was recently proven right again [3].

    So I'm currently looking to move the Ceph into WireGuard.

    Summary: For small-data use, tinc and Nebula are fine, but if you start to push real data, they break.

    [1]: https://github.com/gsliepen/tinc/issues/218

    [2]: https://github.com/slackhq/nebula/issues/637

    [3]: https://github.com/google/security-research/security/advisor...

  • action-dnclient

    Setup and enroll dnclient on a GitHub Action workflow

  • awesome-tunneling

    List of ngrok/Cloudflare Tunnel alternatives and other tunneling software and services. Focus on self-hosting.

  • We have a section for overlay networks on the tunneling list[0] I maintain. This is a very interesting space with some excellent software.

    I certainly have my gripes about the closed nature of Slack itself, in particular using a closed protocol when the model is clearly "federated" between multiple servers internally. That said, the contribution of something on the scale and quality of Nebula back to the open source community is hard to argue with.

    [0]: https://github.com/anderspitman/awesome-tunneling#overlay-ne...

  • innernet

    A private network system that uses WireGuard under the hood.

  • wesher

    wireguard overlay mesh network manager

  • https://github.com/costela/wesher

    Wiresmith: Rust, auto-configs clients into a mesh

  • SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  • wiresmith

    Auto-config WireGuard clients into a mesh

  • https://github.com/svenstaro/wiresmith

    Open source projects with company-backed SaaS offerings:

    Netbird: Golang, full-fledged solution (desktop clients, DNS, SSO, STUN/TURN, etc)

  • netbird

    Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.

  • Netmaker

    Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.

  • https://github.com/gravitl/netmaker

    Honorable mention:

    SuperHighway84 - more of a Usenet-inspired darknet, but I love the concept + the author's personal website:

    https://github.com/mrusme/superhighway84

  • security-research

    This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

  • But both Nebula and tinc max out at around 1 Gbit/s on my Hetzner servers, thus not using most of my 10 Gbit/s connectivity. This is because they cap out at 100% of 1 CPU. The Nebula issue about that was closed due to "inactivity" [2].

    I also observed that when Nebula operates at 100% CPU usage, you get lots of package loss. This causes software that expects reasonable timings on ~0.2ms links to fail (e.g. consensus software like Consul, or Ceph). This in turn led to flakiness / intermittent outages.

    I had to resolve to move the big data pushing softwares like Ceph outside of the VPN to get 10 Gbit/s speed for those, and to avoid downtimes due to the packet loss.

    Such software like Ceph has its own encryption, but I don't trust it, and that mistrust was recently proven right again [3].

    So I'm currently looking to move the Ceph into WireGuard.

    Summary: For small-data use, tinc and Nebula are fine, but if you start to push real data, they break.

    [1]: https://github.com/gsliepen/tinc/issues/218

    [2]: https://github.com/slackhq/nebula/issues/637

    [3]: https://github.com/google/security-research/security/advisor...

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Netmaker: An open source WireGuard VPN

    1 project | news.ycombinator.com | 23 Feb 2024
  • Remote access to a NAS from another location?

    1 project | /r/truenas | 14 Oct 2023
  • Show HN: Netmaker – Netmaker Goes Open Source

    1 project | news.ycombinator.com | 25 Sep 2023
  • Netmaker Transitions to Open source: Embracing the Apache-2.0 License

    1 project | /r/opensource | 24 Sep 2023
  • SD-WAN and SASE Solutions

    1 project | /r/sysadmin | 23 Sep 2023