Para celebrar este capítulo 200 vamos a tratar un tema muy interesante, hoy voy a hablaros de Nebula, un software que ha liberado Slack en github (https://github.com/slackhq/nebula).

Los binarios los tenéis en https://github.com/slackhq/nebula/releases.

El software nos permite crear nuestra propia SDN sin tener que depender de servicios de terceros como puede ser el caso de una instalación estándar de Zero Tier .

El software es muy sencillito y os va a permitir levantar vuestra SDN simplemente con un yaml como este (os marco en negrita lo que hay que tocar):

This is the nebula example configuration file. You must edit, at a minimum, the static_host_map, lighthouse, and firewall sections
Some options in this file are HUPable, including the pki section. (A HUP will reload credentials from disk without affecting existing tunnels)
PKI defines the location of credentials for this node. Each of these can also be inlined by using the yaml ": |" syntax.
pki:
# The CAs that are accepted by this node. Must contain one or more certificates created by 'nebula-cert ca'
ca: /etc/nebula/ca.crt
cert: /etc/nebula/servidor.crt
key: /etc/nebula/servidor.key
#blacklist is a list of certificate fingerprints that we will refuse to talk to
#blacklist:
# - c99d4e650533b92061b09918e838a5a0a6aaee21eed1d12fd937682865936c72
The static host map defines a set of hosts with fixed IP addresses on the internet (or any network).
A host can have multiple fixed IP addresses defined here, and nebula will try each when establishing a tunnel.
The syntax is:
"{nebula ip}": ["{routable ip/dns name}:{routable port}"]
Example, if your lighthouse has the nebula IP of 192.168.100.1 and has the real ip address of 100.64.22.11 and runs on port 4242:
static_host_map:
"192.168.100.1": ["xxx.xxx.com:4242"]
lighthouse:
# am_lighthouse is used to enable lighthouse functionality for a node. This should ONLY be true on nodes
# you have configured to be lighthouses in your network
am_lighthouse: true
# serve_dns optionally starts a dns listener that responds to various queries and can even be
# delegated to for resolution
#serve_dns: false
# interval is the number of seconds between updates from this node to a lighthouse.
# during updates, a node sends information about its current IP addresses to each node.
interval: 60
# hosts is a list of lighthouse hosts this node should report to and query from
# IMPORTANT: THIS SHOULD BE EMPTY ON LIGHTHOUSE NODES
hosts:
# - "192.168.100.1"
Port Nebula will be listening on. The default here is 4242. For a lighthouse node, the port should be defined,
however using port 0 will dynamically assign a port and is recommended for roaming nodes.
listen:
host: 0.0.0.0
port: 4242
# Sets the max number of packets to pull from the kernel for each syscall (under systems that support recvmmsg)
# default is 64, does not support reload
#batch: 64
# Configure socket buffers for the udp side (outside), leave unset to use the system defaults. Values will be doubled by the kernel
# Default is net.core.rmem_default and net.core.wmem_default (/proc/sys/net/core/rmem_default and /proc/sys/net/core/rmem_default)
# Maximum is limited by memory in the system,