...
Every ZeroTier instance has a self-hosting network controller that can be used to host virtual networks. A controller is responsible for admitting members to the network, and issuing default configuration information including certificates. Controllers can in theory host up to 2^24 networks and serve many millions of devices (or more), but we recommend spreading large numbers of networks across many controllers for load balancing and fault tolerance reasons.
Parameters
Property | Description |
---|---|
broadcast ( yes | no; Default: yes) | Allow receiving broadcast (FF:FF:FF:FF:FF:FF) packets. |
comment (string; Default: ) | Descriptive comment for the controller. |
copy-from (string; Default: ) | Copies an existing item. It takes default values of a new item's properties from another item. If you do not want to make an exact copy, you can specify new values for some properties. When copying items that have names, you will usually have to give a new name to a copy. |
instance (string; Default: zt1) | ZeroTier instance name. |
ip-range (IP; Default: ) | IP range, for example, 172.16.16.1-172.16.16.254. |
ip6-6plane ( yes | no; Default: no) | An option gives every member a /80 within a /40 network but uses NDP emulation to route all IPs under that /80 to their owner. The 6plane mode is great for use cases like Docker since it allows every member to assign IPv6 addresses within its /80 that just work instantly and globally across the network. |
ip6-rfc4193 ( yes | no; Default: no) | The rfc4193 mode gives every member a /128 on a /88 network. |
ip6-range (IPv6; Default: ) | IPv6 range, for example fd00:feed:feed:beef::-fd00:feed:feed:beef:ffff:ffff:ffff:ffff. |
mtu (integer; Default: 2800) | Network MTU. |
multicast-limit (integer: Default: 32) | Maximum recipients for a multicast packet. |
name (string; Default: ) | A short name for this controller. |
network (string; Default) | 16-digit network ID. |
private ( yes | no; Default: yes) | Enables access control. |
routes (IP@GW; Default: ) | Push routes in the following format: Routes ::= Route[,Routes] Route ::= Dst[@Gw] |
Configuration example
In the following example, we will use RouterOS built-in ZeroTier controller to send our new network hosts appropriate certificates, credentials, and configuration information. The controller will operate from the "RouterOS Home" device and we will join in our network 3 units: mobile phone, laptop, RouterOS Office device, but theoretically, you can join up to 100 devices in one network.
...
Note |
---|
Also all other new hosts you have to authorize under the /zerotier/controller/member/ section. |
Moons
All ZeroTier nodes on a planet effectively inhabit a single data center. This makes it easy to directly connect devices anywhere, but it has the disadvantage of not working without an Internet connection. A user-defined set of roots is called a moon. When a node “orbits” a moon, it adds the moon’s roots to its root server set. Nodes orbiting moons will still use planetary roots, but they’ll use the moon’s roots if they look faster or if nothing else is available.
More information you can find here, but further in this article, we will take a more detailed overview of very basic operations with moons in RouterOS.
Generate a moon
In the following example with the update-moon-json configuration command we generate a .json type file and its corresponding .moon file:
Code Block | ||
---|---|---|
| ||
[admin@office] /zerotier> update-moon-json identity=zt1 address=172.17.17.15
[admin@office] /zerotier> /file pr
Columns: NAME, TYPE, SIZE, CREATION-TIME
# NAME TYPE SIZE CREATION-TIME
0 000000879c0b5265.moon .moon file 259 jan/12/2022 16:10:06
1 000000879c0b5265.moon.json .json file 757 jan/12/2022 16:10:06
2 flash disk jan/12/2022 16:08:20
3 flash/skins directory jan/12/2022 02:00:20 |
The .json will contain something like:
Code Block |
---|
{
"id": "879c0b5265",
"objtype": "world",
"roots": [
{
"identity": "879c0b5265:0:d5fd2d17805e011d9b93ce8779385e427c8f405e520eea9284809d8444de0335a817xxb21aa4ba153bfbc229ca34d94e08de96d925a4aaa19b252da546693a28",
"stableEndpoints": [
"172.17.17.15"
]
}
],
"signingKey": "ed0cc50bda211da1fdb383629164f5411e74f954b8bb9db58369cb0749c3575a141a04b82ab0350e38f325fac5f87671ed1d7f171c5a7e9a238b097643a3612a",
"signingKey_SECRET": "f7963c501d8c254c8719ae9d1d6f9f442612aa888b63d668d1a78296a9b3463b09736014be27f561e85de3d4beaf57d3d3a859773110a5885d3fda9947062927",
"updatesMustBeSignedBy": "ed0cc50bda211da1fdb383629164f5411e74f954b8bb9db58369cb0794c3411a575a04b82ab0350e38f325fac5f87671ed1d7f171c5a7e9a238b097643a3612a",
"worldType": "moon"
} |
Add moon
If you configure update-moon-json with moon-json and existing .json file:
Code Block | ||
---|---|---|
| ||
[admin@Home] /zerotier> update-moon-json moon-json=000000879c0b5265.moon.json address=172.17.17.13 identity="deb55dc5b1:0:705c7afebc91bbed3ef81a754b0be4256c9edac702d2c7befd7da8f9c4ec2850a95fd3a863a4249f81c57a91ed784ab145bb915cf4b67abda2665e8775565307" |
First, we notice that the file size increases from 757 to 974:
Code Block | ||
---|---|---|
| ||
[admin@Home] /zerotier> /file print
Columns: NAME, TYPE, SIZE, CREATION-TIME
# NAME TYPE SIZE CREATION-TIME
0 000000879c0b5265.moon .moon file 338 jan/12/2022 16:30:56
1 000000879c0b5265.moon.json .json file 974 jan/12/2022 16:30:56
2 flash disk jan/12/2022 16:08:20
3 flash/skins directory jan/12/2022 02:00:20 |
By opening the updated .json file we can find an additional root:
Code Block |
---|
{
"id": "879c0b5265",
"objtype": "world",
"roots": [
{
"identity": "879c0b5265:0:d5fd2d17805e011d9b93ce8779385e427c8f405e520eea9284809d8444de0335a817ccb21aa4ba153bfbc229ca34d94e08de96d925a4aaa19b252da546693a28",
"stableEndpoints": [
"172.17.17.15"
]
},
{
"identity": "deb55dc5b1:0:705c7fmarc91bbed3ef81a754b0be4256c9edac702d2c7befd7da8f9c4ec2850a95fd3a863a4249f81c57a91ed784ab145bb915cf4b67abda2665e8775565307",
"stableEndpoints": [
"172.17.17.13"
]
}
],
"signingKey": "ed0cc50bda211da1fdb383629164f5411e74f954b8bb9db58369cb0749c3575a141a04b82ab0350e38f325fac5f87671ed1d7f171c5a7e9a238b097643a3612a",
"signingKey_SECRET": "f7963c501d8c254c8719ae9d1d6f9f442612aa888b63d668d1a78296a9b3463b09736014be27f561e85de3d4beaf57d3d3a859773110a5885d3fda9947062927",
"updatesMustBeSignedBy": "ed0cc50bda211da1fdb383629164f5411e74f954b8bb9db58369cb0794c3411a575a04b82ab0350e38f325fac5f87671ed1d7f171c5a7e9a238b097643a3612a",
"worldType": "moon"
} |
Export moon
As the self-explained export-moon command indicates, you can export the moon from the working ZeroTier instance:
Code Block | ||
---|---|---|
| ||
[admin@office] > zerotier/export-moon zt1 moon=000000deb55dc5b1
[admin@office] > file pr where name~"moon"
Columns: NAME, TYPE, SIZE, CREATION-TIME
# NAME TYPE SIZE CREATION-TIME
0 000000879c0b5265.moon .moon file 259 jan/12/2022 16:18:10 |
Import moon
To import a moon you have to select an instance and the moon file for import, in the following example we will import the moon from "RouterOS Office" to the "RouterOS Home" device:
Code Block | ||
---|---|---|
| ||
[admin@Home] /zerotier> peer/pr
Columns: INSTANCE, ZT-ADDRESS, LATENCY, ROLE, PATH
4 zt1 deb55dc5b1 29ms LEAF active,preferred,159.148.172.243/9993,recvd:3s962ms,sent:3s962ms
[admin@Home] /zerotier> import-moon moon=000000deb55dc5b1.moon zt1
[admin@Home] /zerotier> peer/pr
Columns: INSTANCE, ZT-ADDRESS, LATENCY, ROLE, PATH
4 zt1 deb55dc5b1 MOON |
Drop moon
To remove the moon from the instance, use the drop-moon command as follows:
Code Block | ||
---|---|---|
| ||
[admin@office] > /zerotier> drop-moon moon=000000deb55dc5b1 zt1 |
Orbit moon
The orbit-moon feature allows you to fetch moon configurations from the moon itself with a pointing IP address:
...
language | ros |
---|
...