Subnet Proxy (Point-to-Network)
Assume the network topology is as follows, and node B wants to share its accessible subnet 10.1.1.0/24 with other nodes.
The startup parameters for node B's easytier are as follows (add the -n parameter)
sudo easytier-core --ipv4 10.144.144.2 -n 10.1.1.0/24
The subnet proxy information will be automatically synchronized to each node in the virtual network, and each node will automatically configure the corresponding routes. Node A can check if the subnet proxy is effective with the following command.
Check if the routing information has been synchronized. The proxy_cidrs column shows the proxied subnets.
sheasytier-cli route
ipv4 hostname proxy_cidrs next_hop_ipv4 next_hop_hostname next_hop_lat cost 10.144.144.1 abc-dec 10.1.1.0/24 DIRECT 3.25 1 Test if node A can access the nodes under the proxied subnet
shping 10.1.1.2
Note
The -n parameter for subnet proxy can be specified multiple times to proxy multiple subnets; you can also set the mask to 32 to proxy a single IP address.
easytier-core -n 10.1.1.0/24 -n 10.2.0.0/16 -n 10.3.3.3/32
Manually Specifying Routes
By default, when a node in the virtual network configures a subnet proxy, the subnet proxy segment will be synchronized to all nodes in the virtual network, and a route will be automatically generated to forward packets destined for these segments to the virtual network.
This can simplify networking in most cases, but in some scenarios, users may not want EasyTier to automatically configure routes on the nodes. Users can manually configure the traffic to be forwarded to the virtual network using the --manual-routes
parameter.
When using --manual-routes
, only the segments configured with this parameter will enter the virtual network. If the list after this parameter is empty, EasyTier will not handle any traffic for non-virtual network segments.
Firewall
Since proxy traffic needs to use the system's network stack, the subnet proxy requires the firewall on the virtual network card to be disabled (this applies to both Linux and Windows).
If disabling the firewall is not possible, you can try using a user-space network stack for the subnet proxy, which can avoid the need to configure the firewall. Simply add the --use-smoltcp
parameter when starting EasyTier.
Note
The user-space protocol stack will be inferior to the kernel protocol stack in terms of performance, congestion control, etc.
Currently, the --use-smoltcp
parameter only affects the TCP protocol. UDP and ICMP will use the user-space protocol stack regardless of whether this parameter is used.