write a prototype :)

[philips]

No description provided.

[philips]

/cc @eyakubovich Want to look into this?

[eyakubovich]

Yes. I will after label query stuff.

[marineam]

re the mention of openvpn, a google guy some of us met with a few months ago recommended this: http://www.tinc-vpn.org/

[marineam]

Also the readme mentions IPv4, if you need to support NAT between the overlay and external networks that's a must. If this is an isolated network lets use IPv6 please :)

[philips]

@marineam I would say we have a few things to benchmark before making a decision on v4 vs v6:

1. Measure throughtput and latency of tinc vs openvpn vs unencapsulated connections.

2. Measure the CPU/memory considerations for tinc vs openvpn.

3. Measure throughput and latency of v4 vs v6 of tinc vs openvpn.

[philips]

Another thing Alex and I talked about: using 6to4 instead. https://gist.github.com/rmoriz/6d5e6649ab2f5588fdbe

[marineam]

I don't follow how 6to4 is applicable, unless you simply mean following 6to4's scheme for mapping IPv6 prefixes to IPv4 addresses so the overlay network is essentially stateless. That does place the requirement that hosts be directly IPv4 addressable between them all.

[philips]

@marineam Having this sort of encapsulation should be much lighter weight than a full VPN and we sort of push stuff towards ipv6 naturally too. The downside of everyone having the same network view is noted but we could then fall back to a site to site vpn instead.