Creating a Network in Nebula: A Real-World Scenario

Creating a Network in Nebula: A Real-World Scenario
Photo by Alina Grubnyak / Unsplash

Nebula is a scalable and secure framework for building distributed networks. In this article, we'll guide you through creating a network using Nebula, including setting up a Nebula relay, and demonstrate a real-case scenario between several Linux servers.

Prerequisites

Before you start, ensure you have the following:

  1. Linux Servers: At least three Linux servers with SSH access.
  2. Nebula: Download and install Nebula from the official GitHub repository.

Step 1: Install Nebula

First, download and install Nebula on each of your Linux servers.

wget https://github.com/slackhq/nebula/releases/download/v1.5.2/nebula-linux-amd64.tar.gz
tar -xvf nebula-linux-amd64.tar.gz
sudo mv nebula /usr/local/bin/

Network Diagram

  1. Central Relay (host1): Location: New York. IP Address : 192.168.100.1 , Role: Acts as a relay
  2. Host2: Location: London , IP Address: 192.168.100.2 , Role: Connects to host1 through Nebula relay
  3. Host3: Location: Tokyo , IP Address: 192.168.100.3 , Role: Connects to host1 through Nebula relay

Connections:

  • Relay Connections:
    • An arrow from host2 (London) to host1 (New York)
    • An arrow from host3 (Tokyo) to host1 (New York)

Nebula Relay:

  • Label: "Nebula Relay"
  • Position: Central label connected to host1

Here is a basic layout you can use to draw the diagram:

Step 2: Generate Nebula Certificates

Nebula requires certificates for secure communication between nodes. Generate these certificates on a central machine.

nebula-cert ca -name "My Nebula CA"
nebula-cert sign -name "host1" -ip "192.168.100.1/24"
nebula-cert sign -name "host2" -ip "192.168.100.2/24"
nebula-cert sign -name "host3" -ip "192.168.100.3/24"

Distribute the certificates to the respective servers:

  • ca.crt to all servers.
  • host1.crt and host1.key to host1.
  • host2.crt and host2.key to host2.
  • host3.crt and host3.key to host3.

Step 3: Configure Nebula

Create a configuration file for each server. Below is a sample configuration for host1.

pki:
  ca: /etc/nebula/ca.crt
  cert: /etc/nebula/host1.crt
  key: /etc/nebula/host1.key

static_host_map:
  "192.168.100.2": ["10.0.0.2:4242"]
  "192.168.100.3": ["10.0.0.3:4242"]

lighthouse:
  am_lighthouse: true
  interval: 60
  hosts:
    - "192.168.100.2"
    - "192.168.100.3"

listen:
  host: 0.0.0.0
  port: 4242

tun:
  dev: nebula1
  cidr: 192.168.100.1/24

firewall:
  outbound:
    - port: any
      proto: any
      host: any

Repeat for host2 and host3, adjusting the IP addresses accordingly.

Step 4: Start Nebula

Start the Nebula service on each server.

sudo nebula -config /etc/nebula/config.yml

Step 5: Setting Up Nebula Relay

Nebula relay helps to bridge networks that are not directly reachable. Assume host1 acts as the relay.

  1. Edit host1 configuration to enable relay.
relay:
  enable: true
  routes:
    - dst: 192.168.100.2/24
    - dst: 192.168.100.3/24
  1. Configure host2 and host3 to use the relay.

For host2 and host3, add the following in their configuration:

static_host_map:
  "192.168.100.1": ["10.0.0.1:4242"]
  "192.168.100.3": ["10.0.0.3:4242"]

lighthouse:
  am_lighthouse: false
  interval: 60
  hosts:
    - "192.168.100.1"

relay:
  use_relay: ["192.168.100.1"]

Real-Case Scenario

Imagine three servers located in different geographical regions:

  • host1 in New York (Relay)
  • host2 in London
  • host3 in Tokyo

These servers need to communicate securely and efficiently despite being behind different firewalls and NATs.

  1. Configuration: Follow the steps above to install and configure Nebula on each server.
  2. Relay Setup: Configure host1 as a relay to facilitate communication between host2 and host3.
  3. Communication: Test the setup by pinging between hosts.
# On host2
ping 192.168.100.3
# On host3
ping 192.168.100.2

Conclusion

By following these steps, you've set up a secure and efficient network using Nebula, complete with a relay to bridge otherwise unreachable networks.

Nebula's flexibility and security features make it an excellent choice for building distributed networks across different regions and environments.

For more information and advanced configurations, refer to the Nebula documentation.