netbird
netbird copied to clipboard
netbirdio
Force specific IP to node because infrastructure sometimes requires specific IP's to be forever.
Just recently due to to Canada getting "rogered" I had to rebuild some of my cluster and it turns out one of my nodes needed to be reinstalled during my RCA. Is there a way to guarantee that a node can start with a specific IP? Some infrastructure cannot have IPs shifting around.
Hi @Leopere the node IP will be the same as long as his wireguard key doesn't change. You can keep a backup of the /etc/netbird/config.json file to avoid IP changes in the future
Correct however that's not always possible for example during the Rogering Canada received it was massively disruptive and a number of things broke and during an RCA it was necessary to upgrade from the old Wiretrustee namespace to Netbird in this scenario the IP was forced to roll over. It would be massively inconvenient for let's say an Active Directory Domain Controller is bound to the Netbird IP among others and to have to meddle with keys in a secure way.
Also perhaps the config is somehow compromised on the machine which would mean that you would have to continue to use the old key. Is it technologically difficult to allow me to determine the IP of a Netbird node through the panel?
Ok, I see your point.
It is possible to allow such an option via the panel or API, we will discuss and prioritize that.
Regarding issues with the name change, we would like to get more information as the client was prepared to migrate files between /etc/wiretrustee to /etc/netbird and it may be a major bug if you faced issues.
For now I'll follow your advice but just hoping that it makes it at some point might be a good feature!
Ok, I see your point.
It is possible to allow such an option via the panel or API, we will discuss and prioritize that.
Regarding issues with the name change, we would like to get more information as the client was prepared to migrate files between /etc/wiretrustee to /etc/netbird and it may be a major bug if you faced issues.
My problem was caused by the Rogering* that Canada received and I wouldn't really know how to reproduce a country losing internet to really reproduce. All of my other 25 various style nodes recovered fine.
Hi, @Leopere, I intended to send you a message instead of closing the issue. My apologies.
The initial issue seems to have been resolved, but I wanted to ask you if with the DNS feature you still have the need for forcing the IP address, if so, could you explain a bit your use case so we can properly take into consideration?
it was mostly that sometimes a node dies and occassionally I don't have backups to specific nodes /etc/ directories as its typically okay if we just blow away a node and start fresh on it. However the way Netbird was working was you would have to keep the private key of the machine if you wanted to continue using it's IP address and it would be critical in some cases such as active directory servers for example that the IP addresses used never change. In some cases using Gluster FS is also a trick with changing locations and IP's of nodes in a cluster. I will often use the wireguard/netbird mesh to avoid having to trust gluster's encryption/security layer.