X-Bone - IP Overlay for Automated VPN Deployment

DarkSword writes "The X-Bone system for automated deployment of VPN / overlay networks is now publicly available. This is the first major public release, v1.2. X-Bone dynamically deploys and manages Internet overlays to reduce configuration effort and increase network component sharing. X-Bone discovers, configures, and monitors network resources to create overlays over existing IP networks. It's available for both Linux and BSD."

Re:Excellent news

Aren't vpn-s old news?

I work at a fortune 100 company and I haven't called into a company modem pool for 2 or 3 years. Our IT group gave us a connection tool where you select the city you're in (worldwide) and it calls a local ISP number (mci or uunet or one their partners?), authenticates (radius?) and then tunnels thru to the corporate (ras?) servers. I've used it in places like greece & malaysia and taiwan without problems (and a dozen cities in the US).

Lately now that many hotels have either cable or DSL modems in the rooms I've been able to use a similar tool, but it's just like being on the corporate net (sometimes it feels even faster).

I hear that our IT budget for dial in connections dropped from over $10M a year to less than $1M. Pretty spectacular. I don't know if there are security problems with this stuff but I never did trust the phone company so whatever this is it has to be better.

-- S.I.

Re:X-bone?

Cross-bone does sound nice. That will do fine.

Mozilla spurs VA Linux success

Easy, simple steps -- yes, even you could do it:-
1. Moderate DOWN all posts questioning or saying negative things about Open Source, no matter how reasonable or accurate they may be.
2. Moderate UP all pro Open Source posts, no matter how stupid or inaccurate.
3. Moderate UP all posts from people saying nice things about VA Linux/Andover/Malda.
4. Watch VA/Andover/Slashdot stock $$$$ rise
and have a really good laugh at all those suckers who let them get away with it.

Re:Excellent news

The commercial VPN vendors are offering some incredible hacks (in the bad sense). They all have "issues." A good sys. admin. could come up with a better VPN using open-source software than these sleaze-bag, self-appointed security experts will ever offer.

X-bone?

couldn't they have come up with something different? How do I recommend something called X-bone to a PHB?

Re:X-bone?

[Bob_Troll]

Wouldn't a Beowulf cluster be better for this?

Re:X-bone?

[ptbrown]

simply pronounce it as "cross"bone rather than "ex-bone."

Oh, sure, then we'll just evoke images of a "skull and cross-bones" pirate flag. Gee, thanks.

X-bone, X Window system, MacOS X, X-box. This has got to be some kind of Xist plot!

Re:X-bone?

[X_Bones]

Hey! These guys stole my name!

Re:X-bone?

[touch]

Since I named it, maybe I should clear this up: Bone = Backbone, as in M-Bone (multicast backbone) X = whatever kind of backbone you want to deploy, as in M-Bone, 6-Bone, etc. No - it has nothing to do with railroads, and it IS pronounced "ehks". FWIW - this was all on our website. :-)

Re:X-bone?

[FreeUser]

couldn't they have come up with something different? How do I recommend something called X-bone to a PHB?

I rather like the name. It stands a very good chance of further emberasing the censorware crowd. As for recommending it to a PHB, simply pronounce it as "cross"bone rather than "ex-bone." After all, that is clearly what the X is refering to (as in "Railroad X-ing", etc.

Consider [OT]

Consider reading and spending your mod points at (cause we're so lonely without you):
http://slashdot.org/index.pl?section=bsd

What?

What the hell is this?

Re:COLUMBINE

Oh c'mon.. shouldn't this have been moderated WAY down?

Re:COLUMBINE

You should make a hidden forum to post these stories in like sid=stories. That way if we miss some, then we can go to the url and see what you have written. It should just be for story posting, then we could add sid=stories.d to talk about them.

Re:Vaporware? No, vacuumware.

Yes, it does. Yes, they have. No, it's not. It is not a company. We won't.

Can VPN...

moderate this post down to a -1.

Re:1st post?

1st Post?

No. missed by over 5 minutes, you do however get an award for being 1st Retard.

Vaporware? No, vacuumware.

What the don't mention on the site is the fact that this product does not exist, they have no developers, and in fact they don't even have a completed spec yet.

Vaporware?! Hell, it's worse than vaporware. It's vacuumware. If you look at their financials, it's extremely unlikely that the company will still exist six months from now.

When a company announces a new product on the same day as it reports that it's examining its Chapter 11 options, all is not well.

Don't say I didn't warn you.

Re:Vaporware? No, vacuumware.

[pingbak]

ISI is a research institution, so it's not going to be a truly commercial endeavour. It's not vaporware or vacuumware, it's a research product.

In fact, it's pretty useful.

And while Joe Touch has a pretty thick hide, I feel compelled to point out that your comments are completely uncalled for. I've known Joe for about 6 years now and I wish I were as capable and as knowledgeable as he is. You should be so lucky as to be an undergrad USC serf working for him, you might actually learn something.

-scooter

Network overlays (tunnels) and more...

Seems people here aren't too familiar with the current state of networking research. Overlays (and tunnels) are the beginning of the next generation of networks. There's more at the active networking backbone pages. And once the proceedings are up, there will be lots of food for thought from the recent Computing Continuum Conference.

IP may or may not live forever. Efficient overlays and active networks help abstract away the lower levels, so it won't matter. Hardware is fast enough to still perform well, and advanced software techniques help reduce the overhead... Keep your eyes open...

Re:But I'm all in support for censorware baiting..

>I worked at a place that had one of these packages installed, which also filtered timesuck places like interplay.com, etc. The problem is it would also regularly slam me when trying to read things like hardware or software reviews that could in no way be construed as "harmful".

Isn't the company's real problem that they are too lazy to fire the lazy bastards that surf the web aimlessly instead of getting real work done? (not that surfing for hardware info isn't work, but interplay.com, sure...)

Why the heck is it that people have to use this babysitter crap (which doesn't work well at all) when the boss could simply say "Johnson, I've seen you looking at porn 10 times this week. It is in our logs. As per rule number xyz, you are fired. Pack up yer stuff and don't let the door hit your ass on the way out.".

Oh well, maybe people will learn eventually.

6 F's

Was that a trick question?

X-bone

my bone is totally covered in hot grits that i poured down my pants. thank you.

X-Bone gives me a hard on

Hi, my name is Woody.

Re:But I'm all in support for censorware baiting..

[ConceptJunkie]

You're right.

It would be nice to assume everyone will behave like adults and I see nothing wrong with surfing on over to interplay.com for a work break if your company allows it.

Installing a filter, however poorly it works, is less work than actively monitoring what people are actually doing, so they're going to be used.

It's generally easier to treat people like children and prevent them from having to be repsonsible than to treat them like adults and require them to be responsible. Welcome to modern corporate life.

But I'm all in support for censorware baiting...

[ConceptJunkie]

I think it helps to delegitimize censorware.

Hypothetical argument to PHB:

"Ever since you installed that NetNuisance(tm) censorware package, I can no longer download the latest x-bone updates. Our VPN just went down and we've lost 3 million dollars."

I worked at a place that had one of these packages installed, which also filtered timesuck places like interplay.com, etc. The problem is it would also regularly slam me when trying to read things like hardware or software reviews that could in no way be construed as "harmful".

Any relation to BONE for BeOS R5?

[sugarman]

Simple question: does this project here have anything in common with /A> for BeOS, or are am I simply caught in a hell of Acronym Overlap Confusion?

Re:Any relation to BONE for BeOS R5?

[touch]

(as the leader of the X-Bone project...) No. It is related to the M-Bone, indirectly. As is indicated on our website.

vpnstarter over ssh is a workable vpn solution

[philiph]

MY company is running this for several remote sites and it works well. Basically you need a linux box at each location to act as a firewall/router/vpn connection. You then set up an ssh user who can get in to the main site using rsa public/private keys.

vpnstarter can be used to initiate the tunnel over ssh and monitor the link. Works well, although vpnstarter cna be a pain to set up properly.

So, open source vpn solutions do exist now, and they do work.

This is just a test

[yuriwho]

test, test, 123

Could be interesting

[jd]

At present, we have LOTS of protocols for doing LOTS of different types of tunneling. Sometimes, we've lots of protocols for doing the =SAME= kinds of tunneling.

HOW many VPN packages are there on Freshmeat? More than any person could imagine using. That they are 100% incompatiable, because they're all implementing VPN in a different way, merely makes it all the more annoying.

Then, there's the assorted approaches to IPSec, IP6-in-IP4 (note that IP4-in-IP6, an essential format for a half-migrated network, does not exist), multicasting (plenty of choice, there!), routing (eeep!), etc.

Yes, I can see the case that it's better to have lots of packages that do one thing each, really well, than one package that does lots of things very badly. However, when it comes to a protocol, that argument doesn't fly. The object is to get the payload from A to B, with minimum fuss. The information required to carry out that process is not overly well-defined, and each method requires different information, but there's a lot that IS the same and anything else can be bundled up in it's own packet.

I don't know how X-Bone works, but the idea of an IP(any)-over-IP(any) VPN system with automatic detection andsemi-automatic configuration sounds a very attractive deal to me.

Personally, I think it would be much nicer to have an (any-protocol)-over-(any-protocol) VPN system, with multi-ended tunnels. To me, THAT would be the ideal. Then, you could layer over any network, regardless of underlying architecture.

As for those complaining about the name, the other two semi-mainstream backbones are named the Multi-Bone and the 6-Bone. If you want to complain about the X-Bone, why not poke fun at those, too, whilst you're at it? Or do you just enjoy messing with groups smaller than your IQ?

Use Under 18 Not Permitted

[FascDot+Killed+My+Pr]

Am I the only one who thinks that you should call a internet-related product "x-bone"? That has censorware-bait written ALL over it.
--

Excellent news

[chazR]

VPNs are going to be incredibly important. The flexibility it gives is astonishing. Unfortunately, they haven't been very well implemented yet. Even Cisco have had 'issues' with them. One of the major complexities is designing and implementing good overlays

I don't know how good X-bone is, but if it helps with overlay management it deserves to be successful.

I'm off to check it out now.