commit 288de6680607cd08ceda919693322c0f152491bf Author: Max Rottenkolber Date: Mon Mar 26 15:28:31 2018 +0200 Publish blog/vita (announcement) diff --git a/blog/vita.meta b/blog/vita.meta index db49336..6476f3a 100644 --- a/blog/vita.meta +++ b/blog/vita.meta @@ -3,4 +3,4 @@ :author "Max Rottenkolber " :index-headers-p nil :index-p nil) -:publication-date nil +:publication-date "2018-03-26 15:22+0200" commit 4e49aa4fcff984599f0c52d291f5be128d230969 Author: Max Rottenkolber Date: Fri Mar 23 14:34:00 2018 +0100 blog/vita: fix broken Twitter link diff --git a/blog/vita.mk2 b/blog/vita.mk2 index 0ed30b0..961e1d1 100644 --- a/blog/vita.mk2 +++ b/blog/vita.mk2 @@ -56,7 +56,7 @@ foundation has agreed to support further development on Vita in 2018/2019. development to be driven by would-be user requirements. So, if you have any questions, or Vita sounds in any way useful or interesting to you, please engage in a dialogue with me via [Email](mailto:max@mr.gy), on [GitHub](https://github.com/inters/vita) - or on [Twitter](https://twitter/eugeneia_). + or on [Twitter](https://twitter.com/eugeneia_). > commit 8439ce25f4bce666a8c4c51810474c80ede1a65d Author: Max Rottenkolber Date: Fri Mar 23 14:14:54 2018 +0100 blog/vita: Vita announcement draft diff --git a/blog/vita.meta b/blog/vita.meta new file mode 100644 index 0000000..db49336 --- /dev/null +++ b/blog/vita.meta @@ -0,0 +1,6 @@ +:document (:title "Announcing Vita: a high-performance IPsec VPN endpoint that + runs on commodity hardware" + :author "Max Rottenkolber " + :index-headers-p nil + :index-p nil) +:publication-date nil diff --git a/blog/vita.mk2 b/blog/vita.mk2 new file mode 100644 index 0000000..0ed30b0 --- /dev/null +++ b/blog/vita.mk2 @@ -0,0 +1,72 @@ +#media# +hongkong-cafe.jpg + +Last year, I began prototyping a fast, IPsec-based VPN endpoint based on the +[Snabb](https://github.com/snabbco/snabb) user-space networking toolkit. The +result was named [Vita](https://github.com/inters/vita#-), and the [NLnet](https://nlnet.nl) +foundation has agreed to support further development on Vita in 2018/2019. + +< What is the project about? + + Vita exploits the fabulous comforts of the Snabb toolkit together with modern + [AES‑NI](https://en.wikipedia.org/wiki/AES_instruction_set) capable commodity + hardware to provide \>10 Gbps [IMIX](https://en.wikipedia.org/wiki/Internet_Mix) + IPsec tunneling. Being mainly written in Lua, Vita sports a compact code base + that should be easy to understand, maintain, extend, and audit. This is + important, as the ultimate goal is to put high-quality, low-cost traffic + confidentiality in the hands of the many. + + The original use-case I had in mind was simple, but common: you have two (or + more) private networks in different geographic locations, like many + universities and research campuses do, and wish to bridge them via the public + Internet. To do that, you need to ensure your traffic is protected on its way + through wires and pipes that, ultimately, you do not own. You might end up + purchasing a box from a vendor to do that (and, possibly, many other things). + Chances are it is going to cost you, and maybe it will be proprietary, meaning + you do not have access to source code or hardware specifications, and are + stuck with whatever management interface the vendor provides. + + #media# + vita-detail.svg + + Vita is on its way to become an affordable, open, stand-alone solution to that + problem. It is designed to play well with your existing routers, and can be + deployed in a bump-in-the-wire or on-a-stick configuration. You can probably + throw together a Vita box that handles 1‑Gigabit Ethernet line rate at 64‑byte + packets for well under 500 Euro in parts (efficient software implementations + go both ways!) + +> + +< Further steps + + I have established a basic [road map](https://github.com/inters/vita/projects/1) + that I will chip away at until mid-2019. Though, if all goes well that will + only be the start of things. + + Thanks to the Snabb framework, Vita is inherently modular, and waiting to be + embedded by service providers as part of their offerings, say in an NFV + setting. It already uses a YANG configuration model internally, and being able + to drive the Vita data plane via YANG is on the road map. A related, + low-hanging fruit, that seems nice to have, is to let Vita consume a tunnel + configuration negotiated by the Linux IKEv2 stack. + + All things considered, my first and foremost priority is to connect with as + many potential Vita users and contributors as possible. I want further + development to be driven by would-be user requirements. So, if you have any + questions, or Vita sounds in any way useful or interesting to you, please + engage in a dialogue with me via [Email](mailto:max@mr.gy), on [GitHub](https://github.com/inters/vita) + or on [Twitter](https://twitter/eugeneia_). + +> + +< Thanks + + Vita is supported by NLnet foundation through the [Internet Hardening Fund](https://nlnet.nl/internethardening/). + I would like to personally thank NLnet for their generous contributions to + open source projects, and their support to independent hackers like myself. + + #media# + nlnet.png + +>