So having a bunch of success with PF_RING, I decided to check out some of ntop.org's other creations. One I came across that I had a use for was N2N. Basically you have a supernode daemon, and you create tunnels to it from your edge nodes. But the setup is about as simple as it can really be.  

Pretty much exactly what the manual says…

First, setup your supernode (relay for lack of a better phrase):

supernode -l 9939

 

Then all you need for an edge node is:

edge -a 10.10.2.1 -c some_community -k some_key -l <supernode_ip>:9939

 

Next edge node:

edge -a 10.10.2.2 -c some_community -k some_key -l <supernode_ip>:9939

 

Then from either node, you should be able to reach the other.

 [root@core ~]# ping 10.10.2.1
 PING 10.10.2.1 (10.10.2.1) 56(84) bytes of data.
 64 bytes from 10.10.2.1: icmp_seq=1 ttl=64 time=0.073 ms
 64 bytes from 10.10.2.1: icmp_seq=2 ttl=64 time=0.070 ms
 64 bytes from 10.10.2.1: icmp_seq=3 ttl=64 time=0.063 ms
 ^C
 --- 10.10.2.1 ping statistics ---
 3 packets transmitted, 3 received, 0% packet loss, time 2496ms
 rtt min/avg/max/mdev = 0.063/0.068/0.073/0.010 ms
 [root@core ~]# 

 

That is it. Seriously. Now if you want it to persist, you need to make an init script for supernode, and edge. I am also not a huge fan of it having the key sitting there visible in the process list on the edge servers.

 [root@core ~]# ps aux | grep edge
 root      2367  0.0  0.1   3644   724 ?        Ss   Aug30   0:33 edge -a 10.10.2.1 -c HOME -k superkey -l g1.poop.com:4099
 root     22730  0.0  0.1   4200   728 pts/0    S+   20:04   0:00 grep edge
 [root@core ~]# 

 

That is kind of blatant to just leave laying around. In this fashion it pretty much screams its key in the process list. So I would use a shell script or something to wrap it, so its a little less obvious.