Pertino: Routing and Resource utilization
-
Had a short conversation with a mobile employee this morning about accessing the VPN while she is at home.
She is currently in the office and wondered if having Pertino connected slowed her connection or caused any routing issues with accessing shares.
I thought it was a pretty good question, and one I wasn't sure about. I explained that while in the office that Pertino goes dormant since it detects the 'host' network. But I wanted to see if that is a valid understanding.
-
No, by default that is not how it works. ZeroTier does that. Pertino, by default, sends all traffic through the mesh to ensure security, monitoring and control.
She can test easily by testing ping times via DNS to the share and testing a ping directly to the long IP address and comparing the latency.
-
Paid versions of Pertino can specify LAN ranges and it will not route on those when detected..
-
I thought ZT was still in control even when on the local network, just that it was smart enough to do local routing when on the same subnet. Was that not right?
-
@Dashrender said:
I thought ZT was still in control even when on the local network, just that it was smart enough to do local routing when on the same subnet. Was that not right?
Correct, ZT always pumps the data from what I've seen, but it does so locally when it can.
-
@scottalanmiller said:
@Dashrender said:
I thought ZT was still in control even when on the local network, just that it was smart enough to do local routing when on the same subnet. Was that not right?
Correct, ZT always pumps the data from what I've seen, but it does so locally when it can.
And Pertino doesn't? that seems like a potential huge performance loss.
-
@Dashrender said:
And Pertino doesn't? that seems like a potential huge performance loss.
Pertino has always attempted to understand when on net. There are many situations where the mesh would have no idea though. Thus they added a specific exclusion function.
-
@Dashrender said:
@scottalanmiller said:
@Dashrender said:
I thought ZT was still in control even when on the local network, just that it was smart enough to do local routing when on the same subnet. Was that not right?
Correct, ZT always pumps the data from what I've seen, but it does so locally when it can.
And Pertino doesn't? that seems like a potential huge performance loss.
Pertino has reasons for putting that data through controllers. The idea behind the system is central control. They need to capture all packets to do firewalling, inspection, reporting, etc.
-
ZT and Pertino, while similar, do not have the same design objectives.
-
Jumping in a bit late, but we do have a solution for optimal local routing. It is called SmartZones and is available with free and paid subscriptions. To set it up, look under the network tile in the app.pertino.com console. The short of it is that it allows you to identify a subnet and when devices enter that subnet, they choose the local route over Pertino. Here's the blog from when it was introduced.
Now the longer answer.
In a standard deployment, Pertino uses local name resolution and traffic can be routed locally instead of across the Pertino interface. The reason I say "can be" is because it is really tied to race conditions in the protocol (ie LLMNR in Windows). When you add AD Connect to enable your internal DNS to propagate across Pertino, all traffic ends up being forced across the Pertino interface. Smartzones solves this.
Hope that helps!
-
@hubtechagain are you using AD Connect?
-
I is
