Very interesting product! How does this compare to something like Nebula? Have you done benchmarks against other solutions? If i remember correctly, Nebula implements its own protocol and underperforms compared to Wireguard. Is this the same case?
I am writing some comparisons to other tech incl. Nebula, its not publicly published yet, but I can give a few bullets. WRT to performance, better to compare OpenZiti to Nebula rather than zrok, we did some last year - https://netfoundry.io/benchmark/benchmarking%20open%20source....
A few points of comparison:
- Nebula is focused on connecting machines, OpenZiti is on securing services. This is due to Ziti implementing zero trust networking principles – e.g., you can authorize only a single port without needing to set up ACLs or firewall rules.
- While Nebula requires open inbound ports or UDP hole punching, OpenZiti allows you to have all inbound and most outbound ports completely closed while providing truly private, zero trust DNS entries with unique naming – if you wanted to call your service "my.secret.service" you can do that, it does not force you to have a valid Top Level Domain.
- OpenZiti also goes a layer deeper to bring zero trust principles directly into your application. If you're a developer, you can embed all those ideas into your app and not rely on the network or side-loaded agents. This is both client and server-side and doesn't require the app to "listen" on an IP address (the underlay). Instead, you can choose to "listen" on the overlay.
Looking forward to trying it out!