|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Cilium||15,553||15||3 hours ago||547||September 14, 2022||1,167||apache-2.0||Go|
|eBPF-based Networking, Security, and Observability|
|Zerotierone||11,322||1||6 days ago||6||March 29, 2017||196||other||C++|
|A Smart Ethernet Switch for Earth|
|Libzmq||8,544||15||a day ago||2||March 24, 2018||275||mpl-2.0||C++|
|ZeroMQ core engine in C++, implements ZMTP/3.1|
|Portmaster||6,866||1||2 days ago||106||September 22, 2022||343||agpl-3.0||Go|
|🏔 Love Freedom - ❌ Block Mass Surveillance|
|Netmaker||6,851||7 hours ago||64||September 20, 2022||145||other||Go|
|Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.|
|Netshoot||6,188||16 days ago||18||apache-2.0||Shell|
|a Docker + Kubernetes network trouble-shooting swiss-army container|
|Gamenetworkingresources||5,799||a month ago||1||C|
|A Curated List of Game Network Programming Resources|
|Fast Android Networking||5,536||3 months ago||241||apache-2.0||Java|
|🚀 A Complete Fast Android Networking Library that also supports HTTP/2 🚀|
|Hp Socket||5,145||1||1||2 months ago||1||September 25, 2017||15||other||C|
|High Performance TCP/UDP/HTTP Communication Component|
|Cjdns||5,020||2 days ago||1||February 27, 2018||107||gpl-3.0||C|
|An encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing.|
OpenZiti represents the next generation of secure, open-source networking for your applications. OpenZiti has several components.
Let's break some of these buzzwords down.
Many networking security solutions act like a wall around an internal network. Once you are through the wall, you have access to everything inside. Zero trust solutions enforce not just access to a network, but access to individual applications within that network.
Every client in a OpenZiti system must have an identity with provisioned certificates. The certificates are used to establish secure communications channels as well as for authentication and authorization of the associated identity. Whenever the client attempts to access a network application, OpenZiti will first ensure that the identity has access to the application. If access is revoked, open network connections will be closed.
This model enables OpenZiti systems to provide access to multiple applications while ensuring that clients only get access to those applications to which they have been granted access.
In addition to requiring cert based authentication for clients, OpenZiti uses certificates to authorize communication between OpenZiti components.
There are various levels of accessibility a network application/service can have.
Making something dark can be done in a few ways, but the way it's generally handled in OpenZiti is that services reach out and establish one or more connections to the OpenZiti network fabric. Clients coming into the fabric can then reach the service through these connections after being authenticated and authorized.
OpenZiti routers, which make up the fabric, can also be dark. Routers located in private networks will usually be made dark. These routers will reach out of the private network to talk to the controller and to make connections to join the network fabric mesh. This allows the services and routers in your private networks to make only outbound connections, so no holes have to be opened for inbound traffic.
Services can be completely dark if they are implemented with a OpenZiti SDK. If this is not possible a OpenZiti tunneler or proxy can be colocated with the service. The service then only needs to allow connections from the local machine or network, depending on how close you colocate the proxy to the service.
If you take advantage of OpenZiti's developer SDKs and embed OpenZiti in your client and server applications, your traffic can be configured to be seamlessly encrypted from the client application to server application. If you prefer to use tunnelers or proxy applications, the traffic can be encrypted for you from machine to machine or private network to private network. Various combinations of the above are also supported.
End-to-end encryption means that even if systems between the client and server are compromised, your traffic cannot be decrypted or tampered with.
If you are looking to jump right in feet first you can follow along with one of our up-and-running quickstart guides. These guides are designed to get an overlay network quickly and allow you to run it all locally, use Docker or host it anywhere.
This environment is perfect for evaluators to get to know OpenZiti and the capabilities it offers. The environment was not designed for large scale deployment or for long-term usage. If you are looking for a managed service to help you run a truly global, scalable network browse over the NetFoundry web site to learn more.
Please refer to the local development tutorial for build instructions.
Interested to see what companies are using OpenZiti? Check out the list of projects and companies using OpenZiti here. Interested in adding your project to the list? Add an issue to github or better yet feel free to add a pull request! Instructions for getting your project added are included on the adopters list
We have a very active Discourse forum. Join the conversation! Help others if you can. If you want to ask a question or just check it out, cruise on over to the OpenZiti Discourse forum. We love getting questions, jump in!
The OpenZiti project welcomes contributions including, but not limited to, code, documentation and bug reports.
OpenZiti was developed and open sourced by Netfoundry, Inc. NetFoundry continues to fund and contribute to OpenZiti.