What is RBridge ?
RBridge is a site-to-site Layer 2 VPN solution. It connects two distinct Ethernet LANs just as plugging a very long network cable over the distance, from one switch to the other.
As soon as two remote switches are connected with RBridge, all devices on one side can communicate with the devices on the other side as they would all be located in the same Ethernet LAN.
Operating with true random key material makes it the most secure Layer 2 site-to-site VPN solution available on the market.
RBridge easily traverses NAT devices like typical DSL routers on one or both sides.
RBridge comes with its own protocol level packet fragmentation and reassembly mechanism. This avoids any problems commonly occurring with standard UDP fragmentation (like flawed device implementations and firewalls blocking UDP fragments).
RBridge deployment is almost “plug and play”, just a few parameters need to be set to establish an encrypted Layer 2 site-to-site Ethernet link.
RBridge is free of charge for the Raspberry Pi.
This is RBridge running on a Raspberry Pi 3 Model B+ connected to the other peer over IPv6:
What is it good for ?
Typical application examples are:
- connecting a remote or home office LAN to the main company network
- accessing datacenter networks for remote administration (permanently or on demand)
- moving datacenter machines physically (and the network afterwards)
- physically distributing target servers in load-balanced HA setups
- implementing Layer 3 DSR for BalanceNG load balancing
- transport of other Ethernet protocols that are otherwise not routable over IP
Which operating systems are supported ?
RBridge is available for the following operating systems:
- RHEL 6+7
- CentOS 6+7
- Debian Linux
- Ubuntu Linux
- macOS 10.14
- Debian on Raspberry Pi (Raspbian)
Additionally, a generic “tarball” distribution allows installation on any other x86_64 Linux distribution.
Technical Data at a Glance
- SHA-2 256 for message authentication
- ChaCha20 or AES-256 CTR for encryption
- Replay attack prevention with time stamps
- True random key material support for highest possible confidentiality and privacy
- Post-quantum resistant (symmetric pre-shared encryption only)
- Own protocol level fragmentation / reassembly
- Tunneling over UDP only, no “TCP meltdown” effects possible
- Backdoor free
RBridge bears the quality certificate “IT Security made in Germany” (ITSMIG) issued by the “IT Security Association Germany” (teletrust): Unrestricted by political requirements, we guarantee that RBridge is free from any undocumented loopholes, undocumented backdoors and any other undocumented interception mechanisms.
But, there’s a warning: RBridge may be secretly installed becoming an unwanted backdoor to a LAN by itself. To mitigate this threat, RBridge provides a mechanism to scan a local Ethernet LAN for any unwanted RBridge installations. The use of this functionality requires no license and is free to be used (see the “rbridge -s” command here: RBridge Commands ). We strongly recommend to include this in any automatic internal security scans.