If you’re looking for raw performance, ZT would be a poor VPN choose. But if you need a Layer-2 bridging, it’s one of your only choices. So ZT vs Tailscale is saying TCP is better/worse than UDP – they are just different. Or MLPS vs OSPF would be another apt analogy to ZeroTier vs TailScale. e.g. ZT prefer the reliability of connection like TCP, but similar to MLPS, while Tailscale is more similar to UDP and OSPF. If you want a Mikrotik to show up in Winbox via discovery, you’ll need ZT & that’s not possible with TailScale. By the same token, if I want to have a more sophisticated auth scheme or simply cloud L3 routing/policy, ZT be poorly suited to those needs.
Anyway. On ZT, the issue is there is no way to know it may be using a root server (or moon or whatnot), or if “directly connected” via the Mikrotik. When I’ve tried bridging ZT over the internet, it does seem speed is a lot more inconsistent in speeds – sometime get closer to non-VPN speed, other times much slower.
In my case, we don’t have stable fiber connections – We typically LTE & Wi-Fi available – plus those connected networks change regularly, plus asymmetric with very variable speed. In my use case, just need enough speed to run low bandwidth stuff like SSH, MQTT, winbox, etc - but as close to 100% uptime regardless of network/path/speed. So we config the remote Mikrotiks to try everything under the sun to make sure some connection out, which now includes ZT. ZeroTier seems quite aggressive at maintaining a link – so far if I can ping sometime from the Mikrotik, ZT has been able to find some pathway out.
That being said, I’m pretty sure it uses the roots/moons/whatnot unnecessarily - or, it reacts slowly to a change possible paths. So it would be nice if MT give a little more guidance on troubleshooting ZeroTier… What I’ve seen is continue to use a slower LTE route, even though a newer default route to much fast fiber line was added – it did seem “sticky” to way less optimal route, I actually wasn’t sure how to troubleshoot thing…
@normis, are there some ZeroTier troubleshooting stats or help page coming? ZT seem to always find SOME link out, but not sure it’s always picking an optimal one – that may be the OP’s issue. In another posting someone saw ARP going out a weird interface, that I still don’t understand and seems unresolved.
Anyway be good to know how does one find the interface a ZT connection should be using? And/or if its “directly connected”. That might clarify if it is using a root part here. Connection tracking seems to show quite a few different ZT connections, while you can guess based on traffic, its not quite clear what’s going on. ZT’s routing table and selection doesn’t seem to neatly follow the Packet Flow Diagram so hard to know if what ZeroTier is doing is “right”…