https://www.youngju.dev/blog 천천히 올바르게. AI Researcher & DevOps Engineer Youngju's tech blog. GPU/CUDA, LLM, MLOps, Kubernetes AI workloads, distributed training, and data engineering. ko fjvbn2003@gmail.com (Youngju Kim) fjvbn2003@gmail.com (Youngju Kim) Sat, 16 May 2026 00:00:00 GMT https://www.youngju.dev/blog/culture/2026-05-16-networking-cilium-wireguard-tailscale-nebula-istio-envoy-cloudflare-tunnel-2026-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-16-networking-cilium-wireguard-tailscale-nebula-istio-envoy-cloudflare-tunnel-2026-deep-dive.en A complete look at the 2026 production networking stack. eBPF-based K8s networking (Cilium, Calico eBPF, Antrea), overlay VPNs (WireGuard, Tailscale, Nebula, ZeroTier, Twingate, OpenZiti), service meshes (Istio ambient, Linkerd 2.16, Consul Connect, Kuma), L7 proxies/gateways (Envoy, NGINX, HAProxy, Caddy 2, Traefik, KrakenD, Kong), Kubernetes Gateway API evolution, QUIC + HTTP/3 production reality, DoH/DoQ, mTLS + ACME automation, BGP/Anycast application delivery, ZTNA vs SD-WAN convergence, and Korea/Japan ISP context (KT/LG U+/SKT, NTT/IIJ/SoftBank) all in one piece. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) networkingciliumebpfwireguardtailscalenebulaistiolinkerdenvoycloudflarequichttp3service-meshztna https://www.youngju.dev/blog/culture/2026-05-16-networking-cilium-wireguard-tailscale-nebula-istio-envoy-cloudflare-tunnel-2026-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-16-networking-cilium-wireguard-tailscale-nebula-istio-envoy-cloudflare-tunnel-2026-deep-dive.ja 2026年5月時点の本番ネットワーキングスタックを最後まで見る。eBPFベースのK8sネットワーキング(Cilium、Calico eBPF、Antrea)、オーバーレイVPN(WireGuard、Tailscale、Nebula、ZeroTier、Twingate、OpenZiti)、サービスメッシュ(Istio ambient、Linkerd 2.16、Consul Connect、Kuma)、L7プロキシ/ゲートウェイ(Envoy、NGINX、HAProxy、Caddy 2、Traefik、KrakenD、Kong)、Kubernetes Gateway APIの進化、QUIC + HTTP/3のプロダクション現実、DoH/DoQ、mTLS + ACME自動化、BGP/Anycastベースのアプリケーション配信、ZTNA vs SD-WAN収束、韓国・日本のISPコンテキスト(KT/LG U+/SKT、NTT/IIJ/SoftBank)まで一本でまとめる。 Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) networkingciliumebpfwireguardtailscalenebulaistiolinkerdenvoycloudflarequichttp3service-meshztna https://www.youngju.dev/blog/culture/2026-05-16-networking-cilium-wireguard-tailscale-nebula-istio-envoy-cloudflare-tunnel-2026-deep-dive https://www.youngju.dev/blog/culture/2026-05-16-networking-cilium-wireguard-tailscale-nebula-istio-envoy-cloudflare-tunnel-2026-deep-dive 2026년 5월 기준 운영 환경 네트워킹 스택을 끝까지 본다. eBPF 기반 K8s 네트워킹(Cilium, Calico eBPF, Antrea), 오버레이 VPN(WireGuard, Tailscale, Nebula, ZeroTier, Twingate, OpenZiti), 서비스 메시(Istio ambient, Linkerd 2.16, Consul Connect, Kuma), L7 프록시/게이트웨이(Envoy, NGINX, HAProxy, Caddy 2, Traefik, KrakenD, Kong), Kubernetes Gateway API의 진화, QUIC + HTTP/3 프로덕션 현실, DoH/DoQ, mTLS + ACME 자동화, BGP/Anycast 기반 애플리케이션 전송, ZTNA vs SD-WAN 수렴, 한국·일본 ISP 컨텍스트(KT/LG U+/SKT, NTT/IIJ/SoftBank)까지 한 글에서 정리한다. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) networkingciliumebpfwireguardtailscalenebulaistiolinkerdenvoycloudflarequichttp3service-meshztna https://www.youngju.dev/blog/culture/2026-05-16-overlay-vpn-mesh-networking-2026-tailscale-headscale-zerotier-nebula-wireguard-netbird-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-16-overlay-vpn-mesh-networking-2026-tailscale-headscale-zerotier-nebula-wireguard-netbird-deep-dive.en In 2026 the overlay VPN market has settled into "the world where Tailscale is the de-facto standard, plus self-hosted, enterprise, and DIY camps around it." WireGuard became the universal foundation, Tailscale defined the user experience, Headscale offers an open-source control plane, NetBird is the SSO-first open alternative. Cloudflare WARP/Zero Trust and Twingate are rapidly replacing enterprise site-to-site VPNs. We walk through the "other models" — ZeroTier, Nebula, Innernet, Yggdrasil, Defined Networking — the core concepts (NAT traversal, DERP, MagicDNS, ACL, exit node), and zero-trust adoption case studies from Toss, LINE, and Mercari. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) vpnoverlay-networkmeshtailscaleheadscalezerotiernebulawireguardtwingatecloudflare-warpnetbirdzero-trust2026deep-diveenglish https://www.youngju.dev/blog/culture/2026-05-16-overlay-vpn-mesh-networking-2026-tailscale-headscale-zerotier-nebula-wireguard-netbird-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-16-overlay-vpn-mesh-networking-2026-tailscale-headscale-zerotier-nebula-wireguard-netbird-deep-dive.ja 2026 年のオーバーレイ VPN 市場は「Tailscale が事実上の標準になった世界 + そのまわりのセルフホスト・エンタープライズ・DIY 勢」という構図に落ち着いた。WireGuard が共通基盤になり、Tailscale がユーザー体験を定義し、Headscale がオープンソースのコントロールプレーンを、NetBird が SSO ファーストの OSS 代替を提供する。Cloudflare WARP / Zero Trust と Twingate はエンタープライズの拠点間 VPN を急速に置き換えている。ZeroTier・Nebula・Innernet・Yggdrasil・Defined Networking のような「別モデル」の立ち位置、NAT トラバーサル・DERP・MagicDNS・ACL・exit node といった中核概念、そしてトス・LINE・メルカリのような日韓企業のゼロトラスト導入事例まで、一気に整理する。 Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) vpnoverlay-networkmeshtailscaleheadscalezerotiernebulawireguardtwingatecloudflare-warpnetbirdzero-trust2026deep-dive日本語 https://www.youngju.dev/blog/culture/2026-05-16-overlay-vpn-mesh-networking-2026-tailscale-headscale-zerotier-nebula-wireguard-netbird-deep-dive https://www.youngju.dev/blog/culture/2026-05-16-overlay-vpn-mesh-networking-2026-tailscale-headscale-zerotier-nebula-wireguard-netbird-deep-dive 2026년 오버레이 VPN 시장은 “Tailscale이 사실상 표준이 된 세계 + 그 주변의 셀프호스팅·엔터프라이즈·DIY 진영”으로 정리됐다. WireGuard는 모두의 기반이 됐고, Tailscale은 사용 경험을 정의했으며, Headscale은 오픈소스 컨트롤 플레인을, NetBird는 SSO 통합 오픈소스 대안을 제공한다. Cloudflare WARP/Zero Trust와 Twingate는 엔터프라이즈의 사이트투사이트 VPN을 빠르게 대체 중이다. ZeroTier·Nebula·Innernet·Yggdrasil·Defined Networking 같은 “다른 모델들”의 자리, NAT 트래버설·DERP·MagicDNS·ACL·exit node 같은 핵심 개념, 그리고 토스·라인·메르카리 같은 한국·일본 기업의 zero-trust 도입 사례까지 한 번에 정리한다. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) vpnoverlay-networkmeshtailscaleheadscalezerotiernebulawireguardtwingatecloudflare-warpnetbirdzero-trust2026deep-dive https://www.youngju.dev/blog/culture/2026-05-16-vpn-mesh-networking-2026-tailscale-wireguard-twingate-zerotier-netbird-nebula-mullvad-headscale-deep-dive.en https://www.youngju.dev/blog/culture/2026-05-16-vpn-mesh-networking-2026-tailscale-wireguard-twingate-zerotier-netbird-nebula-mullvad-headscale-deep-dive.en In 2026, VPN and mesh networking split into two branches. One is WireGuard-based mesh overlays (Tailscale, Headscale, NetBird, Innernet). The other is the SASE/ZTNA commercial stack (Twingate, Cloudflare Zero Trust, Zscaler, Netskope). Between them sit self-host options like ZeroTier, Nebula, OpenZiti, Pangolin, DefGuard, and privacy VPNs like Mullvad and ProtonVPN. We also pin down where legacy enterprise VPNs (Cisco AnyConnect, GlobalProtect, FortiClient, F5 BIG-IP) still belong. WireGuard kernel module, NAT traversal, DERP relays, MagicDNS, ACLs, exit nodes, subnet routers, OIDC SSO, SCIM, self-host vs SaaS, cost, privacy, and Korean/Japanese adoption — all in one piece. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) vpnmesh-networkingtailscalewireguardtwingatezerotiernetbirdnebulamullvadheadscalezero-trust2026deep-diveenglish https://www.youngju.dev/blog/culture/2026-05-16-vpn-mesh-networking-2026-tailscale-wireguard-twingate-zerotier-netbird-nebula-mullvad-headscale-deep-dive.ja https://www.youngju.dev/blog/culture/2026-05-16-vpn-mesh-networking-2026-tailscale-wireguard-twingate-zerotier-netbird-nebula-mullvad-headscale-deep-dive.ja 2026年の VPN とメッシュネットワーキングは二系統に進化した。一方は WireGuard をコアにしたメッシュオーバーレイ(Tailscale · Headscale · NetBird · Innernet)、もう一方は SASE/ZTNA の商用スタック(Twingate · Cloudflare Zero Trust · Zscaler · Netskope)。その間に ZeroTier · Nebula · OpenZiti · Pangolin · DefGuard といった自前ホスト系と、Mullvad · ProtonVPN といったプライバシー VPN が共存する。Cisco AnyConnect · GlobalProtect · FortiClient · F5 BIG-IP といったレガシー企業 VPN の位置づけも整理する。WireGuard カーネルモジュール、NAT 越え、DERP リレー、MagicDNS、ACL、出口ノード、サブネットルーター、OIDC SSO、SCIM、自前ホスト vs SaaS、コスト、プライバシー、韓国/日本の導入事例まで一気通貫で。 Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) vpnmesh-networkingtailscalewireguardtwingatezerotiernetbirdnebulamullvadheadscalezero-trust2026deep-dive日本語 https://www.youngju.dev/blog/culture/2026-05-16-vpn-mesh-networking-2026-tailscale-wireguard-twingate-zerotier-netbird-nebula-mullvad-headscale-deep-dive https://www.youngju.dev/blog/culture/2026-05-16-vpn-mesh-networking-2026-tailscale-wireguard-twingate-zerotier-netbird-nebula-mullvad-headscale-deep-dive 2026년 VPN과 메쉬 네트워킹은 두 갈래로 진화했다. 한쪽은 WireGuard를 코어로 한 메쉬 오버레이(Tailscale · Headscale · NetBird · Innernet), 다른 한쪽은 SASE/ZTNA 상용 스택(Twingate · Cloudflare Zero Trust · Zscaler · Netskope). 그 사이에 ZeroTier · Nebula · OpenZiti · Pangolin · DefGuard 같은 자가 호스팅 옵션과 Mullvad · ProtonVPN 같은 프라이버시 VPN이 공존한다. Cisco AnyConnect · GlobalProtect · FortiClient · F5 BIG-IP 같은 레거시 기업 VPN의 자리도 정리한다. WireGuard 커널 모듈, NAT traversal, DERP relay, MagicDNS, ACL, exit node, subnet router, OIDC SSO, SCIM, 자가 호스팅 vs SaaS, 비용·프라이버시·한국/일본 도입 사례까지 한 번에. Sat, 16 May 2026 00:00:00 GMT fjvbn2003@gmail.com (Youngju Kim) vpnmesh-networkingtailscalewireguardtwingatezerotiernetbirdnebulamullvadheadscalezero-trust2026deep-dive