Supernode

Aus Freifunk Köln, Bonn und Umgebung
Zur Navigation springen Zur Suche springen

[wikipedia-article] i don't like that word

quick'n dirty required software:

1) [fastd] mesh-node-vpn

2) [vpn-key-upload] todo: remove overhead (apache,ruby,sinatra ...), kiss principle] not documented in here (todo)

3) [batman-adv]

4) [tinc] mesh-backbone-vpn

5) OS: debian wheezy (or whatever you like)


load batman-adv kernel-module while booting in /etc/modules.conf add

batman-adv

disable pmtu-discovery in /etc/sysctl.conf add

net.ipv4.ip_no_pmtu_disc=1


fastd in /etc/apt/apt/sources.list add

deb http://repo.universe-factory.net/debian/ sid main

keyimport

 gpg --keyserver pgpkeys.mit.edu --recv-key  AB7A88C5B89033D8
 gpg -a --export AB7A88C5B89033D8 | sudo apt-key add -

install fastd

 apt-get update
 apt-get install fastd


fastd configuration

/etc/fastd/kbu# ls
backbone  fastd.conf peers 


root@fastd4:/etc/fastd/kbu# ls backbone/
fastd1  fastd2  fastd3  fastd4
root@fastd4:/etc/fastd/kbu# cat backbone/*
key "4f856d95bd596ac7724edca73a19e6e9d142b374df27166bb1a78e58785efc59";
remote ipv4 "fastd1.kbu.freifunk.net" port 10000;
key "e1916b66c4f8a795e217877cf72607d952e796463c7024dd9a6a47ae2929bc10";
remote ipv4 "fastd2.kbu.freifunk.net" port 10000;
key "d56181dfe9b5ac7cfe68a94c0ce406322a9924286a751673da0dcb28ad5218b0";
remote ipv4 "fastd3.kbu.freifunk.net" port 10000;
key "9b3f65f99963343e2785c8c4fad65e70b73ee7e1205d63bd84f3e2decb53e621";
remote ipv4 "fastd1.kbu.freifunk.net" port 10000;

[fastd-backbone] for more


fastd.conf

# Log everything to a log file
log to "/var/log/fastd.log" level debug; 
# Set the interface name
interface "fastd";

# Support xsalsa20 and aes128 encryption methods, prefer xsalsa20
method "xsalsa20-poly1305";
method "aes128-gcm";
method "null";  #todo: WTF, encryption is off!?, what do we exchange keys for?

# Bind to a fixed port, IPv4 only
bind 0.0.0.0:10000;

# Secret key generated by `fastd --generate-key`
# in this case you have to ask the  holy guru of that project for the private key'
secret "won't tell my secret here";

# Set the interface MTU for TAP mode with xsalsa20/aes128 over IPv4 with a base MTU of 1492 (PPPoE)
# (see MTU selection documentation)
mtu 1426;
# Include peers from the directory 'peers'
include peers from "/etc/fastd/kbu/backbone";
include peers from "/etc/fastd/kbu/peers";

#ipadress, routing
#on establish  "/root/scripts/fastdup.sh"; #does'not work for me, need to invoke an external script somewhere else


fastd-ifup-script,

#/bin/sh

#bring the interface up
/sbin/ifconfig fastd up

#start bat0 interface
/usr/sbin/batctl if add fastd
#dhcp forward through batman
/usr/sbin/batctl gw_mode server
/sbin/ifconfig bat0 172.27.XX.1 netmask 255.255.192.0 up

#routing 
/sbin/ip rule add from 172.27.0.0/18 table ffkbu
/sbin/ip route add 172.27.0.0/18 dev bat0 table ffkbu
/sbin/ip route flush cache


backbone-net (tinc)

apt-get install tinc
root@fastd4:/etc/tinc/backbone# ls 
bbkeys
hosts -> bbkeys
tinc.conf
tinc-up

public-keys for the tinc-backbone, can be found [here]

add your public key to that repo

tinc.conf

/etc/tinc/backbone# cat tinc.conf 
Name=fastd4
Device=/dev/net/tun
Mode=router
ConnectTo=paula
ConnectTo=paul
#enough links?


tinc-up

 
#!/bin/sh
ifconfig $INTERFACE 172.27.255.X netmask 255.255.255.0 up
#
#set some backbone related routes
ip route add 172.27.255.0/24 dev backbone table ffkbu
ip route add default dev backbone table ffkbu
ip route flush cache


routing

we need to set up policy based routing.

echo "200 ffkbu" >> /etc/iproute2/rt_tables

this is done in the tinc-up and the fastd-up scripts

ip rule ls

ip rule ls
0:      from all lookup local 
32765:  from 172.27.0.0/18 lookup ffkbu 
32766:  from all lookup main 
32767:  from all lookup default

ip route list table ffkbu

ip route list table ffkbu
default dev backbone  scope link 
172.27.0.0/18 dev bat0  scope link 
172.27.255.0/24 dev backbone  scope link 

dhcpd.conf

subnet 172.27.0.0 netmask 255.255.192.0 {
  #if guru talks about subnets,
  #just the range is meant! 
  #all nodes,supernodes,and clients 
  #remain in the net 172.27.0.0/18
  range 172.27.XXX.XXX 172.27.XXX.XXX;
  option domain-name-servers 172.27.XXX.1;
  option domain-name "kbu.freifunk.net";
  option routers 172.27.XXX.1;
  option broadcast-address 172.27.63.255;
  default-lease-time 600;
  max-lease-time 7200;
}

you need to install a bind9


fastd

UDP-Queue Größe

Durch Broadcasts können können auf Supernodes kurzzeitig hohe Lastspitzen enstehen. In der aktuellen batman-adv-Version wird jedes Broadcast-Paket zudem 3x auf jedem Link versendet. Die vergleichweise Hohe Datenrate von 100MBit/s zwischen Supernodes bewirkt darüber hinaus, dass broadcast-Pakete mit 100MBit/s eingehen, während sie an alle Nodes gesendet werden müssen.

Linux-Distributionen sehen per Default Queue-Größen im Bereich von 128 KB vor (http://www.cyberciti.biz/faq/linux-tcp-tuning/). Supernodes sind somit nicht in der Lage entsprechende Lastspitzen zu puffern und während Idle-Times zu versenden. Läuft die UDP-Queue über, so loggt fastd:

2013-03-30 12:32:01 +0100 --- Warning: sendmsg: Resource temporarily unavailable
2013-03-30 12:32:01 +0100 --- Warning: sendmsg: Resource temporarily unavailable
2013-03-30 12:32:01 +0100 --- Warning: sendmsg: Resource temporarily unavailable
2013-03-30 12:32:01 +0100 --- Warning: sendmsg: Resource temporarily unavailable
2013-03-30 12:32:01 +0100 --- Warning: sendmsg: Resource temporarily unavailable

Jeder Log-Eintrag entspricht einem Paket, dass nicht enqueued werden konnte und damit verworfen wurde. Die Queue-Größen können via systctl angepasst werden (http://wwwx.cs.unc.edu/~sparkst/howto/network_tuning.php). Auf fastd2 wird zur Zeit verwendet:

#/etc/sysctl.conf
net.core.rmem_max=838860800
net.core.wmem_max=838860800
net.core.rmem_default=83886080
net.core.wmem_default=83886080

Das System verfügt dadurch über 80MB Speicher für Queues. Pro Verbindung stehen 8MB zur Verfügung. Die konfigurierten 80MB reichen aus, um die 100MBit/s Verbindung über mehrere Sekunden auszulasten und Lastspitzen abzufangen.