[B.A.T.M.A.N.] fool batman by simulating a layer3 mesh

[B.A.T.M.A.N.] fool batman by simulating a layer3 mesh

[Bastian Bittorf]

discussed in IRC, i'am searched for a better way to
load-balance a batman network. not the whole shaping/splashing
should run on one (central) node, so we needed something to stick it
to the node/AP which the user is connected to. than we have also
the ability to show a good page when the network is b0rken.

short overview:

NODE-1 (master/gateway)
ipv4: 192.168.1.1/16
dhcp: 192.168.1.x / gateway: 192.168.0.1
gateway: e.g. pppoe

NODE-2
ipv4: 192.168.2.1/16
dhcp: 192.168.2.x / gateway: 192.168.0.1
gateway: 192.168.1.1

NODE-3
ipv4: 192.168.3.1/16
dhcp: 192.168.3.x / gateway: 192.168.0.1
gateway: 192.168.1.1

the trick is, that every node offers DHCP which
does not interfere with other nodes AND offers a
gateway which is always the same: 192.168.0.1

if a user roams he simply moves on layer 1/2 and
its further working ok. important: the MAC of the
gateway should not change otherwise it's not working
for some seconds till the ARP times out. this can
be circumvented via kmod-macvlan:

ip link add link br-mybridge gateway0 address '02:00:c0:ca:c0:1a' type macvlan
ip address add 192.168.0.1/16 dev gateway0
ip link set dev gateway0 up

then the IP 192.168.0.1 is always reachable with the same MAC.
thats it. we can use the "normal" iptables/tc stuff like in
olsrd-networks...

giving out such dhcp-leases needs a fix to /etc/init.d/dhcp
which is available soon on OpenWrt mailinglist.

bye, bastian

PS:
thanks for the discussion and help, escpecially to T_X, ordex and marec

Re: [B.A.T.M.A.N.] fool batman by simulating a layer3 mesh

[Antonio Quartulli]

[-- Attachment #1: Type: text/plain, Size: 845 bytes --]

On Thu, Sep 12, 2013 at 11:36:41AM +0200, Bastian Bittorf wrote:
> discussed in IRC, i'am searched for a better way to
> load-balance a batman network. not the whole shaping/splashing
> should run on one (central) node, so we needed something to stick it
> to the node/AP which the user is connected to. than we have also
> the ability to show a good page when the network is b0rken.
> 

I'd like to remember that you could also do the same by using iptables and the
netfilter hook in the bridge code (look for netfilter_bridge). It would allow
you to apply shaping/firewalling rules directly onto a bridge, without
transforming each and every AP in a Layer 3 Gateway.

I think this would also fit a Layer2 mesh network better.

Cheers,


-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [B.A.T.M.A.N.] fool batman by simulating a layer3 mesh

[Jan Huwald]

[-- Attachment #1: Type: text/plain, Size: 638 bytes --]

On 09/12/2013 11:36 AM, Bastian Bittorf wrote:
> discussed in IRC, i'am searched for a better way to
> load-balance a batman network. not the whole shaping/splashing
> should run on one (central) node, so we needed something to stick it
> to the node/AP which the user is connected to. than we have also
> the ability to show a good page when the network is b0rken.

How do you handle the splash status of a user under roaming? Does a
splash screen reoccur if the gateway is switched (NODE-2 -> NODE-3)?
Because this switch will happen on a minutely basis if a user sits
between two equally strong gateways.

Regards,
Jan


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 901 bytes --]

Re: [B.A.T.M.A.N.] fool batman by simulating a layer3 mesh

[Bastian Bittorf]

* Jan Huwald <jh@sotun.de> [13.09.2013 20:37]:
> How do you handle the splash status of a user under roaming? Does a
> splash screen reoccur if the gateway is switched (NODE-2 -> NODE-3)?
> Because this switch will happen on a minutely basis if a user sits
> between two equally strong gateways.

Splashing is only done for clients which have a lease from this
node. All other traffic gets just true (picopeer alike). After
some minutes the information that "IPx/MAC must be shaped like..."
is applied in the hole network. If the client only has a lease but
is not "unsplashed" this information is also spread netwide.

A little bit ugly, but works and we have no memory or load problems
anymore on the gateway. (~1000 clients)

bye, bastian

Re: [B.A.T.M.A.N.] fool batman by simulating a layer3 mesh

[Linus Lüssing]

Hi Bastian,

Did you have a chance to try the iptables + netfilter_bridge hook
(I believe via the iptables physdev module?) Antonio suggested
yet?

It sounds like a good idea to me and since no one seems to have
tried it with batman-adv yet I'm curious whether it works well in
practice.

Whether you could enhance the user experience in an open,
batman-adv based community mesh network by having an IP instead
of connection based sharing of available bandwidth.

Cheers, Linus


On Sun, Sep 15, 2013 at 09:55:34AM +0200, Bastian Bittorf wrote:
> * Jan Huwald <jh@sotun.de> [13.09.2013 20:37]:
> > How do you handle the splash status of a user under roaming? Does a
> > splash screen reoccur if the gateway is switched (NODE-2 -> NODE-3)?
> > Because this switch will happen on a minutely basis if a user sits
> > between two equally strong gateways.
> 
> Splashing is only done for clients which have a lease from this
> node. All other traffic gets just true (picopeer alike). After
> some minutes the information that "IPx/MAC must be shaped like..."
> is applied in the hole network. If the client only has a lease but
> is not "unsplashed" this information is also spread netwide.
> 
> A little bit ugly, but works and we have no memory or load problems
> anymore on the gateway. (~1000 clients)
> 
> bye, bastian

Re: [B.A.T.M.A.N.] fool batman by simulating a layer3 mesh

[Bastian Bittorf]

* Linus Lüssing <linus.luessing@web.de> [27.11.2013 09:21]:
> Did you have a chance to try the iptables + netfilter_bridge hook
> (I believe via the iptables physdev module?) Antonio suggested
> yet?

not yet - still working with macvlan (+ebtables for not confusing
the daemon about a client which es everywhere at the same time)

> It sounds like a good idea to me and since no one seems to have
> tried it with batman-adv yet I'm curious whether it works well in
> practice.

will have time for testing during end of december...

> Whether you could enhance the user experience in an open,
> batman-adv based community mesh network by having an IP instead
> of connection based sharing of available bandwidth.

++

bye, bastian