[technique] [Fwd: [Battlemesh] L2TPv3 pseudo-wire tunnels]

Laurent GUERBY laurent at guerby.net
Mer 13 Juin 15:55:42 CEST 2012

A noter que le code contiens un binding
python pour l'interface netlink du kernel.


-------- Forwarded Message --------
From: Mitar <mitar at tnode.com>
Reply-to: Battle of the Mesh Mailing List <battlemesh at ml.ninux.org>
To: Battlemesh <battlemesh at ml.ninux.org>
Cc: Luka Mustafa <musti at wlan-si.net>
Subject: [Battlemesh] L2TPv3 pseudo-wire tunnels
Date: Wed, 13 Jun 2012 15:24:56 +0200


At wlan slovenija we were searching for an in-kernel solution to migrate
our OpenVPN tunnels to. As you may know, OpenVPN behaves very badly on
cheap consumer routers as user-space/kernel-space context switches are
quite expensive. After searching for some time, we believe we found a
perfect solution.

At Ninux, they have decided to develop their own in-kernel tunneling,
but we have decided to use L2TPv3 pseudo-wire tunnels which are already
available in the kernel. The missing part is only the broker who creates
this tunnels as clients connect. There is no open-source version of it,
only a commercial one. So Kostko wrote one. ;-) It is not standards
compliant, but it does its job (it uses its own simple control
protocol). Even more, for our purposes, it does it even better. It uses
only one UDP port (52, DNS) for both control and data, so it works over
the NAT and even firewalls which block UDP traffic on non-DNS ports.
Throughput is amazing:


This was a client connected to TP-Link WR741ND in AP mode, doing a
tunnel to our server. So it might be that bottleneck is even somewhere
else. ;-) We will test it more.


All this looks now quite stable, we have already more than 10 nodes
deployed like this, but we are still testing and debugging it, and also
documentation is still missing. But if anybody is interested, feel free
to try it out (if you manage to use it) and give us some feedback. I
will write again once we reach a stable version. I am writing this
mostly just to inform about our progress so that you can tune in.

Battlemesh mailing list
Battlemesh at ml.ninux.org

Plus d'informations sur la liste de diffusion technique