Possible improvements to LocalDiscovery

Etienne Dechamps etienne at edechamps.fr
Sun Jul 21 18:41:06 CEST 2013 

LocalDiscovery works by sending some of the MTU probe packets to the 
broadcast address (255.255.255.255). If the destination node receives 
one of these packets, it will update its UDP cache and reply, thus the 
two nodes will start using their local addresses to communicate.

Now, I see two problems with this approach:

  - In case the two nodes are behind the same NAT and can reach other 
*but* are not on the same broadcast domain, LocalDiscovery won't work. 
This is a typical situation in entreprise/university environments where 
there are often multiple routed private subnets behind the NAT.

  - Contrary to popular belief, sending packets to 255.255.255.255 
doesn't send them on all network interfaces. This is true for Linux and 
Windows[1]. It is hard to predict which interface will be used unless 
one manually looks at the routing table. This can lead to ironic 
situations where tinc tries to send MTU probes on its own VPN. Fixing 
this requires iterating over all interfaces to manually send the probes 
on each one, which is complicated and AFAIK hard to do in a portable way.

To fix these issues, I am suggesting adding functionality to the tinc 
protocol that allows nodes to advertise their own local socket addresses 
(IP and port) to the rest of the graph. Then, instead of sending probes 
to the broadcast address, they would be sent directly to the node's 
local socket address.

IMHO this is an elegant solution that solves both issues above and as an 
added bonus is more friendly to the underlying local network since it 
doesn't use broadcasts. The only situation where it would break is if 
there is a local private NAT between the two local nodes, but this is 
probably an unsolvable problem anyway since we just don't have the 
necessary information to make them reach each other in this case, and 
broadcasts obviously won't get through a NAT.

I guess the local socket information could be added to ADD_EDGE messages 
and stored in edge_t.

Thoughts?

[1] 
http://serverfault.com/questions/72112/how-to-alter-the-global-broadcast-address-255-255-255-255-behavior-on-windows 
(the long discussion in the comments of the second answer are 
particularly interesting)

-- 
Etienne Dechamps

More information about the tinc-devel mailing list