Letting linux be the router, allowing dynamic routes, suggestion
Guus Sliepen
guus at tinc-vpn.org
Tue May 12 21:45:38 CEST 2015
On Tue, May 12, 2015 at 04:27:10PM -0300, Marcelo Pacheco wrote:
> Consider the challenge of having completely dynamic routing between vpn
> peers. In one minute I might have 10000 routes towards one specific peer,
> and hour latter I might have NONE. And I need to diferentiate each peer at
> the kernel routing layer.
> And no, it can't be a pure bridge, it has to be L3 routing.
Although the manual says that switch mode is primarily useful for
bridging Ethernet segments, it doesn't say you cannot use it for other
things, including what you want.
In switch mode, tinc routes solely based on the Ethernet header.
Whatever you want to do with that is up to you. If you want to add or
remove 10000 routes to a specific node, then just add those routes with
the gateway address set to that node. If you want to run OSPF or any
other routing protocol on top of tinc, that is possible as well.
> Instead of creating a heap of tun devices, there's a more logical
> solution. Create a TAP device, and emulate ARP on the VPN software.
> The many peers would form a virtual ethernet device, where each tunnel
> has a separate virtual MAC address.
That is already exactly what happens in switch mode; tinc creates a tap
interface and forms a virtual switch. It doesn't have to emulate ARP at
all, the kernel will generate ARP packets as usual. Each node's tap
interface has its own MAC address.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20150512/125bfc41/attachment.sig>
More information about the tinc-devel
mailing list