using both ConnectTo and AutoConnect to avoid network partitions
Guus Sliepen
guus at tinc-vpn.org
Thu Aug 31 22:51:57 CEST 2017
On Thu, Aug 31, 2017 at 01:37:28PM -0700, Nirmal Thacker wrote:
> If you make the yellow nodes ConnectTo all other nodes, and not have
> > AutoConnect = yes, and the other nodes just have AutoConnect = yes but
> > no ConnectTo's, then you will get the desired graph.
>
> The reason this approach is not desirable is because it fails at
> automation. It requires us to add a new line of AutoConnect = <new node
> that joined tinc> to both yellow nodes everytime a new node node joins,
> while in the current setup as long as the keys of every new node are
> exchanged between the new nodes and the yellow nodes, the ConnectTo's can
> stay constant
That's true. Although it wouldn't be impossible to script that a little,
for example by adding the following host-up script:
#!/bin/sh
tinc add ConnectTo $NODE
> > Yes, AutoConnect will still remove outgoing connections that it thinks
> > are redundant. So even if the initial ConnectTo's will cause nodes to
> > connect to the yellow ones, after a while they can remove those.
>
> Is this optimization also vulnerable to the bug we saw earlier with regard
> to the network split? Or given that the ConnectTo's exist, peer nodes, will
> fall back onto these, thereby 'recovering' in some sense if a network split
> were to occur due to the the AutoConnect bug?
Yes, in 1.1pre14 enabling AutoConnect on all nodes, regardless of how
many ConnectTo's they have, may result in a split network.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170831/e2f58dcc/attachment-0001.sig>
More information about the tinc
mailing list