Big network, small devices

Ivan Vilata i Balaguer ivan at selidor.net
Tue Apr 10 10:14:21 CEST 2012 

Guus Sliepen (2012-04-06 01:01:45 +0200) wrote:

> On Thu, Apr 05, 2012 at 07:29:55PM +0200, Ivan Vilata i Balaguer wrote:
>
>> I'm interested in using Tinc for building an overlay network on top
>> of a community network.  The overlay may consist of some hundreds of
>> nodes, and devices will most probably not be very powerful (Alix or
>> Commell-like or even less).  To make the overlay network topology
>> resemble the real one as much as possible, all nodes would ConnectTo
>> all other nodes.
>
> This is not necessary, you only need one (but better a few for
> redundancy) ConnectTo statements. Tinc will figure out how to
> communicate with all the other nodes by itself.

After reading section "The meta-protocol" in the (great) manual more
carefully I think I got the idea. :)

However, this brings another question related with the setup I described
on a previous post:

      nodeA1                                         nodeB3
        |                                              |
    (Network A) -- gwA --- (Internet) --- gwB --- (Network B)
        |                                              |
      nodeA2                                         nodeB4

nodeA1 and nodeA2 ConnectTo gwA, gwA to gwB (and vice versa), and nodeB3
and nodeB4 to gwB.  Then if I understood well, a VPN packet sent from
nodeA1 to nodeB3 may be sent by nodeA1 straight to nodeB3's real address
(same for nodeA1 to nodeA2).  However, both Network A and Network B use
private addresses and what's more, the same addresses may be present in
both networks!

So I don't see a problem in communications inside one network, but how
does tinc handle the nodeA1 -> nodeB3 situation?  Maybe nodeA1 tries to
establish a TCP meta-connection with nodeB3 before trying to send data
and when the connection fails it uses gwA's route instead?  Wouldn't the
timeout increase latency substantially from time to time?

>> Has anyone worked with a Tinc setup similar to this one?  Do you thik
>> Tinc would scale up to a network with so many connections so as to
>> still be runnable in so low-powered hardware?
>
> ChaosVPN (a large VPN connecting lots of hackerspaces) currently has
> 131 nodes running tinc, and a lot of these are Fonera routers, which
> have much lower specs than Alix or Commell boards as far as I know.

This is very interesting indeed!  They even have a mechanism to
disseminate host configuration files, this may come up very handy for
our project. :)

Thanks a lot, Guus.  And sorry for my insistence in all those technical
details, but our project has some atypical requirements and being able
to use tinc would be a great boon and a time saver for us. :)

(BTW, this is the project: http://confine-project.eu/ )

Cheers,

-- 
Ivan Vilata i Balaguer -- https://elvil.net/

More information about the tinc mailing list