[B.A.T.M.A.N.] Batman advanced and internet gateways

Discussion:

Clemens John

2010-07-06 17:47:59 UTC

Hi,

I know I asked this question some time ago but I didnŽt got it till now so I
have to ask again.
I know that Batman advanced does the meshing on layer 2 and has nothing to do
with layer 3.

We have a wonderfull working Batman advanced network now which we use with
IPv4.
Communication inside the networks works verry well and everything is fine.

Now I want to go from the Batman advanced mesh network to the internet.
Therefor we have several gateways which I can use to get into the internet.
To use one of the gateways, I only have to set the default route of the mesh-
client to the gateways IPv4 address.

How can I do this automatically and how can I automatically choose the best
gateway for my client? I know that Batman advanced does not do this for now
but I already saw something that sounded like made for this in the trunk
version and on the manpage of batctl. The function is called gw_mode.

*How do you this?
*What do you recommend for this task?
*WhatŽs about the funktion in trunk? Is the function made for this?
**If so why do you mix Layer 2 and Layer 3 now?
**When do you think this function will be in the stable release?

Sorry for so many questions but IŽm a bit confused^^
Clemens

Marek Lindner

2010-07-06 20:15:45 UTC

Permalink

Hi,

I know I asked this question some time ago but I didn´t got it till now so
I have to ask again.

some mails get lost in this stream, so just keep bothering us until you have
your answers. :)

How can I do this automatically and how can I automatically choose the best
gateway for my client? I know that Batman advanced does not do this for now
but I already saw something that sounded like made for this in the trunk
version and on the manpage of batctl. The function is called gw_mode.

Yes, there is such a functionality. The online manpage shows the version of
the trunk.

*How do you this?
*What do you recommend for this task?
*What´s about the funktion in trunk? Is the function made for this?

It requires each gateway to have a DHCP server running. The clients will
select their gateway and relay the dhcp requests via unicast to the selected
gateway only.
You only need to activate the gateway / client mode and have a dhcp server
running.

**If so why do you mix Layer 2 and Layer 3 now?

If you don't want to mix layer2 / layer3 then just don't use this feature. It
is disabled per default.
If you have a better idea how to handle multiple gateways in a layer2 mesh we
are very open to your suggestions. :)

**When do you think this function will be in the stable release?

Unfortunately, we did not get around finishing it to the point that we feel
comfortable with releasing this feature. I think the trunk is quite stable but
still lacks some things. E.g. blacklisting / whitelisting gateways, IPv6, etc.

Regards,
Marek

Clemens John

2010-07-06 21:46:36 UTC

Permalink

Post by Marek Lindner
It requires each gateway to have a DHCP server running. The clients will
select their gateway and relay the dhcp requests via unicast to the
selected gateway only.
You only need to activate the gateway / client mode and have a dhcp server
running.

Okay I did this but I have some questions left:

Does the DHCP server on the gateway need to distribute IP-Adresses?
If so I think they have to be distributet on the batman interface right?

Does the Batman advanced interface on the clients need to request an IP-Adress
from the DHCP server or can I also set a static IP adress?

If the clients need to request an IP adress from the DHCP server, where is the
difference between requesting an IP without Batman advanced and with Batman
advanced? Does Batman advanced say from wich server to request the IP or which
default route to choose?

Post by Marek Lindner

Post by Clemens John
**If so why do you mix Layer 2 and Layer 3 now?

If you don't want to mix layer2 / layer3 then just don't use this feature.
It is disabled per default.
If you have a better idea how to handle multiple gateways in a layer2 mesh
we are very open to your suggestions. :)

Sry for this question we just discussed this on the last community meeting and
somebody wondered if this is the most beautiful way. Maybe itŽs not but you
are right there is no other way.

Post by Marek Lindner
Unfortunately, we did not get around finishing it to the point that we feel
comfortable with releasing this feature. I think the trunk is quite stable
but still lacks some things. E.g. blacklisting / whitelisting gateways,
IPv6, etc.

Okay but it will likely be usable without crashing right?

Last but not least:
How can I configure batman advanced in /etc/config/batman-adv to enable gw
server/client mode?

Greetings
Clemens

Marek Lindner

2010-07-06 22:06:51 UTC

Permalink

No problem. :)

Post by Clemens John
Does the DHCP server on the gateway need to distribute IP-Adresses?

The server should distribute IP addresses and a default route to itself. I'm
not sure whether you will find a dhcp server which does not distribute IPs but
default routes.

Post by Clemens John
If so I think they have to be distributet on the batman interface right?

Correct.

Post by Clemens John
Does the Batman advanced interface on the clients need to request an
IP-Adress from the DHCP server or can I also set a static IP adress?

That depends on your needs. Any interface which is supposed to use the gateway
feature has to run a dhcp client. If the batX interface on the client does not
need it you can give it a static address. If you just want to define the IP
address of a specific host you can also work with aliases / multiple IPs per
interface.

Post by Clemens John
If the clients need to request an IP adress from the DHCP server, where is
the difference between requesting an IP without Batman advanced and with
Batman advanced? Does Batman advanced say from wich server to request the
IP or which default route to choose?

Normal dhcp requests are broadcasted through the entire network. Every dhcp
server that receives this request will answer. If the client receives multiple
answers it depends on the implementation to choose its "favorite" dhcp server.
Most clients simply use the first server that answered.
If you enable the gateway client this request will not be broadcasted but
directly sent to the chosen gateway. The other dhcp servers will not receive
this dhcp request.

Post by Clemens John
Sry for this question we just discussed this on the last community meeting
and somebody wondered if this is the most beautiful way. Maybe it´s not
but you are right there is no other way.

We had this layer2/layer3 discussion quite often and this is the compromise we
managed to achieve. It only works when enabled and indirectly via dhcp. It is
not "beautiful" but it works. :)

Post by Clemens John
Okay but it will likely be usable without crashing right?

No, it should not crash. I'm using it on a daily basis without problems.

Post by Clemens John
How can I configure batman advanced in /etc/config/batman-adv to enable gw
server/client mode?

Since it was not part of an official release it also is not supported by the uci
scripts. You would have add it yourself.

Regards,
Marek

Clemens John

2010-07-06 22:21:38 UTC

Permalink

Thank you a lot for you answers!

I still got two question left that I remembered when I read your answers:
We discussed our networksetup on IRC (you remember?) and we decided to choose
the setup with tinc an not sending batman advanced packages over VPN.

Now batman advanced nodes behind the VPN does not get listet in the originator
tables of nodes on the other side of the VPN.
But do they get listed on the gateway list? Can Batman advanced choose a
gateway behind the VPN?

I can not test this at the moment so I have to ask.

Last one: Is it right that the trunk version of batman advanced is not
compatible with Batman advanced 0.2.1? Is trunk compatible with 2010.0.0?

Thank you
Clemens

Post by Marek Lindner
No problem. :)

Post by Clemens John
Does the DHCP server on the gateway need to distribute IP-Adresses?

The server should distribute IP addresses and a default route to itself.
I'm not sure whether you will find a dhcp server which does not distribute
IPs but default routes.

Post by Clemens John
If so I think they have to be distributet on the batman interface right?

Correct.

Post by Clemens John
Does the Batman advanced interface on the clients need to request an
IP-Adress from the DHCP server or can I also set a static IP adress?

That depends on your needs. Any interface which is supposed to use the
gateway feature has to run a dhcp client. If the batX interface on the
client does not need it you can give it a static address. If you just want
to define the IP address of a specific host you can also work with aliases
/ multiple IPs per interface.

Post by Clemens John
If the clients need to request an IP adress from the DHCP server, where
is the difference between requesting an IP without Batman advanced and
with Batman advanced? Does Batman advanced say from wich server to
request the IP or which default route to choose?

Normal dhcp requests are broadcasted through the entire network. Every dhcp
server that receives this request will answer. If the client receives
multiple answers it depends on the implementation to choose its "favorite"
dhcp server. Most clients simply use the first server that answered.
If you enable the gateway client this request will not be broadcasted but
directly sent to the chosen gateway. The other dhcp servers will not
receive this dhcp request.

Post by Clemens John
Sry for this question we just discussed this on the last community
meeting and somebody wondered if this is the most beautiful way. Maybe
itŽs not but you are right there is no other way.

We had this layer2/layer3 discussion quite often and this is the compromise
we managed to achieve. It only works when enabled and indirectly via dhcp.
It is not "beautiful" but it works. :)

Post by Clemens John
Okay but it will likely be usable without crashing right?

No, it should not crash. I'm using it on a daily basis without problems.

Post by Clemens John
How can I configure batman advanced in /etc/config/batman-adv to enable
gw server/client mode?

Since it was not part of an official release it also is not supported by
the uci scripts. You would have add it yourself.
Regards,
Marek

Marek Lindner

2010-07-06 22:30:30 UTC

Permalink

Post by Clemens John
We discussed our networksetup on IRC (you remember?) and we decided to
choose the setup with tinc an not sending batman advanced packages over
VPN.

Oh yeah, I remember. Did you document your setup somewhere ? Others might find
it useful to see why & how you did it.

Post by Clemens John
Now batman advanced nodes behind the VPN does not get listet in the
originator tables of nodes on the other side of the VPN.
But do they get listed on the gateway list? Can Batman advanced choose a
gateway behind the VPN?

No, because the gateway information travel with the OGMs which you don't have
on your VPN. Sending dhcp requests via unicast also does not work because the
VPN interfaces are not controlled by batman.

Post by Clemens John
Last one: Is it right that the trunk version of batman advanced is not
compatible with Batman advanced 0.2.1? Is trunk compatible with 2010.0.0?

No, the trunk is not compatible with any stable version. This has a very
simple reason: It contains features which either change the packet format or
change the behaviour or both. For instance, the gateway feature changes the
packet format ...

Cheers,
Marek

Clemens John

2010-07-06 23:45:30 UTC

Permalink

Post by Marek Lindner

Post by Clemens John
We discussed our networksetup on IRC (you remember?) and we decided to
choose the setup with tinc an not sending batman advanced packages over
VPN.

Oh yeah, I remember. Did you document your setup somewhere ? Others might
find it useful to see why & how you did it.

Yes we did some verry little documentation [1] but this is still the pure
configuraion without explenations because we are currently testing some
different configurations for example some IPv6 stuff and a script which can
automatically announce tinc installations with configuration and certificates on
a central server for automatic tinc installations etc..

I hope this will get better in the next time.

[1] http://wiki.freifunk-
ol.de/index.php?title=OpenWrt_Freifunk_Standartkonfiguration

Post by Marek Lindner

No, because the gateway information travel with the OGMs which you don't
have on your VPN. Sending dhcp requests via unicast also does not work
because the VPN interfaces are not controlled by batman.

Mhh...
The only way to solve this would be to send whole batman advanced frames over
Tinc VPN right (we called this solution 3 in the irc session)?

Would this be possible? I know that we than have the MTU problem again and
higher traffic load (what would not be so fatal because we have no cetral server
with tinc).

Our current setup makes not much sense if we use Batman advanced with gateway
mode because we do not have a gateway in each cloud and it would be difficult to
get one to each cloud.
The best way would be a solution that can use all gateways available in the
network without extra configuration for each cloud.

Can you give me a short example of how to fix the mtu problem with this method?
Offcourse we are going to document both solutions ;)

Thank you
Clemens

Marek Lindner

2010-07-07 11:16:11 UTC

Permalink

Post by Clemens John
Yes we did some verry little documentation [1] but this is still the pure
configuraion without explenations because we are currently testing some
different configurations for example some IPv6 stuff and a script which can
automatically announce tinc installations with configuration and
certificates on a central server for automatic tinc installations etc..
I hope this will get better in the next time.

That would be great!

Post by Clemens John
Our current setup makes not much sense if we use Batman advanced with
gateway mode because we do not have a gateway in each cloud and it would
be difficult to get one to each cloud.
The best way would be a solution that can use all gateways available in the
network without extra configuration for each cloud.

This sounds overly complicated. I don't fully understand your setup &
requirements yet which is also one reason for asking for documentation.
What your are trying to solve is this (I'm guessing here):

wifi client <> batman node <> VPN <> batman node <> batman with internet

And you have several of these "batman with internet" but not in each cloud and
want each client to choose its best ?

Regards,
Marek

Clemens John

2010-07-07 11:25:51 UTC

Permalink

Post by Marek Lindner

Post by Clemens John
Our current setup makes not much sense if we use Batman advanced with
gateway mode because we do not have a gateway in each cloud and it would
be difficult to get one to each cloud.
The best way would be a solution that can use all gateways available in
the network without extra configuration for each cloud.

This sounds overly complicated. I don't fully understand your setup &
requirements yet which is also one reason for asking for documentation.
wifi client <> batman node <> VPN <> batman node <> batman with internet
And you have several of these "batman with internet" but not in each cloud
and want each client to choose its best ?

Right and the wifi clients have no batman advanced installed. Currently they
are getting their IP and defaultroute from a central dhcp server.

Thank you
Clemens

Marek Lindner

2010-07-07 12:10:33 UTC

Permalink

Post by Clemens John
Right and the wifi clients have no batman advanced installed. Currently
they are getting their IP and defaultroute from a central dhcp server

Wow - when it comes to your setup and requirements you know how to keep your
answer short. I hoped you would say a bit more ... :)

At this point I don't see why you would need to use the gateway feature at
all. There is nothing to optimize.

Regards,
Marek

Clemens John

2010-07-07 12:33:53 UTC

Permalink

Post by Marek Lindner

Post by Clemens John
Right and the wifi clients have no batman advanced installed. Currently
they are getting their IP and defaultroute from a central dhcp server

Wow - when it comes to your setup and requirements you know how to keep
your answer short. I hoped you would say a bit more ... :)
At this point I don't see why you would need to use the gateway feature at
all. There is nothing to optimize.

Yes the network is working well but in this setup the central dhcp server is
the only gateway because I only get the defaultroute of this server.

What if I have more gateways? I know that I can set the defaultroute to this
server by hand but a "normal" user canŽt do this. I need a method to choose
the gateway individually and automatically so that the user gets the best
gateway available.

Are there any ideas to do this? Or am I completely on the wrong way?

Thank you
Clemens

Antonio Quartulli

2010-07-07 12:44:17 UTC

Permalink

Post by Clemens John

Post by Marek Lindner

Post by Clemens John
Right and the wifi clients have no batman advanced installed. Currently
they are getting their IP and defaultroute from a central dhcp server

Wow - when it comes to your setup and requirements you know how to keep
your answer short. I hoped you would say a bit more ... :)
At this point I don't see why you would need to use the gateway feature at
all. There is nothing to optimize.

Yes the network is working well but in this setup the central dhcp server is
the only gateway because I only get the defaultroute of this server.
What if I have more gateways? I know that I can set the defaultroute to this
server by hand but a "normal" user can´t do this. I need a method to choose
the gateway individually and automatically so that the user gets the best
gateway available.
Are there any ideas to do this? Or am I completely on the wrong way?

If I'm not wrong, at this point you could put a dhcp server on each
gateway and use the gw-mode feature of batman, so that each gw will
anounce itself as gw and a dhcp request, becoming from a client, will be
redirected to the best gw in the mesh.

Please someone corrects me if I am wrong.

Post by Clemens John
Thank you
Clemens

Regards

--
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

Clemens John

2010-07-07 13:49:22 UTC

Permalink

Post by Antonio Quartulli

Post by Clemens John
Yes the network is working well but in this setup the central dhcp server
is the only gateway because I only get the defaultroute of this server.
What if I have more gateways? I know that I can set the defaultroute to
this server by hand but a "normal" user canÂŽt do this. I need a method
to choose the gateway individually and automatically so that the user
gets the best gateway available.
Are there any ideas to do this? Or am I completely on the wrong way?

Marek asked me to describe our setup a bit more particularly so IÂŽll try to:

We have several clouds that can not see each other via WLAN.
These clouds are connected to each other with Tinc VPN via the Internet.
Batman runs only on WLAN, not on the VPN.
The clients usually have no Batman advanced but connecting via a wlan
interface which is bridged with bat0.
The Tinc VPN interface is bridged with bat0 too.

All Nodes which are not a gateway have a link local IPv6 address only.
We have a node with a DHCP server which is also gateway.
This node has an IPv4 address and distributes IPv4 addresses with DHCP.
Clients now get an IPv4 address from this node and set their default route to
this node to get Internet.

The exact setup (only configurationfiles) is listed here:
http://wiki.freifunk-ol.de/index.php?title=OpenWrt_Freifunk_B.A.T.M.A.N-
advanced_konfiguration_2

With Tinc we are now well decentralised but we currently have the centralised
gateway solution left so we would also like to decentralize the Gateway thing.
That means multiple gateways with DHCP servers in different clouds (but not in
every cloud).
Each client should in theory have access to any gateway, but in practice they
always get automatically access to the internet via the best possible gateway.

The question why the traffic is in some cases first routet through the VPN and
then headed to the Internet is pretty easy to answer:
We have 3 clouds. In two of them are people who are confident (the whole is
indeed always a matter of law) with offering a gateway. The third cloud now in
theory is connected to the Internet.
But the person who offers the connection to the VPN does not want to head the
traffic of the network through his connection direcly to the internet (because
of reasons of law) so clients in this cloud have to use a gateway on the other
side of the VPN.

Post by Antonio Quartulli
If I'm not wrong, at this point you could put a dhcp server on each
gateway and use the gw-mode feature of batman, so that each gw will
anounce itself as gw and a dhcp request, becoming from a client, will be
redirected to the best gw in the mesh.
Please someone corrects me if I am wrong.

This sounds interesting. Is this practicalbe? Has somebody tried this already
or does someone know a better solution?

Btw.: Big thank you for so much patience ;)
IÂŽm also online on irc so maybe we can discuss these questions there?

Greetings
Clemens

Clemens John

2010-07-07 10:33:47 UTC

Permalink

Post by Marek Lindner

No, because the gateway information travel with the OGMs which you don't
have on your VPN. Sending dhcp requests via unicast also does not work
because the VPN interfaces are not controlled by batman.

I just had another Idea but IŽm not shure if this will work.

If we donŽt use the Batman advanced gateway feature but run a DHCP Server on
gateways only, would a client always choose the "nearest" DHCP server?

So if IŽm connected wireless to a router that is a gateway and runs a dhcp
server would my laptop always choose this router as defaultroute also if there
are other routers in the network with a dhcp server running?

If this works I can not choose the "best" gateway, but I would always have the
nearest gateway.

If this works, is it possible that all dhcp servers distribute the same ip
range? Will a client/server notice which IPŽs are already assigned to clients?

Thank you
Clemens

Andrew Lunn

2010-07-07 10:50:58 UTC

Permalink

Post by Marek Lindner

No, because the gateway information travel with the OGMs which you don't
have on your VPN. Sending dhcp requests via unicast also does not work
because the VPN interfaces are not controlled by batman.

I just had another Idea but I?m not shure if this will work.
If we don?t use the Batman advanced gateway feature but run a DHCP Server on
gateways only, would a client always choose the "nearest" DHCP server?

It will likely choose the first to reply. You cannot guarantee the
first to reply is the nearest, it depends on what else they are is
doing at the same time, e.g. the nearest could be busy moving packets
between networks so has higher latency than an idle device a bit
further away.

If this works, is it possible that all dhcp servers distribute the same ip
range? Will a client/server notice which IP?s are already assigned to clients?

Not recommended. Often the server will test to see if the address is
in use by ping'ing it, but this is not always implemented and is not a
guaranteed to work in all conditions. It is much better to allocate to
each server a unique range of addresses. These can however be inside
the same subnet.

Andrew