Introduce the concept of metanodes
updates the README file, and makes the post-merge script read the metanodes file instead of the whole hosts/ directory.
This commit is contained in:
parent
d3d10aad94
commit
e3247d7cb5
66
README.md
66
README.md
|
@ -1,6 +1,68 @@
|
||||||
[![Build Status](https://travis-ci.org/freifunk/icvpn.svg?branch=master)](https://travis-ci.org/freifunk/icvpn)
|
[![Build Status](https://travis-ci.org/freifunk/icvpn.svg?branch=master)](https://travis-ci.org/freifunk/icvpn)
|
||||||
|
|
||||||
This repository holds IC-VPN keys and configuration.
|
This repository contains the tinc hosts for ICVPN-Peers and several helper scripts.
|
||||||
|
|
||||||
|
## Setup
|
||||||
|
|
||||||
|
This network requires the use of the Tinc VPN Daemon. You should use at least version 1.0.24 or higher, als the
|
||||||
|
current pre-release version 1.1pre11 seems to work just fine.
|
||||||
|
|
||||||
|
### Clone the repository
|
||||||
|
cd /etc/tinc/
|
||||||
|
git clone https://github.com/freifunk/icvpn.git
|
||||||
|
cd icvpn
|
||||||
|
cp scripts/post-merge .git/hooks/
|
||||||
|
|
||||||
|
### Create your tinc configuration
|
||||||
|
|
||||||
|
Open your favorite editor and create the /etc/tinc/icvpn/tinc.conf.
|
||||||
|
Name=entenhausen1
|
||||||
|
Mode=switch
|
||||||
|
More options can be found through
|
||||||
|
man tinc.conf
|
||||||
|
Afterwards create a keypair with tincd.
|
||||||
|
tincd -n icvpn -K
|
||||||
|
Hint: In version 1.1 this option was moved to the tinc binary and is called <code>generate-rsa-keys</code>.
|
||||||
|
|
||||||
|
### Execute post-merge hook
|
||||||
|
|
||||||
|
This step is necessary to populate your new configuration with infos about the metanodes.
|
||||||
|
./git/hooks/post-merge
|
||||||
|
|
||||||
|
### Set up a cronjob to update the repository in regular intervals.
|
||||||
|
|
||||||
|
@daily cd /etc/tinc/icvpn/; git pull > /dev/null
|
||||||
|
|
||||||
|
## What are meta nodes?
|
||||||
|
|
||||||
|
Tinc has a ConnectTo configuration option that describes which peers on startup to connect *and* sync metadata to.
|
||||||
|
|
||||||
|
Until now (2015/4) we had roughly 74 nodes, and every node connected to each other (full mesh). Tinc however
|
||||||
|
does not scale this way, because on each connect and disconnect all ConnectTo-lines are being notified of this
|
||||||
|
and then notify their neighbours again. Many smaller nodes seemingly could not handle the amount of metadata generated
|
||||||
|
by this which resulted in TCP Zero Windows. They then disconnected, and reconnected, producing more metadata in
|
||||||
|
the process, which was followed by even larger nodes queueing up metadata, which resulted in all nodes taking
|
||||||
|
a massive cpu and memory hit. Memory usage of up to 1.5GB was spotted, accumulated in less than 12 hours.
|
||||||
|
|
||||||
|
However for tinc to build its network graph it is sufficient, if all nodes only exchange metadata at a few nodes,
|
||||||
|
which results in much less strain on the whole network. This is why we now use meta nodes, which are defined in
|
||||||
|
the `./metanodes` file.
|
||||||
|
|
||||||
|
Criteria for the selection of meta nodes are:
|
||||||
|
1) autonomous system diversity
|
||||||
|
2) community diversity
|
||||||
|
3) ample resources (cpu, memory, traffic)
|
||||||
|
|
||||||
|
When data needs to be transferd between two nodes, this will happen indepently of those meta nodes. Through the shared
|
||||||
|
network graph a direct transfer is possible and will be tried: at first via UDP, then via TCP, then indirectly. While
|
||||||
|
indirect routing is possible the meta nodes are not required to provide forwarding for those packets.
|
||||||
|
|
||||||
|
## Contact
|
||||||
|
|
||||||
|
The maintainers can be reached at
|
||||||
|
- [icvpn@lists.funkfeuer.at](mailto:icvpn@lists.funkfeuer.at)
|
||||||
|
- [irc.hackint.org #icvpn](irc://irc.hackint.org/icvpn)
|
||||||
|
|
||||||
|
We have set up IRC notifications for all repositories concerning the icvpn network.
|
||||||
|
|
||||||
For more Info see http://wiki.freifunk.net/IC-VPN
|
|
||||||
|
|
||||||
|
|
|
@ -18,12 +18,12 @@ test -w $TINCCFG || fail "ERR: $TINCCFG is not writeable"
|
||||||
|
|
||||||
sed -i '/^ConnectTo/d' $TINCCFG
|
sed -i '/^ConnectTo/d' $TINCCFG
|
||||||
|
|
||||||
for HOST in hosts/*; do
|
while read HOST; do
|
||||||
# skip hosts without address
|
# skip hosts without address
|
||||||
grep -iq '^Address' -- "$HOST" || continue
|
grep -iq '^Address' -- hosts/"$HOST" || continue
|
||||||
|
|
||||||
echo "ConnectTo = ${HOST##*/}" >> $TINCCFG
|
echo "ConnectTo = $HOST" >> $TINCCFG
|
||||||
done
|
done < metanodes
|
||||||
|
|
||||||
/usr/sbin/invoke-rc.d tinc reload icvpn
|
/usr/sbin/invoke-rc.d tinc reload icvpn
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue