[Olsr-dev] Meshing over VPNs

[Teco Boot]

Op 10 okt 2011, om 11:20 heeft Markus Kittenberger het volgende geschreven:

> (but i aim for scalability to thousands of vpn peers)
+1

I use this model:
 - I use OpenVPN, with tunnel to a VPN "relay server" 
   on each olsr router
 - I don't run OLSR or any other routing protocol on 
   the VPN tunnels
 - I have a mapping between certificate "common_name" 
   and HNA route, for each router
 - After tunnel setup, bidirectional routes are set up:
    o Uplink: all RFC1918 routes (10/8,172.16/12 and 
      192.168/16) into tunnel
    o Downlink: the HNA route for that router, generated 
      from common_name (in IP and VPN routing tables)
 - VPN servers inject these HNA routes into a backbone 
   routing protocol (in my case: OSPF). This provides 
   connectivity to central servers and other MANET nodes, 
   in different clusters (no direct OLSR paths).

This results in no overhead in routing on tunnels. The *only* 
overhead is tunnel keep-alive traffic, and app keep-alives if 
used. I see no problems in scaling up to 10^4 - 10^6 nodes, 
even on constraint uplinks (which I have: from broadband 
Internet access to 3G/2G/satcom.

This model does not support reach-back to nodes behind an 
OLSR router that doesn't run OpenVPN. This would require 
running some form of a routing protocol on the VPN tunnel. 
I played with BGP and OSPF, together with some route 
distribution. But if massive scalability and massive 
multihoming is needed, the described model fits far better.

As a next step, I think of an improved SmartGateway, with 
VPN tunnel load balancing.
Improved SmartGateway:
 - set up new SmartGateway tunnels if a (much) better 
   gateway is detected, and use this for new connections
 - tear down inferior / unused SmartGateway tunnels 
   (this could break connections!!)
VPN tunnel load balancing:
 - Use MPTCP for OpenVPN (oeps, TCP instead of UDP)
 - synchronize MPTCP with SmartGateway
Opinions?

Thanks, Teco