[OLSR-users] LQ, HNA and NAT
aaron
(spam-protected)
Thu Feb 10 01:32:19 CET 2005
I would like to elaborate a bit on OpenVPN tunnels to a single NAT
point:
Why do we have it:
no better solution so far
Why is it bad:
1) SPOF
2) single point of control - (politically bad :)
Let me elaborate on this a bit, with our setup:
A --> OpenVPNgw1 -- tunnel over cable --> OpenVPN server + OLSR
<--- OLSR client C
^
B --> OpenVPNgw2 --- tunnel over cable --> - |
OpenVPNgw1 will get default routes via OpenVPN server (runing OLSR)
Therefore It can only have a static host route to the OpenVPN server
via its only next hop (which used to be its default gw)
--> When the OpenVPN server is down (like it was today) , you cannot
reach the OpenVPNgw anymore from somewhere else
in numbers (intentionally changed a bit):
OpenVPNgw1: 62.116.0.777
OpenVPN server: 62.116.38.66
OpenVPNgw2: 1.2.3.4
routing tbl in OpenVPNgw1:
dest gw
62.116.38.66 62.116.0.778 (<- this used to be the default router)
0.0.0.0 62.116.38.66 (<- this came from OLSR)
So you can see, if 62.116.38.66 is down for some reason, the OpenVPNgw
is also "down".
Bad.
I thought about this problem a bit and - yes i do believe we need NAT
as long as we dont have IPv6 everywhere,
but on the other hand it would definitely make sense to have some kind
of fail-over behavior between inet gws.
Something like multicasting NAT entries is also not nice on the other
hand.
Question: Can anybody see a problem with giving official IPs to "last"
hops only? Then the "inbetween nodes" can have internal IPs, everybody
would "talk" to HNA nets/hosts only and NAT can be abandoned.
How would the routing tables grow? Every HNA entry in every inbetween
node as extra info? Doubling the routing entries?
ciao,
a.
More information about the Olsr-users
mailing list