[Babel-users] route forwarding(?) in mesh VPN

Benda Xu heroxbd at gentoo.org
Thu Jan 12 07:42:09 UTC 2017 

Hi,

I am trying to run babeld (1.5.1 of Debian package) on tinc[1] mesh VPN
in switch mode and disabled internal forwarding.
cat tinc.conf
,----
| Mode = switch
| Forwarding = off
| Broadcast = direct
`----

which mimicks a wireless mesh network.


Taking a 3-node (A, B, C) setup for example,

  A--C--B

where A-C and B-C can talk to each other and send link-local multicast
packets, but not A-B.

They are assigned IPs 10.16.16.50/32 (A), 10.16.16.51/32 (B),
10.16.16.52/32 (C).

They share the same babel configuration, "manifold" is the interface
name of the tinc vpn.
cat /etc/babeld.conf
,----
| debug 3
| interface manifold wired true link-quality true max-rtt-penalty 256 split-horizon true
| redistribute local if manifold ip 10.16.16.0/24 ge 28 allow
| redistribute ip 10.16.16.0/24 ge 28 metric 64
| redistribute local deny
`----


With this setup, from `ip route show` the local address routes are
confirmed to be propagated:

On A:
,----
| 10.16.16.52 via 10.16.16.52 dev manifold  proto babel onlink
`----
On B:
,----
| 10.16.16.52 via 10.16.16.52 dev manifold  proto 42 onlink 
`----
On C:
,----
| 10.16.16.50 via 10.16.16.50 dev manifold  proto 42 onlink 
| 10.16.16.51 via 10.16.16.51 dev manifold  proto 42 onlink
`----


Next I want to let A talk to B via C.  If I replace the proto number on
C from 42 to static manually:
,----
| ip route replace 10.16.16.50 via 10.16.16.50 dev manifold proto static onlink
| ip route replace 10.16.16.51 via 10.16.16.51 dev manifold proto static onlink
`----
the routes are propagated to A and B
`ip route show` on A:
,----
| 10.16.16.51 via 10.16.16.52 dev manifold  proto babel onlink
| 10.16.16.52 via 10.16.16.52 dev manifold  proto babel onlink
`----
`ip route show` on B:
,----
| 10.16.16.50 via 10.16.16.52 dev manifold  proto 42 onlink
| 10.16.16.52 via 10.16.16.52 dev manifold  proto 42 onlink
`----
A and B can ping each other.


What is the recommended way to achieve it *automatically*?


By default, babeld does not resend the kernel routes added by itself
(proto 42).  I tried to remove this check (in appendix patch), and added
to babeld.conf
,----
| allow-duplicates 1024
`----
and it works but not stable.

Babeld of C has better forward the route learned from A "10.16.16.50 via
10.16.16.50" to B as "10.16.16.50 via 10.16.16.52".  Is it achievable by
configuration?

Thanks!
Benda


1. https://www.tinc-vpn.org

--- babeld-1.5.1.orig/kernel_netlink.c
+++ babeld-1.5.1/kernel_netlink.c
@@ -1171,8 +1171,8 @@ filter_kernel_routes(struct nlmsghdr *nh
     rtm = (struct rtmsg*)NLMSG_DATA(nh);
     len -= NLMSG_LENGTH(0);
 
-    if(rtm->rtm_protocol == RTPROT_BABEL)
-        return 0;
 
     if(rtm->rtm_src_len != 0)
         return 0;

More information about the Babel-users mailing list