[Babel-users] althea presentation on isp in a box at nanog 76
Christof Schulze
christof.schulze at gmx.net
Sun Jun 23 18:55:14 BST 2019
On Fri, Jun 21, 2019 at 02:46:47PM -0400, Justin Kilpatrick wrote:
>> Hmm... does HMAC alleviate the need for the bottom layer?
>> https://tools.ietf.org/html/draft-ietf-babel-hmac
>> (It's implemented, but not merged yet -- I've got two students working on
>> making it mergeable.)
>
>HMAC would resolve the need for the bottom layer. There are advantages to being able to share keys between the layers though. Not sure I would want to give up on Wireguard especially since we're so dependent on it for performance. All this encryption on little passively cooled processors is a real challenge.
>
>> It's also only designed to work with link-local addresses, I'm not sure
>> how much work it would be to get it work over global addresses.
>
>Link local is fine. The big kicker for Wireguard is uniqueness.
As a proof of concept, I created a broker-script that allows setting
unique addresses on the server. The IP address of one end of the tunnel
is generated from the mac. On the server, the interfaces are
enumerated.
It might be interesting for you to look at. I do not claim it is
error-free. At the very least it may give you a few ideas on what
*could* be done.
Christof
--
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/babel-users/attachments/20190623/4307bb90/attachment.sig>
More information about the Babel-users
mailing list