[Babel-users] ECMP on endpoints [was: babeld slashes...]

dxld at darkboxed.org dxld at darkboxed.org
Fri Apr 15 15:10:16 BST 2022 

Hi Juliusz,

On Fri, Apr 15, 2022 at 03:35:26PM +0200, Juliusz Chroboczek wrote:
> >> I think for my use-case the loop avoidance point is moot though since I'm
> >> mainly interested in using this on endpoints, not routers. So perhaps
> >> calling this ECMP is not the right nomenclature?
> 
> > Not sure; what are you trying to do, exactly?
> 
> I'm interested too.  Could you please explain?

Sure, just let me give you some context first.

I've been frustrated with the performance (latency/throughput) of
road-warrior style VPN setups for a while now. Essentially I want a way to
always use wireguard tunnels to my network's edge routers except when the
endpoint device is in my own physical network without having to remember to
turn off the VPN manually.

The problem thus far was always how can the network cryptographically proof
that it's "my" network? However babel with MAC authentication seems to
solve that problem nicely, well for small numbers of such clients
anyway. Basically I run babel sessions over wireguard tunnels as well as
the physical wifi/eth interfaces with metrics tuned to avoid the tunnels
when I get routes from the physical interfaces.

Anyway that takes care of the latency problem as it avoids going through my
VPN routers when the device is in my local network anway. Which brings us
to the bandwidth bit. Since I use cheap hosting providers for my BGP
connectivity the paths available on any particular one aren't always the
best so I figured it might be good to have all possible paths available for
applications to use. Many bandwidth intensive applications do support
multi-stream tcp transfers anway so that would work out nicely with
per-flow ecmp.

All I have to do is run one wg tunnel per edge router to my clients (which
I already do) and then have babel install a default route/nexthop for each
tunnel (the bit I'm working on). Together with RTT metrics and CECMP this
could even kick out edge routers where the underlay network path is
performing too poorly fully automatically :)

--Daniel

More information about the Babel-users mailing list