|
← Revision 5 as of 2004-07-07 13:16:47
Size: 3245
Comment: update UDP and Conf file schema
|
← Revision 6 as of 2004-07-07 18:01:31 →
Size: 3240
Comment: Linked ZeroConf
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 34: | Line 34: |
| Now this situation will scale up to 25 SuperNodes for the exsisting VPN IP block. This should be plenty enough for the initial setup of the core VPN network. Thinking ahead having more than 25 SuperNodes is a possibility, so the idea of having a few extra reserve 24 bit subnets might have to come into consideration. Zeroconf is also an option if the tun interfaces are tested with it in a OpenVPN tunnel. | Now this situation will scale up to 25 SuperNodes for the exsisting VPN IP block. This should be plenty enough for the initial setup of the core VPN network. Thinking ahead having more than 25 SuperNodes is a possibility, so the idea of having a few extra reserve 24 bit subnets might have to come into consideration. ZeroConf is also an option if the tun interfaces are tested with it in a OpenVPN tunnel. |
| Line 36: | Line 36: |
| The testing for sharing the same tun interface IP is not complete, but having one VPN reserve IP per Node is the best solution and having those IP be negotated via Zeroconf would the Holly Grail to reduce maintence of the VPN tunnels. The IP | The testing for sharing the same tun interface IP is not complete, but having one VPN reserve IP per Node is the best solution and having those IP be negotated via ZeroConf to reduce maintence of the VPN tunnels. The IP |
| Line 38: | Line 38: |
|
|
|
| Line 56: | Line 53: |
| Created By: JimmySchmierbach |
Created By: JimmySchmierbach ---- CategorySoftware |
OpenVPN IP Scheme Proposal
As a Proposal for VPN IP address scheme, an organized mapping for tun interface IPs in the reserved VPN IP block would be required to make managing tunnels easier. It is still untested for direct tunnels off shared tun devices so the ability to map them efficiently and logically would be most preferred. BR BR The PTPnet IP block of 10.11.255.0/24 is already reserved for this idea. Right now in the basic stages of the network the IP addresses are just paired in two between the core servers and the "SuperNodes". As for each SuperNode will require its own tunnel to each server, I believe it would be a good idea to group the IP addresses that are for each SuperNode. Note that this example would be used only for the links between the Core servers and each SuperNode.
Example:
Core Servers |
|
10.11.255.1 |
<=> |
10.11.255.6 |
10.11.255.2 |
<=> |
10.11.255.7 |
10.11.255.3 |
<=> |
10.11.255.8 |
10.11.255.4 |
<=> |
10.11.255.9 |
10.11.255.11 |
<-> |
10.11.255.16 |
10.11.255.12 |
<-> |
10.11.255.17 |
10.11.255.13 |
<-> |
10.11.255.18 |
10.11.255.14 |
<-> |
10.11.255.19 |
10.11.255.21 |
<=> |
10.11.255.26 |
10.11.255.22 |
<=> |
10.11.255.27 |
10.11.255.23 |
<=> |
10.11.255.28 |
10.11.255.24 |
<=> |
10.11.255.29 |
BR BR Now with only having roughly one SuperNode for each 10 IP addresses seems excessive but between having upto 5 core servers (only 3 are now used but the ability to add two extra servers would be good planning) and using a base 10 counting between SuperNodes allows for an administrator to easily figure out what SuperNode the core servers are tunneled with just by the IP pair. BR BR Another reason to have extra IP pairs possible between the group of Core IPs and SuperNode IPs would be if direct links via wireless or a different ISP was provided for failsafe tunnels that could be made between the SuperNodes and the Core Servers. BR BR Now this situation will scale up to 25 SuperNodes for the exsisting VPN IP block. This should be plenty enough for the initial setup of the core VPN network. Thinking ahead having more than 25 SuperNodes is a possibility, so the idea of having a few extra reserve 24 bit subnets might have to come into consideration. ZeroConf is also an option if the tun interfaces are tested with it in a OpenVPN tunnel. BR BR The testing for sharing the same tun interface IP is not complete, but having one VPN reserve IP per Node is the best solution and having those IP be negotated via ZeroConf to reduce maintence of the VPN tunnels. The IP addresses for the reserved VPN subnet would not be routable IPs but would be used as gateway IPs for subnets on the destination end of the VPN tunnel. The routes to the destination subnets would be configured via iBGP and allow the VPN tunnels to be dynamically assigned then the routes setup by BGP.
References:
http://openvpn.sourceforge.net/
Created By: JimmySchmierbach