29 Mar
2014
29 Mar
'14
2:32 a.m.
IMHO the whole "full mesh" approach is the only practical approach to allow
easy configuration.
Let me motivate this:
1.) IPIP is to my knowledge the only tunneling protocol available in
standard linux distributions that allows point to multipoint connections
(other OSes don't have any).
Being stateless, it allows, based on non-standard use of kernel routes, to
send encapsulated data to an arbitrary number of destinations, using a
single virtual network interface.
2.) Again, because it is stateles, it does not have to send any control or
keep-alive data on the tunnel to check the availability of endpoints, thus
reducing data flow.
Data is sent only if there is an active data exchange between peers, on a on
demand basis.
3.) In order to provide a somehow dynamic routing table with regard to the
various tunnel endpoints, initially there was this encap file, not providing
routing info, but actual endpoint addresses for the needed tunnels (see 1).
4.) Because there was a need to have faster endpoint address updates, the
RIPv2 broadcast method was introduced. Again it is not used as a dynamic
routing protocol, but as a tunnel endpoint update method.
The fact that it has the form of a routing protocol was just a choice not to
reinwent the wheel by developing a proprietary protocol. This is why the
processing of the RIPv2 boradcasts can not be done using standard routing
tools, like e.g. quagga, but needs a custom mage script/daemon.
Any stateful approach by using classical P2P links will take away these
advantages:
1.) One will need an individual network interface for every peer he wants
to connect to, in order to be able to use that connection in a stateful
manner (about 340 tunnels at the moment).
This is the approach used on some routers not allowing P2MP on IPIP
interfaces, e.g. mikrotik, even for classic IPIP setups, loosing the dynamic
setup capability of the RIP broadcasts, since a script is needed to allow
the setup of such a large number of tunnel interfaces.
2.) Each such interface will have its own routing and firewalling rules to
be taken in account.
3.) Stateful P2P links have active data exchanges all the time, to be able
to provide their link status to the endpoint hosts.
Using a direct global route announcement using BGP has also some drawbacks,
especially regarding costs.
1.) A BGP enabled subnet in most of the countries is astronomically costly,
being regarded as a "professional" network approach by the ISPs
2.) You most likely need a router capable of processing a full internet BGP
table, which is HUGE, comprising more than 48k prefixes reaching a size of
over 10MB. This needs filtering, big memory resources and fast CPUs.
Raspberies won't do the job here.
3.) You will still have to provide tunnels in order to reach and be reached
by 44net islands not using BGP.
Correctly setting up a stateful tunneled system or a BGP enabled network is
certainly more complicated than a P2MP IPIP tunneling system.
73s de Marius, YO2LOJ