Hello. I wonder if someone here performe such large scale tinc-vpn tests.. There are platforms like Imunes or CORE to do generic Ethernet and IP testing and routing, but I found that at least on Imunes it is problematic to start TAP iface on vimage on FreeBSD (at least 4.11 with I use). To fix that, I think about coding in BSD NetGraph support to tinc. But first I need to do testing if actualy netgraph nodes ng_iface can be easly maintained within vimage. Additionaly, ng_iface does not support Ethernet, so Im stuck with IP. Regards, Borg
On Wed, Sep 23, 2015 at 09:07:16AM +0200, borg at uu3.net wrote:> I wonder if someone here performe such large scale > tinc-vpn tests.. There are platforms like Imunes or CORE > to do generic Ethernet and IP testing and routing, but I found > that at least on Imunes it is problematic to start TAP iface > on vimage on FreeBSD (at least 4.11 with I use).What do you want to do exactly? You can run a lot of tinc processes on a single machine without containers. You don't have to use a tun/tap interface, you can have tinc daemons interact with each other using VDE or just a multicast socket. Another option nowadays is to use network namespaces to containerize just the network part of each tinc instance. You can then run any networking tools in those namespaces as well, without having to result to network {si,e}mulator frameworks.> To fix that, I think about coding in BSD NetGraph support > to tinc. But first I need to do testing if actualy netgraph > nodes ng_iface can be easly maintained within vimage. > Additionaly, ng_iface does not support Ethernet, so Im stuck > with IP.Isn't there ng_ether? Anyway, if you want to do this, have a look at src/dummy_device.c and src/multicast_device.c. You probably want to make a netgraph_device.c then. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20150923/1c665489/attachment.sig>
On Wed, Sep 23, 2015 at 03:47:00PM +0200, Guus Sliepen wrote:> > Additionaly, ng_iface does not support Ethernet, so Im stuck > > with IP. > > Isn't there ng_ether?I meant ng_eiface. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20150923/2d3fe609/attachment.sig>
Well. I want to test subnet propagation, alternate paths, etc... Do this, I would use Imunes because im very familiar with it.. I want to build small test network around 10 nodes with different connectivity between them and then lay-out tinc network on it. Then I can just set BER=1 to kill links and see how things happen etc.. Nice spot about ng_eiface indeed. I'll check it out.. As for using one machine, I dont really understand how I could achieve this.. yeah, namespacing is an option.. never used it tho :) I will probably then go with implementing netgraph. Should not be too hard using BSD tap as template. ---------- Original message ---------- From: Guus Sliepen <guus at tinc-vpn.org> To: tinc-devel at tinc-vpn.org Subject: Re: Large scale tinc tests Date: Wed, 23 Sep 2015 15:47:00 +0200 Message-ID: <20150923134700.GJ17506 at sliepen.org> On Wed, Sep 23, 2015 at 09:07:16AM +0200, borg at uu3.net wrote:> I wonder if someone here performe such large scale > tinc-vpn tests.. There are platforms like Imunes or CORE > to do generic Ethernet and IP testing and routing, but I found > that at least on Imunes it is problematic to start TAP iface > on vimage on FreeBSD (at least 4.11 with I use).What do you want to do exactly? You can run a lot of tinc processes on a single machine without containers. You don't have to use a tun/tap interface, you can have tinc daemons interact with each other using VDE or just a multicast socket. Another option nowadays is to use network namespaces to containerize just the network part of each tinc instance. You can then run any networking tools in those namespaces as well, without having to result to network {si,e}mulator frameworks.> To fix that, I think about coding in BSD NetGraph support > to tinc. But first I need to do testing if actualy netgraph > nodes ng_iface can be easly maintained within vimage. > Additionaly, ng_iface does not support Ethernet, so Im stuck > with IP.Isn't there ng_ether? Anyway, if you want to do this, have a look at src/dummy_device.c and src/multicast_device.c. You probably want to make a netgraph_device.c then. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org>