Well. I want to test subnet propagation, alternate paths, etc... Do this, I would use Imunes because im very familiar with it.. I want to build small test network around 10 nodes with different connectivity between them and then lay-out tinc network on it. Then I can just set BER=1 to kill links and see how things happen etc.. Nice spot about ng_eiface indeed. I'll check it out.. As for using one machine, I dont really understand how I could achieve this.. yeah, namespacing is an option.. never used it tho :) I will probably then go with implementing netgraph. Should not be too hard using BSD tap as template. ---------- Original message ---------- From: Guus Sliepen <guus at tinc-vpn.org> To: tinc-devel at tinc-vpn.org Subject: Re: Large scale tinc tests Date: Wed, 23 Sep 2015 15:47:00 +0200 Message-ID: <20150923134700.GJ17506 at sliepen.org> On Wed, Sep 23, 2015 at 09:07:16AM +0200, borg at uu3.net wrote:> I wonder if someone here performe such large scale > tinc-vpn tests.. There are platforms like Imunes or CORE > to do generic Ethernet and IP testing and routing, but I found > that at least on Imunes it is problematic to start TAP iface > on vimage on FreeBSD (at least 4.11 with I use).What do you want to do exactly? You can run a lot of tinc processes on a single machine without containers. You don't have to use a tun/tap interface, you can have tinc daemons interact with each other using VDE or just a multicast socket. Another option nowadays is to use network namespaces to containerize just the network part of each tinc instance. You can then run any networking tools in those namespaces as well, without having to result to network {si,e}mulator frameworks.> To fix that, I think about coding in BSD NetGraph support > to tinc. But first I need to do testing if actualy netgraph > nodes ng_iface can be easly maintained within vimage. > Additionaly, ng_iface does not support Ethernet, so Im stuck > with IP.Isn't there ng_ether? Anyway, if you want to do this, have a look at src/dummy_device.c and src/multicast_device.c. You probably want to make a netgraph_device.c then. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org>
On Wed, Sep 23, 2015 at 08:01:59PM +0200, borg at uu3.net wrote:> Well. I want to test subnet propagation, alternate paths, etc... > Do this, I would use Imunes because im very familiar with it.. > I want to build small test network around 10 nodes with different > connectivity between them and then lay-out tinc network on it. > Then I can just set BER=1 to kill links and see how things happen etc..Ok, that doesn't sound too complicated.> As for using one machine, I dont really understand how I could achieve > this.. yeah, namespacing is an option.. never used it tho :)I don't know about the equivalent in FreeBSD, but in Linux it's quite easy to start a new network namespace and create Ethernet tunnels between them. For example, I have a script called "left" that looks like this: #!/bin/sh ip netns add left ip link add name left type veth peer name right ip link set left netns left ip netns exec left ifconfig left 192.168.124.1/24 up ip netns exec left tc qdisc del dev left root ip netns exec left tc qdisc add dev left root netem rate 10mbit delay 10ms if [ -z "$1" ]; then exec ip netns exec left $SHELL else exec ip netns exec left "$@" fi The first three lines create a namespace "left" and inside it a virtual ethernet device (also named "left") that will be connected to a similar one in the namespace "right". The next three lines bring up this interface and use Linux's network queueing disciplines to simulate a 10 Mbit/s link with a latency of 10 ms. You can easily add a discipline to create packet loss. You can also create firewall rules in each namespace separately. The rest just starts a given command or an interactive shell in the namespace. Of course I have a similar script called "right" that sets up the counterpart. These scripts allow me to quickly start two instances of tinc in a reasonably realistic scenario without having to create complete virtual machines. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20150923/61994d79/attachment.sig>
Oh.. thats sound indeed nice... FreeBSD 4.x had it loong time ago called vimage. You can combine vimage with ipfw + dummynet to achiewe bandwith, delay and BER on links. Now add to it handy GUI and you are done. http://borg.uu3.net/mirrors/www.tel.fer.hr/imunes/GUI-normal.gif Thx for info.. I will stick then to my first plan, since adapting Linux NS will take far too much time for now, compared what I already have in Imunes.. Regards, Borg ---------- Original message ---------- From: Guus Sliepen <guus at tinc-vpn.org> To: tinc-devel at tinc-vpn.org Subject: Re: Large scale tinc tests Date: Wed, 23 Sep 2015 20:19:04 +0200 Message-ID: <20150923181904.GL17506 at sliepen.org> On Wed, Sep 23, 2015 at 08:01:59PM +0200, borg at uu3.net wrote:> Well. I want to test subnet propagation, alternate paths, etc... > Do this, I would use Imunes because im very familiar with it.. > I want to build small test network around 10 nodes with different > connectivity between them and then lay-out tinc network on it. > Then I can just set BER=1 to kill links and see how things happen etc..Ok, that doesn't sound too complicated.> As for using one machine, I dont really understand how I could achieve > this.. yeah, namespacing is an option.. never used it tho :)I don't know about the equivalent in FreeBSD, but in Linux it's quite easy to start a new network namespace and create Ethernet tunnels between them. For example, I have a script called "left" that looks like this: #!/bin/sh ip netns add left ip link add name left type veth peer name right ip link set left netns left ip netns exec left ifconfig left 192.168.124.1/24 up ip netns exec left tc qdisc del dev left root ip netns exec left tc qdisc add dev left root netem rate 10mbit delay 10ms if [ -z "$1" ]; then exec ip netns exec left $SHELL else exec ip netns exec left "$@" fi The first three lines create a namespace "left" and inside it a virtual ethernet device (also named "left") that will be connected to a similar one in the namespace "right". The next three lines bring up this interface and use Linux's network queueing disciplines to simulate a 10 Mbit/s link with a latency of 10 ms. You can easily add a discipline to create packet loss. You can also create firewall rules in each namespace separately. The rest just starts a given command or an interactive shell in the namespace. Of course I have a similar script called "right" that sets up the counterpart. These scripts allow me to quickly start two instances of tinc in a reasonably realistic scenario without having to create complete virtual machines. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org>