-
Notifications
You must be signed in to change notification settings - Fork 322
fastd L2TP Offloading on Supernodes
Tom Herbers edited this page Aug 14, 2022
·
3 revisions
In addition to the General Steps outlined in the docs here are some concrete examples how the Network config could be done.
-
https://git.darmstadt.ccc.de/ffda/infra/salt/-/tree/master/fastd/files/hooks
- Peer interfaces are configured as isolated bridge ports in a bridge that is connected to a batman-adv switch
- This allows letting daemons like mesh-announce listen on the bridge instead of needing to do that on all interfaces.
- Expects the bridge to be preconfigured outside of fastd
- Establish hook (
up) expects bridge name as first argument
- Peer interfaces are configured as isolated bridge ports in a bridge that is connected to a batman-adv switch
Within the fastd config on our Gateways the interface config option is set to dom0p-%k.
# grep %k /etc/fastd/dom0_1312/fastd.conf
interface "dom0p-%k";
# cat /etc/systemd/network/45-bat-dom{{ domain_id }}.netdev
[NetDev]
Description=Netdev Config for Domain {{ domain_id }} B.A.T.M.A.N. Advanced interface
Name=dom{{ domain_id }}-bat
Kind=batadv
MACAddress={{ mac_address }}}
[BatmanAdvanced]
OriginatorIntervalSec=5
RoutingAlgorithm=batman-iv
GatewayMode=server
GatewayBandwidthDown=900M
GatewayBandwidthUp=900M
DistributedArpTable=True
HopPenalty=60# cat /etc/systemd/network/45-bat-dom{{ domain_id }}.network
[Match]
Name=dom{{ domain_id }}-bat
[Network]
Description=Network Config for Domain {{ domain_id }} B.A.T.M.A.N. Advanced interface
IPv6AcceptRA=False# cat /etc/systemd/network/75-dom{{ domain_id }}p-peers.netdev
[NetDev]
Description=Bridge for all fastd Domain {{ domain_id }} tap interfaces
Name=dom{{ domain_id }}p-peers
Kind=bridge
[Bridge]
STP=off# cat /etc/systemd/network/75-dom{{ domain_id }}p-peers.network
[Match]
Name=dom{{ domain_id }}p-peers
Kind=bridge
[Network]
Description=Bridge for all fastd Domain {{ domain_id }} tap interfaces
IPv6AcceptRA=False
BatmanAdvanced=dom{{ domain_id }}-bat
[Link]
RequiredForOnline=FalseMatch all Domain {{ domain_id }} tap interfaces and add them as isolated Interfaces to the dom{{ domain_id }}p-peers bridge.
# cat /etc/systemd/network/77-vpn-dom{{ domain_id }}-peer.network
[Match]
Name=dom{{ domain_id }}p-*
[Network]
Description=Network Config for all Domain {{ domain_id }} fastd tap interfaces
IPv6AcceptRA=False
Bridge=dom{{ domain_id }}p-peers
[Bridge]
Isolated=TrueTools:
- Prometheus
- fastd-exporter
- node-exporter
Rule to alert if a fastd connection was established but their isn't a coresponding interface:
alert: fastd_peer_info{fastd_instance=~"dom0.*",method!="null@l2tp"} unless on(interface) label_join(node_network_carrier{device=~"dom0p.*"}, "interface", "", "device")
for: 5m
labels:
severity: warning
annotations:
description: A fastd peer link is not up
summary: Link {{ $labels.interface }} on {{ $labels.instance }} is down
Saddly with fastd v22 this doesn't work for connections with the null@l2tp method. But a fix was already pushed to master.
-
Usage
-
Community
-
Development
- Device Integration
- Roadmap
- Release-life-cycle
- Protocols
- Meeting 2024/02
- Meeting 2024/01
- Meeting 2023/06
- Meeting 2023/05
- Meetup-CCCamp
- Meeting 2023/04
- Meeting 2023/03
- Meeting 2023/02
- Meeting 2023/01
- Meeting 2022/06
- Meeting 2022/05
- Meeting 2022/04
- Meeting 2022/03
- Meeting 2022/02
- Meeting 2022/01
- Meeting 2021/01
- Meeting 2019/01
- Meeting 2018/03
- Meeting 2018/02
- Meeting 2018/01
- Meeting 2017/01
- Concepts
- Release Process
-
Debugging