From: dpreed@reed.com
To: "David Lamparter" <equinox@diac24.net>
Cc: cerowrt-devel <cerowrt-devel@lists.bufferbloat.net>,
babel-users <babel-users@lists.alioth.debian.org>
Subject: Re: [Cerowrt-devel] [Babel-users] switching cerowrt to quagga-babeld issues
Date: Sat, 7 Jul 2012 11:53:05 -0400 (EDT) [thread overview]
Message-ID: <1341676385.321916162@apps.rackspace.com> (raw)
In-Reply-To: <20120706165935.GB2916974@jupiter.n2.diac24.net>
[-- Attachment #1: Type: text/plain, Size: 4183 bytes --]
Here's the architectural issue at the root of this issue (I think):
"P.S.: Also, NetworkManager and Quagga should never run on the same host.
NetworkManager does Host processing, Quagga does Router processing, and
those two are mutually exclusive."
It should be the case that a host and a router can exist and run in the same physical box, this is part of the IP architecture. But Linux's network stack may make this hard to achieve (maybe impossible without careful isolation of all the parts). If so, it is a Linux stack issue that arises from mingling host and router datagrams in a way that does not fully separate them.
So, it could be viewed as a bug in Linux (including NetworkManager and Quagga) that that separation is not achievable(achieved). NetworkManager spans the layers and manages Ethernet mostly, but sometimes views it through the IP lens, making some assumptions that are not always valid architectural invariants. NetworkManager assumes that there is only one primary host IP interface, for example, as I recall, even though IPv6 especially supports many IPv6 addresses in the same box for Hosts and for routers.
So the interfaces and IP addresses for the router must be managed separately from those in the host, even if on the same box.
The easiest way to do a very clean separation in Linux when sharing the physical NICs as link-endpoints among router and host functions is perhaps using virtualization of the NICs with VLANs and/or the TAP interface providing a virtual link between the router and host on the same box. (I haven't studied this in detail, but it seems straightforward with no gotchas). This would separate the host interfaces from the router ones unambiguously.
Then let NetworkManager see only the host-controlled interface, but let the other interfaces be out of NetworkManager's control.
-----Original Message-----
From: "David Lamparter" <equinox@diac24.net>
Sent: Friday, July 6, 2012 12:59pm
To: "Dave Taht" <dave.taht@gmail.com>
Cc: "babel-users" <babel-users@lists.alioth.debian.org>, "cerowrt-devel" <cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] [Babel-users] switching cerowrt to quagga-babeld issues
On Tue, Jul 03, 2012 at 09:18:43AM -0400, Dave Taht wrote:
> On Tue, Jul 3, 2012 at 8:35 AM, Denis Ovsienko <infrastation@yandex.ru> wrote:
> >> Does anybody know where this difference comes from?
> >
> > The difference comes from NetworkManager. Its efforts in reproducing
> > high-metric RTPROT_KERNEL routes with low-metric RTPROT_STATIC ones
> > are effectively hiding the kernel issue outside of CeroWrt runtime.
> > Would it be better to add a watchdog shell script, which does the
> > same, or patch the kernel?
>
> I would *much rather* patch the kernel than have a watchdog. However I
> don't quite understand
> the redistribution issue vs a vs ipv6 here. If I have a "redistribute
> kernel" on for ipv4, it does propagate the default route.
I'm not sure I understood your problem here, but if it boils down to
"zebra doesn't redistribute an IPv6 RA default route", then that's by
design and shouldn't be touched.
IPv6 RA is a router to host protocol. Routers should never accept
information from it, it is neither secure nor able to convey enough
details to prevent loops or dead-end routes.
This is also why enabling IPv6 forwarding disables reception of route
advertisements in-kernel.
If I understand correctly, your use-case is a mesh router that acts as a
host on a "parent" network. If so, this case should be handled by a
separate daemon that receives and processes IPv6 RAs, hopefully applies
some filtering. Also, this absolutely cannot be default behaviour.
If I misunderstood the issues, please ignore my mail.
Cheers,
-David
P.S.: Also, NetworkManager and Quagga should never run on the same host.
NetworkManager does Host processing, Quagga does Router processing, and
those two are mutually exclusive.
_______________________________________________
Cerowrt-devel mailing list
Cerowrt-devel@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cerowrt-devel
[-- Attachment #2: Type: text/html, Size: 5319 bytes --]
next prev parent reply other threads:[~2012-07-07 15:53 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CAA93jw40kiOwDnOzG-_jUn7nKpky59bNBTec8ynjVwJJhKxr0Q@mail.gmail.com>
[not found] ` <2187151341044351@web9d.yandex.ru>
[not found] ` <7isjdcpm1q.fsf@lanthane.pps.jussieu.fr>
[not found] ` <40851341093226@web25d.yandex.ru>
[not found] ` <7ik3yoz7p2.fsf@lanthane.pps.jussieu.fr>
[not found] ` <CAA93jw5p9EqoK09Y_AXaHG_DfH-u_QDYU_FKOK_hhxBRDcuqAA@mail.gmail.com>
[not found] ` <1521341229978@web13h.yandex.ru>
2012-07-02 15:36 ` Dave Taht
2012-07-02 16:16 ` L. Aaron Kaplan
2012-07-02 16:44 ` Dave Taht
2012-07-02 16:54 ` L. Aaron Kaplan
2012-07-02 17:13 ` [Cerowrt-devel] DLEP [was: switching cerowrt to quagga-babeld issues] Juliusz Chroboczek
2012-07-02 17:36 ` [Cerowrt-devel] [Babel-users] " Henning Rogge
2012-07-02 19:50 ` [Cerowrt-devel] " L. Aaron Kaplan
2012-07-02 20:54 ` [Cerowrt-devel] [Babel-users] switching cerowrt to quagga-babeld issues Denis Ovsienko
2012-07-03 8:10 ` Denis Ovsienko
2012-07-03 12:35 ` Denis Ovsienko
2012-07-03 12:47 ` Gabriel Kerneis
2012-07-03 13:18 ` Dave Taht
2012-07-03 14:14 ` [Cerowrt-devel] " Denis Ovsienko
2012-07-06 16:36 ` [Cerowrt-devel] [Babel-users] " Denis Ovsienko
2012-07-06 16:52 ` [Cerowrt-devel] IPv6 RA and RTPROT_whatever [was: switching cerowrt to quagga-babeld issues] Juliusz Chroboczek
2012-07-03 19:17 ` [Cerowrt-devel] [Babel-users] switching cerowrt to quagga-babeld issues Jim Gettys
2012-07-06 16:59 ` David Lamparter
2012-07-07 15:53 ` dpreed [this message]
2012-07-03 15:28 ` Robert Bradley
2012-07-03 15:55 ` Robert Bradley
2012-07-04 11:34 ` Denis Ovsienko
2012-07-05 14:15 ` dpreed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1341676385.321916162@apps.rackspace.com \
--to=dpreed@reed.com \
--cc=babel-users@lists.alioth.debian.org \
--cc=cerowrt-devel@lists.bufferbloat.net \
--cc=equinox@diac24.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox