[Cerowrt-devel] babeld change

[Cerowrt-devel] babeld change

[Dave Taht]

There is a lot of interesting work coming up on babel, and I've not
got around to trying to merge the homenet work into quagga. I am
thinking of switching back (at least temporarily) to the standalone
babeld daemon rather than quagga-babeld to test out the algorithms
there. Any objections?

-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] babeld change

[Toke Høiland-Jørgensen]

[-- Attachment #1: Type: text/plain, Size: 1131 bytes --]

Dave Taht <dave.taht@gmail.com> writes:

> There is a lot of interesting work coming up on babel, and I've not
> got around to trying to merge the homenet work into quagga. I am
> thinking of switching back (at least temporarily) to the standalone
> babeld daemon rather than quagga-babeld to test out the algorithms
> there. Any objections?

Fine with me; I've been exclusively running the standalone babeld. Note
that the new multi-wan IPv6 stuff makes babel not pick up the default
routes for ipv6 unless you add extra import_table statements. My
/etc/config/babel has this in it:

config general
        option 'conf_file' '/etc/babeld.conf'
        list 'import_table' '254'
        list 'import_table' '1007'

The last value might vary depending on the setup; not sure how the table
names are generated by netifd, but it's been quite stable on my device
at 1007.

There's a patch for babeld to support this in ceropackages, but if
you're going to go to newest git it should have been merged upstream.
The init script in ceropackages is patched to support this syntax;
haven't gotten that upstreamed to openwrt iirc...

-Toke

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 489 bytes --]

Re: [Cerowrt-devel] babeld change

[Dave Taht]

On Sun, Jun 16, 2013 at 2:47 PM, Toke Høiland-Jørgensen <toke@toke.dk> wrote:
> Dave Taht <dave.taht@gmail.com> writes:
>
>> There is a lot of interesting work coming up on babel, and I've not
>> got around to trying to merge the homenet work into quagga. I am
>> thinking of switching back (at least temporarily) to the standalone
>> babeld daemon rather than quagga-babeld to test out the algorithms
>> there. Any objections?
>
> Fine with me; I've been exclusively running the standalone babeld. Note
> that the new multi-wan IPv6 stuff makes babel not pick up the default

Hmm. Does this mean you have 6in4 working correctly in your build of
cero? I'm still just doing it with a script, not netifd.

> routes for ipv6 unless you add extra import_table statements. My
> /etc/config/babel has this in it:
>
> config general
>         option 'conf_file' '/etc/babeld.conf'
>         list 'import_table' '254'
>         list 'import_table' '1007'
>
> The last value might vary depending on the setup; not sure how the table
> names are generated by netifd, but it's been quite stable on my device
> at 1007.

Hmm. We're back at wanting a message bus or std kernel api for dealing
with the ip rule database again... I fear that things like openvpn or
strongswan will really mess with this.

> There's a patch for babeld to support this in ceropackages, but if

Babel head has three branches doing new stuff. In particular, the
configuration syntax is changing in some respects...

hah. I just realized that a couple of the commits in babeld head were
yours. cool. no need for me to lecture.

One thing that always bugged me about previous versions of babeld was
that it didn't chomp whitespace at the end of a line, hopefully that's
fixed somewhere in this patch series...

> you're going to go to newest git it should have been merged upstream.
> The init script in ceropackages is patched to support this syntax;
> haven't gotten that upstreamed to openwrt iirc...

While I'm at it I note that robert bradley's attempt at atomic route
updates for babel appears to fail on 3.10rc3 on x86, leaving behind
routes, and or leaving behind permanently unreachable ones. Sigh.

>
> -Toke



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] babeld change

[Toke Høiland-Jørgensen]

[-- Attachment #1: Type: text/plain, Size: 1582 bytes --]

Dave Taht <dave.taht@gmail.com> writes:

> Hmm. Does this mean you have 6in4 working correctly in your build of
> cero? I'm still just doing it with a script, not netifd.

Yeah. I have this in /etc/config/network:

config interface sixxs
        option 'proto' '6in4'
        option 'ifname' 'sixxs'
        option peeraddr '<sixxs ipv4 endpoint>
        option ip6addr '<ipv6 endpoint addr>'
        option ip6prefix '<ipv6 prefix>/48'
        option mtu '1480'
        option ipaddr '<public ipv4 addr as assigned to ge00>'

and each internal interface definition then has a

	option 'ip6assign' '64'

optionally with

	option 'ip6hint '1'

to force the <prefix>:1::/64 subnet to be assigned to the interface.

> Hmm. We're back at wanting a message bus or std kernel api for dealing
> with the ip rule database again... I fear that things like openvpn or
> strongswan will really mess with this.

Isn't that message bus called netlink?

> Babel head has three branches doing new stuff. In particular, the
> configuration syntax is changing in some respects...

Yeah, I noticed everything is becoming configurable from the config file.

> hah. I just realized that a couple of the commits in babeld head were
> yours. cool. no need for me to lecture.

Well, my setup broke when openwrt did the multi-wan stuff. Had to fix
that... :P

> One thing that always bugged me about previous versions of babeld was
> that it didn't chomp whitespace at the end of a line, hopefully that's
> fixed somewhere in this patch series...

Isn't that something you set your editor to do? :P

-Toke

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 489 bytes --]

[Cerowrt-devel] Field Report - installing 3.8.13-7

[Rich Brown]

Folks,

I installed 3.8.13-7 on my WNDR3800. I used TFTP, not the default web GUI to upload the firmware. (Note - the recommendation is now to use the web GUI.)

I then ran two installation scripts to complete the custom configuration (see these pages for passwords, time zones, SSIDs, and also 6in4 configuration)

- http://www.bufferbloat.net/projects/cerowrt/wiki/Automated_Configuration_of_CeroWrt
- http://www.bufferbloat.net/projects/cerowrt/wiki/IPv6_Tunnel

The router seems to be working as expected. I have not tried any serious performance tests, but a quick test of ping latency under load showed that the simplest-qos.h seemed to be working.

As noted above, 6in4 addresses seem to work, however, I did see a lot of error messages as a result of running the 6in4 tunnel configuration script. I've attached it to see if there's anything amiss… 

Thanks!

Rich Brown
Hanover, NH USA

------------

root@cerowrt:/tmp# sh tunnel.sh
Downloading http://snapon.lab.bufferbloat.net/~cero2/cerowrt/wndr/3.8.13-7/packages/Packages.gz.
Updated list of available packages in /var/opkg-lists/berlin.
Package 6in4 (14-1) installed in root is up to date.
Setting up HE.net tunnel
Restarting network... "Device busy (-16)" messages are OK.
command failed: Device or resource busy (-16)
Configuration file: /var/run/hostapd-phy0.conf
Using interface sw00 with hwaddr 2c:b0:5d:7f:47:6a and ssid "CEROwrt"
Using interface gw00 with hwaddr 2e:b0:5d:7f:47:6b and ssid "CEROwrt-guest"
command failed: Device or resource busy (-16)
Configuration file: /var/run/hostapd-phy1.conf
handle_probe_req: send: Resource temporarily unavailable
handle_probe_req: send: Resource temporarily unavailable
Using interface sw10 with hwaddr 2c:b0:5d:7f:47:6c and ssid "CEROwrt5"
Using interface gw10 with hwaddr 2e:b0:5d:7f:47:6d and ssid "CEROwrt-guest5"
Restarting firewall...
Warning: Option @defaults[0].synflood_rate has invalid value '200'
Warning: Section @rule[0] (domain) does not specify a protocol, assuming TCP+UDP
 * Flushing IPv4 filter table
 * Flushing IPv4 nat table
 * Flushing IPv4 mangle table
 * Flushing IPv4 raw table
 * Flushing IPv6 filter table
 * Flushing IPv6 mangle table
 * Flushing IPv6 raw table
 * Flushing conntrack table ...
 * Populating IPv4 filter table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
   * Rule 'domain'
   * Rule 'ntp'
   * Rule 'dhcp4'
   * Rule 'printers'
   * Rule 'Useful Services'
   * Rule 'blockconfig'
   * Rule 'blockconfig2'
   * Forward 'lan' -> 'wan'
   * Forward 'wan' -> 'lan'
   * Forward 'guest' -> 'wan'
   * Forward 'lan' -> 'guest'
   * Forward 'wan' -> 'guest'
 * Populating IPv4 nat table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
 * Populating IPv4 mangle table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
 * Populating IPv4 raw table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
 * Populating IPv6 filter table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
   * Rule 'domain'
   * Rule 'ntp'
   * Rule 'printers'
   * Rule 'Useful Services'
   * Rule 'ipv6 dfz'
   * Rule 'icmpv6'
   * Rule 'blockconfig'
   * Rule 'Allow-DHCPv6'
   * Rule 'blockconfig2'
   * Forward 'lan' -> 'wan'
   * Forward 'wan' -> 'lan'
   * Forward 'guest' -> 'wan'
   * Forward 'lan' -> 'guest'
   * Forward 'wan' -> 'guest'
 * Populating IPv6 mangle table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
 * Populating IPv6 raw table
   * Zone 'wan'
   * Zone 'lan'
   * Zone 'guest'
 * Set tcp_ecn to on
 * Set tcp_syncookies to on
 * Set tcp_window_scaling to on
Done. You should restart the router now to make these take effect.
root@cerowrt:/tmp

Re: [Cerowrt-devel] Field Report - installing 3.8.13-7

[Toke Høiland-Jørgensen]

[-- Attachment #1: Type: text/plain, Size: 1025 bytes --]

Rich Brown <richb.hanover@gmail.com> writes:

> As noted above, 6in4 addresses seem to work, however, I did see a lot
> of error messages as a result of running the 6in4 tunnel configuration
> script. I've attached it to see if there's anything amiss…

Have never used the 6in4 script, but a few of the messages have to do
with the new firewall script:

> Warning: Option @defaults[0].synflood_rate has invalid value '200'

This is because the value is wrong. It should be '200/s' and not '200'.
That's a bug, I believe (though a minor one). Fixed in git; you can
manually add the /s in your /etc/config/firewall if you want to shut it
up. :)

> Warning: Section @rule[0] (domain) does not specify a protocol,
> assuming TCP+UDP

The new firewall script complains when no protocol is set, but it does
the right thing, so not really sure if I would call it a bug; should be
fixed in git as well, though.

The rest of the output is because the new firewall is more verbose than
the old one.

-Toke

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 489 bytes --]

Re: [Cerowrt-devel] Field Report - installing 3.8.13-7

[Dave Taht]

On Sun, Jun 16, 2013 at 3:29 PM, Toke Høiland-Jørgensen <toke@toke.dk> wrote:
> Rich Brown <richb.hanover@gmail.com> writes:
>
>> As noted above, 6in4 addresses seem to work, however, I did see a lot
>> of error messages as a result of running the 6in4 tunnel configuration
>> script. I've attached it to see if there's anything amiss…

I'm still looking for benchmark data on the rrul test over 6in4.

I spoke to a hurricane guy about how they do tunnelling, I think there
is some fq_codel work to be done over there to help their gateways out
in the long run.

> Have never used the 6in4 script, but a few of the messages have to do
> with the new firewall script:
>
>> Warning: Option @defaults[0].synflood_rate has invalid value '200'
>
> This is because the value is wrong. It should be '200/s' and not '200'.

It used to be right.

> That's a bug, I believe (though a minor one). Fixed in git; you can

THX! Polishing up the fenders...

> manually add the /s in your /etc/config/firewall if you want to shut it
> up. :)

I note that in older versions of openwrt the synflood rate was set
very low, low enough to be triggered by benchmarks like google
chrome's web page benchmark. I don't know the default now.

Worse, fixed rate limits like this don't scale up or down well. There
are similar fixed rate limits for ipv6 icmp traffic (which cero
doesn't do) in the default openwrt firewall rules. I would definately
argue that icmp and icmpv6 should be rate limited as a percentage of
your overall bandwidth and/or tossed into a special fq_codel class
and/or classified background, as someone doing a fast ping probe from
a fast host of your entire /48 will eat your entire uplink easily
without some limits in place.

>
>> Warning: Section @rule[0] (domain) does not specify a protocol,
>> assuming TCP+UDP
>
> The new firewall script complains when no protocol is set, but it does
> the right thing, so not really sure if I would call it a bug; should be
> fixed in git as well, though.
>
> The rest of the output is because the new firewall is more verbose than
> the old one.
>
> -Toke
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>



-- 
Dave Täht

Fixing bufferbloat with cerowrt: http://www.teklibre.com/cerowrt/subscribe.html

Re: [Cerowrt-devel] Field Report - installing 3.8.13-7

[Rich Brown]

Toke,

>> Warning: Option @defaults[0].synflood_rate has invalid value '200'
> 
> This is because the value is wrong. It should be '200/s' and not '200'.
> That's a bug, I believe (though a minor one). Fixed in git; you can
> manually add the /s in your /etc/config/firewall if you want to shut it
> up. :)

Yes, s\200\200/s\ eliminates that message. It'd good to get rid of the warning about TCP+UDP as well.

I always offer these comments in the spirit of, "We promise not to fix it if we don't know it's broke :-)" 

Best,

Rich

Re: [Cerowrt-devel] babeld change

[Steven Barth]

[-- Attachment #1: Type: text/plain, Size: 1691 bytes --]

The table numbers are generated sequientally for each logical interface in /etc/config/network starting with 1001. You can override them by setting e.g.: option ip6table 1234 in that interface (e.g. the tunnel).

Cheers,
Steven



"Toke Høiland-Jørgensen" <toke@toke.dk> schrieb:

>Dave Taht <dave.taht@gmail.com> writes:
>
>> There is a lot of interesting work coming up on babel, and I've not
>> got around to trying to merge the homenet work into quagga. I am
>> thinking of switching back (at least temporarily) to the standalone
>> babeld daemon rather than quagga-babeld to test out the algorithms
>> there. Any objections?
>
>Fine with me; I've been exclusively running the standalone babeld. Note
>that the new multi-wan IPv6 stuff makes babel not pick up the default
>routes for ipv6 unless you add extra import_table statements. My
>/etc/config/babel has this in it:
>
>config general
>        option 'conf_file' '/etc/babeld.conf'
>        list 'import_table' '254'
>        list 'import_table' '1007'
>
>The last value might vary depending on the setup; not sure how the
>table
>names are generated by netifd, but it's been quite stable on my device
>at 1007.
>
>There's a patch for babeld to support this in ceropackages, but if
>you're going to go to newest git it should have been merged upstream.
>The init script in ceropackages is patched to support this syntax;
>haven't gotten that upstreamed to openwrt iirc...
>
>-Toke
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Cerowrt-devel mailing list
>Cerowrt-devel@lists.bufferbloat.net
>https://lists.bufferbloat.net/listinfo/cerowrt-devel

[-- Attachment #2: Type: text/html, Size: 2443 bytes --]

Re: [Cerowrt-devel] Field Report - installing 3.8.13-7

[Toke Høiland-Jørgensen]

[-- Attachment #1: Type: text/plain, Size: 319 bytes --]

Rich Brown <richb.hanover@gmail.com> writes:

> Yes, s\200\200/s\ eliminates that message. It'd good to get rid of the
> warning about TCP+UDP as well.

Well, to get rid of the other one you just need to add a line to the
rule block which has "option name 'domain'". The line to add is "option
proto 'tcp udp'".

-Toke

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 489 bytes --]