Improved local discovery using local edge addresses #26
Conversation
|
On Sat, Jun 28, 2014 at 01:22:25PM -0700, Etienne Dechamps wrote:
Actually, you don't need to bump the protocol or worry about older In send_add_edge() you do: x = send_request(c, "%d %x %s %s %s %s %x %d %s %s", ADD_EDGE, rand(), e->from->name, e->to->name, address, port, e->options, e->weight, local_address, local_port); At the moment I don't have time to verify it, but I believe that it will The rest looks fine, and I think you can remove the Met vriendelijke groet / with kind regards, |
Nice, thanks. I updated the code and verified everything works properly when communicating with nodes that don't have these commits. I also made a subtler change to send "unknown" addresses instead of using the old
I don't follow. In your example
Done. I also added two additional commits that make more "controversial" changes. Rationale can be found in the commit messages. Feel free to ignore these commits if you disagree with the changes. |
In addition to the remote address, each edge now stores the local address from the point of view of the "from" node. This information is then made available to other nodes through a backwards-compatible extension to ADD_EDGE messages. This information can be used in future code to improve packet routing.
This introduces a new way of doing local discovery: when tinc has local address information for the recipient node, it will send local discovery packets directly to the local address of that node, instead of using broadcast packets. This new way of doing local discovery provides numerous advantages compared to using broadcasts: - No broadcast packets "polluting" the local network; - Reliable even if the sending host has multiple network interfaces (in contrast, broadcasts will only be sent through one unpredictable interface) - Works even if the two hosts are not on the same broadcast domain. One example is a large LAN where the two hosts might be on different local subnets. In fact, thanks to UDP hole punching this might even work if there is a NAT sitting in the middle of the LAN between the two nodes! - Sometimes a node is reachable through its "normal" address, and via a local subnet as well. One might think the local subnet is the best route to the node in this case, but more often than not it's actually worse - one example is where the local segment is a third party VPN running in parallel, or ironically it can be the local segment formed by the tinc VPN itself! Because this new algorithm only checks the addresses for which an edge is already established, it is less likely to fall into these traps.
The new local address based local discovery mechanism is technically superior to the old broadcast-based one. In fact, the old algorithm can technically make things worse by e.g. sending broadcasts over the VPN itself and then selecting the VPN address as the node's UDP address. This cannot happen with the new mechanism. Note that this means old nodes that don't send their local addresses in ADD_EDGE messages can't be discovered, because there is no address to send discovery packets to. Old nodes can still discover new nodes by sending them broadcasts, though.
Recent improvements to the local discovery mechanism makes it cheaper, more network-friendly, and now it cannot make things worse (as opposed to the old mechanism). Thus there is no reason not to enable it by default.
This branch implements an idea that I published a year ago about improving the local discovery feature and make it much more reliable. There are several significant changes:
local_addressfield toedge_t. The new field contains the local address offrom's metaconnection socket toto(in contrast toaddresswhich contains the peer address).ADD_EDGEmessages, in a backward-compatible way. The minor protocol number is bumped accordingly, and the new message format is only sent to nodes that understand them.This new way of doing local discovery provides numerous advantages compared to using broadcasts:
The new local discovery behavior is controlled by a new
LocalDiscoveryBroadcastoption (edge local addresses, however, are always transmitted if possible). It defaults to the old behavior. @gsliepen: the reason it defaults to the old behavior is to keep the branch "neutral", but it probably makes more sense to enable it by default, since this new mechanism is vastly superior to using broadcasts IMHO. In fact I believe the old mechanism should probably be deleted once there is a good penetration of local edge address aware clients.Testing: I tested this between two local nodes connected to a non-local third node, it seems to work perfectly. Note that currently this is broken with SPTPS because
sptps_verify_datagram()is not implemented which breakstry_harder(), preventing the discovered address from being used. To be clear, this is not a regression: local discovery was already broken because of this. I verified that this works even with SPTPS by writing a quick & dirty implementation ofsptps_verify_datagram(). I intend on cleaning up this fix in another pull request.