SlideShare a Scribd company logo

FFMUC: Half a year with WireGuard

A
Annika Wickert

A talk for the #FFWCW event on half a year of WireGuard in our network

Internet
1 of 21
Download to read offline
FFMUC: Half a year with WireGuard VXLAN + B.A.T.M.A.N. and some python included FFWCW 2021
awlnx ● Annika Wickert ● Senior Network Engineer / OpenSource since 2010 ● Twitter @awlnx / Github @awlx 2 Who am I?
3 FFMUC? • Freie Netze München e.V. since 2014 • Community Freifunk München since 2004 • Wifi • #FFMEET • DoH/DoT/DNSCrypt/DNS • Streaming
4 FFMUC ran on fastd • FFMUC was built with fastd and B.A.T.M.A.N. • We got bigger compute nodes and bigger uplinks - we wanted to leverage the resources • We didn’t want to change too much at once => not too much risk • So why not change _only_ the transport network and keep B.A.T.M.A.N.
5 Wireguard vs fastd • Fastd is a single threaded userspace process • WireGuard runs in kernel space thus has to be multi threaded • WireGuard cannot transport Layer 2 protocols - B.A.T.M.A.N. is one ... • We need another encapsulation which solves this problem => VXLAN Wireguard VXLAN B.A.T.M.A.N.
6 What does it look like in the end?
7 Challenges we already knew • No systemd-networkd support for B.A.T.M.A.N. • We are an open network - we don’t want node owners to signup • WireGuard has a pre-shared key infra => we need a daemon which handles incoming keys and programs them to the gateways
8 WGKex!
9 How does it work? • WireGuard peers on the gateways are created by wgkex • Allowed IP is derived from the public key of the node • VxLAN Forwarding database entries are created by wgkex
10 Get in touch with maintainers • To get validation data correct for wgkex etc • We contacted WireGuard maintainers early in the process • Asked questions about known scaling issues • Opened PRs early as drafts to see if there is a chance of merging • systemd-networkd https://github.com/systemd/systemd/pull/17252 • gluon-community-packages https://github.com/freifunk-gluon/community-packages/pull/6
11 Solve problems upstream! • We invested much time in systemd-networkd • We wanted to get our stuff merged in upstream • No custom solutions for our setup, just upstream compatible which solves many resource problems in the future
12 Gateways • Everything is automated with Saltstack • systemd-networkd takes care of all interfaces • 800 - 1000 Nodes per gateway are easy • We are able to run whole FFMUC on just two gateways
13 Debugging … Flamegraphs and Bugs • WireGuard performs well but we have too much load on our gateways. Why?
14 Upstream fixes! • B.A.T.M.A.N. ■ https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/20201126 153120.1053700-1-sven@narfation.org/ ■ https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/20201127 173849.19208-4-sw@simonwunderlich.de/ ■ https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/20201127 173849.19208-2-sw@simonwunderlich.de/ • VxLAN ■ https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/20201126 125247.1047977-1-sven@narfation.org/
15 Keep your NTP sync! • Sync NTP before you try to connect to WireGuard • If you don’t do that many funky things happen • OpenWRT defaults its clock to build date of firmware so it works the first few days after release … because it’s good enough
16 Not enough random during boot • ERX didn’t have a good enough random seed … • After flashing, it’s unreachable for … hours … days … maybe weeks? => fixed https://github.com/oszilloskop/UBNT_ERX_Gluon_Factory-Image/issues/ 3
17 So is it faster?
18 Lessons learned • Commit as much stuff as possible upstream • Work close with upstream • Get much feedback from all the communities/other people • Involve as many people as you can • Start your project anyway ;)
19 What’s next? • We want to get rid of B.A.T.M.A.N. for gateway uplinks (make broadcast domains small) ■ Should boost performance by 5x to 7x depending on CPU ■ Maybe VxLAN first, then a fully routed approach ■ https://github.com/freifunkMUC/site-ffm/issues/87
20 Community • Freifunk Darmstadt and Freifunk Regensburg helped a lot during development of wgkex! • B.A.T.M.A.N. developers helped a lot during debugging the performance issue and created many bugfixes • Everything is opensource and available on Github https://github.com/freifunkMUC • More background and all fixes: https://ffmuc.net/freifunkmuc/2020/12/03/wireguard-firmware/
21 Thanks to everyone involved • Freifunk Darmstadt @hexa • Freifunk Regensburg @MoepMan • Freifunk Hannover @aiyion, @Codefetch • systemd Yu Watanabe, Lennart Poettering • WireGuard Jason A. Donenfeld • B.A.T.M.A.N. @ecsv @T_X • All the folks of FFMUC for testing • Everyone else who we forgot and was involved in any way => Community rocks! #Together #OpenSource

Recommended

FFMUC presents #ffmeet - #virtualUKNOF
FFMUC presents #ffmeet - #virtualUKNOFFFMUC presents #ffmeet - #virtualUKNOF
FFMUC presents #ffmeet - #virtualUKNOFAnnika Wickert
 
FFMEET: running a non-profit conference system
FFMEET: running a non-profit conference systemFFMEET: running a non-profit conference system
FFMEET: running a non-profit conference systemAnnika Wickert
 
FFMUC goes wild - Infrastructure recap 2020 #rc3
FFMUC goes wild - Infrastructure recap 2020 #rc3FFMUC goes wild - Infrastructure recap 2020 #rc3
FFMUC goes wild - Infrastructure recap 2020 #rc3Annika Wickert
 
Bio routing - DKNOG9
Bio routing - DKNOG9Bio routing - DKNOG9
Bio routing - DKNOG9Annika Wickert
 
Freifunk Munich - How to scale Jitsi
Freifunk Munich - How to scale JitsiFreifunk Munich - How to scale Jitsi
Freifunk Munich - How to scale JitsiAnnika Wickert
 
FFMUC jitsi-report after first two weeks
FFMUC jitsi-report after first two weeks FFMUC jitsi-report after first two weeks
FFMUC jitsi-report after first two weeks Annika Wickert
 
Flow monitoring explained - From packet capture to data analysis - the use of...
Flow monitoring explained - From packet capture to data analysis - the use of...Flow monitoring explained - From packet capture to data analysis - the use of...
Flow monitoring explained - From packet capture to data analysis - the use of...Annika Wickert
 
WebRTC & Asterisk 11
WebRTC & Asterisk 11WebRTC & Asterisk 11
WebRTC & Asterisk 11Sanjay Willie
 

Recommended

FFMUC presents #ffmeet - #virtualUKNOF
FFMUC presents #ffmeet - #virtualUKNOFFFMUC presents #ffmeet - #virtualUKNOF
FFMUC presents #ffmeet - #virtualUKNOFAnnika Wickert
 
FFMEET: running a non-profit conference system
FFMEET: running a non-profit conference systemFFMEET: running a non-profit conference system
FFMEET: running a non-profit conference systemAnnika Wickert
 
FFMUC goes wild - Infrastructure recap 2020 #rc3
FFMUC goes wild - Infrastructure recap 2020 #rc3FFMUC goes wild - Infrastructure recap 2020 #rc3
FFMUC goes wild - Infrastructure recap 2020 #rc3Annika Wickert
 
Bio routing - DKNOG9
Bio routing - DKNOG9Bio routing - DKNOG9
Bio routing - DKNOG9Annika Wickert
 
Freifunk Munich - How to scale Jitsi
Freifunk Munich - How to scale JitsiFreifunk Munich - How to scale Jitsi
Freifunk Munich - How to scale JitsiAnnika Wickert
 
FFMUC jitsi-report after first two weeks
FFMUC jitsi-report after first two weeks FFMUC jitsi-report after first two weeks
FFMUC jitsi-report after first two weeks Annika Wickert
 
Flow monitoring explained - From packet capture to data analysis - the use of...
Flow monitoring explained - From packet capture to data analysis - the use of...Flow monitoring explained - From packet capture to data analysis - the use of...
Flow monitoring explained - From packet capture to data analysis - the use of...Annika Wickert
 
WebRTC & Asterisk 11
WebRTC & Asterisk 11WebRTC & Asterisk 11
WebRTC & Asterisk 11Sanjay Willie
 
Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014Netgate
 
Vagrant + SaltStack + Django - Ararat Poghosyan - DM10
Vagrant + SaltStack + Django - Ararat Poghosyan - DM10Vagrant + SaltStack + Django - Ararat Poghosyan - DM10
Vagrant + SaltStack + Django - Ararat Poghosyan - DM10Ararat Poghosyan
 
Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Netgate
 
Janus/HOMER/HEPIC @ OpenSIPS18
Janus/HOMER/HEPIC @ OpenSIPS18Janus/HOMER/HEPIC @ OpenSIPS18
Janus/HOMER/HEPIC @ OpenSIPS18Lorenzo Miniero
 
Fixing Docker networking - Milos Gajdos at #DOXLON
Fixing Docker networking - Milos Gajdos at #DOXLONFixing Docker networking - Milos Gajdos at #DOXLON
Fixing Docker networking - Milos Gajdos at #DOXLONOutlyer
 
Network Address Translation - pfSense Hangout July 2014
Network Address Translation - pfSense Hangout July 2014Network Address Translation - pfSense Hangout July 2014
Network Address Translation - pfSense Hangout July 2014Netgate
 
Building a Small DC
Building a Small DCBuilding a Small DC
Building a Small DCAPNIC
 
Shiny New HTTP Shit
Shiny New HTTP ShitShiny New HTTP Shit
Shiny New HTTP ShitMark Nottingham
 
OpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - King
OpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - KingOpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - King
OpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - KingOpenNebula Project
 
Multistream in Janus @ CommCon 2019
Multistream in Janus @ CommCon 2019Multistream in Janus @ CommCon 2019
Multistream in Janus @ CommCon 2019Lorenzo Miniero
 
Welcome talk unleashing the future of open-source enterprise cloud computing
Welcome talk unleashing the future of open-source enterprise cloud computingWelcome talk unleashing the future of open-source enterprise cloud computing
Welcome talk unleashing the future of open-source enterprise cloud computingNETWAYS
 
Home Automation
Home AutomationHome Automation
Home AutomationCássio Landim
 
OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635Mihály Mészáros
 
Kamailio presence + json
Kamailio presence + jsonKamailio presence + json
Kamailio presence + jsonEmmanuel Schmidbauer
 
OSMC 2013 | Zabbix: A Practical Demo by Rihards Olups
OSMC 2013 | Zabbix: A Practical Demo by Rihards OlupsOSMC 2013 | Zabbix: A Practical Demo by Rihards Olups
OSMC 2013 | Zabbix: A Practical Demo by Rihards OlupsNETWAYS
 
Http/2 lightning
Http/2 lightningHttp/2 lightning
Http/2 lightningAdrian Cardenas
 
Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Lorenzo Miniero
 
Communicating on the web
Communicating on the webCommunicating on the web
Communicating on the webAdrian Cardenas
 
IoT Project postmortem
IoT Project postmortemIoT Project postmortem
IoT Project postmortemMatheus Marabesi
 
SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0Mike Belshe
 
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNTech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNnvirters
 
How we use Twisted in Launchpad
How we use Twisted in LaunchpadHow we use Twisted in Launchpad
How we use Twisted in LaunchpadMichael Hudson-Doyle
 

More Related Content

What's hot

Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014Netgate
 
Vagrant + SaltStack + Django - Ararat Poghosyan - DM10
Vagrant + SaltStack + Django - Ararat Poghosyan - DM10Vagrant + SaltStack + Django - Ararat Poghosyan - DM10
Vagrant + SaltStack + Django - Ararat Poghosyan - DM10Ararat Poghosyan
 
Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Netgate
 
Janus/HOMER/HEPIC @ OpenSIPS18
Janus/HOMER/HEPIC @ OpenSIPS18Janus/HOMER/HEPIC @ OpenSIPS18
Janus/HOMER/HEPIC @ OpenSIPS18Lorenzo Miniero
 
Fixing Docker networking - Milos Gajdos at #DOXLON
Fixing Docker networking - Milos Gajdos at #DOXLONFixing Docker networking - Milos Gajdos at #DOXLON
Fixing Docker networking - Milos Gajdos at #DOXLONOutlyer
 
Network Address Translation - pfSense Hangout July 2014
Network Address Translation - pfSense Hangout July 2014Network Address Translation - pfSense Hangout July 2014
Network Address Translation - pfSense Hangout July 2014Netgate
 
Building a Small DC
Building a Small DCBuilding a Small DC
Building a Small DCAPNIC
 
OpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - King
OpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - KingOpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - King
OpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - KingOpenNebula Project
 
Multistream in Janus @ CommCon 2019
Multistream in Janus @ CommCon 2019Multistream in Janus @ CommCon 2019
Multistream in Janus @ CommCon 2019Lorenzo Miniero
 
Welcome talk unleashing the future of open-source enterprise cloud computing
Welcome talk unleashing the future of open-source enterprise cloud computingWelcome talk unleashing the future of open-source enterprise cloud computing
Welcome talk unleashing the future of open-source enterprise cloud computingNETWAYS
 
OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635Mihály Mészáros
 
OSMC 2013 | Zabbix: A Practical Demo by Rihards Olups
OSMC 2013 | Zabbix: A Practical Demo by Rihards OlupsOSMC 2013 | Zabbix: A Practical Demo by Rihards Olups
OSMC 2013 | Zabbix: A Practical Demo by Rihards OlupsNETWAYS
 
Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Lorenzo Miniero
 
Communicating on the web
Communicating on the webCommunicating on the web
Communicating on the webAdrian Cardenas
 
SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0Mike Belshe
 

What's hot (20)

Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014Firewall and NAT Fundamentals - pfSense Hangout January 2014
Firewall and NAT Fundamentals - pfSense Hangout January 2014
 
Vagrant + SaltStack + Django - Ararat Poghosyan - DM10
Vagrant + SaltStack + Django - Ararat Poghosyan - DM10Vagrant + SaltStack + Django - Ararat Poghosyan - DM10
Vagrant + SaltStack + Django - Ararat Poghosyan - DM10
 
Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014Firewalls and Virtualization - pfSense Hangout June 2014
Firewalls and Virtualization - pfSense Hangout June 2014
 
Janus/HOMER/HEPIC @ OpenSIPS18
Janus/HOMER/HEPIC @ OpenSIPS18Janus/HOMER/HEPIC @ OpenSIPS18
Janus/HOMER/HEPIC @ OpenSIPS18
 
Fixing Docker networking - Milos Gajdos at #DOXLON
Fixing Docker networking - Milos Gajdos at #DOXLONFixing Docker networking - Milos Gajdos at #DOXLON
Fixing Docker networking - Milos Gajdos at #DOXLON
 
Network Address Translation - pfSense Hangout July 2014
Network Address Translation - pfSense Hangout July 2014Network Address Translation - pfSense Hangout July 2014
Network Address Translation - pfSense Hangout July 2014
 
Building a Small DC
Building a Small DCBuilding a Small DC
Building a Small DC
 
Shiny New HTTP Shit
Shiny New HTTP ShitShiny New HTTP Shit
Shiny New HTTP Shit
 
OpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - King
OpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - KingOpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - King
OpenNebulaConf2018 - Private Cloud at King - Jonathan Grahl - King
 
Multistream in Janus @ CommCon 2019
Multistream in Janus @ CommCon 2019Multistream in Janus @ CommCon 2019
Multistream in Janus @ CommCon 2019
 
Welcome talk unleashing the future of open-source enterprise cloud computing
Welcome talk unleashing the future of open-source enterprise cloud computingWelcome talk unleashing the future of open-source enterprise cloud computing
Welcome talk unleashing the future of open-source enterprise cloud computing
 
Home Automation
Home AutomationHome Automation
Home Automation
 
OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635
 
Kamailio presence + json
Kamailio presence + jsonKamailio presence + json
Kamailio presence + json
 
OSMC 2013 | Zabbix: A Practical Demo by Rihards Olups
OSMC 2013 | Zabbix: A Practical Demo by Rihards OlupsOSMC 2013 | Zabbix: A Practical Demo by Rihards Olups
OSMC 2013 | Zabbix: A Practical Demo by Rihards Olups
 
Http/2 lightning
Http/2 lightningHttp/2 lightning
Http/2 lightning
 
Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019Fuzzing Janus @ IPTComm 2019
Fuzzing Janus @ IPTComm 2019
 
Communicating on the web
Communicating on the webCommunicating on the web
Communicating on the web
 
IoT Project postmortem
IoT Project postmortemIoT Project postmortem
IoT Project postmortem
 
SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0SPDY and What to Consider for HTTP/2.0
SPDY and What to Consider for HTTP/2.0
 

Similar to FFMUC: Half a year with WireGuard

Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNTech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNnvirters
 
Realtime traffic analyser
Realtime traffic analyserRealtime traffic analyser
Realtime traffic analyserAlex Moskvin
 
Network troubleshooting
Network troubleshootingNetwork troubleshooting
Network troubleshootingSkillspire LLC
 
Three years of OFELIA - taking stock
Three years of OFELIA - taking stockThree years of OFELIA - taking stock
Three years of OFELIA - taking stockFIBRE Testbed
 
Balázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a TunnelBalázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a Tunnelhacktivity
 
Introducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 SupercomputerIntroducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 SupercomputerAkihiro Nomura
 
Docker for Mac and Windows: The Insider's Guide by Justin Cormack
Docker for Mac and Windows: The Insider's Guide by Justin CormackDocker for Mac and Windows: The Insider's Guide by Justin Cormack
Docker for Mac and Windows: The Insider's Guide by Justin CormackDocker, Inc.
 
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...Adam Dunkels
 
NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus Hirofumi Ichihara
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Programaspyker
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixAll Things Open
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1tAmit Serper
 
Docker and Fluentd
Docker and FluentdDocker and Fluentd
Docker and FluentdN Masahiro
 
SDN Demystified, by Dean Pemberton [APNIC 38]
SDN Demystified, by Dean Pemberton [APNIC 38]SDN Demystified, by Dean Pemberton [APNIC 38]
SDN Demystified, by Dean Pemberton [APNIC 38]APNIC
 
Unikernel User Summit 2015: Getting started in unikernels using the rump kernel
Unikernel User Summit 2015: Getting started in unikernels using the rump kernelUnikernel User Summit 2015: Getting started in unikernels using the rump kernel
Unikernel User Summit 2015: Getting started in unikernels using the rump kernelThe Linux Foundation
 
Building a Small Datacenter
Building a Small DatacenterBuilding a Small Datacenter
Building a Small Datacenterssuser4b98f0
 
Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...Open Mainframe Project
 

Similar to FFMUC: Half a year with WireGuard (20)

Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDNTech Tutorial by Vikram Dham: Let's build MPLS router using SDN
Tech Tutorial by Vikram Dham: Let's build MPLS router using SDN
 
How we use Twisted in Launchpad
How we use Twisted in LaunchpadHow we use Twisted in Launchpad
How we use Twisted in Launchpad
 
Realtime traffic analyser
Realtime traffic analyserRealtime traffic analyser
Realtime traffic analyser
 
Network troubleshooting
Network troubleshootingNetwork troubleshooting
Network troubleshooting
 
Three years of OFELIA - taking stock
Three years of OFELIA - taking stockThree years of OFELIA - taking stock
Three years of OFELIA - taking stock
 
Balázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a TunnelBalázs Bucsay - XFLTReaT: Building a Tunnel
Balázs Bucsay - XFLTReaT: Building a Tunnel
 
Introducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 SupercomputerIntroducing Container Technology to TSUBAME3.0 Supercomputer
Introducing Container Technology to TSUBAME3.0 Supercomputer
 
Docker for Mac and Windows: The Insider's Guide by Justin Cormack
Docker for Mac and Windows: The Insider's Guide by Justin CormackDocker for Mac and Windows: The Insider's Guide by Justin Cormack
Docker for Mac and Windows: The Insider's Guide by Justin Cormack
 
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
 
NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus NFV Infrastructure Manager with High Performance Software Switch Lagopus
NFV Infrastructure Manager with High Performance Software Switch Lagopus
 
Netflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source ProgramNetflix Open Source: Building a Distributed and Automated Open Source Program
Netflix Open Source: Building a Distributed and Automated Open Source Program
 
Building a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at NetflixBuilding a Distributed & Automated Open Source Program at Netflix
Building a Distributed & Automated Open Source Program at Netflix
 
The internet of $h1t
The internet of $h1tThe internet of $h1t
The internet of $h1t
 
Monkey Server
Monkey ServerMonkey Server
Monkey Server
 
Docker and Fluentd
Docker and FluentdDocker and Fluentd
Docker and Fluentd
 
SDN Presentation
SDN PresentationSDN Presentation
SDN Presentation
 
SDN Demystified, by Dean Pemberton [APNIC 38]
SDN Demystified, by Dean Pemberton [APNIC 38]SDN Demystified, by Dean Pemberton [APNIC 38]
SDN Demystified, by Dean Pemberton [APNIC 38]
 
Unikernel User Summit 2015: Getting started in unikernels using the rump kernel
Unikernel User Summit 2015: Getting started in unikernels using the rump kernelUnikernel User Summit 2015: Getting started in unikernels using the rump kernel
Unikernel User Summit 2015: Getting started in unikernels using the rump kernel
 
Building a Small Datacenter
Building a Small DatacenterBuilding a Small Datacenter
Building a Small Datacenter
 
Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...Open Source Investments in Mainframe Through the Next Generation - Showcasing...
Open Source Investments in Mainframe Through the Next Generation - Showcasing...
 

Recently uploaded

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...tanu pandey
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Recently uploaded (20)

Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 

FFMUC: Half a year with WireGuard

  • 1. FFMUC: Half a year with WireGuard VXLAN + B.A.T.M.A.N. and some python included FFWCW 2021
  • 2. awlnx ● Annika Wickert ● Senior Network Engineer / OpenSource since 2010 ● Twitter @awlnx / Github @awlx 2 Who am I?
  • 3. 3 FFMUC? • Freie Netze München e.V. since 2014 • Community Freifunk München since 2004 • Wifi • #FFMEET • DoH/DoT/DNSCrypt/DNS • Streaming
  • 4. 4 FFMUC ran on fastd • FFMUC was built with fastd and B.A.T.M.A.N. • We got bigger compute nodes and bigger uplinks - we wanted to leverage the resources • We didn’t want to change too much at once => not too much risk • So why not change _only_ the transport network and keep B.A.T.M.A.N.
  • 5. 5 Wireguard vs fastd • Fastd is a single threaded userspace process • WireGuard runs in kernel space thus has to be multi threaded • WireGuard cannot transport Layer 2 protocols - B.A.T.M.A.N. is one ... • We need another encapsulation which solves this problem => VXLAN Wireguard VXLAN B.A.T.M.A.N.
  • 6. 6 What does it look like in the end?
  • 7. 7 Challenges we already knew • No systemd-networkd support for B.A.T.M.A.N. • We are an open network - we don’t want node owners to signup • WireGuard has a pre-shared key infra => we need a daemon which handles incoming keys and programs them to the gateways
  • 9. 9 How does it work? • WireGuard peers on the gateways are created by wgkex • Allowed IP is derived from the public key of the node • VxLAN Forwarding database entries are created by wgkex
  • 10. 10 Get in touch with maintainers • To get validation data correct for wgkex etc • We contacted WireGuard maintainers early in the process • Asked questions about known scaling issues • Opened PRs early as drafts to see if there is a chance of merging • systemd-networkd https://github.com/systemd/systemd/pull/17252 • gluon-community-packages https://github.com/freifunk-gluon/community-packages/pull/6
  • 11. 11 Solve problems upstream! • We invested much time in systemd-networkd • We wanted to get our stuff merged in upstream • No custom solutions for our setup, just upstream compatible which solves many resource problems in the future
  • 12. 12 Gateways • Everything is automated with Saltstack • systemd-networkd takes care of all interfaces • 800 - 1000 Nodes per gateway are easy • We are able to run whole FFMUC on just two gateways
  • 13. 13 Debugging … Flamegraphs and Bugs • WireGuard performs well but we have too much load on our gateways. Why?
  • 14. 14 Upstream fixes! • B.A.T.M.A.N. ■ https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/20201126 153120.1053700-1-sven@narfation.org/ ■ https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/20201127 173849.19208-4-sw@simonwunderlich.de/ ■ https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/20201127 173849.19208-2-sw@simonwunderlich.de/ • VxLAN ■ https://patchwork.open-mesh.org/project/b.a.t.m.a.n./patch/20201126 125247.1047977-1-sven@narfation.org/
  • 15. 15 Keep your NTP sync! • Sync NTP before you try to connect to WireGuard • If you don’t do that many funky things happen • OpenWRT defaults its clock to build date of firmware so it works the first few days after release … because it’s good enough
  • 16. 16 Not enough random during boot • ERX didn’t have a good enough random seed … • After flashing, it’s unreachable for … hours … days … maybe weeks? => fixed https://github.com/oszilloskop/UBNT_ERX_Gluon_Factory-Image/issues/ 3
  • 17. 17 So is it faster?
  • 18. 18 Lessons learned • Commit as much stuff as possible upstream • Work close with upstream • Get much feedback from all the communities/other people • Involve as many people as you can • Start your project anyway ;)
  • 19. 19 What’s next? • We want to get rid of B.A.T.M.A.N. for gateway uplinks (make broadcast domains small) ■ Should boost performance by 5x to 7x depending on CPU ■ Maybe VxLAN first, then a fully routed approach ■ https://github.com/freifunkMUC/site-ffm/issues/87
  • 20. 20 Community • Freifunk Darmstadt and Freifunk Regensburg helped a lot during development of wgkex! • B.A.T.M.A.N. developers helped a lot during debugging the performance issue and created many bugfixes • Everything is opensource and available on Github https://github.com/freifunkMUC • More background and all fixes: https://ffmuc.net/freifunkmuc/2020/12/03/wireguard-firmware/
  • 21. 21 Thanks to everyone involved • Freifunk Darmstadt @hexa • Freifunk Regensburg @MoepMan • Freifunk Hannover @aiyion, @Codefetch • systemd Yu Watanabe, Lennart Poettering • WireGuard Jason A. Donenfeld • B.A.T.M.A.N. @ecsv @T_X • All the folks of FFMUC for testing • Everyone else who we forgot and was involved in any way => Community rocks! #Together #OpenSource