[Berlin-wireless] default route via bbbvpn nach a36t-core ????

Sven Roederer freifunk at it-solutions.geroedel.de
Mo Apr 5 12:16:08 CEST 2021 

Perry,

right, thanks for pointing the difference in announcements of default-
gateways and routes for P2P-links. Indeed the a36t-core gateway might
have come in via the BBB-connection to vaterhaus-core.
Vaterhaus might have decided than, that the route via "chris-gueffroy",
"mid4.a.bbb-vpn" is shorter than via "philmel". The link between
"vaterhaus" and "philmel" looks bad and asynchronous 60%/27% (Tx/Rx)
and caused this.

I had some thoughts on "denying such IPIP-tunnels via BBB-VPN", but
we should not:
* filtering of this specific kind of traffic very likely conflicts
  with the PPA
* setting such filters will be annoying
* usually the wired DSL-links the VPN is running on are unmetered and
  provide enough bandwidth today

regarding OLSR SmartGatewys choice:
indeed some time before the "a36t-core" gateway was choosen the gateway
was "chris-gueffroy". Not sure why it changed, but it's the algorithm ...

Sven


Am 04.04.21 um 10:25 schrieb Perry:
> Hi Sven,
> 
> The bbb-vpn blocks any gateway announcements from going throug it, but
> if there is a path between a36t and ahof-frieden03 which does not go
> through the bbb-vpn, then the gateway announcements will still be
> broadcasted.
> 
> But any traffic between nodes (which includes tunnel endpoints) is not
> blocked.
> 
> Still, ahof-frieden03 calculates it's own ETX to reach any destination.
>  So, if it thinks that a36t is just 6 hops away and selects it as the
> smartgw, then there is nothing in place to prevent that.
> 
> The real question is "why did your router select a smartgw which a very
> bad etx?  There are at lease two other nodes which a closer than a36t
> which also advertise a gateway.  Chris-gueffroy (which your traceroute
> goes through) and evi37.
> 
> It might be worth considering moving the setup at ahof to run without a
> smartgw.  Currently vaterhaus, which is the next hop from verklaerung,
> uses chris-gueffroy.
> 
> Greets,
> Perry
> 
> On 4/2/21 3:28 PM, Sven Roederer wrote:
>> Sonnigen Feiertag,
>>
>> aber wegen DSL-Störung musste ich mich heute mal um mein Netz kümmern.
>>
>> Nach reparatur der Richtunkstrecke hatte ich dann mal folgende Netzkonfig:
>>
>> root at Ahof-frieden03:~# ip tunnel
>> tunl0: any/ip remote any local any ttl inherit nopmtudisc
>> ipip-PrivateLAN: ip/ip remote 192.168.9.1 local 192.168.9.2 ttl 64
>> tnl_2184e60a: ip/ip remote 10.230.132.33 local any ttl 64
>>
>> root at Ahof-frieden03:~# traceroute 10.230.132.33
>> traceroute to 10.230.132.33 (10.230.132.33), 30 hops max, 38 byte packets
>>  1  mid2.Ahof-frieden01.olsr (10.36.204.4)  0.494 ms  0.416 ms  0.432 ms
>>  2  mid5.Verklaerung-core.olsr (10.31.77.251)  577.484 ms  350.385 ms  8.222 ms
>>  3  mid2.vaterhaus-core.olsr (10.230.192.245)  203.669 ms  100.334 ms  49.476 ms
>>  4  chris-gueffroy.olsr (10.31.52.49)  15.423 ms  *  20.694 ms
>>  5  mid4.a.bbb-vpn.olsr (10.36.197.5)  60.478 ms  56.896 ms  171.933 ms
>>  6  a36t-core-rt1.olsr (10.230.132.33)  462.714 ms  434.612 ms  654.091 ms
>>
>>
>> Default-gateway "a36t-core-rt1.olsr" is ungewöhnlich, aber gültig. Nur die Route
>> dahin wundert mich ... in "chris-gueffroy" wird via BBB-VPN geroutet.
>> Sieht mir nach einer Fehlkonfiguration aus, denn BBB-VPN sollte ja nur BBB-internen
>> Traffic routen.
>>
>> GRuss Sven
>>
>> _______________________________________________
>> Berlin mailing list
>> Berlin at berlin.freifunk.net
>> http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin
>> Diese Mailingliste besitzt ein ffentlich einsehbares Archiv
>>
> 
> _______________________________________________
> Berlin mailing list
> Berlin at berlin.freifunk.net
> http://lists.berlin.freifunk.net/cgi-bin/mailman/listinfo/berlin
> Diese Mailingliste besitzt ein ffentlich einsehbares Archiv
>

Mehr Informationen über die Mailingliste Berlin