Kronosnet: Difference between revisions
(→Notes) |
No edit summary |
||
| Line 1: | Line 1: | ||
{{header}} | {{header}} | ||
= | = What is Kronosnet = | ||
First, the homepage. | |||
* [http://fabbione.fedorapeople.org/knet/ Home page] | * [http://fabbione.fedorapeople.org/knet/ Home page] | ||
Kronosnet is a new network topology designed by Red Hat to provide highly adaptable, redundant and secure networking over both high and low-speed links. | |||
In a sense, kronosnet is similar to a VPN in that connections between nodes are on a common [[subnet]]. Unlike traditional VPNs though, kronosnet can be configured to use up to eight physical interfaces. While operating, the kronosnet daemon, <span class="code">kronosnetd</span>, will keep track of the latency between links. This allows for the fastest link to always be chosen. This approach means that dead links need no special handling as they will have an infinite latency and thus never be used. When the link finally recovers, it will "just work", as it's latency will suddenly be reasonable again. | |||
This means that, so long as at least one link is up, communication to the host will work, regardless of what happens to the underlying network links! | |||
Further, if no direct link exists between two nodes, but communication is possible through a third node, then messages will route properly! | |||
Consider the following: | |||
<source lang="text"> | |||
____________ ____________ | |||
| Node A | | Node B | | |||
| _______ | | _______ | | |||
| | Link1 ==----------------------------== Link1 | | | |||
| |______| | | |______| | | |||
| _______ | | _______ | | |||
| | Link2 ==-\ /-== Link2 | | | |||
| |______| | | | | |______| | | |||
|____________| | | |____________| | |||
| | | |||
| ____________________ | | |||
| | Node C | | | |||
| | _______ _______ | | | |||
\-== Link1 | | Link2 ==-/ | |||
| |______| |______| | | |||
|____________________| | |||
</source> | |||
If the direct link between <span class="code">Node A</span> and <span class="code">Node B</span> is lost, kronosnet will still be able to route traffic via <span class="code">Node C</span>! All of this will the minimal of configurations. Once finished, kronosnet communication will be also encrypted. | |||
Think of it like a VPN on steroids. | |||
Q. Fabio mentioned something about "costs" of links, to help avoid expensive bandwidth. Get clarification. | |||
= Install = | = Install = | ||
At this time, installation is a very manual affair involving: | |||
# Cloning a [[git]] repository | |||
# Switching to a known-good branch | |||
# Compiling and installing | |||
# Setting up <span class="code">pam.d</span>. | |||
# Adding a user and group | |||
# Starting the daemon | |||
# Configuring the interfaces | |||
# Save the config to a file | |||
== For The Impatient == | |||
This is a pretty dirty little chain of [[bash]] commands that will do everything up to starting the [[daemon]]. These aren't well documented as most of this will be taken care of in the eventual [[RPM]] package. | |||
At the time of this writing, the checkout with hash <span class="code">c2a42967d7dbba7c06a6124760c9881337499986</span> is known to work. The code changes daily, and sometimes hourly. I'll update this page as quasi-stable checkouts are found to be stable. | |||
<source lang="bash"> | <source lang="bash"> | ||
# Meet dependancies | |||
cd ~ | cd ~ | ||
yum -y groupinstall "Development Tools" | yum -y groupinstall "Development Tools" | ||
yum -y install pam-devel | yum -y install pam-devel | ||
# Setup the user and group. | |||
groupadd -r kronosnetadm | |||
groupmems -g kronosnetadm -a root | |||
useradd kronosnet -b /etc -M -r -s /bin/bash -G kronosnetadm | |||
passwd kronosnet | |||
# Create a pam.d directory entry. We cheat by linking to an existing entry. | |||
ln -s /etc/pam.d/system-auth /etc/pam.d/kronosnet | |||
# Now clone, checkout, compile, make, install and run the daemon | |||
git clone git://github.com/fabbione/kronosnet | git clone git://github.com/fabbione/kronosnet | ||
cd ~/kronosnet | cd ~/kronosnet | ||
git checkout c2a42967d7dbba7c06a6124760c9881337499986 | |||
./autogen.sh | ./autogen.sh | ||
./configure | ./configure | ||
make | make | ||
make install | make install | ||
kronosnetd | |||
# Finally, login! Note that by default, sessions will close after 60 | |||
# seconds of inactivity | |||
telnet localhost 50000 | |||
</source> | </source> | ||
| Line 23: | Line 94: | ||
<source lang="bash"> | <source lang="bash"> | ||
### This doesn't add the user to the group for some reason... | ### This doesn't add the user to the group for some reason... | ||
groupmems -g kronosnetadm -a kronosnet | groupmems -g kronosnetadm -a kronosnet | ||
</source> | </source> | ||
| Line 32: | Line 100: | ||
Set a password for the new <span class="code">kronosnet</span>. | Set a password for the new <span class="code">kronosnet</span>. | ||
< | = Configure = | ||
</ | The configuration is done in the kronosnet command line which you can access with <span class="code">telnet</span>. Once your setup is how you like it, you can tell kronosnet to save it to a file for loading when the daemon (re)starts later. | ||
< | |||
== Overview == | |||
At this time, you must know and and define all nodes in the network, all ethernet interfaces they have and what their [[IP]] addresses are. Plans are to make this more adaptable over time, but for now this is an admitted draw-back. For this reason, it is strongly advised that all of the interfaces you plan to use for kronosnet have static IP addresses. Either [[IPv4]] or [[IPv6]] will work fine. In this paper, IPv4 will be used for familiarity's sake. | |||
</ | |||
== Nodes == | |||
To have a common verbiage, lets define the following two nodes, each with three statically assigned network interfaces. | |||
* <span class="code">an-node03</span> | |||
** <span class="code">eth0</span> - <span class="code">192.168.1.73</span> | |||
** <span class="code">eth1</span> - <span class="code">192.168.2.73</span> | |||
** <span class="code">eth2</span> - <span class="code">192.168.3.73</span> | |||
** <span class="code">knet0</span> - <span class="code">192.168.4.73</span> | |||
* <span class="code">an-node04</span> | |||
** <span class="code">eth0</span> - <span class="code">192.168.1.74</span> | |||
** <span class="code">eth1</span> - <span class="code">192.168.2.74</span> | |||
** <span class="code">eth2</span> - <span class="code">192.168.3.74</span> | |||
** <span class="code">knet0</span> - <span class="code">192.168.4.74</span> | |||
== The kronosnet Command Line == | |||
'''an-node03''' | '''an-node03''' | ||
| Line 100: | Line 181: | ||
lrwxrwxrwx 1 root root 22 Dec 13 15:27 /etc/pam.d/kronosnet -> /etc/pam.d/system-auth | lrwxrwxrwx 1 root root 22 Dec 13 15:27 /etc/pam.d/kronosnet -> /etc/pam.d/system-auth | ||
</source> | </source> | ||
= Run the Daemon = | = Run the Daemon = | ||
Revision as of 04:54, 14 December 2010
|
AN!Wiki :: Kronosnet |
What is Kronosnet
First, the homepage.
Kronosnet is a new network topology designed by Red Hat to provide highly adaptable, redundant and secure networking over both high and low-speed links.
In a sense, kronosnet is similar to a VPN in that connections between nodes are on a common subnet. Unlike traditional VPNs though, kronosnet can be configured to use up to eight physical interfaces. While operating, the kronosnet daemon, kronosnetd, will keep track of the latency between links. This allows for the fastest link to always be chosen. This approach means that dead links need no special handling as they will have an infinite latency and thus never be used. When the link finally recovers, it will "just work", as it's latency will suddenly be reasonable again.
This means that, so long as at least one link is up, communication to the host will work, regardless of what happens to the underlying network links!
Further, if no direct link exists between two nodes, but communication is possible through a third node, then messages will route properly!
Consider the following:
____________ ____________
| Node A | | Node B |
| _______ | | _______ |
| | Link1 ==----------------------------== Link1 | |
| |______| | | |______| |
| _______ | | _______ |
| | Link2 ==-\ /-== Link2 | |
| |______| | | | | |______| |
|____________| | | |____________|
| |
| ____________________ |
| | Node C | |
| | _______ _______ | |
\-== Link1 | | Link2 ==-/
| |______| |______| |
|____________________|
If the direct link between Node A and Node B is lost, kronosnet will still be able to route traffic via Node C! All of this will the minimal of configurations. Once finished, kronosnet communication will be also encrypted.
Think of it like a VPN on steroids.
Q. Fabio mentioned something about "costs" of links, to help avoid expensive bandwidth. Get clarification.
Install
At this time, installation is a very manual affair involving:
- Cloning a git repository
- Switching to a known-good branch
- Compiling and installing
- Setting up pam.d.
- Adding a user and group
- Starting the daemon
- Configuring the interfaces
- Save the config to a file
For The Impatient
This is a pretty dirty little chain of bash commands that will do everything up to starting the daemon. These aren't well documented as most of this will be taken care of in the eventual RPM package.
At the time of this writing, the checkout with hash c2a42967d7dbba7c06a6124760c9881337499986 is known to work. The code changes daily, and sometimes hourly. I'll update this page as quasi-stable checkouts are found to be stable.
# Meet dependancies
cd ~
yum -y groupinstall "Development Tools"
yum -y install pam-devel
# Setup the user and group.
groupadd -r kronosnetadm
groupmems -g kronosnetadm -a root
useradd kronosnet -b /etc -M -r -s /bin/bash -G kronosnetadm
passwd kronosnet
# Create a pam.d directory entry. We cheat by linking to an existing entry.
ln -s /etc/pam.d/system-auth /etc/pam.d/kronosnet
# Now clone, checkout, compile, make, install and run the daemon
git clone git://github.com/fabbione/kronosnet
cd ~/kronosnet
git checkout c2a42967d7dbba7c06a6124760c9881337499986
./autogen.sh
./configure
make
make install
kronosnetd
# Finally, login! Note that by default, sessions will close after 60
# seconds of inactivity
telnet localhost 50000
Create a user and group for kronosnet to run as.
### This doesn't add the user to the group for some reason...
groupmems -g kronosnetadm -a kronosnet
Set a password for the new kronosnet.
Configure
The configuration is done in the kronosnet command line which you can access with telnet. Once your setup is how you like it, you can tell kronosnet to save it to a file for loading when the daemon (re)starts later.
Overview
At this time, you must know and and define all nodes in the network, all ethernet interfaces they have and what their IP addresses are. Plans are to make this more adaptable over time, but for now this is an admitted draw-back. For this reason, it is strongly advised that all of the interfaces you plan to use for kronosnet have static IP addresses. Either IPv4 or IPv6 will work fine. In this paper, IPv4 will be used for familiarity's sake.
Nodes
To have a common verbiage, lets define the following two nodes, each with three statically assigned network interfaces.
- an-node03
- eth0 - 192.168.1.73
- eth1 - 192.168.2.73
- eth2 - 192.168.3.73
- knet0 - 192.168.4.73
- an-node04
- eth0 - 192.168.1.74
- eth1 - 192.168.2.74
- eth2 - 192.168.3.74
- knet0 - 192.168.4.74
The kronosnet Command Line
an-node03
configure
interface knet0 0
baseport 50000
mtu 9000
ip 192.168.4.73 24
peer an-node04 1
link 192.168.1.74
exit
link 192.168.2.74
exit
link 192.168.3.74
exit
exit
start
exit
exit
exit
an-node04
configure
interface knet0 1
baseport 50000
mtu 9000
ip 192.168.4.74 24
peer an-node03 0
link 192.168.1.73
exit
link 192.168.2.73
exit
link 192.168.3.73
exit
exit
start
exit
exit
exit
Create The pam.d Access File
ln -s /etc/pam.d/system-auth /etc/pam.d/kronosnet
ls -lah /etc/pam.d/kronosnet
lrwxrwxrwx 1 root root 22 Dec 13 15:27 /etc/pam.d/kronosnet -> /etc/pam.d/system-auth
Run the Daemon
There is currently no init.d script for kronosnetd, so it will need to be started manually.
Must run os 'root'.
kronosnetd
There is no output from that command, and it will daemonized and return you to the shell. You can check that it is running with ps.
Network Setup
In this tutorial, we'll use four nodes, each with three network cards.
- an-node03
- an-node04
- an-node05
- an-node06
To log in for the first time, use telnet to connect to the localhost on TCP port 50000.
telnet localhost 50000
Trying ::1...
Connected to localhost.
Escape character is '^]'.
Welcome to kronosnetd 0.1 (built Nov 28 2010 13:32:00)
login:
At this point, you can login using the kronostnet user name and justatest password. Once logged in successfully, you should see the knet prompt.
login:kronosnet
Password:
Welcome kronosnet (::1) on vty(0)
knet#
To quit at any time, simply enter the telnet escape code. This is usually ^] (<ctrl> + ])
Notes
Stuff here is random
- 8 links per node
- 2^16 (64,000) nodes
- git checkout c2a42967d7dbba7c06a6124760c9881337499986
- conf -> write will save the config and load it when the daemon starts
- /etc/kronosnet/kronosnet.conf
- it will be possible to define it manually, for testing is set to 60 seconds, default will be 600
- Seq # does not have to be sequential, just a number between 0 <= x <= 255
- if interface foo has value 0, no peer can have 0
| Any questions, feedback, advice, complaints or meanderings are welcome. | |||
| Alteeve's Niche! | Enterprise Support: Alteeve Support |
Community Support | |
| © Alteeve's Niche! Inc. 1997-2024 | Anvil! "Intelligent Availability®" Platform | ||
| legal stuff: All info is provided "As-Is". Do not use anything here unless you are willing and able to take responsibility for your own actions. | |||