Difference between revisions of "Mesh/Technical Overview"

From Sudo Room
Jump to navigation Jump to search
(created the page)
 
Line 1: Line 1:
== Technical overview ==
= Technical overview =


The mesh is made up mostly of wifi routers using Atheros chipsets and running [https://github.com/sudomesh/sudowrt-firmware our own firmware] based on [http://openwrt.org/ OpenWRT], [http://www.open-mesh.org/projects/batman-adv/wiki/ B.A.T.M.A.N. Advanced] and wlan slovenja's [https://github.com/sudomesh/tunneldigger tunneldigger]. We're using 2.4 GHz routers for indoor and street-level coverage and 5 GHz 802.11n routers for high-bandwidth and long distance roof to roof links. Most of our outdoor equipment is from Ubiquiti. We refer to the wifi routers as mesh nodes, or simply nodes.
== Home and extender nodes ==


Node-owners can choose to connect the nodes to their existing LAN using ethernet. If they have Internet access, they can share a portion of it with the mesh. The amount of bandwidth shared is limited with 'tc'. It is chosen at node-configuration time and can be changed using the simple built-in web admin interface.
''Note: You can also read the [[home node|non-technical explanation of home nodes and extender nodes]]. It has a nice illustration.''


==Detailed Documentation==
Our mesh has two types of nodes: Home nodes and extender nodes.
*[[Mesh/Tracking]] - Problems and solutions related to tracking, logging and anonymity
 
*[[Mesh/WalkThrough]] - Easy how-to for setting up OpenWRT & BATMAN-adv on Ubiquiti routers
The home nodes run the full sudowrt firmware and on its own a bunch of home nodes will make up a fine mesh network. The home node is a normal five-ethernet-port indoor wifi router. An extender node runs a minimal firmware and does nothing on its own. Instead, the extender node basically acts as extra radios when plugged in to a home node. The node operator can put a home node in e.g. their living room and if they later decide they want a high speed directional link to a neighbour then they can put e.g. a Nanobridge M5 running the extender node firmware on their roof and connect it via ethernet to the home node. Or they could put a Nanostation M2 pointed out their window and extend the signal further out into the street or to nearby neighbours. Each extender node extends all three networks (explained in the next section).
**[[Mesh/OpenWRT]] - Experiences with the OpenWRT router firmware
 
**[[Mesh/BATMAN-adv]] - Experiences with the batman-adv mesh protocol
For home nodes we are currently only officially supporting the [http://www.tp-link.us/products/details/cat-9_TL-WDR3600.html TP-Link TL-WDR3600]. We are not planning to support anything else for the time being, though if you have a good reason please let us know. For extender nodes we are currently supporting
*[[Mesh/Firmware]] - Everything related to our firmware
 
**[[Mesh/Firmware/Flash]] - How to install the sudowrt firmware based on openwrt with supported hardware
The mesh is made up mostly of wifi routers using Atheros chipsets and running [https://github.com/sudomesh/sudowrt-firmware our own firmware] based on [http://openwrt.org/ OpenWRT], [http://www.pps.univ-paris-diderot.fr/~jch/software/babel/ Babel] and wlan slovenja's [https://github.com/sudomesh/tunneldigger tunneldigger].
**[[Mesh/Firmware/Splash page]] - Splash page / Captive Portal
 
**[[Mesh/Firmware/Bandwidth shaping]] - QoS / Bandwidth shaping
Node-owners can choose to connect the nodes to their existing internet connection using ethernet. If they have Internet access, they can share a portion of it with the mesh. The amount of bandwidth shared is limited with 'tc'. It is chosen at node-configuration time and can be changed using the simple built-in web admin interface.
**[[Mesh/Firmware/Zeroconf]] - Issues related to mDNS and DNS-SD
**[[Mesh/Firmware/MTU_issues]] - MTU issues
**[[Mesh/Firmware/Generating]] - How do we generate firmwares on demand
**[[Mesh/Firmware/Web Admin Development]] - Web admin development
*[[Mesh/Network topology]] - High-level explanation of the mesh network structure
*[[Mesh/Specs]] - Specs sheet on different access points
*[[Mesh/Frequencies]] - Information on different frequencies.
*[[Mesh/Software tools]] - List of useful mesh troubleshooting tools
*[[Mesh/Terms]] - Hidden Node, Fresnal zone, and other jargons
*[[Mesh/Power]] - Stuff about power usage, batteries and solar power.
*[[Mesh/Monitoring]] - notes about how to monitor systems
*[[Mesh/Spectrum]] - Different forms of spectral analysis
*[[Mesh/Hardware support]] - Officially and unofficially supported hardware / routers
*[[Mesh/Relay setup]] - Setting up a relay node
*[[Mesh/Exit setup]] - Setting up an exit node
*[[Mesh/Spectrum mapping]] - The setup we use for mapping local spectrum and wifi usage
**[[Mesh/Spectrum mapping/XO-1 Laptop]] - How to configure an XO-1 laptop for use with our spectrum mapping setup
* [[Mesh/Install]] - physical installation notes/stories
* [[Mesh/Diagrams]] - technical diagrams to support new outreach materials


== The three wifi networks and IP assignment ==


== Wifi networks and IP assignment ==
The nodes each run three wifi networks (three SSIDs on the same physical wifi interfaces):


The nodes each run three wifi networks (three SSIDs on the same physical wifi interface):
* The Open network with SSID peoplesopen.net is an open access point. Most people will use the network by connecting to this.
* The Mesh network with SSID pplsopen.net-node2node is an ad-hoc network that the nodes use to mesh with each other using Babel
* A private wifi network that is named by the node owner (or a name is generated) and uses WPA2-PSK.


* peoplesopen.net is an open access point. Most people will use the network by connecting to this.
All three of these networks are available on both 2.4 and 5 GHz on the home node. They are also all three available on any extender nodes plugged in to the home node. The three different networks are extended over a single ethernet cable using VLANs.
* pplsopen.net-node2node is an ad-hoc network that the nodes use to mesh with each other
* A private wifi network is named by the node owner (or a name is generated) and uses WPA2-PSK.


If a node-owner is sharing internet, then the node will create a layer 2 (L2TP) tunnel to a VPN server on the Internet using tunneldigger. batman-adv will connect over this tunnel to other nodes on the mesh, so the mesh can route traffic over the internet if no wifi path to another node is available (e.g. other nodes are physically too far away). When people connect to the peoplesopen.net access point and try to access the Internet, the traffic will flow through the VPN, and the source IP of requests will appear to be the VPN with the sudo mesh organization listed as the abuse contact.  
If a node-owner is sharing internet, then the node will create a layer 2 (L2TP) tunnel to a VPN server on the Internet using tunneldigger. batman-adv will connect over this tunnel to other nodes on the mesh, so the mesh can route traffic over the internet if no wifi path to another node is available (e.g. other nodes are physically too far away). When people connect to the peoplesopen.net access point and try to access the Internet, the traffic will flow through the VPN, and the source IP of requests will appear to be the VPN with the sudo mesh organization listed as the abuse contact.  
Line 53: Line 35:
One of our medium-term goals is to be able to sell nodes on our website and minimize the amount of work required to re-flash/configure the nodes and provide documentation for the user. To facilitate this, our current process for new nodes is:
One of our medium-term goals is to be able to sell nodes on our website and minimize the amount of work required to re-flash/configure the nodes and provide documentation for the user. To facilitate this, our current process for new nodes is:


* A new node is flashed either automatically (using e.g. [https://github.com/sudomesh/ubiquiti-flasher ubiquiti-flasher] or [https://github.com/sudomesh/merakiflasher merakiflasher]) or manually with the [https://github.com/sudomesh/sudowrt-firmware sudowrt] firmware.
* A new node is flashed either automatically (using e.g. [https://github.com/sudomesh/ubiquiti-flasher ubiquiti-flasher] or [https://github.com/sudomesh/merakiflasher merakiflasher]) or manually with your own tools and the [https://github.com/sudomesh/sudowrt-firmware sudowrt] firmware.
* The node is plugged into a server running our [https://github.com/sudomesh/node-configurator node-configurator] software.
* The node is then configured by a sudo mesh volunteer using our [https://github.com/sudomesh/makenode makenode] software.
* A sudo mesh volunteer pulls up https://nodeconf.local and uses a web interface to fill out contact info for the node owner, initial bandwidth sharing limits and private wifi SSID.
* makenode generates SSH keys, SSH root password, web admin password and private wifi password, then it configures the node, saves the info in the [https://github.com/sudomesh/node-database node database] and shuts down the node.
* The node-configurator generates SSH keys, SSH root password, web admin password and private wifi password, then it configures the node, saves the info in the [https://github.com/sudomesh/node-database node database] and shuts down the node.
* makenode then automatically [https://github.com/sudomesh/ql570 prints a sticker] containing some basic info including wifi and web admin passwords.
* The node-configurator automatically [https://github.com/sudomesh/ql570 prints a sticker] containing some basic info including wifi and web admin passwords.
* The sudo mesh volunteer attaches the sticker to the nodes power supply and puts the node back in the box with a set of instructions for how to install and use the node.
* The sudo mesh volunteer attaches the sticker to the nodes power supply and puts the node back in the box with a set of instructions for how to install and use the node.
* The node is shipped to the new node owner!
* The node is shipped to the new node owner!
The node-configurator has both a [https://github.com/sudomesh/node-configurator server] and a [https://github.com/sudomesh/node-configurator-client client] component. The newly flashed sudowrt nodes automatically run the node-configurator client when they boot, and the client uses DNS-SD and mDNS to find node-configurator servers on the local network. The node then connects to the server using SSL and the server is ready to configure the node. The node-configurator server talks to Avahi using DBUS to announce itself using DNS-SD. The server is written in Python using Twisted and the client is written in Lua using luasec, and uses the [https://github.com/sudomesh/mdnssd-min mdnssd-min] utility to provide DNS-SD and mDNS.
The node-configurator includes a webserver and management web app. The web app talks to the server and connected nodes using websockets.


== Node management ==
== Node management ==
Line 71: Line 48:
We don't yet have a solution for node monitoring but we're expecting to use the new version of wlan slovenja's nodewatcher software.
We don't yet have a solution for node monitoring but we're expecting to use the new version of wlan slovenja's nodewatcher software.


We don't yet have an automatic update solution in place, but it will work similarly to the node-configurator:
We don't yet have an automatic update solution in place, but we are looking at the software used by Gluon. The Gluon update system is centralized but in the long term we would like to have a decentralized system that works something like this:


* Any number of node-updater servers announce themselves on the mesh and whether or not an update is available.
* Any number of node-updater servers announce themselves on the mesh and whether or not an update is available.
Line 77: Line 54:
* Once every N hours +/- a random factor, if any node-updaters have updates available, all nodes connect to a randomly chosen node-updater and request an update.
* Once every N hours +/- a random factor, if any node-updaters have updates available, all nodes connect to a randomly chosen node-updater and request an update.
* The node-updaters send the nodes an ipk file with the update and the nodes check the signature and install it if it's signed by a trusted authority.
* The node-updaters send the nodes an ipk file with the update and the nodes check the signature and install it if it's signed by a trusted authority.
==Detailed Documentation==
*[[Mesh/Tracking]] - Problems and solutions related to tracking, logging and anonymity
*[[Mesh/WalkThrough]] - Easy how-to for setting up OpenWRT & BATMAN-adv on Ubiquiti routers
**[[Mesh/OpenWRT]] - Experiences with the OpenWRT router firmware
*[[Mesh/Firmware]] - Everything related to our firmware
**[[Mesh/Firmware/Flash]] - How to install the sudowrt firmware based on openwrt with supported hardware
**[[Mesh/Firmware/Splash page]] - Splash page / Captive Portal
**[[Mesh/Firmware/Bandwidth shaping]] - QoS / Bandwidth shaping
**[[Mesh/Firmware/Zeroconf]] - Issues related to mDNS and DNS-SD
**[[Mesh/Firmware/MTU_issues]] - MTU issues
**[[Mesh/Firmware/Web Admin Development]] - Web admin development
*[[Mesh/Network topology]] - High-level explanation of the mesh network structure
*[[Mesh/Specs]] - Specs sheet on different access points
*[[Mesh/Frequencies]] - Information on different frequencies.
*[[Mesh/Software tools]] - List of useful mesh troubleshooting tools
*[[Mesh/Terms]] - Hidden Node, Fresnal zone, and other jargons
*[[Mesh/Power]] - Stuff about power usage, batteries and solar power.
*[[Mesh/Monitoring]] - notes about how to monitor systems
*[[Mesh/Spectrum]] - Different forms of spectral analysis
*[[Mesh/Hardware support]] - Officially and unofficially supported hardware / routers
*[[Mesh/Relay setup]] - Setting up a relay node
*[[Mesh/Exit setup]] - Setting up an exit node
*[[Mesh/Spectrum mapping]] - The setup we use for mapping local spectrum and wifi usage
**[[Mesh/Spectrum mapping/XO-1 Laptop]] - How to configure an XO-1 laptop for use with our spectrum mapping setup
* [[Mesh/Install]] - physical installation notes/stories
* [[Mesh/Diagrams]] - technical diagrams to support new outreach materials

Revision as of 06:30, 2 July 2015

Technical overview

Home and extender nodes

Note: You can also read the non-technical explanation of home nodes and extender nodes. It has a nice illustration.

Our mesh has two types of nodes: Home nodes and extender nodes.

The home nodes run the full sudowrt firmware and on its own a bunch of home nodes will make up a fine mesh network. The home node is a normal five-ethernet-port indoor wifi router. An extender node runs a minimal firmware and does nothing on its own. Instead, the extender node basically acts as extra radios when plugged in to a home node. The node operator can put a home node in e.g. their living room and if they later decide they want a high speed directional link to a neighbour then they can put e.g. a Nanobridge M5 running the extender node firmware on their roof and connect it via ethernet to the home node. Or they could put a Nanostation M2 pointed out their window and extend the signal further out into the street or to nearby neighbours. Each extender node extends all three networks (explained in the next section).

For home nodes we are currently only officially supporting the TP-Link TL-WDR3600. We are not planning to support anything else for the time being, though if you have a good reason please let us know. For extender nodes we are currently supporting

The mesh is made up mostly of wifi routers using Atheros chipsets and running our own firmware based on OpenWRT, Babel and wlan slovenja's tunneldigger.

Node-owners can choose to connect the nodes to their existing internet connection using ethernet. If they have Internet access, they can share a portion of it with the mesh. The amount of bandwidth shared is limited with 'tc'. It is chosen at node-configuration time and can be changed using the simple built-in web admin interface.

The three wifi networks and IP assignment

The nodes each run three wifi networks (three SSIDs on the same physical wifi interfaces):

  • The Open network with SSID peoplesopen.net is an open access point. Most people will use the network by connecting to this.
  • The Mesh network with SSID pplsopen.net-node2node is an ad-hoc network that the nodes use to mesh with each other using Babel
  • A private wifi network that is named by the node owner (or a name is generated) and uses WPA2-PSK.

All three of these networks are available on both 2.4 and 5 GHz on the home node. They are also all three available on any extender nodes plugged in to the home node. The three different networks are extended over a single ethernet cable using VLANs.

If a node-owner is sharing internet, then the node will create a layer 2 (L2TP) tunnel to a VPN server on the Internet using tunneldigger. batman-adv will connect over this tunnel to other nodes on the mesh, so the mesh can route traffic over the internet if no wifi path to another node is available (e.g. other nodes are physically too far away). When people connect to the peoplesopen.net access point and try to access the Internet, the traffic will flow through the VPN, and the source IP of requests will appear to be the VPN with the sudo mesh organization listed as the abuse contact.

The nodes run DHCP servers and each have a /24 IPv4 subnet in the 10.0.0.0/8 range that is statically assigned by coordination between mesh groups and individuals hosting and administrating their own nodes on People's Open Network (currently only the sudo mesh organization). If a user connects to the peoplesopen.net access point on a node that isn't sharing internet, then batman-adv intercepts the DHCP request and forwards the request to another node on the network that has Internet connectivity (see the gw_mode option for batman-adv).

The private network does not limit bandwidth and provides access to both direct access to the Internet (if the node owner has hooked the node up to the Internet) and access to the mesh. Each node's private network runs on 172.30.0.0/16 and uses NAT between the private network and the mesh. It does not accept any new incoming connections from the mesh onto the 172.30.0.0/16 subnet.

Node flashing and configuration

One of our medium-term goals is to be able to sell nodes on our website and minimize the amount of work required to re-flash/configure the nodes and provide documentation for the user. To facilitate this, our current process for new nodes is:

  • A new node is flashed either automatically (using e.g. ubiquiti-flasher or merakiflasher) or manually with your own tools and the sudowrt firmware.
  • The node is then configured by a sudo mesh volunteer using our makenode software.
  • makenode generates SSH keys, SSH root password, web admin password and private wifi password, then it configures the node, saves the info in the node database and shuts down the node.
  • makenode then automatically prints a sticker containing some basic info including wifi and web admin passwords.
  • The sudo mesh volunteer attaches the sticker to the nodes power supply and puts the node back in the box with a set of instructions for how to install and use the node.
  • The node is shipped to the new node owner!

Node management

All nodes set up by sudo mesh automatically allow root access using an SSH key held by a few trusted sudo mesh organizers. This is to allow us to update the firmware and troubleshoot network issues. We inform node-owners of this fact and tell them how to prevent sudo mesh from accessing their nodes, but also indicate that they should be ready to manage their own node if they choose to do this.

We don't yet have a solution for node monitoring but we're expecting to use the new version of wlan slovenja's nodewatcher software.

We don't yet have an automatic update solution in place, but we are looking at the software used by Gluon. The Gluon update system is centralized but in the long term we would like to have a decentralized system that works something like this:

  • Any number of node-updater servers announce themselves on the mesh and whether or not an update is available.
  • The nodes run a future version of mdnssd-min as a daemon that keeps a currently list of node-updaters.
  • Once every N hours +/- a random factor, if any node-updaters have updates available, all nodes connect to a randomly chosen node-updater and request an update.
  • The node-updaters send the nodes an ipk file with the update and the nodes check the signature and install it if it's signed by a trusted authority.

Detailed Documentation