Hardcoded limit on the number of meta-connections
Guus Sliepen
guus at tinc-vpn.org
Wed Jul 9 11:39:13 CEST 2014
On Tue, Jul 08, 2014 at 10:46:38PM +0100, Graham Cobb wrote:
> > I do agree that if a
> > large fraction of the nodes in the VPN is behind a NAT, it can take
> > quite a time for the current logic to find a node it can connect to.
>
> Isn't a fairly common scenario a hub and spoke but with a redundant hub?
Yes.
> Nodes A and B are internet servers, with a connection between them. C1,
> C2, ... Cn are clients, each behind NAT, and each configured to
> ConnectTo A and B.
>
> Today, the Ci all have two connections: one to each of A and B. But
> with a connection limit of 3 on A and B, both will be trying to drop the
> connection to Ci to get down to their connection limit.
Again, the AutoConnect feature does not impose a hard limit on the
number of connections. The central nodes will still accept all incoming
connections and will not drop them.
> Presumably the "don't disconnect if this is the last connection for this
> node" test will mean that each Ci will retain one of its connections,
> but only one (some to A, some to B).
First of all, when AutoConnect is enabled on a node, it will never drop
incoming connections, it will only drop outgoing connections. So in your
dual-hub-and-spoke scenario, each Ci will still have two working
outgoing connections to A and B.
> In that case, if a Ci connection goes down, it is isolated until it
> can reestablish a connection (as it is behind NAT, only outbound
> connections work). Will that be attempted immediately?
When the number of connections drops below 3, it will within seconds
attempt to make a new connection.
> Also, is there a way to make sure that the connection between A and B is
> never selected to be dropped (you don't want traffic from A to B routing
> through one of the Ci)?
At the moment only by disabling AutoConnect on A and B. But I will add a
feature to specify mandatory connections.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140709/6ec34fb0/attachment.sig>
More information about the tinc
mailing list