using both ConnectTo and AutoConnect to avoid network partitions

Guus Sliepen guus at tinc-vpn.org
Tue Aug 22 21:10:58 CEST 2017


On Mon, Aug 21, 2017 at 05:37:06PM -0700, Nirmal Thacker wrote:

> Today our Tinc network saw a network partition when we took one tinc node
> down.
> 
> We knew there was a network partition since the graph showed a split. This
> graph is not very helpful but its what I have at the moment:
> 
> http://i.imgur.com/XP2PSWc.png

The graph is very clear.

> Some questions:
> - should we have a combination of both ConnectTo and AutoConnect to avoid
> such a network split?

No, it's a bug in AutoConnect. I've just pushed a fix to the 1.1 branch
that will try to continue to connect to unreachable nodes, even if a
node already has 3 or more connections.

> - Say we have 3 ConnectTo variables and then AutoConnect=yes, would there
> ever be more than 3 connections ? (I read somewhere that AutoConnect will
> make upto 3 connections only)

There can always be more than 3 connections, even when AutoConnect is
enabled.

When starting, tinc will try to make outgoing connections to all nodes
listed in ConnectTo statements. This can be more than 3 nodes. After
that, the AutoConnect algorithm kicks in.

The AutoConnect algorithm tries to regulate the number of established
connections, either by creating more outgoing connections, or by
closing connections that it made itself. It will never close incoming
connections, and it also won't close outgoing connections to a node that
isn't already connected to at least one other node.

Ideally, after a while connections get rearranged such that no node has
more than 3 connections. But this can take a while, or it might never
happen; for example if you have 5 nodes behind NAT, and one public node,
then the public node will always have 5 connections.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20170822/857b8705/attachment.sig>


More information about the tinc mailing list