[HN Gopher] Wireless-to-Ethernet island for RPi cluster: IPv6, N...
___________________________________________________________________
Wireless-to-Ethernet island for RPi cluster: IPv6, NDP proxy, mDNS
reflector
Author : varankinv
Score : 55 points
Date : 2021-04-26 08:37 UTC (1 days ago)
(HTM) web link (vladimir.varank.in)
(TXT) w3m dump (vladimir.varank.in)
| amaccuish wrote:
| Out of interest, why didn't you just bridge the two interfaces?
| Did you want everything on a separate subnet? (maybe I missed
| that but but you mentioned before how everything used to be
| directly plugged in anyway)
| eqvinox wrote:
| You can't bridge regular 802.11 wireless into ethernet at the
| client side. The on-air addressing requires the client MAC
| address to be the same as the ethernet packet's sender.
|
| 802.11 has the concept of "transmitter address" and "receiver
| address" in addition to source and destination. Those are MAC
| addresses too, but they're relevant for the on-air radio
| management. Things like RTS, CTS, ACKs, and fancier things like
| beamforming and sounding. The problem is that the design only
| includes 3 address fields in on-air frames; the AP can specify
| separate SA and TA (i.e. send a packet for somebody else,
| SA=real source, TA=AP MAC, RA=DA=client.) There is no mechanism
| for the client to do the same thing; that would require 4
| address fields.
|
| Coincidentally, 4 address fields is exactly what you get with
| "WDS" / "Wireless Extender" / ... modes. However, these need to
| be supported, enabled and configured on both the AP and client.
| The author of the post seems to have no access to the AP to do
| so (and the AP possibly doesn't support it anyway.)
| amaccuish wrote:
| How did my AirPort Express or do my Sonos do it? Just rewrite
| the MAC Address? (is that then not technically bridging from
| terminology pov?)
| eqvinox wrote:
| Yes, one of the worst hacks in all of home networking is
| exactly this... rewriting the MAC address. aka "MAC NAT."
| Alternatively, proxy ARP + proxy ND can also work. The
| Apple stuff may be able to autonegotiate over some
| proprietary handshake if it's an Apple AP and Apple
| Extender.
|
| There is also a new standard that covers 4-address frames,
| 802.11ak; I have no idea how widely that is adopted though
| -- it was only released in 2018[1].
|
| [1] https://standards.ieee.org/news/2018/ieee_802_11ak-2018
| .html
| amaccuish wrote:
| Thank you for your expertise! Out of interest, why is it
| a hack? Does it break things elsewhere? Why is it better
| to do it at the IP level?
| eqvinox wrote:
| NAT, in general, is a hack that requires holding a lot of
| state in order to squeeze multiple devices into a limited
| number space.
|
| On a technical/complexity level, IP NAT is much worse
| because you need to hold much more state, i.e. you need
| the UDP/TCP flow information to rewrite correctly.
|
| However, MAC NAT is the pinnacle of stupidity for an
| entirely different reason: there should be no need for
| it. MAC addresses only have local significance, and while
| there are some long-term concerns about them running out,
| there is absolutely enough of them right now. There
| should simply be no need to do MAC NAT, if only it wasn't
| for the shortsighted 802.11 design decision to go with 3
| addresses in the header.
|
| FWIW, MAC NAT is almost the same thing as a router with
| ARP/ND proxying turned on, though possibly implemented on
| a different level. This is the technical reason it's an
| extremely stupid hack: proxy ND/ARP provides pretty much
| the same thing, but in a much cleaner way. (The
| difference is that with proxy ND/ARP, the "router-ish-
| bridge" assumes ownership of the lower-layer exchanges,
| i.e. ARP & ND, and just does normal routing with that.
| MAC NAT, meanwhile, tries to be clever and just forward
| ARP and ND. Reasons for doing that are ... extremely thin
| IMHO.)
| eqvinox wrote:
| The post isn't mentioning DHCPv6-PD[*] (prefix delegation.) I
| feel like murphy's law is kicking into effect right now and the
| ISP-provided router actually supports PD to give downstream
| routers their own /64.
|
| (Or maybe not. Who knows. I feel like the post would've mentioned
| PD if they tried it.)
|
| Also: I divided it into a smaller subnet
| 2001:db8:abc:123:40::/76
|
| Anything on a broadcast/multinode segment that isn't /64 is
| heresy ;)
|
| ---
|
| [*]: https://en.wikipedia.org/wiki/Prefix_delegation
|
| [*]: https://tools.ietf.org/html/rfc3633
|
| [*]: https://github.com/openwrt/odhcp6c (-P option)
| amaccuish wrote:
| Upvoting as good idea, but most routers I know, evening running
| custom firmware, don't support delegating a wan prefix on
| request from lan side.
| gonesilent wrote:
| Happy starlink and pfsense user here doing just that.
| Arnavion wrote:
| I don't know about *WRT and Tomato, but OPNsense / pfSense
| and OpenBSD definitely support PD.
| eqvinox wrote:
| *WRT supported it last I checked, but that's no help in
| this case, as the ISP-provided locked-down router would
| need to support this.
|
| (This isn't about ISP-provided locked-down routers either,
| though those are an abomination too IMHO. Regardless of
| whether the "last" ISP-controlled device is a plastic
| router in your home or an aggregator somewhere else, it
| needs to support and offer PD for you...)
| Arnavion wrote:
| Yes, it requires using your own router instead of the
| ISP's. I know the article says the ISP router is locked
| down, but it's not clear whether the ISP router is
| _mandatory_.
| eqvinox wrote:
| Really depends on the ISP; it's actually on the certification
| mandatory feature list for some network operators. (Comcast,
| AFAIK.) But yeah, no way to tell if the particular device
| _and_ setup the author has supports it.
|
| (But it should be a very early thing to try, if it's
| available everything else becomes _much_ easier.)
| varankinv wrote:
| > But it should be a very early thing to try, if it's
| available everything else becomes much easier
|
| I've tried to set up PD but it didn't work, so I've moved
| on with other options. Now, after you mentioned that, this
| feels like a good excuse to delve into what exactly didn't
| work back then.
| [deleted]
| Havoc wrote:
| Ended up doing something similar except went for wifi 6 routers
| at both ends so that it could carry gigabit
| sneak wrote:
| This seems like a lot of work to avoid having to run a long
| cable.
| zrail wrote:
| > This seems like a lot of work
|
| I see this is your first introduction to the homelab hobby.
| Welcome!
| sneak wrote:
| I have 200TB in my garage.
| mbreese wrote:
| To be fair, physically moving a small cluster of RPis
| around is a bit easier than moving 200TB. So a wireless
| linkup isn't that strange of a setup.
| MayeulC wrote:
| Well, to be pedantic, physically moving 200 TB around
| shouldn't be really hard, if it's on 10 TB drives...
| rektide wrote:
| too sharp a point apologies, but, some homelabs acquire
| gear, some acquire skill.
|
| i don't see your claim about how much storage you have as
| any sort of technical claim, any proof of anything. i think
| it's expected that the homelab folk have an interest in
| going deep, in some areas. if networking isn't your bag,
| isn't interesting to you, fine. but the size of your
| storage cluster or how many vm's your running isn't really
| an interesting counter-claim.
| astrange wrote:
| I tried to figure out what a homelab was once, but it seemed
| to just be people who enjoyed having a lot of fan noise at
| home so they could assemble VLANs for no particular reason.
| pickle-wizard wrote:
| If you follow the homelab sub reddit, a lot of people like
| to run old obsolete datacenter gear.
|
| You don't have to do that. Mine is a pair of Ryzen 2 white
| boxes. They are dead silent and don't put out much heat
| either. All my network gear is fanless too.
|
| I do automation, so I use mine for dev/test against the
| stuff I am automating. A lot of it could run in the cloud,
| but that gets expensive real quick. Especially when I am
| working with a VMware stack.
| zrail wrote:
| Homelab is a wide hobby. Some people assemble their lab to
| learn how things work as a way to skill up for work. Some
| people assemble a small lab (sometimes just a single box
| with a bunch of VMs) to run home automation or media
| applications.
|
| Other people just enjoy the blinkenlights.
| whalesalad wrote:
| Not to mention a lot more latency.
| rektide wrote:
| wifi hop should be under 8ms. untethering sounds like a great
| & sophisticated way to skill up.
|
| also within this island latencies will remain low.
| Havoc wrote:
| Not an option for renting / where the cable would be in the way
| ok123456 wrote:
| just tape it to the molding.
| coolspot wrote:
| Having similar issue myself, I have found simpler and cheaper
| alternative - $20 Gl.inet mini router [1] that runs OpenWRT, but
| also has frienly UI where you can turn STA mode, connect it to
| your wireless network and have wired internet on the ethernet
| port.
|
| I use it for wireless Wake-on-Lan for my homelab PC, integrated
| with homeassistant and Google Assistant voice command "Hey
| Google, turn on homelab".
|
| [1] - perhaps due to chip shortage, it is closer to $30 now -
| https://www.amazon.com/dp/B073TSK26W
| cschneid wrote:
| Those little radios also have use in ham radio, there's a
| project to flash them with a cool self-healing mesh networking
| system called AREDN.
|
| I played with it some, with two nodes, although there's nobody
| near me to mesh with unfortunately.
| jasonjayr wrote:
| Those little devices are in high demand. I've been buying them
| in quantities of 10-at-a-time (Especially when they were
| cheaper) since they are useful for putting VOIP phones securley
| behind VPN. I've seen a lot of folks recommend them on HN. They
| support OpenVPN + Wireguard out of the box and are easy enough
| for non-techs to reconfigure in the field w/ remote
| instructions.
| nathancahill wrote:
| I deployed a remote/home office printer sharing setup with
| these little guys for my friend's company. The VPN
| integration is fantastic, at least for low bandwidth uses
| like that.
| rektide wrote:
| Betcha it wouldn't be too hard to use an rpi to do these
| tasks. ;)
|
| Hence why I love seeing posts like the one's submitted:
| lessons learned, that we can all possibly use to upgrade
| ourselves.
|
| It would be nice for mainstream linux (not just openwrt) to
| grow more user-friendly tooling. I look at opnsense in envy,
| but I'm not really interest in splitting my expertise, taking
| on learning FreeBSD too. I know I wouldn't really have to
| touch the OS much, that opnsense is a pretty complete UI
| package, but I like to keep a fuller-stack view of things,
| have some up & down mastery.
| daniellarusso wrote:
| How do you relay mDNS over IPv4?
|
| The article mentioned an ARP relay.
|
| Any recommendations?
| eqvinox wrote:
| avahi (the standard Linux mDNS implementation) has settings to
| set up proxying between multiple segments.
|
| It's not ARP relay, it's proxy ARP. That's a builtin feature on
| the Linux kernel, with 2 distinct modes to configure and enable
| it. (a) /proc/sys/net/.../proxy_arp, or (b) ip neigh add proxy
| ...; the latter way is more fine grained while the former is
| just an interface-wide switch that you flick on.
| jlgaddis wrote:
| > _The router is set with ... a global unicast IPv6 address (GUA)
| prefix 2001:db8:abc:123:: /64, which the ISP designates to us (of
| course, that's not the real prefix, but I will use this one in
| all examples below)._
|
| On a side note, I have more trust in documentation that is
| compliant with the relevant RFCs (i.e., RFC1918, RFC3849,
| RFC5737, et al).
|
| In my experience, such documentation is much more likely to be
| "technically correct" and get the small details right.
| londons_explore wrote:
| And this is all because WiFi doesn't act like a proper layer 2...
| It isn't possible to have a network which is ethernet -> wifi ->
| ethernet and have the whole thing one broadcast domain.
| aurelian15 wrote:
| Well, as at least one other commenter in this thread already
| pointed out, this is possible with WDS (Wireless Distribution
| System). However, this needs to be supported by the access
| points. _If_ it is supported (for example on APs running
| OpenWRT), it is literally just a matter of enabling WDS on the
| station and client APs, and bridging the wireless interfaces to
| the ethernet interfaces.
|
| I've been using this setup in my home network for years now
| (with a dedicated OpenWRT device for each wired "island") and
| it works great.
|
| Edit: To clarify, yes, this establishes a single broadcast
| domain. For example, DHCP and ARP requests are propagated
| through the entire network.
___________________________________________________________________
(page generated 2021-04-27 23:01 UTC)