-
Notifications
You must be signed in to change notification settings - Fork 15
ISP aspects
axn edited this page Mar 24, 2018
·
5 revisions
Want to:
- Use encrypted packet forwarding over mesh (eg using wireguard)
Want to:
- Express networks reachable via ISP (itself) and BW to them (eg DSL uplink speed)
- Delegate particular or random prefix to a client
- Offer enhanced GW-tunnel services to selected nodes
Clients (of ISPs or GWs) are seeking to lease source-address-prefixes and tunnel routes.
Want to:
- Choose ISP based on:
- Reachable networks and promised BW
- Trustability of GW
- Mesh-Path BW to GW
- Offered source address prefix leased by GW to client
- Express preferred prefix to be leased from ISP
- Choose to obtain public or anonymous prefix from ISP
--wgDev DEVNAME // Specify a wg-tunnel device and src-address prefix
[udp-port PORT] // Optionally specify explicit endpoint port
<srcPrefix ADDRMASK [ // Set own static src-address and mask for device
delegate NETMASK/MIN // Optionally offer prefix delegation of src-address ranges to
// clients
[privacy PRIVVAL] // Optionally specify if prefix delegation supports anonymous
// and/or public src-address ranges
[supportedClients IDDIR] ] > | // Optionally restrict wg-tunnel endpoint and prefix-delegation
// service only to selected clients
<srcAuto NETMASK/MAX // Set own src-address and mask automatically based on prefix-
// delegation offered by GW nodes
[trustedDelegators IDDIR] // Optionally limit set of GWs considered for leasing a
// delegated src-address prefix
[srcPreference NETMASK] // Optionally consider only prefix-delegation offers with
// given src-address prefix
[srcPrivacy PRIVVAL] // Optionally specify desired privacy mode for leased src-
// addresses
[wgOut OUTNAME] > // Optionally consider only prefix-delegation offers if GW-
// tunnel also offers tunnel routes as specified via given
// OUTNAME
--wgOut OUTNAME // Label for wg-tunnel-route searches
<dst NETMASK/MIN/MAX> // Specify netmask for searched destination route
[wgDev DEVNAME] // Optionally bind search to particular DEVNAME
[ingress NETMASK] // Optionally consider only offered routes with
// larger ingress filter
[trustedGws IDDIR] // Optionally limit set of considered GWs
[trustedDelegators IDDIR] // Optionally limit set of considered routes to those leased
// by a trusted prefix delegator
[minBandwidth BANDWIDTH] // Optionally consider only GWs satisfying given e2e bandwidth
--wgIn INNAME // Label for wg-tunnel-route offers to clients
<dst NETMASK> // Specify offered route
[wgDev DEVNAME] // Optionally offer route only via given device
[ingress NETMASK] // Optionally accept only incoming tunnel traffic from given
// src addresses
[bandwidth BANDWIDTH] // Optionally specify bandwidth to given route
- DEVNAME := wireguard tunnel device name (e.g. wg0)
- OUTNAME := Section name for outgoing wg-tunnel routes
- INNAME := Section name for incoming wg-tunnel routes
- PORT := udp port number
- ADDRMASK := address/prefix-length
- PRIVVAL := 0=none, 1=anonymous, 2=public, 3=both
- IDDIR := Path to directory containing files named as BMX7 node identities
- NETMASK := network/prefix-length
- MAX := upper limit for given prefix-length
- MIN := lower limit for given prefix-length
- BANDWIDTH := Bandwidth in bits/second
- BW: BandWidth
- ISP: Internet Service Provider
- GW: Gateway to other network