Cjdns transition

Transition to cjdroute-v10 on the existing network.

  • Supply cjdroute-v6 (existing) and cjdroute-v10 in enigmasuite
  • Switch button replaces /usr/sbin/cjdroute with requested version

Procedure

  • Graceful degradation: rename to v6, but keep the existing net running!
  • slowly expand to v10 functionality (iptables, peerings n stuff) until done

Configs for the Enigmabox

boxes.pp old:

node 'abcdefgh' {
    class {"serverconfig":
        [...]
        peerings => [
            '"9.10.11.12:21348":{"password":"verysecret","publicKey":"removed.k","country":"hu"}',
            '"13.14.15.16:3563":{"password":"foobar","publicKey":"censored.k","country":"ch"}',
        ],
        [...]
    }
}

boxes.pp new:

node 'abcdefgh' {
    class {"serverconfig":
        [...]
        peerings_v6 => [
            '"9.10.11.12:21348":{"password":"verysecret","publicKey":"removed.k","country":"hu"}',
            '"13.14.15.16:3563":{"password":"foobar","publicKey":"censored.k","country":"ch"}',
        ],
        peerings_topo128 => [
            '"9.10.11.12:7777":{"password":"verysecret","publicKey":"removed.k","country":"hu"}',
            '"13.14.15.16:8888":{"password":"foobar","publicKey":"censored.k","country":"ch"}',
        ],
        [...]
    }
}

Configs for the servers

servers.pp old:

node '4-3-2-1.static.edis.at' {
#ch1
#1.2.3.4, ch

    class {"cjdns":
        attr1 => "xyz",
        attr2 => "xyz",

        authorized_passwords => [

            # servers 

            # peerings 

            # boxes 
        ],

        allowed_connections => [ 
            {
                public_key => "hah.k",
                ip4_address => "10.23.0.42",
            }, 
        ],

    }

}

servers.pp new:

node '4-3-2-1.static.edis.at' {
#ch1
#1.2.3.4, ch

    # this is for cjdns-v6
    class {"cjdns":
        attr1 => "xyz",
        attr2 => "xyz",

        authorized_passwords => [

            # servers 

            # peerings 

            # boxes 
        ],

        allowed_connections => [ 
            {
                public_key => "hah.k",
                ip4_address => "10.23.0.42",
            }, 
        ],

    }

    # and this is for cjdns-v10 (topo128)
    create_resources(cjdns_instance, {

        tun0 => {
            tun_id => "0",
            port => 7467,

            authorized_passwords => [
    
                # servers 
    
                # peerings 
    
                # boxes 
            ],

            allowed_connections => [ 
                {
                    public_key => "hah.k",
                    ip4_address => "10.23.0.42",
                }, 
            ],
        },

        tun1 => {
            tun_id => "0",
            port => 7467,

            authorized_passwords => [
    
                # servers 
    
                # peerings 
    
                # boxes 
            ],

            allowed_connections => [ 
                {
                    public_key => "hah.k",
                    ip4_address => "10.23.0.42",
                }, 
            ],
        }
    }
}
  • Resource allocation: run twice
  • once for v6
  • once for topo128
  • pay special attention to iptables!
  • check for used ports before generating cjdns_instance
  • separate init scripts (v6 and topo128); don't restart v6 if something in topo128 is changed

how many TUNs (cjdroute-instances on a server)?

  • 1 (existing network)
  • 4 (current implementation on testnet)
  • 32 (future - prepare for servers with 32 cores and 10Gbit :] )
  • 10000Mbit / 10Mbit per box = 1000 Boxes per server
  • 1000 Boxes / 32 cores = 32 Boxes per instance

And this is the worst case (all Boxes on one server) - because there are many countries = redundancy + load distribution FTW!

roadmap/cjdns-transition.txt ยท Last modified: 2014/12/11 09:09 by 42
Back to top
GNU Free Documentation License 1.3
chimeric.de = chi`s home Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0