[Babel-users] switching cerowrt to quagga-babeld issues

Fri Jun 29 14:46:54 UTC 2012

I am in the process of switching cerowrt over to quagga-babeld, and
now that the ipv4 mesh routing bug is quashed, and the very exciting
authentication code is now in there, I've got the latest quagga-babeld
in the openwrt-compatible ceropackages repo, and built in my latest
cerowrt dev build, and even partially deployed for testing....

In fiddling with this I see several features of the older babeld that
I used in the past that aren't quite in quagga-babeld yet.

1) I liked the original add route/delete old route update scheme
better than delete old/add new which is what I think is in quagga.
Under heavy loads, packet drop was lessened. I note that I haven't
really gone back to verify this, as it turned out (much) later, a key
part of my problem was the ar71xx hardware was throwing traps all over
the place on ipv6 traffic, for which a patch is in cerowrt but not
accepted into the openwrt mainline. (and secondly, fq_codel does a
better job of mixing up streams, so the effect of bulk packet drop is
lessened). That said, it seems a useful re-optimization to do...

2) I'd used the rxcost parameter to babel to give 5.x ghz network a
tiny preference in case of tie with 2.4 ghz. Don't know how to do that
in quagga-babel

3) On my testbed I'd exported my internal ipv6 routes over the
external wire thusly, giving direct routes to everything on that wire
for ipv6 rather than having to bounce them back up to the default gw
and/or have it fall back to the wireless meshes.

#If you have ipv4 nat, but want to route ipv6 over the ge00 interface
# uncomment these
#out if ge00 ip 0.0.0.0/0 deny
#in if ge00 ip 0.0.0.0/0 deny

The quagga route-map functionality can't do this at present

4) Similarly, in wrapping my head around authenticated routing
exchanges it seems that doing security based on ip addresses is
possible. However having an acl command that would reject routes
provided even via a trusted peer to ips on "my network" that are on
the peer's network seems helpful. An example would be:

Alice has 192.168.0.1/24 and trusts bob
Bob has 192.168.1.1/24  and trusts alice and calvin
Calvin has 192.168.2.1/24 but sneakily sticks a box up on 192.168.0.10

alice should only accept routes for 192.168.0.X on her own network,
not via a babel exchange with bob or calvin

I can live without this stuff! But I wanted to note it in the hope
others have time to play with it...

I just put up a dev-only build of cerowrt + quagga-babeld here:

http://snapon.lab.bufferbloat.net/~cero1/3.3/3.3.8-7/

And examples of routes exchanged with multiple babeld and quagga boxes:

http://pastebin.com/Ayy4HSwr

-- 
Dave Täht
http://www.bufferbloat.net/projects/cerowrt/wiki - "3.3.8-6 is out
with fq_codel!"