/supernode

Connecting AREDN meshes using Supernodes

Primary LanguageShell

AREDN Supernode

NOTE: This project is no longer maintained as the supernode behaviour has been incorporated into the AREDN codebase.

AREDN Supernodes provide a mechanism to connect multiple AREDN meshes together, allowing traffic to travel between them, without implicityly advertising all the nodes in every mesh to every other mesh. For a more complete description of why this is useful and how it works see https://docs.google.com/document/d/1Gqkv2wF6M7szCfbdVPbEG7IQzjDebQqdRx6mfLGMOqE/edit?usp=sharing

Configuration

For easy of use, a supernode is contained in a Docker container which can be configured using a number of environmental variables:

  • NODE_NAME - This is the name for this supernode, and will be the name visible on the AREDN mesh this node directly connects to.
  • PRIMARY_IP - This is the primary IPv4 address for this node and should match the IP address on a network connection to a mesh.
  • DNS_ZONE - This is the DNS zone name for the connected mesh. Locally all AREDN networks have the zone name local and domain suffix local.mesh. This is the global zone name (e.g. sfwem).
  • DNS_SUPERNODE - The DNS information to connect this supernode to the DNS servers of other supernodes for other meshes. This is formatted as zone:ipaddress space seperated pairs (e.g. socalnet:1.2.3.4 aznet:5.6.7.8)
  • MESH_NETS - List of network devices which are used to connect this supernode to a single mesh.
  • SUPERNODE_NETS - List of network devices which are used to connect this supernode to other supernodes.
  • TUN0, TUN1, ... TUN31 - Each TUNx can be used to configure a vtund client or server to connect this supernode to other supernodes or a mesh network. Each configuration takes four parameters, seperated by colons, and follow AREDN naming and network convensions. For example KN6PLV-SFMON:apassword:172.32.90.240:tunnels.xojs.org defines a tunnel named KN6PLV-SFMON with a password apassword. The tunnel uses 172.32.90.240 as its network, and connects to the tunnel server tunnels.xojs.org. If the tunnel server parameter is omitted, this supernode will instead create a tunnel server for another client to connect to.
  • ENABLE_MASQUARADE - Set to true to hide the details of the supernodes behind a NAT.
  • DISABLE_SUPERNODE - Set to true to disable the /8 rule injection into the mesh so nodes in the mesh cannot route to the supernode.

Building the Docker

The Docker image is easily built:

git clone https://github.com/kn6plv/supernode.git

docker build -t kn6plv/supernode supernode

Running the Docker

Create a env file which will contain the necessary environment variables (as detailed above). Then run the container as below:

docker run --env-file env --privileged kn6plv/supernode

Alternative, you can run it using your favorite Docker container manager.