Network2: Difference between revisions
mNo edit summary |
mNo edit summary |
||
(215 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
{{TOCright}} |
|||
This page proposes a fresh design for network configuration in a highly collaborative world, based on Scott's [[Network Principles]]. However, unlike the pure Network Principles, we also outline where and how to integrate several kinds of NAT-traversal technology, primarily to support dog-fooding and diagnosis by remote developers. |
|||
Last updated: [[User:Mstone|Michael Stone]] 04:15, 15 January 2010 (UTC) | '''[[Network2/Paper|paper version]]''' |
|||
Sugar's desired realtime collaboration experience can only be provided atop a robust and efficient network stack designed to accommodate automated diagnosis and standardized workarounds -- anything less only wastes students' and teachers' time and patience, contrary to our [[OLPC Human Interface Guidelines/Design Fundamentals/Key Design Principles|human interface guidelines]]. |
|||
== Protocols == |
|||
This '''unfinished''' essay summarizes an attempt to work out a simple way to realize this sort of network experience, with existing software and hardware, while also demonstrating the sort of thinking which might help other parts of the system achieve the same standard of quality. |
|||
We take [http://tools.ietf.org/html/rfc2460 IPv6] and [http://tools.ietf.org/html/rfc1034 DNS] as the basis of our system and rely heavily its [http://tldp.org/HOWTO/html_single/Linux+IPv6-HOWTO/ documentation] for Linux. The main reason is its large address space, conceptual clarity, ease of tunneling, and low incremental cost of adoption by both deployments and ISPs. |
|||
'''Quick links''': '''[[Network2/Paper|the Paper]]''' : (finished/''unfinished'' sections) |
|||
A key fact about IPv6 is that it's /expected/ that hosts will have multiple interfaces, that interfaces will have multiple addresses, that DNS queries (used via <tt>getaddrinfo()</tt>) will return multiple results sorted in a [http://tools.ietf.org/html/rfc3484 sane order], and that hosts will choose routes for packets based on how specifically the routes match the destination and on any QoS information available to the routing node. |
|||
* Prior work: [[networking]], [[collaboration]], [[network principles]] |
|||
For this reason, [http://tools.ietf.org/html/rfc4960 SCTP] ([http://en.wikipedia.org/wiki/Stream_Control_Transmission_Protocol wikipedia], [http://linux.die.net/man/7/sctp man page]) may be particularly effective. |
|||
* Background: [[Network2/Purpose|purpose]], [[Network2/Scenarios|scenarios]], [[Network2/Architecture|architecture]] |
|||
* Designs: [[Network2/Design|naming and internetworking]], ''[[Network2/Security|security ideas]]'', [[Network2/Diagnosis|diagnosis techniques]] |
|||
* Analyses: ''[[Network2/Dynamics|cost model]]'', ''[[Network2/Self-test|self-test algorithm]]'' |
|||
* Experiments: [[Network2/Experiments/Dnshash|dnshash]], [[Network2/Experiments/Openvpn|openvpn]], ''[[Network2/Experiments/HE|6to4: HE]]'', ''[[Network2/Experiments/Sixxs|6to4: Sixxs]]'', ''[[Network2/Experiments/Simulation|simulation]]'', ''[[Network2/Experiments/openwrt|openwrt]]'', ''[[Network2/Experiments/tinydns|olpcdyndns1]]'' |
|||
'''Personal goals...''' |
|||
== Client IPv6 == |
|||
# "I want to use familiar tools in my activities, -- like Twisted, curl, ssh, rsync, and email -- both under a tree, in a walled garden, and out on the public Internet, without modification or wrappers." |
|||
Your job is to be an IPv6 node. Consequently, when you bring up your interfaces, |
|||
# "I want a design that has 20% fewer ways to fail, and that offers manual overrides for the failure modes that remain." |
|||
# "I want to chop 2-3 levels from the current collaboration stack's 6-level 'fast-path'." |
|||
# "I want to collaborate with people who only have web browsers -- they outnumber people with Jabber clients by millions." |
|||
'''Finally, to help out''', please improve my writing, experiment with my ideas, and share this work with your friends! |
|||
# You might [http://tools.ietf.org/html/rfc2461 discover] an IPv6 router [http://tools.ietf.org/html/rfc2463 advertising] on one of your links. |
|||
#* (See <tt>sysctl net.ipv6.conf.all.accept_ra</tt> and related variables.) |
|||
# You might try out [https://fedorahosted.org/dhcpv6/ dhcp6c]. |
|||
# You might have some kind of IPv4 connectivity. If so, [http://www.sixxs.net/faq/connectivity/?faq=comparison connect] to the Internet or to other internetworks of your choice. |
|||
#* ([http://www.remlab.net/miredo/ miredo] and [http://openvpn.net/ openvpn] seem particularly easy to configure and hence to experiment with...) |
|||
# Use [[dnshash]] to add guessable link-local addresses to all your links. |
|||
== |
==Subpages== |
||
{{Special:PrefixIndex/{{PAGENAMEE}}/}} |
|||
Your job is to be an IPv6 router and a [http://tools.ietf.org/html/rfc1035 DNS server]. One of several situations might obtain: |
|||
[[Category:Network2]] |
|||
# You might discover an IPv6 router advertising one or more IPv6 prefixes on your outbound link(s). |
|||
[[Category:Subsystems]] |
|||
# You might have some kind of IPv4 connectivity. If so, [http://www.sixxs.net/faq/connectivity/?faq=comparison connect] to the Internet or to other internetworks of your choice. |
|||
# You might be under a tree. If so, generate a [http://tools.ietf.org/html/rfc4193 Unique Local Address] prefix. |
|||
# (Use [[dnshash]] to add guessable link-local addresses to all your links?) |
|||
When done, use [http://www.litech.org/radvd/ radvd] or [https://fedorahosted.org/dhcpv6/ dhcp6d] to share addresses. |
|||
== Server DNS == |
|||
One of the server's most important jobs is to get itself on appropriate internetworks so that it can dynamically map stable (DNS) names to unstable names (IPv6 addresses) for itself and its clients. |
|||
Unfortunately, the most reliable and secure means of updating these mappings is likely to be bespoke -- [http://tools.ietf.org/html/rfc2136 RFC 2136] is not widely implemented and specifies no concrete security protocol while DNSSEC seems immature at present. |
|||
Consequently, I propose the following strawman update protocol -- exchange an RFC-2136 UPDATE packet and response over your favorite authenticated RPC protocol with the nameserver. |
|||
(My favorite protocol for this sort of thing is currently "json-over-SSH-to-python-and-make", but variations (ucspi-ssl, 9p, etc.) make me smile.) |
Latest revision as of 04:15, 15 January 2010
Last updated: Michael Stone 04:15, 15 January 2010 (UTC) | paper version
Sugar's desired realtime collaboration experience can only be provided atop a robust and efficient network stack designed to accommodate automated diagnosis and standardized workarounds -- anything less only wastes students' and teachers' time and patience, contrary to our human interface guidelines.
This unfinished essay summarizes an attempt to work out a simple way to realize this sort of network experience, with existing software and hardware, while also demonstrating the sort of thinking which might help other parts of the system achieve the same standard of quality.
Quick links: the Paper : (finished/unfinished sections)
- Prior work: networking, collaboration, network principles
- Background: purpose, scenarios, architecture
- Designs: naming and internetworking, security ideas, diagnosis techniques
- Analyses: cost model, self-test algorithm
- Experiments: dnshash, openvpn, 6to4: HE, 6to4: Sixxs, simulation, openwrt, olpcdyndns1
Personal goals...
- "I want to use familiar tools in my activities, -- like Twisted, curl, ssh, rsync, and email -- both under a tree, in a walled garden, and out on the public Internet, without modification or wrappers."
- "I want a design that has 20% fewer ways to fail, and that offers manual overrides for the failure modes that remain."
- "I want to chop 2-3 levels from the current collaboration stack's 6-level 'fast-path'."
- "I want to collaborate with people who only have web browsers -- they outnumber people with Jabber clients by millions."
Finally, to help out, please improve my writing, experiment with my ideas, and share this work with your friends!
Subpages
- Network2/Advice
- Network2/Architecture
- Network2/Audience
- Network2/Concept/Address
- Network2/Concept/Bandwidth
- Network2/Concept/Bridge
- Network2/Concept/Capacity
- Network2/Concept/Interface
- Network2/Concept/Internetwork
- Network2/Concept/Jitter
- Network2/Concept/Latency
- Network2/Concept/Layer
- Network2/Concept/Link
- Network2/Concept/Medium
- Network2/Concept/Name
- Network2/Concept/Network
- Network2/Concept/Protocol
- Network2/Concept/Router
- Network2/Concept/Scenario
- Network2/Concept/Tunnel
- Network2/Credits
- Network2/Design
- Network2/Diagnosis
- Network2/Dynamics
- Network2/Experiments
- Network2/Experiments/Dnshash
- Network2/Experiments/HE
- Network2/Experiments/OpenWRT
- Network2/Experiments/Openvpn
- Network2/Experiments/Simulation
- Network2/Experiments/Sixxs
- Network2/Experiments/tinydns
- Network2/Future work
- Network2/Paper
- Network2/Purpose
- Network2/Scenarios
- Network2/Security
- Network2/Self-test