All of lore.kernel.org
 help / color / mirror / Atom feed
From: Baptiste Jonglez <baptiste@bitsofnetworks.org>
To: Norman Shulman <norman.shulman@n-dimension.com>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: [WireGuard] WireGuard cryptokey routing
Date: Wed, 6 Jul 2016 17:48:35 +0200	[thread overview]
Message-ID: <20160706154834.GH2040@lud.polynome.dn42> (raw)
In-Reply-To: <CANQAqMX-1MrYW+Yfn6g7BGPwn2qCDWOCoMWkLyM5W9KZgm52tQ@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 2050 bytes --]

On Wed, Jul 06, 2016 at 11:31:28AM -0400, Norman Shulman wrote:
> Ethernet networks don't scale; that's why we have IP networks.

Wireguard does not use Ethernet at all, it operates purely at layer 3 (IP).

IP over Ethernet would use a reactive scheme (ARP, Neighbour Discovery) to
discover the mapping between IP addresses and link-layer addresses.  This
is part of the reason why Ethernet does not scale well.

Wireguard, on the other hand, does the equivalent mapping statically, via
the AllowedIPs directive.  The mapping is also slightly different:

- with Ethernet, you map from IP address to MAC address (using ARP or ND)

- Wireguard maps from IP address to public key (using AllowedIP, so this
  is completely static).  A public key is then mapped to the IP address
  and UDP port of the peer on the Internet, using the last known endpoint
  of the peer.  This makes this second mapping mostly dynamic, even though
  it falls back to a static "Endpoint" configuration for bootstrap.

Does that make things clearer for you?

> So in general a client needs one address for each server? Rather limiting
> for clients on small subnets, especially considering the case of n clients
> on a subnet, each connecting to m different servers.
> 
> 
> 
> 
> On Tue, Jul 5, 2016 at 3:11 PM, Jason A. Donenfeld <Jason@zx2c4.com> wrote:
> 
> > On Tue, Jul 5, 2016 at 9:09 PM, Norman Shulman
> > <norman.shulman@n-dimension.com> wrote:
> > > How is this enforced?
> > Receiving, line 238 here:
> > https://git.zx2c4.com/WireGuard/tree/src/receive.c#n238
> > Sending, line 112 here:
> > https://git.zx2c4.com/WireGuard/tree/src/device.c#n112
> >
> > > How does this scale?
> > The same way in which an ethernet network scales? One ethernet device
> > can have multiple IPs, but separate (unbonded) ethernet devices
> > generally do not share IPs.
> >

> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> http://lists.zx2c4.com/mailman/listinfo/wireguard


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

  parent reply	other threads:[~2016-07-06 15:48 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CANQAqMXqQv_MkEsLSuSHNVqHGJuy6yVHhVP4mM6v3x+5iVbVqA@mail.gmail.com>
     [not found] ` <CAHmME9rXYm3yV0j5pW3yH59j-C9S=6X8-6OY+b=dkuRq7Vpzvw@mail.gmail.com>
     [not found]   ` <CANQAqMX8Bf9taS+VgRYnGwuOoJcG3PL8PNmyOK66O3pHjP6VBw@mail.gmail.com>
     [not found]     ` <CAHmME9rRHgEtsJ8F-4UrzZMwOs43T24Jq+mUHO91-oimQXXjwg@mail.gmail.com>
     [not found]       ` <CANQAqMV=QeCG9BPvPpaCAu56a+mNi_7sNvhDL=_i4N7WFY1=Ng@mail.gmail.com>
     [not found]         ` <CAHmME9qr2H=4Qdzx9Kz4=op-O-yzum0+hJWvazHZ_K7ex05ncQ@mail.gmail.com>
2016-07-05 16:34           ` [WireGuard] Fwd: WireGuard cryptokey routing Jason A. Donenfeld
2016-07-05 18:05           ` [WireGuard] " Norman Shulman
2016-07-05 19:06             ` Jason A. Donenfeld
2016-07-05 19:09               ` Norman Shulman
2016-07-05 19:11                 ` Jason A. Donenfeld
2016-07-06 15:31                   ` Norman Shulman
2016-07-06 15:37                     ` Jason A. Donenfeld
2016-07-06 15:48                     ` Baptiste Jonglez [this message]
2016-07-07 16:15                       ` Norman Shulman
2016-07-07 16:18                         ` Jason A. Donenfeld
2016-07-14 21:16                           ` Norman Shulman
2016-07-15 11:51                             ` Jason A. Donenfeld

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160706154834.GH2040@lud.polynome.dn42 \
    --to=baptiste@bitsofnetworks.org \
    --cc=norman.shulman@n-dimension.com \
    --cc=wireguard@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.