[B.A.T.M.A.N.] DAT issue

[B.A.T.M.A.N.] DAT issue

[Fernando Pizarro]

Hi all!

I'm playing with OpenWRT and BATMAN advance and I had configured one 
essid to serve dynamic vlans via freeradius reply attributes.

I have a bridge (br0) with bat0, wireless and ethernet interface, and 
hostapd creates a new bridge by vlan (brvlanX) with vlanX and wlan1.X 
succefully. Br0 has configured a VLAN and IP to connect with every other 
nodes. There is the same explanation, but schematic:

Wireless:

phy0 -> wlan0 -> bat0
phy1 -> wlan1 -> wlan1.1
                      \ --> wlan1.N

Hostapd bridge:

wlan1 -> brvlan1 -> {wlan1.1; vlan1}
       \ --> brvlanN -> {wlan1.N; vlanN}

Ethernet bridge:

br0 -> {bat0; eth0; wlan1}
    \ --> br0.X == IP/NETMASK

When I look at batman dat table there aren't any registry, but variuos 
stations are connected. Why is that? What's wrong in my config?

Thanks a lot.
Fernando.

Re: [B.A.T.M.A.N.] DAT issue

[Antonio Quartulli]

[-- Attachment #1: Type: text/plain, Size: 1555 bytes --]

On Wed, Aug 07, 2013 at 10:58:13AM +0200, Fernando Pizarro wrote:
> Hi all!
> 
> I'm playing with OpenWRT and BATMAN advance and I had configured one 
> essid to serve dynamic vlans via freeradius reply attributes.
> 
> I have a bridge (br0) with bat0, wireless and ethernet interface, and 
> hostapd creates a new bridge by vlan (brvlanX) with vlanX and wlan1.X 
> succefully. Br0 has configured a VLAN and IP to connect with every other 
> nodes. There is the same explanation, but schematic:
> 
> Wireless:
> 
> phy0 -> wlan0 -> bat0
> phy1 -> wlan1 -> wlan1.1
>                       \ --> wlan1.N
> 
> Hostapd bridge:
> 
> wlan1 -> brvlan1 -> {wlan1.1; vlan1}
>        \ --> brvlanN -> {wlan1.N; vlanN}
> 
> Ethernet bridge:
> 
> br0 -> {bat0; eth0; wlan1}
>     \ --> br0.X == IP/NETMASK
> 
> When I look at batman dat table there aren't any registry, but variuos 
> stations are connected. Why is that? What's wrong in my config?


Hello Fernando,

I have to say that your setup is not the easiest I've ever seen :)
However, the initial version of DAT was not made to work with VLANs, but I'm not
entirely sure if this should lead to an empty table.

First of all, where are all your clients connected? to wlan1?
Why did you put wlan1 into br0 and not wlan1.X?
When your clients are doing traffic, can you see ARP Req/Resp on wlan1 (which is
the interface in br0 that will inject then the data into bat0)?

Cheers,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [B.A.T.M.A.N.] DAT issue

[Fernando Pizarro]

El 07/08/13 11:09, Antonio Quartulli escribió:
> On Wed, Aug 07, 2013 at 10:58:13AM +0200, Fernando Pizarro wrote:
>> Hi all!
>>
>> I'm playing with OpenWRT and BATMAN advance and I had configured one
>> essid to serve dynamic vlans via freeradius reply attributes.
>>
>> I have a bridge (br0) with bat0, wireless and ethernet interface, and
>> hostapd creates a new bridge by vlan (brvlanX) with vlanX and wlan1.X
>> succefully. Br0 has configured a VLAN and IP to connect with every other
>> nodes. There is the same explanation, but schematic:
>>
>> Wireless:
>>
>> phy0 -> wlan0 -> bat0
>> phy1 -> wlan1 -> wlan1.1
>>                        \ --> wlan1.N
>>
>> Hostapd bridge:
>>
>> wlan1 -> brvlan1 -> {wlan1.1; vlan1}
>>         \ --> brvlanN -> {wlan1.N; vlanN}
>>
>> Ethernet bridge:
>>
>> br0 -> {bat0; eth0; wlan1}
>>      \ --> br0.X == IP/NETMASK
>>
>> When I look at batman dat table there aren't any registry, but variuos
>> stations are connected. Why is that? What's wrong in my config?
>
> Hello Fernando,
>
> I have to say that your setup is not the easiest I've ever seen :)
> However, the initial version of DAT was not made to work with VLANs, but I'm not
> entirely sure if this should lead to an empty table.
>
> First of all, where are all your clients connected? to wlan1?
> Why did you put wlan1 into br0 and not wlan1.X?
> When your clients are doing traffic, can you see ARP Req/Resp on wlan1 (which is
> the interface in br0 that will inject then the data into bat0)?
>
> Cheers,
>
Hi Antonio, thanks for your answer.

I explain a bit more my stage... I have a server with DHCP that is the 
default gateway of all BATMAN nodes and clients, and BATMAN gateways are 
connected to it fisically. For roamming, I won't have IPs of VLANs in 
BATMAN nodes and all default gateways of VLANs are configured in the FW.

Clients connects to wlan1.X, but that interface is created by hostapd 
when radius allows access to the network of that client (default dynamic 
vlan behaviour). As hostapd creates this interface on demand and 
destroys it when is killed, I can't add wlan1.X to the bridge (br0). 
However, there is arp traffic on wlan1.

Greetings.
Fernando

Re: [B.A.T.M.A.N.] DAT issue

[Antonio Quartulli]

[-- Attachment #1: Type: text/plain, Size: 2952 bytes --]

On Wed, Aug 07, 2013 at 12:58:32PM +0200, Fernando Pizarro wrote:
> El 07/08/13 11:09, Antonio Quartulli escribió:
> > On Wed, Aug 07, 2013 at 10:58:13AM +0200, Fernando Pizarro wrote:
> >> Hi all!
> >>
> >> I'm playing with OpenWRT and BATMAN advance and I had configured one
> >> essid to serve dynamic vlans via freeradius reply attributes.
> >>
> >> I have a bridge (br0) with bat0, wireless and ethernet interface, and
> >> hostapd creates a new bridge by vlan (brvlanX) with vlanX and wlan1.X
> >> succefully. Br0 has configured a VLAN and IP to connect with every other
> >> nodes. There is the same explanation, but schematic:
> >>
> >> Wireless:
> >>
> >> phy0 -> wlan0 -> bat0
> >> phy1 -> wlan1 -> wlan1.1
> >>                        \ --> wlan1.N
> >>
> >> Hostapd bridge:
> >>
> >> wlan1 -> brvlan1 -> {wlan1.1; vlan1}
> >>         \ --> brvlanN -> {wlan1.N; vlanN}
> >>
> >> Ethernet bridge:
> >>
> >> br0 -> {bat0; eth0; wlan1}
> >>      \ --> br0.X == IP/NETMASK
> >>
> >> When I look at batman dat table there aren't any registry, but variuos
> >> stations are connected. Why is that? What's wrong in my config?
> >
> > Hello Fernando,
> >
> > I have to say that your setup is not the easiest I've ever seen :)
> > However, the initial version of DAT was not made to work with VLANs, but I'm not
> > entirely sure if this should lead to an empty table.
> >
> > First of all, where are all your clients connected? to wlan1?
> > Why did you put wlan1 into br0 and not wlan1.X?
> > When your clients are doing traffic, can you see ARP Req/Resp on wlan1 (which is
> > the interface in br0 that will inject then the data into bat0)?
> >
> > Cheers,
> >
> Hi Antonio, thanks for your answer.
> 
> I explain a bit more my stage... I have a server with DHCP that is the 
> default gateway of all BATMAN nodes and clients, and BATMAN gateways are 
> connected to it fisically. For roamming, I won't have IPs of VLANs in 
> BATMAN nodes and all default gateways of VLANs are configured in the FW.
>

if I understood correctly you have many nodes all connected with a cable to the
same GW? so all the nodes are in the same LAN?

> Clients connects to wlan1.X, but that interface is created by hostapd 
> when radius allows access to the network of that client (default dynamic 
> vlan behaviour). As hostapd creates this interface on demand and 
> destroys it when is killed, I can't add wlan1.X to the bridge (br0). 
> However, there is arp traffic on wlan1.
> 

I guess the traffic you see on wlan1 is VLAN traffic which is going to be
delivered to any of your wlan1.x.

I have the feeling in this way none of the client is really bridged into
batman-adv because you bridged wlan1 but the clients are connected to wlan1.x.
can you please report what "batctl tl" is saying?

Cheers,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [B.A.T.M.A.N.] DAT issue

[Fernando Pizarro]

[-- Attachment #1: Type: text/plain, Size: 4084 bytes --]

El 07/08/13 14:05, Antonio Quartulli escribió:
> On Wed, Aug 07, 2013 at 12:58:32PM +0200, Fernando Pizarro wrote:
>> El 07/08/13 11:09, Antonio Quartulli escribió:
>>> On Wed, Aug 07, 2013 at 10:58:13AM +0200, Fernando Pizarro wrote:
>>>> Hi all!
>>>>
>>>> I'm playing with OpenWRT and BATMAN advance and I had configured one
>>>> essid to serve dynamic vlans via freeradius reply attributes.
>>>>
>>>> I have a bridge (br0) with bat0, wireless and ethernet interface, and
>>>> hostapd creates a new bridge by vlan (brvlanX) with vlanX and wlan1.X
>>>> succefully. Br0 has configured a VLAN and IP to connect with every other
>>>> nodes. There is the same explanation, but schematic:
>>>>
>>>> Wireless:
>>>>
>>>> phy0 -> wlan0 -> bat0
>>>> phy1 -> wlan1 -> wlan1.1
>>>>                         \ --> wlan1.N
>>>>
>>>> Hostapd bridge:
>>>>
>>>> wlan1 -> brvlan1 -> {wlan1.1; vlan1}
>>>>          \ --> brvlanN -> {wlan1.N; vlanN}
>>>>
>>>> Ethernet bridge:
>>>>
>>>> br0 -> {bat0; eth0; wlan1}
>>>>       \ --> br0.X == IP/NETMASK
>>>>
>>>> When I look at batman dat table there aren't any registry, but variuos
>>>> stations are connected. Why is that? What's wrong in my config?
>>> Hello Fernando,
>>>
>>> I have to say that your setup is not the easiest I've ever seen :)
>>> However, the initial version of DAT was not made to work with VLANs, but I'm not
>>> entirely sure if this should lead to an empty table.
>>>
>>> First of all, where are all your clients connected? to wlan1?
>>> Why did you put wlan1 into br0 and not wlan1.X?
>>> When your clients are doing traffic, can you see ARP Req/Resp on wlan1 (which is
>>> the interface in br0 that will inject then the data into bat0)?
>>>
>>> Cheers,
>>>
>> Hi Antonio, thanks for your answer.
>>
>> I explain a bit more my stage... I have a server with DHCP that is the
>> default gateway of all BATMAN nodes and clients, and BATMAN gateways are
>> connected to it fisically. For roamming, I won't have IPs of VLANs in
>> BATMAN nodes and all default gateways of VLANs are configured in the FW.
>>
> if I understood correctly you have many nodes all connected with a cable to the
> same GW? so all the nodes are in the same LAN?
>
>> Clients connects to wlan1.X, but that interface is created by hostapd
>> when radius allows access to the network of that client (default dynamic
>> vlan behaviour). As hostapd creates this interface on demand and
>> destroys it when is killed, I can't add wlan1.X to the bridge (br0).
>> However, there is arp traffic on wlan1.
>>
> I guess the traffic you see on wlan1 is VLAN traffic which is going to be
> delivered to any of your wlan1.x.
>
> I have the feeling in this way none of the client is really bridged into
> batman-adv because you bridged wlan1 but the clients are connected to wlan1.x.
> can you please report what "batctl tl" is saying?
>
> Cheers,
>
Hi Antonio,

I have BATMAN gateways wired with the FW with loop avoidance enabled , 
and no-gateways BATMAN nodes are connected wireless. The DHCP service is 
running in the FW and it's the default gateway for all nodes, management 
and users. All nodes are in the same LAN wired or wireless, attach 
schematic image of the stage.

This is the translation local table in gateway node:

root@Gateway:~# batctl tl
Locally retrieved addresses (from bat0) announced via TT (TTVN: 153 CRC: 
0x0e6d):
        Client        Flags   Last seen
  * 00:0a:f7:0f:0b:86 [.....]   0.370
  * d4:ae:52:c7:4c:c8 [.....]  17.650
  * 00:0d:b9:2b:a3:ec [.....]  44.770
  * 96:db:c2:45:ab:52 [.P...]   0.000
  * 18:f4:6a:b7:c6:7e [....W] 332.640
  * 50:ea:d6:46:4c:e6 [....W]  61.800
  * 00:0d:b9:2b:a0:68 [.....] 332.640

And this of the client node:

root@Client:~# batctl tl
Locally retrieved addresses (from bat0) announced via TT (TTVN: 45 CRC: 
0xfd10):
        Client        Flags   Last seen
  * 00:0d:b9:2b:02:60 [.....]   0.000
  * 32:67:eb:c9:53:3e [.P...]   0.000

In the Client capture, the first MAC is eth0 and in the Gateway one (the 
first) sometimes appears eth0's mac address and others doesn't.

Thanks for all.
Fernando

[-- Attachment #2: Stage.png --]
[-- Type: image/png, Size: 56492 bytes --]

Re: [B.A.T.M.A.N.] DAT issue

[Antonio Quartulli]

[-- Attachment #1: Type: text/plain, Size: 644 bytes --]

Hello Fernando,

to be honest the set up is not really clear to me, not because of the topology
but because of all the bridges you created.

Once thing I am confident enough is
that if you have clients connected to wlan1.N and then you have a bridge
configured as { wlan1, eth0, bat0 } this is not going to work as expected.

Traffic sent over wlan1.1 will not be delivered to the bridge and so not
delivered to bat0.

You should include wlan1.1 in the bridge itself.


Other than DAT, I expect this to be a general problem.


Cheers,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [B.A.T.M.A.N.] DAT issue

[Fernando Pizarro]

[-- Attachment #1: Type: text/plain, Size: 1981 bytes --]

El 07/08/13 18:09, Antonio Quartulli escribió:
> Hello Fernando,
>
> to be honest the set up is not really clear to me, not because of the topology
> but because of all the bridges you created.
>
> Once thing I am confident enough is
> that if you have clients connected to wlan1.N and then you have a bridge
> configured as { wlan1, eth0, bat0 } this is not going to work as expected.
>
> Traffic sent over wlan1.1 will not be delivered to the bridge and so not
> delivered to bat0.
>
> You should include wlan1.1 in the bridge itself.
>
>
> Other than DAT, I expect this to be a general problem.
>
>
> Cheers,
>
Hi Antonio,

This stage is working correctly in a lab. Every client can connect and 
traffic is correctly routed and delivered. But I noticed the empty dat 
table, so I think there's something that I'm not understanding or, at 
least, that I could do it better. I'll try to explain what I want to 
achieve, perhaps in that way I could be understood better.

I have a freeradius service controlling clients acces, one of the 
attributes is the vlan-id, I'm using 802.1x. This part is quite easy I 
think, but the reason why nodes haven't got any ip (but management IP, 
which users can't achieve...) is not so easy.

1) I'm using dynamic vlan assignment. With this config, I just have to 
change attribs in my radius server and create a new pool in my fw... I 
haven't to configure anything in every node.

2) I thougt having nodes without IP and just forwarding traffic to the 
main GW (the firewall) through batman-adv, not natting every client 
traffic with the node IP. In that way, roaming is working very good. The 
problem are stablished sessions, these sessions are lost jumping from a 
node to any other. I think this problem is nearly related to the empty 
DAT table, and empty DAT table problem is nearly related too the nodes 
has no IP assigned. However, I'm not sure about this..

There is an image attached explaining bridges.

Thanks a lot.
Fernando.

[-- Attachment #2: Interfaces.png --]
[-- Type: image/png, Size: 12460 bytes --]

Re: [B.A.T.M.A.N.] DAT issue

[Marek Lindner]

Fernando,

On Thursday, August 08, 2013 01:07:09 Fernando Pizarro wrote:
> 2) I thougt having nodes without IP and just forwarding traffic to the 
> main GW (the firewall) through batman-adv, not natting every client 
> traffic with the node IP. In that way, roaming is working very good. The 
> problem are stablished sessions, these sessions are lost jumping from a 
> node to any other. I think this problem is nearly related to the empty 
> DAT table, and empty DAT table problem is nearly related too the nodes 
> has no IP assigned. However, I'm not sure about this..

the DAT table has nothing to do with roaming or sessions. It merely is an IP 
address cache to speed up ARP lookups. Even without DAT everything should 
work. I recommend to read our DAT user guide:
http://www.open-mesh.org/projects/batman-adv/wiki/DistributedArpTable

If disabling DAT would break something we certainly would not make it an 
option to invite everybody to shoot themselves in the foot.  ;-)

Therefore, I have to agree with Antonio that your problem is likely to be 
found somewhere else. First, you should define which established sessions 
break. The ones going into the internet or the ones you have locally. 
Depending on the answer we can dig deeper.

Generally it is a good idea to simplfy the setup until a point where 
everything works. Then you can move forward and make things more complicated. 
For the time being I'd recommend to vastly simplify your bridge & vlan setup 
by bridging your AP interface with bat0 only (no vlans, no radius tags, no 
brvlanN interface) to see if your roaming works.

Cheers,
Marek

Re: [B.A.T.M.A.N.] DAT issue

[Fernando Pizarro]

El 07/08/13 19:23, Marek Lindner escribió:
> Fernando,
>
> On Thursday, August 08, 2013 01:07:09 Fernando Pizarro wrote:
>> 2) I thougt having nodes without IP and just forwarding traffic to the
>> main GW (the firewall) through batman-adv, not natting every client
>> traffic with the node IP. In that way, roaming is working very good. The
>> problem are stablished sessions, these sessions are lost jumping from a
>> node to any other. I think this problem is nearly related to the empty
>> DAT table, and empty DAT table problem is nearly related too the nodes
>> has no IP assigned. However, I'm not sure about this..
> the DAT table has nothing to do with roaming or sessions. It merely is an IP
> address cache to speed up ARP lookups. Even without DAT everything should
> work. I recommend to read our DAT user guide:
> http://www.open-mesh.org/projects/batman-adv/wiki/DistributedArpTable
>
> If disabling DAT would break something we certainly would not make it an
> option to invite everybody to shoot themselves in the foot.  ;-)
>
> Therefore, I have to agree with Antonio that your problem is likely to be
> found somewhere else. First, you should define which established sessions
> break. The ones going into the internet or the ones you have locally.
> Depending on the answer we can dig deeper.
>
> Generally it is a good idea to simplfy the setup until a point where
> everything works. Then you can move forward and make things more complicated.
> For the time being I'd recommend to vastly simplify your bridge & vlan setup
> by bridging your AP interface with bat0 only (no vlans, no radius tags, no
> brvlanN interface) to see if your roaming works.
>
> Cheers,
> Marek
>
Hi all, thanks for your answers.

I have tested my setup in lab and I think that roaming works even if the 
DAT table is empty, local and external established connections seems to 
don't have problems.

Thanks for your help.
Fernando