Skip to content

Latest commit

 

History

History
341 lines (253 loc) · 18.8 KB

ROUTE.md

File metadata and controls

341 lines (253 loc) · 18.8 KB

Quick links :

Home - Part 1 - Part 2 - Part 3 - Resources

Part 1 - Mesh Networks - Build a Mesh network - Network access

Part 1 - Network Access

In the previous section you configured your raspberry pi systems to create a mesh network. Before we start up the mesh network we need to make sure you will be able to access the devices forming the mesh and also allow the mesh devices to access the Internet.

In this section you will add a gateway device to allow the mesh traffic to be routed to the Internet, but keeping the mesh network private from your home or office network. You will also create a bridge device to allow your laptop or any other device to access mesh devices or access the Internet via the mesh network.

Gateways and bridges

network diagram

This workshop shows 2 different ways of connecting networks. A Gateway device and a bridge device, so what is the difference?

A Gateway:

  • hides the second network (the mesh network in diagram above) from the primary network (home/office network in diagram)
  • appears on the primary network as a standard device and by default prevents other devices on the primary network seeing devices on the second network
  • allows devices on the second network to see devices on the primary network using a technique called Network Address Translation (NAT), which sends all traffic originating on the second network destined for the primary network (or Internet) as if it had been generated by the gateway device, then when a response is received it translates the destination address to the originating device on the second network.
  • not all traffic from the primary network is sent to the second network. By default, only responses to traffic originating on the second network is forwarded by the gateway, though additional rules can be added to allow other traffic to be routed from the primary network to the second network.
  • the devices on the second network need to have a different IP address range, so the gateway can determine how to route traffic
  • most home and office internet access devices are gateways, preventing internet traffic seeing into your home network, but allowing devices on your home network to access the internet.
  • for more technical folks, this is a layer-3 routing solution (don't worry if your don't understand what this means)

A bridge:

  • simply joins 2 different network interfaces and makes them appear to be a single network
  • all network traffic flows across the bridge from both networks
  • the 2 networks share the same IP address space, there is no routing
  • for more technical folks, this is a layer-2 solution

You could choose to implement 2 bridges or 2 gateways depending on how you want to separate the networks. The step-by-step instructions will implement a gateway and a bridge, as shown in the diagram above.

The instructions below will be using the Ethernet connection on a Pi 3/4B, if you can't use Ethernet and need to use WiFi then jump to part 2, where WiFi connectivity is covered (you will need additional WiFi USB dongles).

Creating the gateway

In this section you will convert one of your mesh Raspberry Pi 3/4B devices to act as a gateway between your existing home/office network and the Mesh network. You should connect the Pi to your home/office network via Ethernet cable (eth0 interface on the Raspberry Pi).

As the gateway uses IP routing to selectively allow traffic to pass between the Mesh and home/office networks the Mesh network needs to have a different address range. The instructions use the following network details:

  • Network 192.168.199.x
  • netmask 255.255.255.0
  • gateway address 192.168.199.1

The gateway will be the DHCP server for the mesh network. DHCP is the service that provides network configuration to devices on a network. As the mesh network is a separate network from the home/office network, the DHCP service will provide devices with network configuration for the TCP network that runs over the mesh.

On the selected Pi that will be the gateway complete the following steps on the command line:

  1. Install the DHCP software with command : sudo apt-get install -y dnsmasq

  2. Configure the DHCP server by editing the dnsmasq.conf file as root user:

    • sudo vi /etc/dnsmasq.conf
    • sudo nano /etc/dnsmasq.conf

    and add the following lines to the end of the file:

    interface=bat0
dhcp-range=192.168.199.2,192.168.199.99,255.255.255.0,12h

  3. Change the startup file to add the routing rules to forward mesh traffic to the home/office network and do the Network Address Translation on the reply. Set the node as a mesh gateway and also configure the gateway interface IP address. To do this update the start-batman-adv.sh file and change the content to:

    #!/bin/bash
# batman-adv interface to use
sudo batctl if add wlan0
sudo ifconfig bat0 mtu 1468

# Tell batman-adv this is an internet gateway
sudo batctl gw_mode server

# Enable port forwarding
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o bat0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i bat0 -o eth0 -j ACCEPT

# Activates batman-adv interfaces
sudo ifconfig wlan0 up
sudo ifconfig bat0 up
sudo ifconfig bat0 192.168.199.1/24

  4. Shutdown the gateway pi using command sudo shutdown -h now

Creating a bridge node

In this section you will convert one of the mesh Raspberry Pi 3/4 B devices to a bridge (this cannot be the gateway device). The bridge will connect the Raspberry Pi ethernet interface to the mesh network interface.

A bridge node allows non-mesh devices to use the mesh nodes to connect to the home/office network and the Internet. The gateway node provides the DHCP server that will also serve bridged devices, as DHCP requests flow over a bridge.

On the selected bridge node run the following on a command line:

  1. Install the bridge utilities using command : sudo apt-get install -y bridge-utils

  2. Create an interface config for the eth0 interface. This will allow the ethernet port to be hotplugged, which means the ethernet cable can be connected and disconnected. Do this by creating file /etc/network/interfaces.d/eth0 as root user sudo vi /etc/network/interfaces.d/eth or sudo nano /etc/network/interfaces.d/eth and setting the content to:

    auto eth0
allow-hotplug eth0
iface eth0 inet manual

  3. Modify the /etc/dhcpcd.conf file as root sudo vi /etc/dhcpcd.conf or sudo nano /etc/dhcpcd.conf and change the last line to:

    denyinterfaces wlan0 eth0 bat0

  4. Update the configuration file ~/start-batman-adv.sh to setup the bridge vi ~/start-batman-adv.sh or nano ~/start-batman-adv.sh and ensure the content matches:

    #!/bin/bash
# batman-adv interface to use
sudo batctl if add wlan0
sudo ifconfig bat0 mtu 1468

sudo brctl addbr br0
sudo brctl addif br0 eth0 bat0

# Tell batman-adv this is a gateway client
sudo batctl gw_mode client

# Activates batman-adv interfaces
sudo ifconfig wlan0 up
sudo ifconfig bat0 up

# Restart DHCP now bridge and mesh network are up
sudo dhclient -r br0
sudo dhclient br0

  5. Shutdown the bridge pi using command sudo shutdown -h now

Boot the mesh network

Now you have completed the configuration and setup you can boot your mesh network. Ensure the gateway node is connected to the home/office network via Ethernet cable then power on all the Raspberry Pis.

After a short while the mesh should have formed and each mesh node should have an IP address.

Verifying the gateway

To verify that your mesh network is working you should have your laptop connected to your home/office network, then complete the following:

  1. Connect to the gateway using ssh :

    ssh [email protected]

    replacing the hostname with the hostname of your gateway pi.

  2. Issue command ifconfig on a command line on the gateway pi. You should see all the interfaces on your gateway pi:

    bat0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.199.1  netmask 255.255.255.0  broadcast 192.168.199.255
        inet6 fe80::2091:19ff:fe54:c323  prefixlen 64  scopeid 0x20<link>
        ether 22:91:19:54:c3:23  txqueuelen 1000  (Ethernet)
        RX packets 204  bytes 14221 (13.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 80  bytes 8242 (8.0 KiB)
        TX errors 0  dropped 64 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.134  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::85a:ba7:1ccc:271a  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:db:b9:39  txqueuelen 1000  (Ethernet)
        RX packets 1784  bytes 336493 (328.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 381  bytes 84309 (82.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 6  bytes 1040 (1.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 1040 (1.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::ba27:ebff:fe8e:ec6c  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:8e:ec:6c  txqueuelen 1000  (Ethernet)
        RX packets 1845  bytes 99196 (96.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1840  bytes 162634 (158.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    Notice that:

    • eth0 has an IP address on your home/office network
    • bat0 has IP address 192.168.199.1
    • wlan0 has no IP address assigned

  3. Issue command iwconfig to show the wireless interfaces on the device. You should see:

    wlan0   IEEE 802.11  ESSID:"call-code-mesh"  
        Mode:Ad-Hoc  Frequency:2.462 GHz  Cell: 3A:BC:74:3B:A1:D9
        Tx-Power=31 dBm
        Retry short limit:7   RTS thr:off   Fragment thr:off
        Power Management:on

    Notice that:

    • The ESSID is the name of your network, set in /etc/network/interfaces.d/wlan0
    • The mode is Ad-Hoc

  4. Issue command sudo batctl if to show the interfaces participating in the mesh. You should see response wlan0: active to show that the WiFi interface wlan0 is part of the mesh.

  5. Issue command sudo batctl n to show the neighbouring mesh nodes your gateway node can see. You should see something similar to this:

    [B.A.T.M.A.N. adv 2018.3, MainIF/MAC: wlan0/b8:27:eb:8e:ec:6c (bat0/ba:bf:0a:fd:33:e5 BATMAN_IV)]
IF             Neighbor             last-seen
    wlan0       b8:27:eb:bd:4d:e5   0.980s
    wlan0       b8:27:eb:01:d4:bb   0.730s

  6. When using the batctl command it is not very helpful to show mac addresses for each of the mesh nodes. It is possible to create a file which will map a mac address to a hostname. Create a file /etc/bat-hosts as root user and add the mac addresses and host names of all your mesh nodes. The mac address used is the ether value of the wlan0 interface node on each node. A sample /etc/bat-hosts file looks like:

    b8:27:eb:8e:ec:6c   bi-raspimesh01
b8:27:eb:bd:4d:e5   bi-raspimesh02
b8:27:eb:01:d4:bb   bi-raspimesh03

    now when you run sudo batctl n you now get:

    [B.A.T.M.A.N. adv 2017.3, MainIF/MAC: wlan0/b8:27:eb:8e:ec:6c (bat0/ba:bf:0a:fd:33:e5 BATMAN_IV)]
IF             Neighbor             last-seen
    wlan0       bi-raspimesh02      0.890s
    wlan0       bi-raspimesh03      0.660s

    Create the /etc/bat-hosts file on all of the mesh nodes if you want the mac addresses resolved to hostnames in batctl commands.

Verify the bridge

  1. Now connect your laptop to the Ethernet port on the bridge node.

  2. Give it a short while to get an IP address then check that the laptop has got a 192.168.199.x IP address, this will verify that your laptop is able to use the mesh to get to the gateway node, where the DHCP server is running. If you get a 169.x.x.x network address then there is an issue with the bridge.

  3. Connect to the bridge pi using ssh [email protected], changing hostname with the hostname of your bridge raspberry pi.

  4. Issue command ifconfig to see all the interfaces on the bridge pi. You should see something similar to:

        bat0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1468
            inet6 fe80::e838:85ff:fe06:8265  prefixlen 64  scopeid 0x20<link>
            ether ea:38:85:06:82:65  txqueuelen 1000  (Ethernet)
            RX packets 16589  bytes 9220389 (8.7 MiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 14460  bytes 1905164 (1.8 MiB)
            TX errors 0  dropped 19 overruns 0  carrier 0  collisions 0

    br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1468
            inet 192.168.199.34  netmask 255.255.255.0  broadcast 192.168.199.255
            inet6 fe80::4e41:fc4e:b18c:ffd0  prefixlen 64  scopeid 0x20<link>
            ether b8:27:eb:e8:18:b0  txqueuelen 1000  (Ethernet)
            RX packets 3261  bytes 213663 (208.6 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 1053  bytes 208548 (203.6 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet6 fe80::ba27:ebff:fee8:18b0  prefixlen 64  scopeid 0x20<link>
            ether b8:27:eb:e8:18:b0  txqueuelen 1000  (Ethernet)
            RX packets 15714  bytes 2010018 (1.9 MiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 16090  bytes 9413607 (8.9 MiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 3  bytes 360 (360.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 3  bytes 360 (360.0 B)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet6 fe80::ba27:ebff:febd:4de5  prefixlen 64  scopeid 0x20<link>
            ether b8:27:eb:bd:4d:e5  txqueuelen 1000  (Ethernet)
            RX packets 65722  bytes 11991421 (11.4 MiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 39946  bytes 4886290 (4.6 MiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    Notice:

    • The br0 interface has an IP address in the mesh network range.
    • The bat0, eth0 and wlan0 interfaces have no IP address assigned.

  5. Issue command sudo brctl show to show the details of defined bridge interfaces. The response should show that bat0 and eth0 are configured in the bridge interface:

    bridge name bridge id       STP enabled interfaces
br0     8000.b827ebe818b0   no      bat0
                                    eth0

  6. You can verify the bridge device is connected to the mesh the same way you verified the gateway device, using commands sudo batctl if and sudo batctl n.

  7. For the mesh to work there needs to be communication path from the bridge node to the gateway node. If the mesh nodes are spread apart you can check the mesh, by logging onto each mesh device and looking at the neighbours

Once your laptop is connected to the bridge node and has an IP address in the mesh network it will be able to directly connect to all the nodes in the mesh and also access any computer on the home/office network and the Internet. Try issuing command ping www.ibm.com -c 5, where you should get an response similar to:

PING e2874.dscx.akamaiedge.net (23.198.97.50) 56(84) bytes of data.
64 bytes from a23-198-97-50.deploy.static.akamaitechnologies.com (23.198.97.50): icmp_seq=1 ttl=57 time=19.6 ms
64 bytes from a23-198-97-50.deploy.static.akamaitechnologies.com (23.198.97.50): icmp_seq=2 ttl=57 time=21.5 ms
64 bytes from a23-198-97-50.deploy.static.akamaitechnologies.com (23.198.97.50): icmp_seq=3 ttl=57 time=14.7 ms
64 bytes from a23-198-97-50.deploy.static.akamaitechnologies.com (23.198.97.50): icmp_seq=4 ttl=57 time=14.7 ms
64 bytes from a23-198-97-50.deploy.static.akamaitechnologies.com (23.198.97.50): icmp_seq=5 ttl=57 time=15.5 ms

--- e2874.dscx.akamaiedge.net ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4007ms
rtt min/avg/max/mdev = 14.784/17.265/21.575/2.822 ms

which shows your laptop is accessing the home/office network and the internet.

From the home/office network you can only access the gateway device. It is not possible to see the other nodes making up the mesh or devices bridged onto the mesh. If you want to contact those devices then log onto the gateway node, then you can use the gateway device command line to access all the mesh and bridged devices.

When you are connected via the mesh network you may find some services do not work when on the mesh, such as some wireless print services or media services. This is because they rely on network broadcast traffic.

Broadcast traffic from the home/office network does not get sent to the mesh network. If you need this behaviour then you can replace the gateway node with another bridge node to bridge the mesh network to your home/office network. Bridging to your mesh network is not advisable if your home/office network is a busy network, as you may flood the mesh network.

Quick links :

Part 1 - Mesh Networks - Build a Mesh network - Network access

Home - Part 1 - Part 2 - Part 3 - Resources**