Anyone using uvlan out there?

Matt Palmer mpalmer at hezmatt.org
Thu Sep 13 22:18:04 UTC 2007


On Fri, Sep 14, 2007 at 07:35:26AM +1000, Steven Haigh wrote:
> From the web site:
> uvlan is a User-space Virtual Local Area Network. In other words,  
> uvlan peers act as nodes on a network switch. Routing ethernet  
> traffic between peers inteligently. Thus allowing for multiple  
> networks to share resources and even IP address space. Some may call  
> it a VPN (Virtual Private Network) application, but it's much more  
> powerful. Differences with traditional VPN technology:

It's a VPN.  None of these supposed "differences" are different from the
fundamental characteristics of a VPN:

>    1. It is peer-to-peer

invoke_buzzword_of_the_month();

>    2. It doesn't require licensing

Plenty of VPN products out there are FOSS;

>    3. It is much simpler

Simpler than what?

>    4. It operates at Layer-2 (Ethernet), VPNs generally operate at  
> Layer-3 (IP)

Generally, perhaps, but it's not a requirement of the term "VPN" that it be
an L3 transition.

>       Layer-2 applications like gaming can't be supported with  
> Layer-3 tunneling.

Plenty of games can successfully use IP.

> From my understanding, this software is pretty much acting like a  
> bridge, but with endpoints over a routed IP network.
> 
> Has anyone actually used this? Thoughts? Criticisms?

I haven't used this particular software, but I've used OpenVPN (software of
the Gods, by gum) in it's L2 mode, and it's OK as long as you observe all of
the usual restrictions on LAN-like traffic over a low-bandwidth,
high-latency link.  Most things that need to use Ethernet assume all sorts
of things that just don't hold over the Internet, and it causes some painful
hassles.  But, engineered properly, in the correct circumstances, it can be
handy to bridge two or more segments over a routed network.

A criticism of uvlan in particular is that I wouldn't trust my network
security to people who sound so clueless.  Their derision of VPNs, as you
quoted above, shows either a lack of sense or a blind hatred, using libpcap
in this situation gave me some chuckles, and their "What algorithms are
used?" page scares me a little.  I'll stick with OpenVPN, myself.

> Phone: (03) 90001 6090 - 0412 935 897

Gee you Melbournians are advanced... you've already gone to 11 digit phone
numbers...  <grin>

- Matt



More information about the NANOG mailing list