Anyone using uvlan out there?
netwiz at crc.id.au
Fri Sep 14 02:33:03 UTC 2007
Quoting Matt Palmer <mpalmer at hezmatt.org>:
> On Fri, Sep 14, 2007 at 07:35:26AM +1000, Steven Haigh wrote:
>> From the web site:
>> uvlan is a User-space Virtual Local Area Network. In other words,
>> uvlan peers act as nodes on a network switch. Routing ethernet
>> traffic between peers inteligently. Thus allowing for multiple
>> networks to share resources and even IP address space. Some may call
>> it a VPN (Virtual Private Network) application, but it's much more
>> powerful. Differences with traditional VPN technology:
> It's a VPN. None of these supposed "differences" are different from the
> fundamental characteristics of a VPN:
>> 1. It is peer-to-peer
Yeah - I don't quite agree with this in the traditional P2P sense,
however I think they mean that they can connect multiple sites and
have data transit between them. I'll cut them a break here because
it's hard to describe how it works in so few words :)
>> 2. It doesn't require licensing
> Plenty of VPN products out there are FOSS;
Yeah - I wasn't too sure about this either. I haven't seen any VPN
software that requires licensing in years. I didn't know anyone still
>> 3. It is much simpler
> Simpler than what?
>> 4. It operates at Layer-2 (Ethernet), VPNs generally operate at
>> Layer-3 (IP)
> Generally, perhaps, but it's not a requirement of the term "VPN" that it be
> an L3 transition.
>> Layer-2 applications like gaming can't be supported with
>> Layer-3 tunneling.
> Plenty of games can successfully use IP.
I was thinking more the case of joining lans. Obviously its not a
solution for all causes, as anything with more than 5-10 nodes per
site and more than 2-3 sites would get pretty ugly. I think a nice
thing would be for things that can ONLY use a local LAN due to either
software or developer restrictions.
>> From my understanding, this software is pretty much acting like a
>> bridge, but with endpoints over a routed IP network.
>> Has anyone actually used this? Thoughts? Criticisms?
> I haven't used this particular software, but I've used OpenVPN (software of
> the Gods, by gum) in it's L2 mode, and it's OK as long as you observe all of
> the usual restrictions on LAN-like traffic over a low-bandwidth,
> high-latency link. Most things that need to use Ethernet assume all sorts
> of things that just don't hold over the Internet, and it causes some painful
> hassles. But, engineered properly, in the correct circumstances, it can be
> handy to bridge two or more segments over a routed network.
I've used a lot of VPN stuff in the past, but I've usually always
ended up doing it on a router, then had to NAT over it and all sorts
of nasty stuff. I think this is a nicer solution if it could be
implemented right :)
> A criticism of uvlan in particular is that I wouldn't trust my network
> security to people who sound so clueless. Their derision of VPNs, as you
> quoted above, shows either a lack of sense or a blind hatred, using libpcap
> in this situation gave me some chuckles, and their "What algorithms are
> used?" page scares me a little. I'll stick with OpenVPN, myself.
I think it's come about of a case of wanting to do stuff that won't
work properly over a routed network (xbox games etc) - however could
be nicer for a lot more things.
>> Phone: (03) 90001 6090 - 0412 935 897
> Gee you Melbournians are advanced... you've already gone to 11 digit phone
> numbers... <grin>
Damn typos. I've just changed numbers, I must have typo'ed it when
updating the sig on my desktop. At least it's right in other places ;)
Email: netwiz at crc.id.au
Phone: (03) 9001 6090 - 0412 935 897
More information about the NANOG