Since the first versions of OmVi which introduced stellar support showed a - in my opinion - kind of megalomaniac appraoch to simply put a SSID into the air, I really made my peace with that piece of software now (specially with v4.3.3 & v4.4.1).
Project ongoing, beginning to think you know what you're doing, you find yourself vlan-tagging through a "managed-by-[many*]-network"
... you begin to dream to left all the ugly vlan-tagging-work behind (which is the work of a sissyphus in a "managed-by-[many*]-network").
And your dream come true !!
!!! GTTS !!!
Simply tunnel the traffic over the heap and let many network-managers be many network-managers 8 )
BUT !
... you have to learn fast (again):
- it's effin expensive
- and it's effin expensive
to elitify yourself from your fellow network-managers : |
The vendor-intended switch is a 6860(E?) which is a nice piece of metal ... but we have to admit: not the cheapest one !
And while your sales-manager gives you the thumbs down you begin to brood for freedom and revenge !
And ... young spartacus-gtts-adepts of the galaxy ! ... it's easy done.
#######################################################################
When you lay a merciful eye with your preferred network-sniffer onto the protocol, you learn:
- the vendor is using a standard protocol to realize the l2 tunneling over the heap: "gretap"
... l2-transport-version of cisco GRE-implementation with RFC-blessing
(of course, stellar-ap's running a customized version of OpenWRT, so using a standard protocol
makes sense and keeps the own hardware tidy for the future [ which we all know, nobody knows and we appriciate that *2])
- the vendor is using gre-keys between ap's and it's standard-protocol-using somewhat expensive GTTS-switch
so ... a while later, after I made some investigations (and no Stanford- or MIT-Skills were needed ... ),
I found out the gre-keys used for the communication between the Stellar-AP and a probable remote-device
are an addition from the tunnel-id wich is configured in OmVi and a "Flow-ID" which is taken from the last octect
of the client-mac-address which is connected to the respective SSID (... and therefore tunnel-id)
... when google'ing "switch & gretap" one of the resulting link will point you to -> OVS
#######################################################################
than .. of course ... you have to do the OVS-thing (for me it took three days)
#######################################################################
Code: Select all
Please view in a fixed-width font such as Courier.
AP17
+------------+
+-----------------------------------------------------+ | ---- |
| Debian-VM | | / \ |
| | g2 | | | | SSID-Y OmniV-ID 11 [0xB]
+++ +-------+ +-------+ | +----------------+-+ | |
| | | o----------------o | +++ | | \ / | each 255 flows 0xB00-0xBFF
| | | br11 | 1101 101 | | | | | 192.168.222.17| ---- |
| o--------o | | | | | | | ---- |
| | 20 | | | o---------+-+--------+ | / \ |
| | | | 1102 | | | | +---------+-+ | | SSID-X OmniV-ID 12 [0xC]
| | | o-----+ | | | | | g1 | | | |
+-+ +-------+ | 102 | | | | | | \ / | each 255 flows 0xC00-0xCFF
ens256| | +-----o o---------+-+---------------+ | ---- |
| | | | | | | +------------+
| | | | br0 | 1 | |192.168.100.82
| | | | | | | +------------+
| +----+-----o o---------+-+---------------+ | ---- |
+++ +-------+ | 103 | | | | | | / \ |
| | | o----------+ | | | | | g2 | | | | SSID-Y OmniV-ID 11 [0xB]
| | | br12 | 1201 | | | | +---------+-+ | |
| | 10 | | | o---------+-+--------+ | \ / | each 255 flows 0xB00-0xBFF
| o--------o | | | | | | | ---- |
| | | | 1202 104 | | | | | 192.168.222.16| ---- |
| | | o----------------o | +++ | | / \ |
+-+ +-------+ +-------+ |ens192 +----------------+-+ | | SSID-X OmniV-ID 12 [0xC]
ens224| | g1 | | | |
| | | \ / | each 255 flows 0xC00-0xCFF
+-----------------------------------------------------+ | ---- |
+------------+
AP16
Tunnel-ID=[(OmniV-ID)(LastClient-MAC-Octett)]
Code: Select all
###################################################
apt-get update
apt-get install aptitude
aptitude install bridge-utils
aptitude install ebtables
aptitude install vlan
aptitude install net-tools
aptitude install openvswitch-switch openvswitch-ipsec openvswitch-test
###################################################
ovs-vsctl add-br br0
ovs-vsctl add-br br11
ovs-vsctl add-br br12
ip link set ens224 up
ip link set ens256 up
ip link set br0 up
ip link set br11 up
ip link set br12 up
ovs-vsctl add-port br0 allgretap -- set interface allgretap ofport_request=1 type=gre options:remote_ip=flow options:key=flow options:mtu=1500
ovs-vsctl add-port br0 br0p1 -- set interface br0p1 type=patch options:peer=br11p1 ofport_request=101
ovs-vsctl add-port br0 br0p2 -- set interface br0p2 type=patch options:peer=br12p1 ofport_request=102
ovs-vsctl add-port br0 br0p3 -- set interface br0p3 type=patch options:peer=br11p2 ofport_request=103
ovs-vsctl add-port br0 br0p4 -- set interface br0p4 type=patch options:peer=br12p2 ofport_request=104
ovs-vsctl add-port br11 br11p1 -- set interface br11p1 type=patch options:peer=br0p1 ofport_request=1101
ovs-vsctl add-port br11 br11p2 -- set interface br11p2 type=patch options:peer=br0p3 ofport_request=1102
ovs-vsctl add-port br11 ens256 -- set interface ens256 ofport_request=20
ovs-vsctl add-port br12 br12p1 -- set interface br12p1 type=patch options:peer=br0p2 ofport_request=1201
ovs-vsctl add-port br12 br12p2 -- set interface br12p2 type=patch options:peer=br0p4 ofport_request=1202
ovs-vsctl add-port br12 ens224 -- set interface ens224 ofport_request=10
ovs-ofctl add-flow br0 "priority=100, in_port=101, actions=set_tunnel:3071, set_field:192.168.222.17->tun_dst, output:1"
ovs-ofctl add-flow br0 "priority=100, in_port=102, actions=set_tunnel:3327, set_field:192.168.222.17->tun_dst, output:1"
ovs-ofctl add-flow br0 "priority=100, in_port=103, actions=set_tunnel:3071, set_field:192.168.222.16->tun_dst, output:1"
ovs-ofctl add-flow br0 "priority=100, in_port=104, actions=set_tunnel:3327, set_field:192.168.222.16->tun_dst, output:1"
ovs-ofctl add-flow br0 "priority=101, in_port=1, tun_src=192.168.222.17, tun_id=0x0B00/0xFF00 actions=101"
ovs-ofctl add-flow br0 "priority=101, in_port=1, tun_src=192.168.222.17, tun_id=0x0C00/0xFF00 actions=102"
ovs-ofctl add-flow br0 "priority=101, in_port=1, tun_src=192.168.222.16, tun_id=0x0B00/0xFF00 actions=103"
ovs-ofctl add-flow br0 "priority=101, in_port=1, tun_src=192.168.222.16, tun_id=0x0C00/0xFF00 actions=104"
ovs-ofctl add-flow br0 "priority=10, actions=drop"
ovs-ofctl add-flow br11 "priority=100 in_port=1101, actions=20"
ovs-ofctl add-flow br11 "priority=100 in_port=1102, actions=20"
ovs-ofctl add-flow br11 "priority=100 in_port=20, actions=normal"
ovs-ofctl add-flow br11 "priority=10, actions=drop"
ovs-ofctl add-flow br12 "priority=100 in_port=1201, actions=10"
ovs-ofctl add-flow br12 "priority=100 in_port=1202, actions=10"
ovs-ofctl add-flow br12 "priority=100 in_port=10, actions=normal"
ovs-ofctl add-flow br11 "priority=10, actions=drop"
ip link set ens224 up
ip link set ens256 up
ip link set br0 up
ip link set br11 up
ip link set br12 up
######################
ovs-appctl fdb/show brX
#####################################################################################
#####################################################################################
*(abled and disabled)
*2 I mean: using standard-protocols