Objectives to Achieve

  • Scalability

  • Network segmentation

  • Layer 2 roaming inside certain areas

  • Smart gateway selection with redundancy and possibility of user-choice

  • Compatibility of most of the existing scenarios

  • A single firmware for all the network (for ground level, for backbone, for companies, for quick deployments, etc.)

The Basics

The network architecture designed for LibreMesh is based in two layers:

Cloud layer 2

The cloud layer 2 uses the dynamic routing protocol BATMAN-ADV

batmanadv

B.A.T.M.A.N. advanced is a mesh routing protocol which runs in kernel space. Even if the network topology is made by multiple nodes and multiple hops, abstracts it to a single layer 2 collision domain. So from the user perspective the entire mesh will look like a single LAN. This architecture is very interesting for roaming purposes, thus TCP and UDP connections are not lost even when moving and changing AP.

Network layer 3

The whole network layer 3 uses by default the routing protocol BMX

bmx7

BMX6 (or the new version BMX7) is a IPv6 native dynamic routing protocol which offers very advanced features and a small network overhead (thanks to the distance-vector strategy and a set of optimizations). Version 7 has, in addition, security routing extensions.

Mixing layers

By default, all nodes are running both routing protocols (BMX and BAT-ADV), but on different VLAN.[1]. So the routing is isolated by the MAC layer.

The BMX VLAN is always the same, so all link-layer connected nodes will see each other.

The BATADV VLAN depends on the cloud identifier which is calculated (by default) using the AP SSID.

So the BMX network will be a single one for all the mesh but the BAT-ADV network might be splitted in several clouds.

network1

This configuration allows to isolate the layer 2 clouds. For instance a neighborhood, a company complex or a street level hotsposts network can choose to isolate their LAN from the rest of the network. However at the same time, they will be able to reach the rest of nodes using the layer 3 routed network.

Roaming will be available inside the cloud, so any TCP session, a video streaming or even a SIP call can be done while moving around. In the other hand, thanks to the layer 3 segmentation, the common problems found in a layer 2 bridged network (such as Broadcast storms or DHCP nightmares) will not disturb the correct operation of the network.

And everything automatic, auto-magic and transparent for the end user.

network2

The Details

The WiFi Access Points of the same cloud share some parameters:

  • SSID, the WiFi AP identification name

  • A special anycast.[2] IPv4 and IPv6 addresses

  • A special anycast MAC address

  • DHCP/RA server to provide valid IPs from the cloud to the clients.

So a client attach to an AP can move around the mesh without the need to renew their IP configuration. Even the MAC layer will be the same under their point of view.

network3

The DHCP leases file is shared among the cloud to prevent collisions using A.L.F.R.E.D.

As long as all nodes share the same anycast MAC/IP, from the client point of view it is fully transparent. Thus the gateway is always the same nonetheless the mesh node where they are attached to is different.

network4

When a client wants to go out from the LAN (cloud) to reach the Internet or any other network. It will send the packets to the special anycast gateway address. So the node where the client is physically attached will take care of it.

An ebtables.[3] rule in the LAN/AP bridge prevents the layer 2 packets propagation in the cloud sent to the anycast address. So the mesh node where the client is associated gets the packet but not the others.

network5

The packet is routed through the BMX layer 3 network to the best Internet gateway. It may be a node from the same cloud or any other from another cloud far away.

BMX has a powerful smart gateway functionality which automatically selects the best Internet gateway node taking into account the available bandwidth.

network6

In the way back the packet will arrive to some node in the cloud but it might not be the same node. Nevertheless the packet will be correctly delivered to the originator. This is because BMX smart gateway uses 1-way tunnels to ensure the selected gateway is used.


1. Virtual isolated LAN, for instance wlan0.13
2. IP shared by multiple devices in the network
3. something like iptables but for network layer 2