network-controller

A network controller implementation over websockets. This is the client/server implementation of a layer-2 software switch able to route packets over websockets connections. The network-controller is built on top of Linux's tun/tap device. At the same time, the grpc interface is added as the control layer.

• network-controller
  • Build and Install
  • Adm tool
  • Pre-work
    • Generate tls certificate
    • Get token
  • Configuration & Run
    • Download
    • Network forwarding
  • network-controller-explain doc

Build and Install

build doc

Adm tool

ncadm, a commond-line tool to control node join to litekube network-controller

Pre-work

Generate tls certificate

certs generation script

cd ./build
# tls certificate dir
# network: ./certs/init/test1    grpc: ./certs/init/test2
# $ip(demo:101.43.253.110) is the host public ip or addressable private ip
sh gen_certs.sh $ip

# modify ./cmd/network-controller/server.yml
networkCertDir: /root/go_project/network-controller/certs/init/test1/
grpcCertDir: /root/go_project/network-controller/certs/init/test2/

Get token

# ./cmd/ncadm compile ncadm
$ go build -o ncadm .

# generate no-expire bootstrap-token
$ ./ncadm create-bootstrap-token --life=-1

------------------------------------------------
network-controller:
    token: [email protected]:6439
    ExpireMsg: no expire
------------------------------------------------

# get node-token & network+grpc clients certs
# --network-certs-dir/--grpc-certs-dir is the directory where client certs store
$ ./ncadm get-token --bootstrap-token=2283a030cbd54b90 --network-certs-dir=/root/go_project/network-controller/certs/init/gen/network --grpc-certs-dir=/root/go_project/network-controller/certs/init/gen/grpc

------------------------------------------------
network-controller:
    BootstrapToken: 2283a030cbd54b90
    NodeToken: 5f5e4ced3bd44ca1
    NetworkServerIp: 101.43.253.110
    NetworkServerPort: 6441
    GrpcServerIp: 10.1.1.1
    GrpcServerPort: 6440
    NetworkCertsDir: /root/go_project/network-controller/certs/init/gen/network
    GrpcCertsDir: /root/go_project/network-controller/certs/init/gen/grpc
------------------------------------------------

# modify ./cmd/network-controller/client.yml
networkCertDir: /root/go_project/network-controller/certs/init/gen/network/
token: 5f5e4ced3bd44ca1

Configuration & Run

There are two config files to distinguish between client and server.

To start server/client, execute the following command:

cd ./cmd/network-controller
# server
network-controller --config server.yml
# client
network-controller --config client.yml

Download

release

Network forwarding

On the server the IP forwarding is needed. First we need to be sure that IP forwarding is enabled. Very often this is disabled by default. This is done by running the following command line as root：

sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -j MASQUERADE

So, lets look at the iptables rules required for this to work.

# Allow TUN interface connections to network server
iptables -A INPUT -i tun0 -j ACCEPT

# Allow TUN interface connections to be forwarded through other interfaces
iptables -A FORWARD -i tun0 -j ACCEPT

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

network-controller-explain doc

if you want to know more about this project, please look at :

• Network-controller Network Part Explaination doc
• API Reference doc
• PRD & System Design doc
• Usage Demo & doc