[Server-devel] [Sugar-news] Network configuration (was Re: Sugar DIgest 2009-04-09)
Alexander Dupuy
alex.dupuy at mac.com
Thu Apr 16 15:40:15 EDT 2009
Hi Walter and Wade,
It's been a while since you wrote these, but I had wanted to reply and
just now got around to it.
> On Thu, Apr 9, 2009 at 4:49 PM, Walter Bender <walter.bender at gmail.com> wrote:
>
>> ===Sugar Digest ===
>> I was able
>> to get the network working but the process is tedious—I don't think we
>> can expect teachers and youn children to use ifconfig, route, etc.
>> from the shell. I also had to boot each machine in Windows, get the IP
>> address, netmask, gateway, and DNS, but this is something that needs
>> only to be done once per machine. Configuring the network on Sugar on
>> a Stick has to happen every time, presuming the children will be
>> jumping from machine to machine. A control panel widget for setting up
>> a static IP address is a first step, but I wonder if there is an
>> easier way.
>>
>
>
Wade Brainerd replied:
> In the long term, what about enabling freedesktop.org standard panel
> applets to appear in the frame, and then just using nm-panel for
> network configuration?
>
> The access points could then be removed from the Neighborhood view.
>
Something else that you might want to consider would be using link-local
addresses (Zeroconf) for most of the Sugar machines, and having one or a
few Sugar systems manually configured to provide a NAT routing service
("IP proxy") with a caching DNS relay, that would allow the
link-local-addressed systems to communicate with the internet and other
(non-link-local) machines on the network. This way you would only need
to manually configure a handful of machines (or even just the teacher's)
rather than the entire classroom. While not as efficient or desirable
as a proper DHCP configuration, it does provide a mechanism that allows
you to bootstrap up on the network with only a minimal amount of
configuration, and without any possibility of conflicts with existing
networking setups that you would get by trying to bring up a new DHCP
server.
While I'm not 100% sure of this, I believe that some (or maybe even
all?) of this already exists (or existed) on the OLPC distributions - I
think that the mesh networking uses link-local addresses (at least in
some cases) and I remember reading that XO systems with a second network
interface would act as Internet gateways for the machines that only had
mesh connections. I don't know whether this functionality is still
present or working (it might have been removed or just suffered from bit
rot due to Fedora version changes) but it would certainly be something
that could be used as a starting point for implementing this for Sugar
on a stick.
Link-local addresses are trivially easy to configure for IPv6 (you
actually have to go to some effort to *not* use them), and Fedora
supports link-local 169.254.*.* addresses for IPv4 as well. Sugar would
have to provide a configuration mechanism (this could be tied to the
configuration of a static IP address) that would set up the "IP proxy"
NAT routing service for other machines using link-local addresses (the
NAT conversion would map link-local endpoints to unused UDP/TCP ports on
the routing system) - while I have never done such a thing, it should
certainly be possible, and perhaps someone on the networking list has
done this already for non-link-local networking configurations, and
could provide more details on the necessary configuration.
Once you had support for the "IP proxy" enabled, you would need to
advertise that service via multicast DNS, and add something to the
default Sugar configuration that (if a link-local address was the only
IP address available) would attempt to do a lookup for available "IP
proxies" and choose one for installation as a default gateway router
(and DNS resolver). Fedora already includes the Avahi tools that you
would use for this - it would pretty much be a matter of configuration
and adding a script or two that manages this during networking startup.
If this is tested out and found to be useful, you could probably even
get Fedora upstream to pick up the relevant changes to the networking
startup scripts (as long as the scripts do not fail if link-local
addresses are unavailable and/or the Avahi tools are not installed).
It probably would be best to implement this as an IPv4-only service
initially, then look at the possibility of adding an IPv6/IPv6 service,
eventually looking at IPv6/IPv4 tunneling and/or proxy options as well.
Finally, the "IP proxy" NAT service would be something that it would
make sense to add to the "school server" distributions as and when this
is adopted by Sugar systems.
@alex
--
mailto:alex.dupuy at mac.com
More information about the Server-devel
mailing list