[Server-devel] [Sugar-news] Network configuration (was Re: Sugar DIgest 2009-04-09)

Alexander Dupuy alex.dupuy at mac.com
Thu Apr 16 15:40:15 EDT 2009 

Hi Walter and Wade,

It's been a while since you wrote these, but I had wanted to reply and 
just now got around to it.

> On Thu, Apr 9, 2009 at 4:49 PM, Walter Bender <walter.bender at gmail.com> wrote:
>   
>> ===Sugar Digest ===
>> I was able
>> to get the network working but the process is tedious—I don't think we
>> can expect teachers and youn children to use ifconfig, route, etc.
>> from the shell. I also had to boot each machine in Windows, get the IP
>> address, netmask, gateway, and DNS, but this is something that needs
>> only to be done once per machine. Configuring the network on Sugar on
>> a Stick has to happen every time, presuming the children will be
>> jumping from machine to machine. A control panel widget for setting up
>> a static IP address is a first step, but I wonder if there is an
>> easier way.
>>     
>
>   
Wade Brainerd replied:
> In the long term, what about enabling freedesktop.org standard panel
> applets to appear in the frame, and then just using nm-panel for
> network configuration?
>
> The access points could then be removed from the Neighborhood view.
>   

Something else that you might want to consider would be using link-local 
addresses (Zeroconf) for most of the Sugar machines, and having one or a 
few Sugar systems manually configured to provide a NAT routing service 
("IP proxy") with a caching DNS relay, that would allow the 
link-local-addressed systems to communicate with the internet and other 
(non-link-local) machines on the network.  This way you would only need 
to manually configure a handful of machines (or even just the teacher's) 
rather than the entire classroom.  While not as efficient or desirable 
as a proper DHCP configuration, it does provide a mechanism that allows 
you to bootstrap up on the network with only a minimal amount of 
configuration, and without any possibility of conflicts with existing 
networking setups that you would get by trying to bring up a new DHCP 
server.

While I'm not 100% sure of this, I believe that some (or maybe even 
all?) of this already exists (or existed) on the OLPC distributions - I 
think that the mesh networking uses link-local addresses (at least in 
some cases) and I remember reading that XO systems with a second network 
interface would act as Internet gateways for the machines that only had 
mesh connections.  I don't know whether this functionality is still 
present or working (it might have been removed or just suffered from bit 
rot due to Fedora version changes) but it would certainly be something 
that could be used as a starting point for implementing this for Sugar 
on a stick.

Link-local addresses are trivially easy to configure for IPv6 (you 
actually have to go to some effort to *not* use them), and Fedora 
supports link-local 169.254.*.* addresses for IPv4 as well.  Sugar would 
have to provide a configuration mechanism (this could be tied to the 
configuration of a static IP address) that would set up the "IP proxy" 
NAT routing service for other machines using link-local addresses (the 
NAT conversion would map link-local endpoints to unused UDP/TCP ports on 
the routing system) - while I have never done such a thing, it should 
certainly be possible, and perhaps someone on the networking list has 
done this already for non-link-local networking configurations, and 
could provide more details on the necessary configuration.

Once you had support for the "IP proxy" enabled, you would need to 
advertise that service via multicast DNS, and add something to the 
default Sugar configuration that (if a link-local address was the only 
IP address available) would attempt to do a lookup for available "IP 
proxies" and choose one for installation as a default gateway router 
(and DNS resolver).  Fedora already includes the Avahi tools that you 
would use for this - it would pretty much be a matter of configuration 
and adding a script or two that manages this during networking startup.  
If this is tested out and found to be useful, you could probably even 
get Fedora upstream to pick up the relevant changes to the networking 
startup scripts (as long as the scripts do not fail if link-local 
addresses are unavailable and/or the Avahi tools are not installed).

It probably would be best to implement this as an IPv4-only service 
initially, then look at the possibility of adding an IPv6/IPv6 service, 
eventually looking at IPv6/IPv4 tunneling and/or proxy options as well.

Finally, the "IP proxy" NAT service would be something that it would 
make sense to add to the "school server" distributions as and when this 
is adopted by Sugar systems.

@alex
-- 
mailto:alex.dupuy at mac.com

More information about the Server-devel mailing list