[Swan-dev] adding a test domain

Andrew Cagney andrew.cagney at gmail.com
Mon Apr 10 17:56:16 EEST 2023 

On Thu, 4 Aug 2022 at 10:56, Antony Antony <antony at phenome.org> wrote:
>
> For last couple of years I have been using an extended version of the
> FreSWAN diagram and added "duo"  and  "float"
>
> My motivation was more clear hosts, routing FLOAT with dual uplink.
>
> https://libreswan.org/wiki/images/f/f1/Testnet-202102.png
>
> I have nsrun that support sunset,sunrise, Tokyo. I also have pacifica, (in
> memory of Hugh Daniel), behind sunset. And arctic behind the pole. I will
> update the diagram : Pacifica and arctic.

I've updated https://libreswan.org/wiki/Test_Suite#Proposed_Network_Diagram
to add back
sunrise-east-west-sunset

I'm not sure what to do about floating domains, although road seems
strangely hardwired :-)

> Along these lines, I have another proposal. To use mixed KVM + namesapce
> setup. The plain nodes, including the nic, could be namespace instead of
> kvm. I use such setup manually.
>
> If and when we tidy up the network diagrams I propose the following too:
> addresspools should use a separate rage on each host. Such as  east pool
> 192.0.8.0/24 west pool192.0.9.0/24 and special cases you can configure both.

good point

> On Mon, Jul 25, 2022 at 05:02:56PM -0400, Andrew Cagney wrote:
> > I'd like to add a domain to the test framework.  The motivation is to
> > allow end-to-end testing of scenarios where non IPsec domains route
> > their traffic through IPsec gateways.  For instance:
> >
> >    {ROAD,TRAIN} - NORTH = NIC - {EAST,WEST}
> >
> > where NORTH and NIC would be running libreswan, while ROAD, TRAIN,
> > EAST, and WEST would not.
> > Currently this is implemented by injecting packets into the back
> > interface of domains such as NORTH, which isn't quite the same thing.
> >
> > My suggestion is to make two changes:
> > - add a second interface to ROAD so that it can route packets through NORTH
> > - add a new domain TRAIN that is behind NORTH
> > see https://libreswan.org/wiki/Test_Suite#Proposed_Network_Diagram
> >
> > For reference:
> > Here's the original diagram:
> > https://libreswan.org/wiki/Test_Suite#Original_Network_Diagram
> > And here's how things are today:
> > https://libreswan.org/wiki/Test_Suite#Network_Diagram
> > _______________________________________________
> > Swan-dev mailing list
> > Swan-dev at lists.libreswan.org
> > https://lists.libreswan.org/mailman/listinfo/swan-dev
> _______________________________________________
> Swan-dev mailing list
> Swan-dev at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev

More information about the Swan-dev mailing list