Hello, World!
I need to build an "add-on" for VPN's. Please let me explain the context
and you too will feel it very clear.
The goal is to provide support for ARP, IP-broadcast, IPX, etc... over a
VPN. I don't worry about the way the tranport is done and securized, I
just have to build a program (both client/server) that capture the target
packets and send them to his peers on the other on the VPN. The packets
are then released on the right interface.
I solved all my technical/programming problems, now just remain some
conceptual leaks. I have full freedom of choice for encapsulation. I just
have to ensure that packets sniffed in a certain order (don't necessarily
arrive in this order but) are released in this precise order.
Several solutions are possible:
1) use a TCP stream and find a (personnal) way to delimitate and identify
incoming messages. This solution has a "scaling" problem. Large VPN will
require many TCP connections
2) use UDP and provide the possibility to re-order and identify the
messages. As a drawback, I mention that large VPN may cause significant
packet losses. (But only one listening socket seems enough)
3) use something else, my toughts go to GRE.
GRE has in its headers all the informations I need, but I don't have any
certified information about the GRE RELIABILITY:
-> A GRE-header doesn't have any ACK/NACK field, I suppose it's
unreliable. Is it True?
-> A GRE-header may contains a sequence number, but do I have to handle
the re-ordering by myself?
-> A GRE-header contains no port numbers. Arghhh! that's not fine if GRE
packets arrive from a common internet socket.
My preferred solution would be to use TCP and add two 16bit informations
fields (one for the protocol encapsulated, and one for the length of the
encapsulated packet), just because the re-ordering seems to be hard to
perform and because it seems to be more generic. Performance and
Scalability will be a future concern...
Please, what do you think about?
Jean-Francois Smigielski
|
Similar Threads
Linear Mode
