North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Anyone using uvlan out there?

  • From: Steven Haigh
  • Date: Thu Sep 13 22:37:35 2007

Quoting Matt Palmer <[email protected]>:
On Fri, Sep 14, 2007 at 07:35:26AM +1000, Steven Haigh wrote: 
From the web site:
uvlan is a User-space Virtual Local Area Network. In other words,
uvlan peers act as nodes on a network switch. Routing ethernet
traffic between peers inteligently. Thus allowing for multiple
networks to share resources and even IP address space. Some may call
it a VPN (Virtual Private Network) application, but it's much more
powerful. Differences with traditional VPN technology:


It's a VPN.  None of these supposed "differences" are different from the
fundamental characteristics of a VPN:

1. It is peer-to-peer

invoke_buzzword_of_the_month();

Yeah - I don't quite agree with this in the traditional P2P sense, however I think they mean that they can connect multiple sites and have data transit between them. I'll cut them a break here because it's hard to describe how it works in so few words :)

2. It doesn't require licensing

Plenty of VPN products out there are FOSS;

Yeah - I wasn't too sure about this either. I haven't seen any VPN software that requires licensing in years. I didn't know anyone still required this?

3. It is much simpler

Simpler than what?

Routing?

   4. It operates at Layer-2 (Ethernet), VPNs generally operate at
Layer-3 (IP)


Generally, perhaps, but it's not a requirement of the term "VPN" that it be
an L3 transition.

      Layer-2 applications like gaming can't be supported with
Layer-3 tunneling.

Plenty of games can successfully use IP.

I was thinking more the case of joining lans. Obviously its not a solution for all causes, as anything with more than 5-10 nodes per site and more than 2-3 sites would get pretty ugly. I think a nice thing would be for things that can ONLY use a local LAN due to either software or developer restrictions.

From my understanding, this software is pretty much acting like a
bridge, but with endpoints over a routed IP network.

Has anyone actually used this? Thoughts? Criticisms? 

I haven't used this particular software, but I've used OpenVPN (software of
the Gods, by gum) in it's L2 mode, and it's OK as long as you observe all of
the usual restrictions on LAN-like traffic over a low-bandwidth,
high-latency link.  Most things that need to use Ethernet assume all sorts
of things that just don't hold over the Internet, and it causes some painful
hassles.  But, engineered properly, in the correct circumstances, it can be
handy to bridge two or more segments over a routed network.

I've used a lot of VPN stuff in the past, but I've usually always ended up doing it on a router, then had to NAT over it and all sorts of nasty stuff. I think this is a nicer solution if it could be implemented right :)

A criticism of uvlan in particular is that I wouldn't trust my network
security to people who sound so clueless.  Their derision of VPNs, as you
quoted above, shows either a lack of sense or a blind hatred, using libpcap
in this situation gave me some chuckles, and their "What algorithms are
used?" page scares me a little.  I'll stick with OpenVPN, myself.

I think it's come about of a case of wanting to do stuff that won't work properly over a routed network (xbox games etc) - however could be nicer for a lot more things.

Phone: (03) 90001 6090 - 0412 935 897 

Gee you Melbournians are advanced... you've already gone to 11 digit phone
numbers...  <grin>

Damn typos. I've just changed numbers, I must have typo'ed it when updating the sig on my desktop. At least it's right in other places ;)

--
Steven Haigh

Email: [email protected]
Web: http://www.crc.id.au
Phone: (03) 9001 6090 - 0412 935 897