HECnet

hecnet@lists.dfupdate.se

6 participants
15552 discussions

UDP tunnelling over SSH - Solution for people dynamic IP addresses?

by sampsa＠mac.com

What I was referring to is the cascading time-out problems you can sometimes get tunnelling one TCP connection over another, e.g. HTTP over a PPP over SSH connection: 3. HTTP (TCP) 2. IP 1. PPP 0. SSH (TCP) Sometimes if a time-out occurs and layers 0 and 3 have different retransmission timers, the retransmissions kill the whole shebang. More details can be found at: http://sites.inka.de/~W1011/devel/tcp-tcp.html Not sure if this will be a problem with NSP over TCP however, but I can imagine it might be (if the NSP retransmission timer is faster than the underlying TCP timers). Sampsa On 13 May 2009, at 15:25, Paul Koning wrote: "Sampsa" == Sampsa Laine <sampsa at mac.com> writes: Sampsa> The main disadvantage I can see is that SSH runs over TCP so Sampsa> any dropped packets might cause more delays than using Sampsa> straight UDP. That isn't actually a disadvantage when you travel all the way to the top of the stack. Yes, the DECnet network layer (just like IP) uses, and provides, a datagram service. But it also uses retransmit internally for stuff that has to get through, and of course the transport layer (NSP) makes a reliable service through timeout and retry. So a tunnel over TCP is just fine. It means you have a lossless network (ignoring congestion in the DECnet nodes). So instead of having delays due to timeout and retransmit in NSP, you have the same delay (or, quite possibly, a shorter delay) due to timeout and retransmit in TCP. The overall application performance should come out essentially the same. paul

15 years, 6 months

UDP tunnelling over SSH - Solution for people dynamic IP addresses?

by Paul_Koning＠dell.com

"Sampsa" == Sampsa Laine <sampsa at mac.com> writes: Sampsa> The main disadvantage I can see is that SSH runs over TCP so Sampsa> any dropped packets might cause more delays than using Sampsa> straight UDP. That isn't actually a disadvantage when you travel all the way to the top of the stack. Yes, the DECnet network layer (just like IP) uses, and provides, a datagram service. But it also uses retransmit internally for stuff that has to get through, and of course the transport layer (NSP) makes a reliable service through timeout and retry. So a tunnel over TCP is just fine. It means you have a lossless network (ignoring congestion in the DECnet nodes). So instead of having delays due to timeout and retransmit in NSP, you have the same delay (or, quite possibly, a shorter delay) due to timeout and retransmit in TCP. The overall application performance should come out essentially the same. paul

15 years, 6 months

UDP tunnelling over SSH - Solution for people dynamic IP addresses?

by sampsa＠mac.com

I agree, reliability could definitely be an issue. Of course the SSH tunnel has the advantage of not really requiring any additional software to be installed or configured. Sampsa On 13 May 2009, at 11:52, Brian Hechinger wrote: On Wed, May 13, 2009 at 11:39:19AM +0100, Sampsa Laine wrote: The main disadvantage I can see is that SSH runs over TCP so any dropped packets might cause more delays than using straight UDP. Having done various SSH tunnels over the years another disadvantage is that they are a complete pain to deal with. Honestly, I would find it considerably easier to setup something like OpenVPN which would solve both the UDP and the dynamic IP problems and give you everything you wanted ssh to do for you except with less pain and suffering attached. Don't get me wrong, ssh tunnels are a FANTASTIC tool, but they've only ever caused me grief when I expected them to be a "permenent" tunneling solution. Just my $0.02 -brian -- "Coding in C is like sending a 3 year old to do groceries. You gotta tell them exactly what you want or you'll end up with a cupboard full of pop tarts and pancake mix." -- IRC User (http://www.bash.org/?841435)

15 years, 6 months

UDP tunnelling over SSH - Solution for people dynamic IP addresses?

by wonko＠4amlunch.net

On Wed, May 13, 2009 at 11:39:19AM +0100, Sampsa Laine wrote: The main disadvantage I can see is that SSH runs over TCP so any dropped packets might cause more delays than using straight UDP. Having done various SSH tunnels over the years another disadvantage is that they are a complete pain to deal with. Honestly, I would find it considerably easier to setup something like OpenVPN which would solve both the UDP and the dynamic IP problems and give you everything you wanted ssh to do for you except with less pain and suffering attached. Don't get me wrong, ssh tunnels are a FANTASTIC tool, but they've only ever caused me grief when I expected them to be a "permenent" tunneling solution. Just my $0.02 -brian -- "Coding in C is like sending a 3 year old to do groceries. You gotta tell them exactly what you want or you'll end up with a cupboard full of pop tarts and pancake mix." -- IRC User (http://www.bash.org/?841435)

15 years, 6 months

UDP tunnelling over SSH - Solution for people dynamic IP addresses?

by sampsa＠mac.com

Came across this whilst looking for some SSH stuff and realized this could be used to either securely transmit HECnet data between two hosts or enable a host with a dynamic IP to run the bridge/MULTINET UDP thing: http://24.97.150.195/nstwiki/index.php/Tunnelling_UDP_Traffic_Through_An_SS… Basically, they use a combination of SSH port forwarding (which is TCP only) and nc to create a secure UDP tunnel between two sites. Setting this up would be trivial on a standard Unix box and if we use public key authentication we don't even need to store passwords anywhere. Also, we would of course benefit from the authentication and cryptographic features that SSH brings to the table. The main disadvantage I can see is that SSH runs over TCP so any dropped packets might cause more delays than using straight UDP. Sampsa

15 years, 6 months

Photos from The Alternate Party

by setala＠gmail.com

Yes, Urho Kekkonen ;) It's a joke from the past. You got some extra letters, pretty close. "Mielest ni teill on s p presidentti." I'm not sure if I want to know more about your fetishes.. ;) --Saku On Thu, May 7, 2009 at 1:53 AM, Tore Sinding Bekkedal <toresbe at ifi.uio.no> wrote: Kekkonen? As in Urho Kekkonen? Am I missing something here? :) Mielest ni teill onn s p presidenttin. (did I get that right?) -Tore :)

15 years, 6 months

Photos from The Alternate Party

by toresbe＠ifi.uio.no

Saku Set l wrote: http://www.facebook.com/album.php?aid=7441&id=1456476365&l=393493bbf6 Didn't even know these links are not permanent.. Kekkonen? As in Urho Kekkonen? Am I missing something here? :) Mielest ni teill onn s p presidenttin. (did I get that right?) -Tore :)

15 years, 6 months

Photos from The Alternate Party

by setala＠gmail.com

http://www.facebook.com/album.php?aid=7441&id=1456476365&l=393493bbf6 Didn't even know these links are not permanent.. On Wed, May 6, 2009 at 5:47 PM, Tore Sinding Bekkedal <toresbe at ifi.uio.no> wrote: Saku Set l wrote: Just wanted to share the photos. I was at The Alternate Party with 20 VaxStations/Microvaxen. Young people were more interested about playing Tetris but some old-timers also had interest for the cluster. http://www.facebook.com/album.php?aid=7441&l=39349&id=1456476365 Catching up on old list mail, and: This public photo link has expired. To see these photos, please ask the owner to generate a new public link. Temporary links don't work very well with mailing lists... -Tore :)

15 years, 6 months

Photos from The Alternate Party

by toresbe＠ifi.uio.no

Saku Set l wrote: Just wanted to share the photos. I was at The Alternate Party with 20 VaxStations/Microvaxen. Young people were more interested about playing Tetris but some old-timers also had interest for the cluster. http://www.facebook.com/album.php?aid=7441&l=39349&id=1456476365 Catching up on old list mail, and: This public photo link has expired. To see these photos, please ask the owner to generate a new public link. Temporary links don't work very well with mailing lists... -Tore :)

15 years, 6 months

Zaphod, new IP Address

by bob＠jfcl.com

But maybe Chrissie just isn't running the bridge? Yes, she's also running Multinet, which is working after I changed the IP. Bob

15 years, 7 months

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

HECnet