Giter Site home page Giter Site logo

i2pd-testnet-kubernetes's Introduction

I2PD Test Network in Kubernetes

Traffic

This is a prototype deployment of an I2P test network using i2pd on k3s. To properly reseed the routers, calico with static IPs is used as CNI.

Prerequisites

  1. GNU/Linux system for our k3s cluster
  • 4 Cores and 8 GB RAM or more are recommended (depending on how many routers you want to deploy)
  • system needs internet connectivity for the initial setup and for Kubernetes to pull the i2pd container images
  • I do not recommend to expose this node directly to the internet!
  • For further information see the k3s requirements: https://docs.k3s.io/installation/requirements
  1. Command Line tools

Setup K3S

Single-node K3S Cluster with Calico

For an up-to-date version check the calico docs: https://docs.tigera.io/calico/latest/getting-started/kubernetes/k3s/quickstart

# k3s install without default flannel
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" INSTALL_K3S_EXEC="--flannel-backend=none --cluster-cidr=10.4.0.0/16 --disable-network-policy --disable=traefik" sh -

# get kube config for kubectl
mkdir ~/.kube
sudo k3s kubectl config view --raw | tee ~/.kube/config
chmod 600 ~/.kube/config
export KUBECONFIG=~/.kube/config
echo "export KUBECONFIG=~/.kube/config" >> .bashrc

# show k3s nodes
# you should see one k3s node with the status "READY"
kubectl get nodes -o wide 

# install calico
#
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/tigera-operator.yaml
kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/custom-resources.yaml

# wait until all pods are ready
watch kubectl get pods --all-namespaces

Configure Calico IP pool

To assign static IPs to our routers we need to create a calico IPPool. In this case we use a nodeSelector that matches nothing per default and we have to manually assign the IPs using a podAnnotation. (see setup.sh)

Config:

# test-pool.yaml
apiVersion: projectcalico.org/v3
kind: IPPool
metadata:
  name: test-pool
spec:
  cidr: 10.8.0.0/16
  natOutgoing: true
  disabled: false
  nodeSelector: "!all()"

Apply the config:

# apply new pool
calicoctl apply -f test-pool.yaml

# get pools
calicoctl get ippools

Setup Test Network

The setup consists of three steps.

  • At first we deploy our i2pd routers without reesed information via helm install. During the install we have to set a podAnnotation for calico to assign a static IP address to the i2pd pods.
  • Once all pods have been started and are ready, we can copy the newly generated router.info files from each of the pods, zip them and save them as seed.zip in the local directory.
  • After the zipfile has been generated we need to kill all containers and upgrade the deployment via helm upgrade. The seed.zip is automatically mounted via a configmap to all pods.

See setup.sh

Usage

cd helm/i2pd-chart
./setup.sh

FAQ

Where is the i2pd.conf?

i2pd.conf is inside the helm values.

...
config: |
    log = stdout
    loglevel = debug
    ...

See the helm values.yaml here

What container image is used?

The relative image name is configured inside the helm values. K3s uses dockerhub per default for relative image names.

...
image:
  repository: purplei2p/i2pd
  pullPolicy: IfNotPresent
  # Overrides the image tag whose default is the chart appVersion.
  tag: latest
...

See the helm values.yaml here

How can I capture I2P-Traffic?

You can do a simple tcpdump on the k3s node.

k3s-node$ sudo tcpdump -nnni any net "10.8.0.0/16" -w traffic.pcap

How can I change the network latency / packet loss between the i2pd routers?

You can change the network latency and packet loss in the values.yaml. The tc command is run in every pod before the i2pd container is started.

trafficControl:
  enabled: true
  image:
    # see https://github.com/h-phil/alpine-iproute2
    repository: hphil/alpine-iproute2
    tag: latest
  init: |
    #!/bin/sh
    set -ex
    # delay of 40+-20ms (normal distribution) per pod
    # 0.1% loss with higher successive probablity (packet burst lossess)
    tc qdisc add dev eth0 root netem delay 40ms 20ms distribution normal loss 0.1% 25%

You can disable this if you set enabled to false.

Other links/resources

Some other test networks that use a similar concept but didn't work for me:

i2pd-testnet-kubernetes's People

Contributors

diva-exchange avatar

Stargazers

avatar

Watchers

avatar avatar

Forkers

diva-exchange

i2pd-testnet-kubernetes's Issues

java config suggestions

Thanks a lot for this, I saw the tweet from Diva.

All my testnet testing has been on LXC, and it's been a while, but I dug up a router.config file, pulled out the important parts, and annotated it for you. Some of these you may not be setting or may not know about. The first one is the most important. If you have any questions, find us on IRC.

# this disables the private IP range checks and a whole
# bunch of other stuff to make testnet work better
# recommended even if you're using public IPs
i2np.allowLocal=true
# adjust as necessary
i2np.bandwidth.inboundBurstKBytes=1953105
i2np.bandwidth.inboundBurstKBytesPerSecond=97655
i2np.bandwidth.inboundKBytesPerSecond=97605
i2np.bandwidth.outboundBurstKBytes=1953105
i2np.bandwidth.outboundBurstKBytesPerSecond=97655
i2np.bandwidth.outboundKBytesPerSecond=97605
# you can set some routers to true to test firewalled
i2np.ipv4.firewalled=false
i2np.ipv6.firewalled=false
i2np.lastIPv6Firewalled=false
i2np.upnp.enable=false
# allow everything readable by everybody
i2p.insecureFiles=true
# just point it to nowhere
i2p.reseedURL=https://localhost:3333/foo
# disable IP blocking
router.blocklist.enable=false
# set some to true and some to false so you have floodfills right away
router.floodfillParticipant=false
# prevent leakage to real network
router.networkID=99
router.newsRefreshFrequency=0
# prevent RI rekey after a long downtime
router.rebuildKeys=false
# accept tunnels right away
router.rejectStartupTime=20000
router.reseedDisable=true
router.sharePercentage=80
router.sybilFrequency=0
routerconsole.advanced=true
routerconsole.welcomeWizardComplete=true
stat.full=true
# NTP
time.disabled=true
time.sntpServerList=localhost

i2pd: Support for Private Ranges

The current setup with i2pd restricts users to using only a "fake" public range network (ex. 123.8.0.0/16).
There should be a way to use private ranges (rfc1918) instead.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.