ne00n / route-bender-4000 Goto Github PK

Who needs BGP when you got Route Bender 4000
JUST BEND YOUR WAY DoWN YOUr DESTINY

Addon for: https://github.com/Ne00n/pipe-builder-3000/
https://github.com/Ne00n/wg-mesh

Why
Getting lower latency while gaming online

Setup
Wireguard as transport network + entry point

Features

• Automatic Latency optimization
  Just game seriously
• Cutting Edge Latency detection
  In case a IP does not like to ping, it will MTR it, ask plugins and plus some other stuff
• Cutting Edge rebending on idle connections
  If a connection is idle, it will be rebended after x hours to offer the lowest latency
• Rebending Protection on active connections
  If a connection cannot be optimized currently, it will be ignored until idle
• Packetloss bending protection
  Won't bend if Packetloss is detected over a specific route
• Pray & Disconnect if exit dies
  If any exit dies, all routes will be removed once detected
• Automatic housekeeping If a optimized connection has not been used for a bit, it will be removed

For Debian/Ubuntu.

apt-get install -y pmacct git libsystemd-dev python3 python3-pip && pip3 install pyasn systemd-python netaddr pyasn
git clone https://github.com/Ne00n/route-bender-4000.git
cd route-bender-4000
#Optional, Download the current asn database file
rm asn.dat && pyasn_util_download.py --latestv4 && pyasn_util_convert.py --single rib.202* asn.dat
#Create a new routing table
echo '333 BENDER' >> /etc/iproute2/rt_tables
#Move config files
cp config/pmacctd.conf /etc/pmacct/
cp config/nodes.example.json config/nodes.json
cp config/config.example.json config/config.json
#Enable NAT for vxlan and the default interface
ip6tables -t nat -A POSTROUTING -o vxlan1v6 -j MASQUERADE
iptables -t nat -A POSTROUTING -o vxlan1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o $(ip route show default | awk '/default/ {{print $5}}' | tail -1) -j MASQUERADE
ip6tables -t nat -A POSTROUTING -o $(ip -6 route show default | awk '/default/ {{print $5}}' | tail -1) -j MASQUERADE

You can configure config/config.json based on your needs but you don't have to.
However, you have to edit config/nodes.json to add the Nodes you wish to be used for optimization.

For example, a Node has the IP 10.0.1.1, which for the VXLAN would be 10.0.251.1, for source based routing its 10.0.252.1
So for this node you add 10.0.252.1 to nodes.json.

Make sure your wg-mesh/pipe-builder network is running and you can reach the Nodes before you continue.

You can either run the route-bender manually, which I guess you don't wanna do but you still could, as mentioned in Usage.
Or you can run it either as a deamon or via pmacctd.

Basically pmacctd starts the route-bender.
The better option is, to just run it as a service / deamon with systemd.

pmacctd
If you wanna run route-bender with pmacctd just leave it as is, by default pmacctd starts route-bender.
You just have to enable pmacctd.

systemctl enable pmacctd && systemct start pmacctd

The default interface pmacctd listens on is called server, make sure to use that, you can edit it though.

deamon
If you wanna use route-bender as a service / deamon, you have to edit the pmacctd config file.
You have to remove the last line.

print_trigger_exec[print]: /root/route-bender-4000/bender.py

And restart pmacctd.

systemct restart pmacctd

Copy the systemd service file and start the service.

cp config/bender.service /etc/systemd/system/
systemctl enable bender
systemctl start bender

Connecting
In my use case, I game on a Windows machine and connect via wireguard to my Raspberry PI.
So I can toggle the optimization on and off.

You can run the route-bender locally or on a VPS and connect to it.
The route-bender does NOT run on Windows, you need a linux machine in-between.

By running the route-bender local, you selectively only optimize traffic where it makes sense, aka reducing latency.
Otherwise you may end up, increasing your latency in general by forcing all traffic via that VPN.

Every ms counts.

When you setup the wireguard connection on your server, make sure the interface is called "server".
So its picked up by pmacctd.

Usage

python3 bender.py
python3 bender.py deamon
python3 bender.py debug 1.1.1.1
python3 bender.py optimize 1.1.1.1 53
python3 bender.py level debug / info (default) / warning
python3 bender.py show
python3 bender.py clear

pmacct will execute bender.py every 60s, but you can still do it manually

Reset everything

systemctl stop pmacctd
rm data/history.json && rm data/loadBalancing.json
python3 bender.py clear
systemctl start pmacctd

Update asn data

pyasn_util_download.py --latestv46 && pyasn_util_convert.py --single rib.202* asn.dat
#or IPv4 only
pyasn_util_download.py --latestv4 && pyasn_util_convert.py --single rib.202* asn.dat

Debugging
By default the logging runs on INFO and is getting saved to bender.log
You can switch it to debug by supplying the parameter: bender.py level debug

If you use functions such as optimize, debug, show, stats, clear... these are not logged, only printed, since they are intended for manual use.

Settings

ignore, if you wanna ignore an entire ASN, e.g Vivox

By default, all ports will be monitored, to ignore ports, add them to ignorePorts
If you want to skip that for specific ASN's then set ports = false e.g Fastly

By default every subnet will be associated with the closest server. If loadBalancing is set to False,
the first IP that does a connection to that ASN will determine the server for the entire ASN

If the latency improvement is below 2ms or none, you can force bending by setting force to True

You can define the size of the subnet that will be used to route dyn, /24 (default) or /32,
dyn uses the actual subnet size from the routing table, this could result in issues when used for example with Microsoft or Google.
Since they route the entire subnet, e.g /10 internally.

You can enable multi if the primary IP is not pingable it tries to figure out the gateway.
This works for fine for some Networks like AWS but can cause problems with others like Google.

Blacklist/Whitelist can be used to ignore/allow certain nodes for a specific ASN.

lazy is by default enabled, it will not initially optimize active connections.

config.json examples

#Fastly CDN (Reddit...)
"54113" :{"ignore":false,"ports":false,"loadBalancing":true,"force":true,"route":"dyn"}
#Google (Youtube...)
"15169":{"ignore":false,"ports":true,"loadBalancing":true,"route":"/24"}
#Vivox (Voice communications, Valorant, Siege, Overwatch)
"393218":{"ignore":true,"ports":true,"loadBalancing":true,"route":"/24"}

You can also define ASN groups

"32163,55497,57976,40551":{"name":"blizzard","ignore":false,"ports":true,"loadBalancing":true,"route":"dyn"}