Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Build Redundant Gaming Network with Wireguard and BGP

Date Huang
November 23, 2019
Technology
1
2k

Build Redundant Gaming Network with Wireguard and BGP

In this talk, Date Huang will discuss the difficulty of gaming network with different firewall rule and NAT policy and the reason of choosing Wireguard and BGP. Use Wireguard for encrypted connection and BGP to build redundancy route to each player. Even a player loses the connection, others will use BGP route to access each others.

Date Huang

November 23, 2019
Tweet

More Decks by Date Huang

See All by Date Huang
設計Kubernetes Controller與CRD的實踐 - 以網路為例
tjjh89017
0
630
維護自己的開源專案EZIO的心路歷程
tjjh89017
1
340
Massive Bare-Metal Operating System Provisioning Improvement - OpenInfra Day Taiwan 2019/11/12
tjjh89017
0
23
Cloud Infrastructure Interconnect with Wireguard and OSPF
tjjh89017
0
350
CI on OpenStack
tjjh89017
0
240
EZIO, Torrent-based Recovery
tjjh89017
0
180
OpenStack on ARMv8
tjjh89017
1
310
SITCON 2016 - ARM Cloud Project
tjjh89017
2
220

Other Decks in Technology

See All in Technology
Microsoft Fabric 移行ポイントの所見やデータ活用コラボレーションについて
ryomaru0825
0
180
【IoT-Tech Meetup #5】WireGuardを動かす環境やハードウェア紹介
soracom
PRO
0
140
Customer-Centricity Unleashed: Transforming Businesses with LINE Tech
linedevth
0
150
Code Review Challenge: An example of a solution
line_developers
PRO
1
210
K8s 上で laravel を 快適に運用する方法
colopl
0
120
Jagu'e'r Tech Writers Meetup #1
yamahiro
0
110
Ubieのアプリ開発を支える自動テスト
guchey
0
160
ChatGPTを前に頭が真っ白を乗り越え人が答えることが困難な認知負荷MAXなタフクエスチョンをどんどん回答させてプロダクト価値を爆速探求するぞ/cognitive_load_question_and_chatgpt
moriyuya
2
340
SREの組織類型におけるリーダーシップの考察
kenta_hi
3
210
Amazon FSx for NetApp ONTAPを 利用するときに気をつけることn選 〜移行プロセスを添えて〜 #devio2023
non97
0
140
プロダクトオーナーとしてSLOに向き合う 〜Mackerelチームの事例〜 / SRE NEXT 2023
tatsuru
PRO
0
140
SRE を実践するためのプラットフォームの作り方と技術マネジメント / Building a Platform for SRE
irotoris
0
360

Featured

See All Featured
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
49
16k
Writing Fast Ruby
sferik
615
59k
Facilitating Awesome Meetings
lara
37
5.1k
jQuery: Nuts, Bolts and Bling
dougneiner
57
6.8k
Mobile First: as difficult as doing things right
swwweet
214
8.2k
We Have a Design System, Now What?
morganepeng
40
6.3k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
12
5.7k
Designing the Hi-DPI Web
ddemaree
274
33k
The Illustrated Children's Guide to Kubernetes
chrisshort
26
45k
A better future with KSS
kneath
230
16k
Six Lessons from altMBA
skipperchong
17
2.6k
Building Adaptive Systems
keathley
29
1.6k

Transcript

  1. Build Redundant Gaming Network
    with Wireguard and BGP
    Date Huang
    Edgecore Networks
    [email protected]

    View Slide

  2. About me: Date Huang
    ● Engineer, Edgecore Networks
    ○ 2019 OpenInfra Day Taiwan Speaker
    ■ Massive Bare-Metal Operating System Provisioning Improvement
    ○ 2019 Hong Kong Open Source Conference Speaker
    ■ De-centralized Bare-Metal Operating System Provisioning
    ○ 2018 ISC High Performance Project Poster Demo
    ■ The Design and Implementation of Bare Metal Cluster
    Deployment Using BitTorrent
    ○ 2017 Open Source Summit North America co-Speaker
    ■ Building Cloud Infra using cost-effective ARM Boards
    ○ 2017 OpenStack Day Taiwan Speaker
    ■ Combine Continuous Integration (CI) with OpenStack
    ○ 2016 OpenStack Day Taiwan Invited Speaker
    ■ OpenStack on ARM64

    View Slide

  3. Outline
    ● Facebook Leaf-Spine Fabric
    ● Dynamic Routing Protocol - BGP
    ● Wireguard VPN
    ● Multi-player P2P gaming
    ● NAT Firewall with PlayStation4
    ● Concept: Wireguard + BGP build redundant P2P gaming network

    View Slide

  4. Traditional Network Topology
    http://ciscorouterswitch.over-blog.com/2018/04/cisco-s-data-center-architecture.html

    View Slide

  5. IP Fabric (Leaf Spine Fabric)
    https://engineering.fb.com/production-engineering/introducing-data-center-fabric-the-next-generation-facebook-data-center-network/

    View Slide

  6. https://engineering.fb.com/production-engineering/introducing-data-center-fabric-the-next-generation-facebook-data-center-network/

    View Slide

  7. Spanning Tree?
    ● One Route Active, Others Standby

    View Slide

  8. BGP
    ● BGP: Border Gateway Protocol
    ● Dynamic Routing Protocol
    ● Usually used in Internet routing path select
    http://ciscorouterswitch.over-blog.com/article-bgp-protocol-is-essential-in-your-ip-network-115059468.html

    View Slide

  9. https://www.mushroomnetworks.com/blog/bgp-load-balancing-good-idea-unless-att/

    View Slide

  10. Routing on Host (L2-less)
    ● Treat Server as a Router Node in BGP
    Network
    ● Server use BGP to know other routing
    ● Redundancy and merge bandwidth via
    BGP ECMP
    ● No L2 Broadcast, Multicast
    ● E.g:LINE Japan L2-less Network,
    Project Calico
    https://www.slideshare.net/linecorp/ss-116867631

    View Slide

  11. https://cumulusnetworks.com/customers/switch/

    View Slide

  12. Wireguard
    ● GPLv2 Open Source Tunneling Protocol
    ● Based on Linux Kernel, Support Windows and macOS
    ● IPv4-in-IPv6 and IPv6-in-IPv4 encapsulation
    ● Usually used in Site-to-Site Tunneling
    ● Better Performance than IPsec, No need hardware acceleration
    ● More Flexibility, Less Configuration, compare with GRE and IPsec
    ● No need setup Firewall to allow additional protocol(e.g. Allow GRE, AH, ESP)
    ● New Tech, No Mature, No Stable
    https://www.wireguard.com/

    View Slide

  13. View Slide

  14. Multi-player Gaming
    ● Central Server
    ○ Connect to central server directly
    ○ High Success rate
    ○ Large Scale Multi-player gaming
    ● P2P Connection
    ○ Players connect to each others
    ○ Low Success rate, according to players’ network quality
    ○ Small Scale Multi-player gaming

    View Slide

  15. Firewall and NAT Type using PlayStation
    ● Type 1: System connects to Internet directly
    ● Type 2: System connects to Internet via Router with NAT
    ● Type 3: System connects to Internet via Router with NAT. External system cannot
    connect to internal system directly.
    https://portforward.com/nat-types/

    View Slide

  16. Firewall and NAT Type using PlayStation
    ● Type 1: System connects to Internet directly
    ● Able to connect to Type 1, 2, 3.
    ● No Limitaion
    https://portforward.com/nat-types/

    View Slide

  17. Firewall and NAT Type using PlayStation
    ● Type 2: System connects to Internet via Router with NAT
    ● Able to connect to Type 1, 2
    ● Usually need DMZ, UPnP, Port Forwarding or UDP Hole Punching to allow
    external system to connect to internal
    https://portforward.com/nat-types/

    View Slide

  18. Firewall and NAT Type using PlayStation
    ● Type 3: System connects to Internet via Router with NAT. External system cannot
    connect to internal system directly.
    ● Only able to connect with Type 1
    https://portforward.com/nat-types/

    View Slide

  19. UDP Hole Punching
    ● UDP Hole Punching
    ● Let two clients exchange connection info and try to connect to each other via 3rd
    party server
    ● STUN: Session Traversal Utilities for NAT
    ● STUN is common implement for UDP Hole Punching (RFC 5389)
    https://bford.info/pub/net/p2pnat/

    View Slide

  20. https://bford.info/pub/net/p2pnat/

    View Slide

  21. UDP Hole Punching FAIL!
    ● If Hole Punching FAIL, need use other method to connect each other
    ● Forward two clients info to each other via TURN Server or other nodes in P2P
    networks
    ● For example: PS4 Party Chat. If it’s not able to connect, 1 of players will
    forward the network traffic or voice to others
    https://forum.gamer.com.tw/C.php?bsn=5786&snA=135419

    View Slide

  22. TURN? or not
    ● In design of TURN server, only create 1 forwarding connection. If TURN server
    is offline, forwarding connection will be disable, need to re-create forwarding
    connection to other TURN server
    ● No Redundancy, No Fast Recovery

    View Slide

  23. Wireguard + BGP
    ● Use Wireguard to connect with each others
    ● Let Wireguard connections be Full Mesh Topology via STUN as much as
    possible
    ● If no Full Mesh, connect to server, server will help to forward connection
    ● BGP will create dynamic routing, and choose the nearest routing
    ● Create Redundancy Gaming Network via BGP
    https://www.talari.com/glossary_faq/sd-wan-full-mesh/

    View Slide

  24. Tunneling + Dynamic Routing Protocol
    ● Tunneling
    ○ GRE
    ○ VxLAN
    ○ IPsec
    ○ OpenVPN
    ● Dynamic Routing Protocol
    ○ RIP
    ○ OSPF

    View Slide

  25. Demo
    ● R1 10.0.0.1, 192.168.0.1
    ● R2 10.0.0.2, 192.168.0.2
    ● R3 10.0.0.3, 192.168.0.3
    ● R4 10.0.0.4, 192.168.0.4
    ● While R2 reboot, R1 still can connect to R4 via R3
    R1
    R2 R3
    R4

    View Slide