Changes between Version 19 and Version 20 of RoadMap


Ignore:
Timestamp:
05/31/10 05:29:40 (14 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • RoadMap

    v19 v20  
    11[[TOC(inline, depth=1)]]
    22
    3  = Introduction =
     3= Introduction =
    44
    55OpenVPN's current codebase has a number of limitations. Some of the limitations require changes to the underlying architecture to be fixed. Roadmap issues and relationship of OpenVPN 2.x series and 3.0 have been discussed earlier in a few IRC meetings:
     
    1414 * 6th May 2010
    1515  * The roadmap meeting. James' views about OpenVPN 3.0 are available [wiki:RoadMap@1 here]
    16  * 13th May 2010
    17   * <not yet cached at gmane>
     16 * [http://thread.gmane.org/gmane.network.openvpn.devel/3704 13th May 2010]
    1817
    19  = Current issues and potential fixes =
     18= Similar projects =
    2019
    21  == Monolithic architecture ==
     20The are a few similar projects which we could use for reference purposes, code etc:
     21
     22 * [http://wiki.freebsd.org/mtund Magic Tunnel Daemon]: This is pretty close to what we want, but lacks authentication and encryption. Uses BSD-license, so the code could be used reused without any problems
     23 * [http://user-mode-linux.sourceforge.net/ User Mode Linux]: Userspace network drivers
     24
     25= Current issues and potential fixes =
     26
     27== Monolithic architecture ==
    2228
    2329The fact that OpenVPN is currently implemented as a monolithic C application makes it difficult to control OpenVPN's internal operation from higher level languages.  Having the core functionality of OpenVPN implemented as a C library would allow it to be wrappable by higher-level language objects more easily. For example, suppose you wanted to build a full-mesh OpenVPN cloud, where OpenVPN runs on hundreds of machines, and where each machine has multiple processors.  It would be much more straightforward to implement the cloud in a high-level language such as python, and wrap the OpenVPN library as a python extension.
     
    2531Another related problem is that OpenVPN's components are not easily exchangable. This means adding certain types of functionality (e.g. IPv6) or replacing current SSL and compression functionality is much more difficult than it needs to be. As OpenVPN is essentially a special-case of a user-space network stack, it could be modularized so that the central core is implemented as a user-space network stack, and the other components such as VPN and routing would be modules in this stack. The above changes make it more straightforward to implement other protocols in the stack, such as IPv6. The network stack changes would also make it much more straightforward to implement alternative topologies for OpenVPN, such as full-mesh. The SSL and compression functionality should be modularized so that OpenVPN can be used with different SSL libraries or different compression algorithms.
    2632
    27  == Threading ==
     33== Threading ==
    2834
    2935Currently, OpenVPN is scaled on SMP machines by adding processes rather than threads.  While it might be interesting to look into scaling OpenVPN across threads, there may be kernel-level bottlenecks that impede this, e.g. note the problems facebook had when trying to scale memcached, specifically the problems of having multiple threads contend for a single UDP socket:
     
    3238Lack of multithreading is closely tied to the current event system implementation.
    3339
    34  == Event system ==
     40== Event system ==
    3541
    3642The current non-asynchrous-clean status of the event system makes maintenance of certain OpenVPN components quite tenuous, such as mtcp.c. While the current event model is partially asynchronous, it is not sufficiently clean to allow certain features to be implemented such as concurrent multithreading or the ability to listen on multiple interfaces simultaneously. The limitations of current event system are also closely tied to OpenVPN's lack of multithreading. To get these features the current i/o event system needs to be revamped into a true asynchronous model. It might be worthwhile to look into using libevent as the underlying i/o event system for OpenVPN (libevent is used by memcached).
    3743
    38  = OpenVPN 3.0: Development issues =
     44= OpenVPN 3.0: Development issues =
    3945
    40  == Organic vs. planned development ==
     46== Organic vs. planned development ==
    4147
    4248Community-driven development model excels in developing software incrementally in small steps. Most community developers are driven by healthy self-interest and concentrate on ''features'' that are of interest to them. Fixing parts of the architecture may or may not have value for them. An example of an architectural change that developers would probably be interested in is making OpenVPN multithreaded. That said, there are certainly some community developers who may be interested in less concrete work such as rewriting parts of the codebase to allow easier development in the future. Also, if the architecture is made more modular, people will be able to contribute to the project more easily in the future.
    4349
    44  == Start from scratch vs. incremental approach ==
     50== Start from scratch vs. incremental approach ==
    4551
    4652Starting from scratch has the benefit that we can focus on fixing the current architectural problems. Also, we would not really need to start from scratch, as many parts of the old codebase can be utilized in the new codebase with minor modifications. However, as the codebase as whole would be new, it would almost certainly have unknown problems.
     
    5460 * Authentication
    5561
    56  == Generic network stack vs. focus on VPN functionality ==
     62== Generic network stack vs. focus on VPN functionality ==
    5763
    5864In the roadmap meeting (6th May 2010) James presented [wiki:RoadMap@1 his views of OpenVPN 3.0]. In a nutshell, OpenVPN 3.0 would become a generic user-space network stack. This would solve many of the architectural problems with the current codebase. This approach would also ''potentially'' allow a much wider user- and developer base as people could build non-VPN functionality on top of the core.
     
    6066The big question is whether going 100% generic is beneficial or not. If there's no interest in a generic userspace network stack then focusing on VPN functionality and just modularizing and cleaning up the code would be the best option.
    6167
    62  = OpenVPN 3.0: Design and implementation =
     68= OpenVPN 3.0: Design and implementation =
    6369
    6470OpenVPN 3.0 architecture might look something like this.