Server
The Bondix SANE Server is a universal Linux service for x86_64 architectures (other architectures available on request). Thanks to static compilation, there are no special host operating system requirements such as specific LibC versions - the only requirement is kernel support for virtual tun/tap network interfaces.
Requirements
Resources
The resource requirement is based on the peak total throughput of the installation and the number of simultaneous tunnel connections. This formula can be used as a rule of thumb for the required memory:
Memory requirement (megabytes) = Bandwidth(Mbit) / 2 + TunnelCount * 5
Example: An installation of 100 tunnels should guarantee 50 Mbit/sec for each instance at full load. The peak bandwidth would thus be 100 * 50 Mbit = 5000 Mbit/sec. Using the above formula, this results in a memory requirement of approx. 3 gigabytes.
In addition to memory, the number of CPU cores is also critical. Bondix SANE Server distributes incoming tunnels to different CPU cores for load balancing. While the maximum throughput per CPU core depends on the hardware used, 500 - 1000 Mbit can be taken as a conservative estimate.
Note: These assumptions for storage do not take into account requirements for the host operating system, other services, and the like. Requirements for storage space are negligible.
Public Ports
Bondix SANE Server requires a publicly accessible TCP port (default 443, but freely selectable) and at least one UDP port - the number of UDP ports depends on the CPU cores used
Installation
Log into your server and do the following:
Create installation directory | mkdir -p /opt/bondix
|
Download installation package | curl -o sane.tar.gz <DOWNLOAD-URL>
|
Extract package | tar -xvzf sane.tar.gz
|
You can verify that the correct version has been installed with the command
/opt/bondix/server/saneserver --version
If successful, it should print its version string.
Configuration
Like the client, configuration is done using JSON commands, which can either be sent during runtime using a configuration socket (localhost:5112), or from a configuration file that is parsed during startup.
Quick Start
This configuration provides the minimal necessities to get the server running.
[ ... ]
You will also need to execute /opt/bondix/server/ssl/create-server-cert.sh
, which will generate a self-signed SSL certificate.
Environments
Environments are a collection of tunnel that share certain resources, like packet buffers, CPU thread and virtual network interfaces. You should not more environments than available CPU cores, or the number of total incoming clients.
SSL Setup
...
System Commands
...
Tunnel Manager Commands
...
Running
The software can be run in the shell using /opt/bondix/server/saneserver
, where it will run in the foreground. However, it is recommended to start the service automatically on startup, which can be different depending on the platform.
Parameters
--daemon |
Runs the software as a daemon. |
--nopid |
Does not attempt to create a pid-file at /var/run/saneserver.pid
|
--listflags |
Lists available feature flags |
--flags <FLAG1> <FLAG2>... |
Enables the specified flag(s). Multiple flags are separated using space. |
</path/to/filename.json> |
JSON configuration file that should be used |
Feature Flags
Feature flags are switches that enable certain features that are otherwise unavailable. These features are usually experimental and should be used with caution.
useMMSG | uses useMMSG linux socket API to send & receive multiple UDP packets at once. This improves performance under load, while stable there are some corner cases which can trigger error messages in the log. |
bondingProxy | Enables the TCP Bonding Proxy. |