Decentralized administration concepts for wireless community mesh networks Thomas Huehn‡ ‡ Deutsche
Telekom Laboratories, TU Berlin, Berlin, Germany {
[email protected]}
Abstract—The lack of widely available broadband internet access available in all parts of Germany was the main motivation to build community mesh networks to share ADSL lines. As many are unable to easily obtain an ADSL line, we built a wireless mesh network covering our two home villages. Singe we began, we have included 60 households running their own 802.11 wireless routers based on commodity hardware on rooftops within the unlicensed 2,4 GHz frequency band. But how would someone administrate such a network consisting of 60 different ”micro” providers without having a central administration instance? This paper describes the mechanisms that make our decentralized administration concept a trust-based, efficient, and scalable solution for community mesh networks. We then describe the main concepts of how to deploy new OpenWRT based firmware-images in a decentralized manner. We then detail the most challenging aspect of the project, granting access for mobile devices among the entire mesh distributed among the node owners. Moreover we argue that conventional administration concepts fail when running such a mesh network and provide new approaches to run networks where every participant has root privileges.
mesh network has two main clouds per village with a high density of nodes running all on the same channel, channel 1 (2412 GHz) in 802.11g-only mode. All mesh nodes are equipped with an omni-directional antenna mounted to be outside of the roof. A singe ADSL line, serving 6000 kBit/sec downstream and 520 kBit/sec upstream, is the only Internet gateway we are currently using and sharing between us. The Fig. 1 represents the topology snapshot from 28th of April 09 based on OLSR [2] routing table calculations.
I. I NTRODUCTION Fig. 1.
Starting in 2003 many community driven mesh networks called Freifunk communities have tried to bridge the gap in Germany’s ADSL accessibility by deploying 802.11 wireless routers on rooftops. The kind of Freifunk based networks vary from totally unplanned city meshes like in Berlin and Leipzig with up to 800 nodes to structured meshes such as in our village Sundhausen with 60 active nodes. The development of the Freifunk firmware is realized in a decentralized manner. The first part of this paper describes our mesh network located in Sundhausen and Urleben (Germany). Questions regarding the firmware distribution process and how to enable network access for mobile devices in a decentralized manner are covered within the second part. II. C OMMUNITY M ESH IN S UNDHAUSEN /U RLEBEN In parallel to the growing Freifunk [1] communities in German cities, we started simultaneously building a wireless mesh to cover our village Sundhausen. Since we began, we have included 38 households within Sundhausen and extended our mesh to include our neighbor village Urleben, with currently 22 nodes. A. Architecture & Topology Our wireless mesh network is based on a 2-tier architecture. The mesh consists of consumer hardware with an OpenWRT [3] firmware as open-source operating system. The
Topology of the wireless mesh in Sundhausen/Urleben.
Starting from the gateway node, we build a 5 GHz wireless backbone between six Freifunk mesh nodes, connected via separated point-to-point links. The backbone nodes are equipped with Atheros miniPCI cards operated in 802.11a turbo mode. Marked by yellow lines, Fig. 1 also depicts the backbone links, connected as a layer 2 bridge between the red dotted mesh nodes. All of the six Freifunk routers are in a full switch broadcast domain, where their OLSR routing daemon assumes to have a direct link to each other backbone router. With this setup we were able to reduce the number of maximal hops within the shared 2,4GHz band from 4.5 to 2.5 on average. The minimal achievable net bandwidth from a mesh node to the nearest backbone node is at least 4 MBit/sec with an average delay of 3.6 ms. Table I summarizes the main parameters of our deployment and our hard- and software setup. B. Security We do not use any encryption on the wireless interface at all. The intra mesh access is free for all, however the internet access is restricted to nodes which are registered on a central web page. This represents the basis of the so-called white list of allowed nodes. This concept is used to exclude misbehaving nodes or users.
TABLE I C HARACTERIZATION OF THE WIRELESS MESH IN S UNDHAUSEN /U RLEBEN Evaluation Deployment
Software
Hardware
Paramter Covered area Max. diameter Population Sundhausen Population Urleben Max. concurrent users Operating system Kernel version Routing algorithm Meshrouter platform Meshrouter antennas Backbone platform Backbone antennas
Freifunk Sundhausen/Urleben 12 km2 4.5km 371 (Dec. 2007) 449 (Dez. 2007) 112 OpenWRT linux Kernel 2.4.30 OLSR version 0.5.4 rc4 48x Buffalo WHR-HP54G 12x Linksys WRT-54G Omni-directional (3-9 dBm) Asus W-500gP Directional (14-24 dBm)
C. Economics Within our mesh, the single-node owner can be seen as a kind of a mini provider who invested about 100 Euros in a set of common hardware components and who pays the energy costs to operate his node. The range of the mesh network increases with new participants and their packet forwarding ability. Besides other Freifunk networks, where voluntary users share their Internet connection with the community, we founded a registered co-operative called ”Evernet e.G.” The task of this registered co-operative is to rent the ADSL Internet line so that no single user is responsible for the activities on the network. The use of the mesh network and, therefore, the use of the Internet connectivity are free of charge. Our mesh network is more or less a voluntary network without any contract between the users, but with some more centralized approaches compared to other Freifunk meshes e.g. the one in Berlin [4]. III. C ONCEPTS OF D ECENTRALIZED A DMINISTRATION A. Automated Firmware Deployment Conventional administration concepts to deploy new firmware images are not applicable to our mesh and the distributed firmware development process. Each single node owner is given root privileges with the power to decide what to install and adjust on his node via ssh or https. In summary the firmware development process over the last 3 years created new firmware beta-releases on a bi-weekly basis and a stable major release every 6 month. To prevent avoid the development of an entirely inhomogeneous firmware distribution, we introduced a staged update profile. The web based firmware administration allows the user to choose between 3 different update strategies. Namely ”brave” - every beta version is flashed, ”normal” - only firmware images marked as stable are considered and ”paranoid” - the automatic update is deactivated, are selectable. Each strategy represents the tradeoff between running the latest, most featured firmware while risking an unstable system and deactivating the automatic update, possibly leading to incompatibilities with the remainder of the mesh. We leave this decision to be made by each node owner. Our update scheme checks on a nightly basis if there is a newer firmware version in our central repository. Depending
on what the user selected, the firmware is downloaded and flashed in an unattended fashion or the user is otherwise informed about a possible update on his router’s status page. Our experience shows that the sum of users who have chosen ”brave” and ”normal” mode has a stake of around 45% each. Less than 10% go with the most conservative update strategy. With this concept we were and we are still able to have a fully unattended update automatism to distribute at least all stable firmware releases for more then 90% of all mesh nodes in our network. The user is in no case directly forced to be part of that automatic update process. B. Distributed Access Control for mobile devices Node owners may use their mobile devices to access the mesh network without having the OLSR daemon. This access is based on the MAC address of the device, where each node owner can specify his own web-based whitelist of MAC addresses on the mesh router. But how could someone realize a mesh-wide access control scheme with such local whitelisted information? Our approach combines a local storage of access restrictions with a global distribution to provide the elements of evidence for deciding on possible mesh-wide access. Therefore each router announces its whitelist of MAC addresses via the OLSR service plug-in all over the mesh. While the OLSR daemon handles the service distribution, every node matches the number of equal MAC addresses received from different nodes. If a node has received a MAC address announcement generated by more than 3 different sources, it will add this MAC address to its own access list. Respectively it will adjust its iptable rules in the manner to grant wireless access for this specific MAC, as long as the announcement rule is valid. This leads to considerable advantages: the user is able to obtain mesh wide client access by finding at least 3 different node owners, trusting in him and adding his MAC address to their own whitelist. From an administration standpoint, the task to control the wireless access is distributed among the group of users. Such a trust based mechanism ensures a lower bounded entry threshold. We do not claim this concept to be secure at this point of development, but it is utilized by our users and could be seen as a first step towards a distributed access control dynamically handled within the mesh network. IV. C ONCLUSION Within these two pages we presented a condensed description of our real wireless mesh installation in the villages Sundhausen and Urleben in Germany. Furthermore, two concepts and practical implementations are described which enable automated firmware updates and distributed access control in a community-driven mesh network. R EFERENCES [1] [2] [3] [4]
Freifunk project homepage, http://start.freifunk.net/node/1. Olsr project homepage, http://www.olsr.org. Openwrt project homepage, http://www.openwrt.org. R. K. A. Pescape and T. Huehn. Challenges in 2nd generation wireless mesh networks. EURASIP Journal on Wireless Communications and Networking, JWCN/274790, August 2008.
