<div dir="ltr">Look at it from the server side. There are millions of clients on millions of <a href="http://192.168.1.0/24">192.168.1.0/24</a> networks, yet a server can communicate with no more than 254 of them.<div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 6, 2016 at 11:48 AM, Baptiste Jonglez <span dir="ltr"><<a href="mailto:baptiste@bitsofnetworks.org" target="_blank">baptiste@bitsofnetworks.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Wed, Jul 06, 2016 at 11:31:28AM -0400, Norman Shulman wrote:<br>
> Ethernet networks don't scale; that's why we have IP networks.<br>
<br>
</span>Wireguard does not use Ethernet at all, it operates purely at layer 3 (IP).<br>
<br>
IP over Ethernet would use a reactive scheme (ARP, Neighbour Discovery) to<br>
discover the mapping between IP addresses and link-layer addresses. This<br>
is part of the reason why Ethernet does not scale well.<br>
<br>
Wireguard, on the other hand, does the equivalent mapping statically, via<br>
the AllowedIPs directive. The mapping is also slightly different:<br>
<br>
- with Ethernet, you map from IP address to MAC address (using ARP or ND)<br>
<br>
- Wireguard maps from IP address to public key (using AllowedIP, so this<br>
is completely static). A public key is then mapped to the IP address<br>
and UDP port of the peer on the Internet, using the last known endpoint<br>
of the peer. This makes this second mapping mostly dynamic, even though<br>
it falls back to a static "Endpoint" configuration for bootstrap.<br>
<br>
Does that make things clearer for you?<br>
<span class=""><br>
> So in general a client needs one address for each server? Rather limiting<br>
> for clients on small subnets, especially considering the case of n clients<br>
> on a subnet, each connecting to m different servers.<br>
><br>
><br>
><br>
><br>
> On Tue, Jul 5, 2016 at 3:11 PM, Jason A. Donenfeld <<a href="mailto:Jason@zx2c4.com">Jason@zx2c4.com</a>> wrote:<br>
><br>
> > On Tue, Jul 5, 2016 at 9:09 PM, Norman Shulman<br>
> > <<a href="mailto:norman.shulman@n-dimension.com">norman.shulman@n-dimension.com</a>> wrote:<br>
> > > How is this enforced?<br>
> > Receiving, line 238 here:<br>
> > <a href="https://git.zx2c4.com/WireGuard/tree/src/receive.c#n238" rel="noreferrer" target="_blank">https://git.zx2c4.com/WireGuard/tree/src/receive.c#n238</a><br>
> > Sending, line 112 here:<br>
> > <a href="https://git.zx2c4.com/WireGuard/tree/src/device.c#n112" rel="noreferrer" target="_blank">https://git.zx2c4.com/WireGuard/tree/src/device.c#n112</a><br>
> ><br>
> > > How does this scale?<br>
> > The same way in which an ethernet network scales? One ethernet device<br>
> > can have multiple IPs, but separate (unbonded) ethernet devices<br>
> > generally do not share IPs.<br>
> ><br>
<br>
</span>> _______________________________________________<br>
> WireGuard mailing list<br>
> <a href="mailto:WireGuard@lists.zx2c4.com">WireGuard@lists.zx2c4.com</a><br>
> <a href="http://lists.zx2c4.com/mailman/listinfo/wireguard" rel="noreferrer" target="_blank">http://lists.zx2c4.com/mailman/listinfo/wireguard</a><br>
<br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">Norman Shulman<br>Sr. Developer/Architect<br>N-Dimension Solutions Inc.<br>9030 Leslie St, Unit 300<br>Richmond Hill, ON L4B 1G2<br>Canada<br><br>Tel: 905 707-8884 x 226<br>Fax: 905 707-0886<br><br>This email and any files transmitted with it are solely intended for the use of the named recipient(s) and may contain information that is privileged and confidential. If you receive this email in error, please immediately notify the sender and delete this message in all its forms.</div>
</div>