Current Demo Setup for SES and MF


  • Satelite link
    • Each machine connected directly to a sat modem has a /30 public ip, with the modem as gateway. Some L2 packets appear to pass, but not reliably? To compensate, L2TP tunnels are used.
    • SES_SAT is the tunnel interface, between each site and
    • This tunnel is bridged to vlan 31, outdoor data, on landing1.
  • Terrestrial link
    • This link operates over the public internet. In order to pass L2 traffic, an L2TP tunnel to is used.
    • This tunnel is bridged to vlan 3701, GENI MF, on landing1.


SES1 in princeton has one satelite and one ground link. There is an l2 tunnel over each of these to landing1, at winlab.

Node4-3 and mf1 at winlab, each have one interface on each bridged vlan.

Traffic for satellite will thus travel over the public internet to the ground station, then over the sat link to SES1.


SSH key based authentication is set up for SES1 and SES2 machines. The keys are in /home/native/.ssh on machine mf1, and in /root/SES_KEYS on remote-l.


    • Eth0: Outdoor data,
    • Eth0.3701: MF vlan, bridged to geni sites,
    • Eth1: Outdoor Control,
    • Eth2: Direct connection to satelite modem port 1,
    • em1: was direct connection to sat modem, currently disconnected.
    • em2: outdoor control,
    • p2p1: Geni MF vlan, 3701. Terrestrial tunnel Link,
    • p2p2: Outdoor data, vlan 31, sat tunnel link,
  • ses1: Princeton remote machine
    • em1: sat link
      • ip:
    • em2: public internet link
      • ip:
    • ses_ground: tunnel for ground link, over em2
      • ip:
    • ses_sat: tunnel for sat link, over em1
    • Scripts:
      • Routing tables have been changed to allow two tunnels. There is an additonal table, sat. This table has one rule, that for traffic from to landing1, it should go via the sat modem. It is added to the ip rules just before the main table.
      • To view routes, type ip r show
      • native@ses1:~$ ip r show
        default via dev em2 dev ses_sat  proto kernel  scope link  src dev ses_ground  proto kernel  scope link  src dev em2  proto kernel  scope link  src via dev em2  src dev veth1  proto kernel  scope link  src dev veth2  proto kernel  scope link  src dev em1  proto kernel  scope link  src 
      • To view extra table, type ip r show table sat
      • native@ses1:~$ ip r show table sat via dev em1 
      • To show rules, type ip rule show
      • native@ses1:~$ ip rule show
        0:	from all lookup local 
        32765:	from lookup sat 
        32766:	from all lookup main 
        32767:	from all lookup default 
    • Tunnel setup
      • In native's home directory, there is a file
      • This runs on boot, and sets up both L2TP tunnels to landing1, as well as routes.
      • This script is symlinked to from /etc/init.d and was set to run on boot with update-rc.d tunnel defaults
      • Contents of script:
        #sets up tunnel via terrestrial link
        #remote ip for landing 1 is
        #local IP for ses1 is ???.???.???.???
        #ip address for tunnel to MF at Winlab is
        modprobe l2tp_eth
        ip l2tp del tunnel tunnel_id 1
        ip l2tp add tunnel remote local \
        	tunnel_id 1 peer_tunnel_id 5 udp_sport 3004 udp_dport 3004 encap udp
        ip l2tp add session name ses_ground \
        	tunnel_id 1 session_id 1 peer_session_id 1
        ip link set ses_ground up mtu 1500
        ip r add via
        ip addr add dev ses_ground
        ping -c 10
        ip l2tp del tunnel tunnel_id 2
        ip l2tp add tunnel remote local \
        	tunnel_id 2 peer_tunnel_id 6 udp_sport 3005 udp_dport 3005 encap udp
        ip l2tp add session name ses_sat \
        	tunnel_id 2 session_id 1 peer_session_id 1
        ip link set ses_sat up mtu 1500
        ip route add via table sat
        ip rule add from table sat
        #ip r add via
        #ip addr add dev ses_ground
        #ping -c 10

Desired Final Configuration


There will be 4 sites.

Location Sat IP Ground IP Description
Woodbine Uplink and core router
Princeton Remote 1
WINLAB Private IP on tunnel. Remote 2
iDirect Herndon ?? Remote 3

All sites will have a l2tp tunnel over public internet to WINLAB, to be connected to GENI MF vlan. Ideally, all 3 sites will pass L2 broadcast/multicast traffic to each other. While that is in progress, all sites will terminate a L2TP tunnel at Woodbine, over their satellite links.

