Tech Overview

Network Structure

The Plabs network can be divided into three main parts: - Core - Mesh - Roadwarrior


The core network is a static network based on GRE in IPsec that connects all the core servers of Plabs. Core servers provide an bootstrap point for subnet routers and host the most important services of Plabs (such as DNS, email and git) in a fail-proof manner.

Subnet Router

Every subnet router (spoke) first connects to every reachable core server. After this initial connection, it will start connections between subnet routers (spoke to spoke) on demand if possible.


While on the go, you can connect to Plabs as a so called roadwarrior. As the roadwarrior config consists of purely an IPsec connection in tunnel mode without any need for additional software apart from the IPsec daemon, it is ideally suited for mobile devices with limited system access. Tunnel mode is used in this case because the level of access to the device’s network stack isn’t as deep as the one required by transport mode which would prevent it to run on devices like Android smartphones that don’t expose interfaces needed for transport mode for security reasons.

Routing and Next Hop Resolution

OSPF was chosen as a routing protocol because it scales very well, has good free implementations and fits the rather dynamic structure of Plabs. To resolve the next hop for the shortest possible route to a packet’s destination, NHRP in conjunction with a small tool called desist is used. This tool in form of what can be described as an “updown-script” for OpenNHRP is used to dynamically start spoke to spoke connection whenever this provides a shorter path to the desired target. In the long run this combination of OpenNHRP and desist will be replaced as OpenNHRP doesn’t and probably never will support IPv6.