Here’s what we will do today: We will build
a Wi-fi Mesh with OpenWrt. I bought a couple of these ASUS Lyra mesh
access points here. Got them real cheap on eBay. I paid 25 bucks each. Great Wave 2 Wifi 5 devices with 3 radios
inside. MU-MIMO, Mesh and everything. Difficult to get however – they are end
of life from a sales perspective. I flashed them with OpenWrt and built a Wi-fi
Mesh along with some more Wi-fi access points that would otherwise collect dust in a box. Like two of these Archer C7’s, a Xiaomi
Mi router, a Belkin RT3200 and some custom built devices. My Wi-fi mesh is as big as I could build it
– I actually spread those Access points everywhere in the house and also in the garden
in order to make it a bit larger. Over all I have roughly 10 nodes in the Mesh. On the mesh I have three different Wi-fis
which are called M-IOT, M-GUEST and M-LAN. If you have read the title or the description
of the video you might wonder – what has B.A.T.M.A.N. to do with all of this? First off – this is NOT about the guy with
the deep voice who runs around in tights – we are talking about a network protocol here. More specifically a MESH protocol. B.A.T.M.A.N. is short for “Better Approach to Mobile
Ad-Hoc Networking”. Why would we need or why would we want that
B.A.T.M.A.N. protocol? Maybe you have seen my other videos about
Wi-fi Mesh – in the first episode I showed you how to build a Mesh with OpenWrt. It’s actually really easy and only takes
minutes or an hour at most I would say. If you only have let’s say three Wi-fi mesh
nodes and one single Wi-fi name or SSID as it’s called, then you don’t need anything
else – you’re fine with the basic functionality of Mesh in OpenWrt. If you can run Ethernet cable between your
Wi-fi access points then you don’t even need a Mesh at all – you’re much better
off using a wired installation like I proposed in this video here. Link up there. So when would batman advanced be a good choice
for you then? It does make sense if you have one of the
following use cases: Maybe you want to go BIG – so by BIG I mean
really big – like rather than planning for 3 or 5 nodes in the house you want to build
a MESH for your neighborhood or for the valley or the town or city with potentially tens
or hundreds of nodes. In this use case you would probably have multiple
nodes that provide internet access and hence you would need a protocol that can figure
out which node has the best connection to the internet. Definitely a use case for batman advanced. And – it’s proven that it works. Have a look at the German Freifunk community. They are using it all over the country in
meshes with up to hundreds of nodes. Second use case – and that’s valid for
any size – you have multiple Wi-fi names or SSIDs- such as IOT or guest or Wi-fi’s
for different groups of users – in this case you would need to be able to use VLANs
over the mesh. In my second Wi-fi Mesh episode we had used
gretap for that. But gretap is a point to point protocol. Batman advanced can do VLANs over the whole
mesh. By default. Out of the box. And it’s actually very easy. It can be done in five minutes. Third use case – maybe your mesh is not
all Wi-fi. Look at this diagram. We have a three node Wi-fi mesh here that
is connected to an Internet gateway. And maybe we are extending the mesh on the
“other” side of the gateway. And maybe we have two or three of these. In a non-batman mesh the traffic would go
off mesh in the middle. In a batman advanced installation the mesh
could go over the whole network. Including the wired part. Actually there’s a fourth use case – and
that is an aspect of the batman protocol that is in my opinion often under-evaluated. As the B.A.T.M.A.N. advanced protocol can do VLANs – it can
do something quite exciting. It can actually transform your whole network
into a giant managed switch. You could plug in devices over wire or Wifi
or mesh into any of the VLANs at any point. So you could in fact use the B.A.T.M.A.N. advanced protocol if you want to do VLANs
but you don’t have a managed switch. Very exciting. Cool - we have seen that the B.A.T.M.A.N. advanced protocol basically solves two or
three shortcomings of a basic Wi-fi Mesh. First – it is a protocol that helps solve
the basic challenge that you have in a mesh as opposed to a point to point network – that
is helping the packets to find their way to the right counterpart. A little bit like the “traveling salesman”
problem really. And second – as it can do VLANs – we can
have multiple Wifi names go over one single mesh. Now let’s see how we can get hold of it
and how we can install it. It only takes five minutes really. If you already have your OpenWrt configured
like in one of the last episodes then you can skip the next chapter and fast forward
to this time marker here. If not, then I will show you real quick in
the next chapter how to prepare your OpenWrt Router and Access point for mesh. I won’t go into every single detail but
just outline the necessary steps. For a detailed explanation please watch the
first episode. The blue print is as follows: We will have
three wifi’s, called M-IOT, M-GUEST and M-LAN. Each one of those has their own network and
firewall zone and will be replicated, bridged or repeated if you want on all other Access
points over the Wi-fi mesh. Alternatively we may have something like this:
If our Internet gateway does not have Wi-fi then we may as well include a wired section
in the Mesh. That’s a big advantage of using batman advanced. You don’t have to go off mesh at the intersection
between wire and Wifi if you have wired sections. In this example the middle part would still
be part of the Mesh but rather than going over Wi-fi it would go over Ethernet or maybe
even a VLAN. First let’s see the steps that we need to
do on all routers and access points that participate in the Wi-fi portion of the Mesh. In order to be able to use the Wi-fi as Mesh
point, we need a specific version of WPAD. For example wpad-mesh-openssl or wolfssl. So let’s go to system-software and then
install one of those. Now we can go to network-wireless and click
on Add next to the desired radio. I use a dedicated 5GHz radio for that as my
Lyra’s have two of them. Down here in the Interface Configuration I
select 802.11s for the mode, I’ll give it a name in the Mesh ID field, but I leave the
network blank for the time. We’ll attach this to the batman network
later. In the Wireless Security tab I select WPA3-SAE
and type in a secret key. That’s it for the moment. If you already have a mesh like this then
you would see the existing nodes down here. Now let’s see how the config on the internet
gateway differs from the config on the so called dumb access points. Let’s start with the internet gateway. That’s the router that connects you to the
internet. You can see here that I have three interfaces
called IOT, GUEST and LAN. They all have static IP addresses and if we
go over to the DHCP tab then you can see that each of those serves IP addresses on their
own subnets. Also, each one of those is assigned to its
own firewall zones with different policies. Furthermore, there is a WAN interface which
is the default gateway. That’s of course how we get to the internet. All other interfaces should NOT have that
box ticked. If that main router or internet gateway has
Wi-fi then we would also have Wifi SSIDs here under Network-Wireless. Down here you can see which network they are
attached to. That’s the link between the Wi-fi and the
network interface. The Guest Wi-fi is on the guest network, The
IOT on the IOT and so on. Now let’s have a look at the dumb access
points. Setting those up requires a bit more time. I create the same interfaces like on the internet
gateway here, just this time I select unmanaged or DHCP client as a protocol. I suggest that you set this to DHCP client
in the beginning – even if you want to change it later. That’s actually an easy way to check everything. If everything goes OK, then these interfaces
should get IP addresses over DHCP from the main router. If they don’t then something’s wrong. When you create the interfaces on the dumb
access points then you don’t assign them to a firewall zone. They will just be bridged on layer 2 – all
IP traffic and firewall will be handled on the main router. Leave the “Device” unspecified for the
moment – we will link this to the right batman interface later. Now when you set up the Wi-fi’s under network-wireless
by clicking again on “add” next to the desired radio then this is where you would
actually link the Wi-fi interface with the interface that we have just created. So I would link the M-IOT Wi-fi to the IOT
network, the M-Guest to guest and so on. Now for the LAN and WAN. We don’t need a WAN interface on those – we
have the WAN interface on the main router. So let’s delete it. The LAN interface in turn should not have
a static IP, but rather have an IP served by the main router. So I change the protocol to DHCP client. Do not click on “Switch protocol” – that
would commit the change immediately. We need to configure a couple more things. At the moment I am connected to this device
with an Ethernet wire. Hence the LAN interface has a device attached,
in my case br-lan. I’ll leave it that way for the time being. Just on the firewall setting I remove the
firewall zone and on the DHCP Server tab I deactivate the DHCP Server by ticking the
“Ignore Interface” box. Click on Save. Don’t Save and apply yet. We might want to check on the devices tab
if every Ethernet port is assigned to the right interface. In my case I want both ports to be on the
LAN. One port is currently connected to my main
router and the other one to my PC. For a dumb Access point they should all be
connected to the LAN side, Therefore I change the settings for the br-lan bridge so that
eth0 and eth1 are both LAN. Once I click on Save and Apply here then the
following happens: My Access point tries to get an IP address over DHCP from the first
router and also my PC gets an IP address in the same range. As now we are both in the same LAN. I need to wait until this goes through. Plenty of time. I have 90 seconds before everything gets rolled
back. Once I have the IP address, then I can check
on the main router to see which new IP my access point has. And once I connect to the web interface of
that Access point then the changes get applied because LuCI has confirmation that we could
actually reach it. Otherwise the changes would just have been
rolled back. All that’s left to do on this access point
is to stop and disable some services under System-Startup. Namely the dnsmasq, odhcpd and firewall services. That’s it. Guys, I’ve been rushing a little bit over
this as I have covered that part in a lot of videos already. If anything is unclear in this section then
please check the related videos. Here’s what we have so far: we have a main router with a WAN interface,
three interfaces called IOT, GUEST and LAN. Potentially three Wi-fis with similar names
attached to the respective interfaces. Furthermore we have Access points – basically
Wi-fi routers where we have stripped Firewall, DNS, DHCP Server and IP routing – with the
same interfaces, but of course no WAN interface. The access points have a Wi-fi mesh and the
main router may or may not have one. Now let’s do the B.A.T.M.A.N. part in order to connect everything. In order to install the batman advanced protocol
we can log into the Web UI of our OpenWrt Router or Access Point which is called LuCI,
then we go to System-Software. If you type in batman you should see these
software packages here. If you don’t see any, then just refresh
the list by clicking on update list. The one we are after is the luci-proto-batman-adv
package here. At the time of making this video – in April
2022 – chances are that you can’t find that package. The reason is that it is brand new. If it is there, just click on install next
to it. If it is not there, then you may download
it from my github server – the download location is in the description of the video. In this case please first install the kmod-batman-adv
package and once you have done that, click on upload package, browse to the file that
you have just downloaded and then click on upload and then on install. Awesome – at this point you might need to
reboot your router or access point – just to make sure that all protocols are available. Once your device is back, then please go to
network-interfaces and click on add new interface. If everything went well, then you should have
an option “Batman Device” here in the protocol drop down list. Let’s name the interface bat0 and select
“Batman Device” as the protocol. Then click on “Create Interface”. You notice there is this additional tab over
here named “Mesh Routing”. Let’s click on it. We really don’t need to change many options
here. Most default values will probably suit most
cases. However I prefer to tick the box “Bridge
Loop avoidance” in order to avoid endless loops if ever a packet turns around in circles
on the mesh. I also want to select a value for the gateway
mode. Set this to “Server” on your Router and
to “OFF” on the access point. Now click on Save. If you click on the Unsaved Changes icon up
here then you can actually see the changes that will be made to the system. Perfect. Adding the batman network is a three step
process. We have done the first step by creating the
bat0 device. You can actually see this if you go over to
the devices tab here. Here it is. Bat0. Back to the Interfaces tab. The next step is to actually create an interface
that is linked to the bat0 device and carries the mesh traffic.. Let’s again click on Add new Interface,
let’s call the interface let’s say batmesh and select Batman Interface as the type. Please do NOT select the bat0 device in this
dropdown here. Leave it blank for the time being! I’ll explain in a second. Once you click on Save then you should get
two additional options here. One is called Batman Device – THIS is where
we select the bat0 from the previous step. And the other one is “Override MTU” – leave
this blank for the time being. I’ll explain it later. Please do not change any of the other values
yet. I’ll explain everything. Last step - Now go over to Network – Wireless
and this is where we actually link the Wi-Fi Mesh to the batman network. Just keep going. I’ll explain everything. Select your Wi-fi Mesh from the list of Wireless
networks and click on Edit next to it. Down here under “Interface Configuration”
we can select the network which our Mesh is connected to. In my case that’s the LAN. From this drop down list I select the batmesh
network that I have created in the second step. Also – please go over to the “Advanced
Settings” tab and untick the box “Forward Mesh Peer Traffic”. We do not want the mesh interface and hence
OLSR – Optimized Link State Routing – to determine the paths through our mesh. That will now be handled by batman. Cool. Now click on save and Save and Apply. On Nodes that are connected to other mesh
nodes over Ethernet, we would repeat step 2 and create another Batman Interface. In my case I called it Batwire and attached
it to an existing bridge called br-mgmt. That’s actually my management network which
in turn here on the devices is bridged with Ethernet VLAN 39. You might want to use plain eth0 or an existing
VLAN for this – depends on your config really. On OpenWrt Version 19 you can do this as well
– Let me show you an example how I run the batman network over an Ethernet wire – in
my case this is a VLAN but you could select plain eth0. Just make sure that you DON’T tick the bridge
tick box here – the batman interface does not work if it is a bridge itself. You may attach it to a bridge in Version 21
but it does not have to be a bridge itself like in Version 19. Let’s stop here for a second. We have done a lot of “click here, click
there.” Let me quickly explain where we are at this
stage. We have now added the B.A.T.M.A.N. advanced device to all routers and access
points participating in the mesh. We have assigned the interfaces that carry
the mesh traffic to an Ethernet port on the wired portions and to the Wi-fi Mesh on the
Wi-fi portions. For Nodes that participate in both ethernet
and Wifi Mesh, we have created two Interfaces. So now we have a B.A.T.M.A.N. advanced network spawning our whole network. B.A.T.M.A.N. advanced will take care of all the discovery
and routes in that mesh. What we need to do next and actually as a
last step is that we bridge the Interfaces and hence the Wi-Fi networks to the right
B.A.T.M.A.N. advanced devices. Pretty much the same like with Ethernet VLANs. I have decided to use the following networks
on my mesh – and they of course correspond to the VLANs that I have been using in the
other videos. 3 for IOT, 4 for guest and 99 for the LAN
traffic. In order to do this we will now assign the
right network interfaces to the corresponding B.A.T.M.A.N. advanced device. Let’s actually create a bridge for each
one of them. First IOT. I go to Network-Interfaces – Devices Tab
and click on “Add Device Configuration”. The type will be bridge. I create a bridge here because we might want
to attach multiple interfaces to that device. First bridge is called br-iot. In the bridge ports drop down box I type in
bat0 – because the IOT network shall flow over the batman network and then I add dot
3 – because I want to use the network number or VLAN 3 for IOT. That’s it. Save. Do the same with br-guest and bat0.4, then
br-lan and bat0.99 – You may use different numbers. I have just chosen them arbitrarily. On the br-lan bridge I have also added the
Ethernet ports. Cool – now over to the Interfaces tab. I click on “Edit” next to each interface
and make sure that each interface is linked to the right device. Again – br-iot for IOT , then br-guest for
Guest and so on. Perfect. Now let’s click on “Save and Apply”
and do this on all nodes. What should now happen is that the IOT and
Guest interfaces get assigned IP addresses from the main router’s DHCP Server. It might take a minute. Here we go. All good. Do this on all access points and routers. Quick tip here – if you have multiple devices
of the same brand, make and model then ou can accelerate the configuration if you take
a backup of the first node and restore to the others. You would still have to install the software
packages but it will save you a lot of clicks. If we look the blue print again – here’s
what we have just done. The batman interface carries the mesh traffic
and we attached all interfaces of Guest, IOT and LAN to the right sub-interfaces or rather
VLANs. We now have a working Mesh that can run over
Wi-fi or Wire or – like in my case – mixed architectures. Let’s test it. When I set up the Wi-fis, I had also activated
fast roaming or fast transition. You can do that by ticking the 802.11r tick
box under Wifi-security. Just chose a 4 digit Mobility domain – which
has to be the same on all Access points for a given network – that means it has to be
the same on all IOT, then a different value for all Guest and so on. Select FT over the air in the FT Protocol
Dropdown. These settings will accelerate the hand over
from one access point to another. What I want to do next is that I walk around
the house with my mobile phone. The phone should then quickly roam from one
access point to another and keep me connected at any time. On the phone I will run an iperf3 speed test
and measure the bandwidth. Just before I do that let me show you an important
tool of the B.A.T.M.A.N. advanced network. This is a command line utility called batctl. Short for batcontrol. This utility gives me a lot of insight into
the mesh. I can for example show all the participating
mesh nodes or originators with batctl originators or short batctl o. This shows all my Access points and the router. Or I might want to see the available Internet
Gateways in my mesh by typing batctl gwl which is short for Gateway list. Look what happens when I change the gateway
bandwidth on my router with batctl gw. The info gets replicated instantly to all
nodes. I can do things like show all MAC addresses
in the MAC table and even measure throughput between nodes and so on and so on. In order to make this a bit more readable
I can actually create a bat-hosts file that would then show host names rather than just
MAC addresses. Here’s the output. What I am after is this info here. I want to see the next hop to my Mobile phone. As I walk around this should change. Automatically. Without me noticing. So here on the screen you see the output of
the transglobal table showing the next hop to my iphone and down here the iperf3 throughput
that I have with my phone. As I walk around the next hop changes and
occasionally the speed does – depending on how many nodes I am actually connected
to. Now I will be walking around my Wi-fi Mesh
which I actually had to extend to my three floors and the garden to make it a bit more
real-world size. Everything is on the 5GHz band, so roaming
should occur quite frequently here. Just as an overview here’s the complete
plan of the Mesh. I have 6 of these Lyra Access points, lyra1
on the 1st floor of my house, lyra2 in the basement, lyra3 at the ground floor level. Plus lyra4, 5 and 6 positioned at windows
around the house. I have the router in the middle which does
not participate in Wifi. Lyra 1,2 and 3 are wired to the router. Now watch how everything moves. You can see my phone roaming from one mesh
node to another in the top window and in the bottom window you can read the throughput
from iperf3. Please do keep in mind that the Access points
are all inside the house and I am walking around the house outside – it’s all thick
concrete walls here, so sometimes the performance drops badly. But this is not meant to be a speed optimization
but rather to show the transparent hand off from one node to another. Even though I have noticed some seconds of
outage. I might need to check on all parameters such
as the Mobility domain for fast roaming and the used channels. Also – using a high 5 GHz channel as the
backbone might not be the best solution in my concrete bunker. I would probably be better off with a 2.4
GHz backbone. Last but not least, I have not yet optimized
anything for fragmentation – that means that all the MTUs on the whole network are
1500 by default which of course lowers the performance considerably. But I think you get the idea. So – overall conclusion – The B.A.T.M.A.N. advanced network can be used to spawn a mesh
of virtually any size over multiple nodes in a mesh – be it wired or wireless or hybrid. At the same time the B.A.T.M.A.N. advanced driver transforms the mesh into a
giant managed switch. You can plug in any interface anywhere to
any VLAN on that switch. You could use this to build a Mesh with Wi-fi
and wired portions like I just did or – because you can have multiple Gateways on that Mesh
– you could use it to build a community mesh – be it a large house with multiple
parties or a whole street or a city – it doesn’t matter – everyone could still
have their own Wifi name etc. on different VLANs. Just the parties could share all their internet
gateways. So rather than having a combat over free Wi-fi
channels, you could actually share them in an intelligent way and provide better Wi-fi
to everyone. Having said that – that’s all I wanted
to show you today. Thanks for watching. Stay safe, stay healthy, bye for now! Leave me a like and a comment ! Bye bye !
