http://localhost:3000/
http://localhost:3000/favicon.ico?1669909233
2019-11-07T12:29:32Z
ungleich redmine
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=29837
2019-11-07T12:29:32Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul><li><strong>Subject</strong> changed from <i>Test joold on alpine</i> to <i>Test NAT64 with distributed routers with joold on alpine</i></li></ul>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=29845
2019-11-09T17:20:46Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/29845/diff?detail_id=29981">diff</a>)</li></ul>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=29846
2019-11-09T17:20:56Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul><li><strong>Related to</strong> <i><a class="issue tracker-5 status-6 priority-2 priority-default closed parent" href="/issues/7306">Task #7306</a>: Phase in new routers</i> added</li></ul>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=29881
2019-11-14T18:20:42Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul></ul><pre>
fakerouter1:~# modprobe jool_siit
modprobe: FATAL: Module jool_siit not found in directory /lib/modules/4.19.41-0-virt
fakerouter1:~#
</pre><br />-> reboot.
<p>Have to adopt the following code:</p>
<pre>
user@BR:~# modprobe jool_siit
user@BR:~# jool_siit instance add --netfilter --pool6 2001:db8:46::/96
user@BR:~# jool_siit eamt add 192.0.2.1 2001:db8:12:34::1
</pre>
<ul>
<li>pool6 will be a new /96 suffix</li>
<li>eamt for servers / vms will be individually</li>
</ul>
<pre>
jool_siit instance add --netfilter --pool6 2a0a:e5c0:5:46::/96
</pre>
<p>For full nat64, we need the jool module:</p>
<pre>
fakerouter1:~# modprobe jool
fakerouter1:~# jool instance add --netfilter --pool6 2a0a:e5c0:5:46::/96
</pre>
<p><strong>Attention</strong>: there is a difference between <code>jool instance add</code> and <code>jool_siit instance add</code> !</p>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=29882
2019-11-14T18:30:58Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul></ul><pre>
fakerouter1:~# jool -i default stats display --explain
JSTAT_UNKNOWN_ICMP6_TYPE: 97
Translations cancelled: ICMPv6 header's type value has no ICMPv4 counterpart.
JSTAT_POOL6_MISMATCH: 4428
Translations cancelled: IPv6 packet's destination address did not match pool6. (ie. Packet was not meant to be translated.)
JSTAT_POOL4_MISMATCH: 35
Translations cancelled: IPv4 packet's destination address and transport protocol did not match pool4. (ie. Packet was not meant to be translated.)
If the instance is a Netfilter translator, this counter increases randomly from normal operation, and is harmless.
If the instance is an iptables translator, this counter being positive suggests a mismatch between the IPv4 iptables rule(s) and the instance's configuration.
fakerouter1:~#
</pre>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=29883
2019-11-14T18:37:09Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul></ul><p>Testing from the 2nd router (locally created packets don't work):</p>
<pre>
fakerouter2:~# ip -6 route add 2a0a:e5c0:5:46::/96 via 2a0a:e5c0:0:2:0:b3ff:fe3
9:79a2
fakerouter2:~# ping6 2a0a:e5c0:5:46::185.204.114.1
PING 2a0a:e5c0:5:46::185.204.114.1 (2a0a:e5c0:5:46::b9cc:7201): 56 data bytes
</pre>
<p>Packets are being received:</p>
<pre>
fakerouter1:~# tcpdump -ni eth0 icmp6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
17:34:36.538710 IP6 2a0a:e5c0:0:2:0:b3ff:fe39:7976 > 2a0a:e5c0:5:46::b9cc:7201: ICMP6, echo request, seq 37, length 64
17:34:37.538848 IP6 2a0a:e5c0:0:2:0:b3ff:fe39:7976 > 2a0a:e5c0:5:46::b9cc:7201: ICMP6, echo request, seq 38, length 64
17:34:38.539104 IP6 2a0a:e5c0:0:2:0:b3ff:fe39:7976 > 2a0a:e5c0:5:46::b9cc:7201: ICMP6, echo request, seq 39, length 64
17:34:39.539254 IP6 2a0a:e5c0:0:2:0:b3ff:fe39:7976 > 2a0a:e5c0:5:46::b9cc:7201: ICMP6, echo request, seq 40, length 64
17:34:40.539501 IP6 2a0a:e5c0:0:2:0:b3ff:fe39:7976 > 2a0a:e5c0:5:46::b9cc:7201: ICMP6, echo request, seq 41, length 64
^C
5 packets captured
6 packets received by filter
0 packets dropped by kernel
fakerouter1:~#
</pre>
<p>forgot this part:</p>
<pre>
fakerouter1:~# sysctl net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding = 1
fakerouter1:~# sysctl net.ipv4.conf.all.forwarding=1
net.ipv4.conf.all.forwarding = 1
fakerouter1:~#
</pre>
<p>works:</p>
<pre>
fakerouter1:~# tcpdump -ni eth1 not arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
17:36:22.939950 IP 185.203.112.57 > 185.204.114.1: ICMP echo request, id 65323, seq 15, length 64
17:36:23.681836 IP 185.176.27.246.54891 > 185.203.112.57.65463: Flags [S], seq 774583523, win 1024, length 0
17:36:23.940086 IP 185.203.112.57 > 185.204.114.1: ICMP echo request, id 65323, seq 16, length 64
17:36:24.940247 IP 185.203.112.57 > 185.204.114.1: ICMP echo request, id 65323, seq 17, length 64
17:36:25.529574 IP6 fe80::21b:21ff:febb:6934 > ff02::1:ff39:800d: ICMP6, neighbor solicitation, who has 2a0a:e5c0:0:2:400:b3ff:fe39:800d, length 32
17:36:25.940458 IP 185.203.112.57 > 185.204.114.1: ICMP echo request, id 65323, seq 18, length 64
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel
fakerouter1:~#
</pre>
<p>And with the correct IPv4 address, even works with reply:</p>
<pre>
fakerouter2:~# ping6 2a0a:e5c0:5:46::185.203.114.1
PING 2a0a:e5c0:5:46::185.203.114.1 (2a0a:e5c0:5:46::b9cb:7201): 56 data bytes
64 bytes from 2a0a:e5c0:5:46::b9cb:7201: seq=0 ttl=62 time=0.979 ms
64 bytes from 2a0a:e5c0:5:46::b9cb:7201: seq=1 ttl=62 time=0.961 ms
^C
--- 2a0a:e5c0:5:46::185.203.114.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.961/0.970/0.979 ms
fakerouter2:~#
</pre>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=29884
2019-11-14T19:01:56Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul></ul><p>Sessions w/ tcp visible:</p>
<pre>
---------------------------------
fakerouter1:~# jool session display
---------------------------------
(ESTABLISHED) Expires in 1:59:58.570
Remote: 185-203-114-1.legacy.ipv4.at.ungleich.ch#ssh 2a0a-e5c0-0000-0002-0000-b3ff-fe39-7976.loves.ipv6.at.ungleich.ch#41974
Local: 185.203.112.57#62413 2a0a:e5c0:5:46::b9cb:7201#22
---------------------------------
fakerouter1:~#
fakerouter1:~# jool bib display
[Dynamic TCP] 185.203.112.57#62413 - 2a0a-e5c0-0000-0002-0000-b3ff-fe39-7976.loves.ipv6.at.ungleich.ch#41974
</pre>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=29885
2019-11-14T19:10:43Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul></ul><p>Adding selected addresses instead of using only the existing one:</p>
<pre>
fakerouter1:~# jool pool4 add 10.0.0.0/24 2-32000 --tcp
fakerouter1:~# jool pool4 add 10.0.0.0/24 2-32000 --udp
fakerouter1:~# jool pool4 add 10.0.0.0/24 2-32000 --icmp
fakerouter1:~# jool pool4 display
+------------+-------+--------------------+-----------------+-------------+
| Mark | Proto | Max iterations | Address | Ports |
+------------+-------+--------------------+-----------------+-------------+
| 0 | TCP | 8192 ( auto) | 10.0.0.0 | 2-32000 |
| | | | 10.0.0.1 | 2-32000 |
| | | | 10.0.0.2 | 2-32000 |
| | | | 10.0.0.3 | 2-32000 |
| | | | 10.0.0.4 | 2-32000 |
| | | | 10.0.0.5 | 2-32000 |
...
</pre>
<p>Works as expected:</p>
<pre>
fakerouter1:~# tcpdump -ni eth1 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
18:11:00.012258 IP 10.0.0.233 > 185.203.114.1: ICMP echo request, id 28805, seq 11, length 64
18:11:01.012376 IP 10.0.0.233 > 185.203.114.1: ICMP echo request, id 28805, seq 12, length 64
18:11:02.012587 IP 10.0.0.233 > 185.203.114.1: ICMP echo request, id 28805, seq 13, length 64
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel
</pre>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=29886
2019-11-14T19:21:57Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/29886/diff?detail_id=30006">diff</a>)</li></ul>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=29887
2019-11-14T19:23:05Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/29887/diff?detail_id=30007">diff</a>)</li></ul>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=29888
2019-11-14T19:47:19Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/29888/diff?detail_id=30008">diff</a>)</li></ul>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=30472
2019-12-20T21:47:39Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul></ul><ul>
<li>Configuring router1.place6 for NAT64
<ul>
<li>Prefix 2a0a:e5c0:2:10::/96</li>
</ul></li>
</ul>
<pre>
router1:~# jool instance add --netfilter --pool6 2a0a:e5c0:2:10::/96
</pre>
<p>... router not reachable atm.</p>
Open Infrastructure - Task #7304: Test NAT64 with distributed routers with joold on alpine
http://localhost:3000/issues/7304?journal_id=31016
2020-01-31T16:16:58Z
Nico Schottelius
nico.schottelius@ungleich.ch
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Rejected</i></li></ul><p>Active-passive</p>