Project

General

Profile

Actions

Task #7377

closed

Create an active-active NAT64 gateway

Added by Nico Schottelius about 5 years ago. Updated almost 5 years ago.

Status:
Rejected
Priority:
Normal
Target version:
-
Start date:
11/29/2019
Due date:
% Done:

0%

Estimated time:
PM Check date:

Description

  • session sync & co.
  • I'd recommend jool + joold, but open to options
Actions #1

Updated by Nico Schottelius about 5 years ago

ping

Actions #2

Updated by Nico Schottelius about 5 years ago

I'll try some joold magic today

apk add jool-modules-vanilla  jool-tools-openrc jool-tools
[14:06] replacement-router2.place5:~# cat joold.conf 
{
    "multicast address": "ff08::db8:64:64",
    "multicast port": "6464",
    "in interface": "bond0.8",
    "out interface": "bond0.8",
    "reuseaddr": 1,
    "ttl": 3
}
[14:06] replacement-router2.place5:~# joold joold.conf 
joold error: -3

Same error with

{                                                                                                         
        "multicast address": "ff08::db8:64:64",                                                           
        "multicast port": "6464",                                                                         
        "reuseaddr": 1,                                                                                   
        "ttl": 3                                                                                          
}     

Error -2 w/ different multicast address

[14:10] replacement-router2.place5:~# joold /root/joold.conf
joold error: -2
[14:10] replacement-router2.place5:~# cat /root/joold.conf
{
        "multicast address": "FF02::DB8::1",
        "multicast port": "6464",
        "reuseaddr": 1,
        "ttl": 3
}

Minimal config:

[14:10] replacement-router2.place5:~# joold /root/joold.conf
joold error: -2
[14:11] replacement-router2.place5:~# cat /root/joold.conf
{
        "multicast address": "FF02::DB8::1",
        "multicast port": "6464" 
}
[14:11] replacement-router2.place5:~# 

Filename seems to be right / consistent error

[14:33] replacement-router2.place5:~# joold 
joold error: -2
[14:33] replacement-router2.place5:~# cat netsocket.json 
{
        "multicast address": "FF02::DB8::1",
        "multicast port": "6464" 
}

strace:

sendto(3, "<30>Nov 30 13:34:21 joold: Openi"..., 58, 0, NULL, 0) = 58
open("netsocket.json", O_RDONLY)        = 4
lseek(4, 0, SEEK_END)                   = 68
lseek(4, 0, SEEK_CUR)                   = 68
lseek(4, 0, SEEK_SET)                   = 0
readv(4, [{iov_base="{\n\t\"multicast address\": \"FF02::D"..., iov_len=67}, {iov_base="\n", iov_len=1024}], 2) = 68
close(4)                                = 0
sendto(3, "<30>Nov 30 13:34:21 joold: Getti"..., 72, 0, NULL, 0) = 72
open("/etc/hosts", O_RDONLY|O_CLOEXEC)  = 4
fcntl(4, F_SETFD, FD_CLOEXEC)           = 0
read(4, "127.0.0.1\trouter4 localhost.loca"..., 1024) = 87
read(4, "", 1024)                       = 0
close(4)                                = 0
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 4
fcntl(4, F_SETFD, FD_CLOEXEC)           = 0
read(4, "# Generated by cdist with a good"..., 248) = 115
read(4, "", 248)                        = 0
close(4)                                = 0
socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 4
bind(4, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0
setsockopt(4, SOL_IPV6, IPV6_V6ONLY, [0], 4) = -1 EINVAL (Invalid argument)
sendto(4, "\227\260\1\0\0\1\0\0\0\0\0\0\fFF02::DB8::1\6place5"..., 49, MSG_NOSIGNAL, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_scope_id=0}, 28) = 49
sendto(4, "\227\260\1\0\0\1\0\0\0\0\0\0\fFF02::DB8::1\6place5"..., 49, MSG_NOSIGNAL, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::4", &sin6_addr), sin6_scope_id=0}, 28) = 49
sendto(4, "\231\2\1\0\0\1\0\0\0\0\0\0\fFF02::DB8::1\6place5"..., 49, MSG_NOSIGNAL, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_scope_id=0}, 28) = 49
sendto(4, "\231\2\1\0\0\1\0\0\0\0\0\0\fFF02::DB8::1\6place5"..., 49, MSG_NOSIGNAL, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::4", &sin6_addr), sin6_scope_id=0}, 28) = 49
poll([{fd=4, events=POLLIN}], 1, 2500)  = 1 ([{fd=4, revents=POLLIN}])
recvfrom(4, "\227\260\205\203\0\1\0\0\0\1\0\0\fFF02::DB8::1\6place5"..., 512, 0, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_scope_id=0}, [28]) = 95
recvfrom(4, 0x7ffc3b6de6a0, 512, 0, 0x7ffc3b6de150, [28]) = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=4, events=POLLIN}], 1, 2499)  = 1 ([{fd=4, revents=POLLIN}])
recvfrom(4, "\231\2\205\203\0\1\0\0\0\1\0\0\fFF02::DB8::1\6place5"..., 512, 0, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_scope_id=0}, [28]) = 95
close(4)                                = 0
socket(AF_INET6, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, IPPROTO_IP) = 4
bind(4, {sa_family=AF_INET6, sin6_port=htons(0), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0
setsockopt(4, SOL_IPV6, IPV6_V6ONLY, [0], 4) = -1 EINVAL (Invalid argument)
sendto(4, "\366\t\1\0\0\1\0\0\0\0\0\0\fFF02::DB8::1\0\0\1\0\1", 30, MSG_NOSIGNAL, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_scope_id=0}, 28) = 30
sendto(4, "\366\t\1\0\0\1\0\0\0\0\0\0\fFF02::DB8::1\0\0\1\0\1", 30, MSG_NOSIGNAL, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::4", &sin6_addr), sin6_scope_id=0}, 28) = 30
sendto(4, "\366\366\1\0\0\1\0\0\0\0\0\0\fFF02::DB8::1\0\0\34\0\1", 30, MSG_NOSIGNAL, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_scope_id=0}, 28) = 30
sendto(4, "\366\366\1\0\0\1\0\0\0\0\0\0\fFF02::DB8::1\0\0\34\0\1", 30, MSG_NOSIGNAL, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::4", &sin6_addr), sin6_scope_id=0}, 28) = 30
poll([{fd=4, events=POLLIN}], 1, 2500)  = 1 ([{fd=4, revents=POLLIN}])
recvfrom(4, "\366\t\201\203\0\1\0\0\0\1\0\0\fFF02::DB8::1\0\0\1\0\1\0\0"..., 512, 0, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_scope_id=0}, [28]) = 105
recvfrom(4, "\366\366\201\203\0\1\0\0\0\1\0\0\fFF02::DB8::1\0\0\34\0\1\0\0"..., 512, 0, {sa_family=AF_INET6, sin6_port=htons(53), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "2a0a:e5c0::3", &sin6_addr), sin6_scope_id=0}, [28]) = 105
close(4)                                = 0
sendto(3, "<27>Nov 30 13:34:21 joold: getad"..., 71, 0, NULL, 0) = 71
close(3)                                = 0
writev(2, [{iov_base="joold error: -2\n", iov_len=16}, {iov_base=NULL, iov_len=0}], 2joold error: -2
) = 16
exit_group(-2)                          = ?
+++ exited with 254 +++
Actions #3

Updated by Nico Schottelius about 5 years ago

  • Project changed from hack4glarus-2019-winter to Open Infrastructure
  • Subject changed from Create an active-active NAT64 gateway on 2 APUs to Create an active-active NAT64 gateway
  • Status changed from New to In Progress
  • Assignee changed from Kamila Součková to Nico Schottelius
alpine-router1:~# jool instance remove example
alpine-router1:~# jool instance add default --netfilter --pool6 64:ff9b::/96
alpine-router1:~# jool pool4 add --tcp 185.203.114.5 1-65534
Actions #4

Updated by Nico Schottelius about 5 years ago

Need to add pool entries for each protocol:

alpine-router1:~# jool pool4 add --icmp 185.203.114.5 1-65534
alpine-router1:~# jool pool4 add --udp 185.203.114.5 1-65534
Actions #5

Updated by Nico Schottelius about 5 years ago

Using the new NAT64 IPv4 address on both machines:

alpine-router2:~# ip addr add 185.203.114.5/24 dev eth0
Actions #6

Updated by Nico Schottelius about 5 years ago

Session exist on one router, session does not exist on other one -> multicast issue?

alpine-router1:~# jool session display
---------------------------------
(V6_INIT) Expires in 0:03:39.550
Remote: 185-203-114-5.legacy.ipv4.at.ungleich.ch#ssh    2a0a-e5c0-0000-0002-0000-b3ff-fe39-7976.loves.ipv6.at.ungleich.ch#42766
Local: 185.203.114.5#13444      64:ff9b::b9cb:7205#22
---------------------------------
(V6_INIT) Expires in 0:03:51.790
Remote: 185-203-114-5.legacy.ipv4.at.ungleich.ch#ssh    2a0a-e5c0-0000-0002-0000-b3ff-fe39-7976.loves.ipv6.at.ungleich.ch#42768
Local: 185.203.114.5#13445      64:ff9b::b9cb:7205#22
---------------------------------
(V6_INIT) Expires in 0:03:59.950
Remote: 185-203-114-5.legacy.ipv4.at.ungleich.ch#ssh    2a0a-e5c0-0000-0002-0000-b3ff-fe39-7976.loves.ipv6.at.ungleich.ch#42770
Local: 185.203.114.5#13446      64:ff9b::b9cb:7205#22
---------------------------------
alpine-router1:~# 

---------------------------------
alpine-router2:~#  jool session display
---------------------------------
alpine-router2:~# 

According to alpine-router1:/etc/jool# tcpdump -ni any port 6464 it looks like as if there is no traffic sent

Actions #7

Updated by Nico Schottelius almost 5 years ago

  • Status changed from In Progress to Rejected

Going active-passive.

Actions

Also available in: Atom PDF