-
Notifications
You must be signed in to change notification settings - Fork 299
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lwAFTR ARP and Encapsulation limit #1441
Comments
Additional info: An Ubuntu client with manually added tunnel (right) had the same issue at first, but when specifying 'encaplimit none' at tunnel creation, the Destination Option Header (DSTOPT) isn't passed, and everything works. I'm not entirely sure wheter this is an issue that needs to be resolved on the lwAFTR-side or on the lwB4 side. |
Hallo, May I ask you something abt your manually configured lwB4 ?? Thanks |
Hi, The lwB4 performs NAT on outbound traffic in the POSTROUTING chain (i.e., all traffic going out via the 4 in 6 tunnel interface gets NAT'd). Here's a set of rules that I've used for configuring a lwB4: ` ip link set $B4INT up |
Hi Please have a look at my topology. I have adjusted your configuration, but I think I am missing something here coz it is not really working. Below is my config: - B4V6ADDR=2001:db8:0:1::2/64 ip link set $B4INT up Note: I am using a test environment, so I am not using the standard IP of 192.0.2.1. All machines are centos-7 built using VMware workstation. Regards |
It looks to me like the AFTRV6 addressing is wrong. The AFTR needs to be configured with a v6 address for it's interface, which is on the same prefix as the B4V6ADDR, so 2001:db8:1::1 is OK for this, but it should be used as the V6NEXTHOP, not the AFTRV6ADDR. 2001:db8:1::1 is used as the internal address within the AFTR's config. When the AFTR is running, 2001:db8:1::1 should be pingable from the B4. The AFTRV6ADDR is really a virtual address - it is the v6 tunnel endpoint address and the dst. for 4in6 packets from the B4, but it is not attached to any interface. The address for this needs to be taken from a prefix which is not 2001:db8:0:1::/64 so it is routed through the AFTR using the B4's default route (V6NEXTHOP), so e.g., 2001:db8:0:2::2/64 would work. So for the AFTR config you'd have:
And a softwire config:
|
I am a bit confused here :) let me break down a bit what I have understood now: - LwB4 machine internal hardcoded ens35 conf: - LwAFTR machine internal conf for ens34: - so the script on the LwB4 side will be like this: - B4V6ADDR=2001:db8:0:1::2/64 ip link set $B4INT up One more question, Lwb4 is supposed to have a "port set" assigning method, I couldn't adjust it to work with my script, any idea? |
Hallo, B4V6ADDR=2001:db8:0:1::2/64 ip link set $B4INT up The thing is, I see now you added red coloured IPS on the topology. How to configure psid for lwB4 machine?? |
FYI, the is the tcpdump resutl on the lwB4 & lwAFTR when I pinged the the IPv4 server from the IPv4 client. [root@B4_lw ~]# tcpdump -n -i ens35 [root@AFTR ~]# tcpdump -n -i ens34 Does this mean that LwB4 is correctly configured and ready? |
Yes, you're correct about the v6 route - it should be: For getting the AFTR running, what hardware (or VM) are you running the Snabb AFTR on? From a previous test setup that I helped with, getting things running on a VM required creating a bridge with the 'physical' interface and a virtio interface to attach the snabb process to. Regarding configuring the PSID on the lwB4, there is a source port command that can be added to the NAT rule - I'm pretty rusty on all of this stuff as I've never really used it. It's something like this (from memory): You will need to manually calculate the port range that is being specified in the corresponding rule on the AFTR. If there is no 'offset' value being set, then this should be a single rule with one block of ports. For other values of offset, then things get more complicated. It's defined in RFC7597 in section 5.1 with examples in the appendix. |
We started with the setup described in the tutorial in #1483 This uses lwAFTR’s capability to use Linux interfaces ( We’re now trying to adapt this setup to work with regular Linux interfaces in a VM. I am a bit worried about Linux intercepting ARP/ND/ICMP, but we’ll have to see. |
I'm trying to get a demo running of a lwAFTR. So far I seem to have it working on a basic level. I have a lwB4 manually configured on a Ubuntu system with iptables for NAT and an ipip6 tunnel to send it through. But along the way I ran into two problems:
ARP for shared IPs.
The lwAFTR runs with a configuration containing softwires for a few lwB4's. In my demo I have single shared IPv4-address over a few lwB4-clients, but this should work the same for multiple IPv4-addressess. The problem is that the lwAFTR doesn't publish the shared IP through ARP. This way the gateway which the lwAFTR is connected to, doesn't know where to send returning packets.
With a manual ARP entry in my gateway, I got the system working. But on large scale, that doesn't sound ideal. Is there a way to set the lwAFTR to publish the shared IPs that it 'manages'?
Encapsulation limit
By default some systems seem to set up their tunnels with an encaplimit, in TCPdump this reflects in the "DSTOPT" flag on packets. It seems that the lwAFTR drops packets with this flag. Is there a way for the lwAFTR to accept these packets with an encaplimit, or should all tunnels be configured without?
lwB4
Another question where that I'm not sure where to ask: are there any open-source lwB4 functions available to deploy or test my system with? I can only read some things about OpenWRT supporting it, but that works terrible in my experience. I can't get it to work right since it doesn't listen right to it's own configuration. Only working lwB4 I got so far, as mentioned, is a manually configured Ubuntu client.
The text was updated successfully, but these errors were encountered: