Jool icon indicating copy to clipboard operation
Jool copied to clipboard

Published 20 hours ago verified publisher icon NICMx

Setup: jool_siit on ipv6-only workstation

Open zod076 opened this issue 11 months ago • 6 comments
trafficstars

Hi lists,

I have a typical flat network, router(asus) -> LAN(IPv6-only) and on the LAN i have a Debian machine running Jool Stateful NAT64.

The Debian machine is the only dual-stack machine for translation to work. On the router I have a static route for 64:ff9b::/96 pointing to the NAT64 machine. Things are working.

Now I want to add jool_siit. Where do I add this ? I have another Debian workstation that is IPv6-only. Do I add it here ?

How would the commands look like after doing modprobe jool_siit ?

As I understand it, jool_siit is clat, meaning the Debian workstation could ping 1.1.1.1 and get a reply.

Thanks.

zod076 avatar Dec 12 '24 15:12 zod076

I have a typical flat network, router(asus) -> LAN(IPv6-only) and on the LAN i have a Debian machine running Jool Stateful NAT64.

I have another Debian workstation that is IPv6-only.

  IPv4          IPv6
   │             │
╔══╧═════╗  ╔════╧════╗
║ Router ║  ║ Debian  ║
║ (Asus) ║  ║ (NAT64) ║
╚══╤═════╝  ╚════╤════╝
   │     IPv6    │
   └──────┬──────┘
          │
      ╔═══╧══════╗
      ║  Debian  ║
      ║ (Client) ║
      ╚══════════╝

the Debian workstation could ping 1.1.1.1 and get a reply.

Or it can ping 64:ff9b::1.1.1.1. (DNS64 adds the "64:ff9b::" automatically.)

If DNS64 is not an option for you (because of DNSSEC or whatever), then sure, you can enclose the SIIT in a network namespace, and the client will be able to ping 1.1.1.1. The enclosed SIIT will add 64:ff9b, and the NAT64 will remove it.

ydahhrk avatar Dec 13 '24 17:12 ydahhrk

Ok, so how would the jool_siit commands look like on the Debian workstation ? No network namespace required as I'd like to simulate it being somewhat similar to clatd. The NAT64 Debian machine is also acting as a DNS64 resolver for the local network.

zod076 avatar Dec 14 '24 19:12 zod076

No network namespace required

I don't think this can be done without a network namespace.

I'd like to simulate it being somewhat similar to clatd.

If you mean this clatd, then maybe the solutions aren't as different as you think.

clatd's README says that it (normally?) uses Tayga under the hood. As I understand it, Tayga is a TUN interface, which is a virtual interface. When you enclose Jool in a network namespace, you're essentially simulating that.

In any case, if clatd is already working for you, you can just use it. Nothing wrong with that AFAIK.

ydahhrk avatar Dec 14 '24 21:12 ydahhrk

Ok say I setup a network namespace for jool siit, how would the jool_siit commands look like in the network namespace ?

zod076 avatar Dec 15 '24 17:12 zod076

Like this

ydahhrk avatar Dec 16 '24 16:12 ydahhrk

Like this

Will try thanks.

zod076 avatar Dec 16 '24 17:12 zod076