Re: little bit off topic CLAT-Daemon for 464xlat for "Linux" (not android)

[Bjørn Mork <bjorn mork no>]

Tore Anderson <tore fud no> writes:
> * Thomas Schäfer
>
> > I understand you right, the DNS64/NAT64 of your ISP is broken but his PLAT-
> > service you can use without problems.
>
> In 464XLAT, the provider's NAT64 and the PLAT is exactly the same thing.
> 464XLAT doesn't use DNS64, except for the fact that it might be used in
> order to discover the NAT64 prefix that is used.
>
> So my problem is that my mobile provider's NAT64 service doesn't work.
> Therefore I used trex.fi's publicly available NAT64 service instead.
>
> Unfortunately for me my mobile provider's «IPv6 go-to guy» has quit, so
> I'm not optimistic their NAT64 will get fixed anytime soon. Perhaps
> Bjørn will rescue me soon...

I'm not going to pretend I have anything to say WRT mobile access.  I'm
just a normal user there, (ab)using whatever cabal I can to become part
of the tests going on :-)

So I can only state the obvious: They are testing IPv6 only access using
DNS64/NAT64/464XLAT. When this will be provided as a normal commercial
service depeds on lots of stuff.  Some of it is even technical...

The challenges are similar to those which have prevented us from doing a
full DSL/FTTH IPv6 rollout yet: The end user experience depends on the
terminal equipment.  Degraded user experience due to IPv6 is
unacceptable.  Most terminal equipment sucks bigtime.  And it sucks even
more if you enable IPv6.

Yes, _some_ Android phones will just work in a DNS64/NAT64/464XLAT
environment.  But that's still an exception, unfortunately. And even
those that work may have small, but stupid and unnecessary, problems
like the lack of IPv6 tethering you helped me sort out in another list.

But back to topic:  Thanks a lot for the tayga 464XLAT recipe.  I had
also been playing with the idea that this should be possible, but I
didn't realize it was that easy.  I assumed the address mapping code had
to be adapted for CLAT.  Didn't think of a single address static map
like that.

Just a small note: We use the 64:ff9b::/96 NAT64 prefix.  This makes
tayga throw an error unless you specify a local ipv6-addr:

  Error: ipv6-addr directive must be specified if prefix is 64:ff9b::/96 and ipv4-addr is a non-global (RFC 
1918) address

Something like (if your local prefix is 2001:db8::/64):

  $ echo ipv6-addr 2001:db8::1 >> tayga.conf

works around this problem.  I don't think this address is going to be
used for anything.  It's completely virtual, just like 192.168.255.1
ipv4 counter-part.  Possibly used for icmp6 errors sourced from tayga.

Anyway, with that small change I can confirm that your 464XLAT config
works just perfect:


bjorn nemi:~$ mmcli -b 0
Bearer '/org/freedesktop/ModemManager1/Bearer/0'
  -------------------------
  Status             |   connected: 'yes'
                     |   suspended: 'no'
                     |   interface: 'wwan0'
                     |  IP timeout: '20'
  -------------------------
  Properties         |         apn: 'telenor.ipv6'
                     |     roaming: 'allowed'
                     |     IP type: 'ipv6'
                     |        user: 'none'
                     |    password: 'none'
                     |      number: 'none'
                     | Rm protocol: 'unknown'
  -------------------------
  IPv4 configuration |   method: 'unknown'
  -------------------------
  IPv6 configuration |   method: 'static'
                   |  address: '2a02:2121:1:8d03:1071:2644:9af8:1353'
                   |   prefix: '64'
                   |  gateway: '2a02:2121:1:8d03:b8aa:bdb9:24af:f588'
                   |      DNS: '2001:4600:4:fff::54', '2001:4600:4:1fff::54'


bjorn nemi:~$ ifconfig wwan0
wwan0     Link encap:Ethernet  HWaddr f6:6f:09:a5:cc:39  
          inet6 addr: fe80::f46f:9ff:fea5:cc39/64 Scope:Link
          inet6 addr: 2a02:2121:1:8d03:f46f:9ff:fea5:cc39/64 Scope:Global
          UP BROADCAST RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:15750 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10439 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:17693802 (16.8 MiB)  TX bytes:2424185 (2.3 MiB)

bjorn nemi:~$ ifconfig clat
clat      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:192.0.0.4  P-t-P:192.0.0.4  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:665 errors:0 dropped:0 overruns:0 frame:0
          TX packets:665 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:69456 (67.8 KiB)  TX bytes:61796 (60.3 KiB)


bjorn nemi:~$ ip -6 route
2a02:2121:1:8d03::c1a7 dev clat  metric 1024 
2a02:2121:1:8d03::/64 dev wwan0  proto kernel  metric 256 
fe80::/64 dev tap0  proto kernel  metric 256 
fe80::/64 dev wlan0  proto kernel  metric 256 
fe80::/64 dev wwan0  proto kernel  metric 256 
ff00::/8 dev tap0  metric 256 
ff00::/8 dev wlan0  metric 256 
ff00::/8 dev wwan0  metric 256 
default via fe80::b8aa:bdb9:24af:f588 dev wwan0  proto ra  metric 1024  expires 64657sec

bjorn nemi:~$ ip route
default dev clat  scope link 

bjorn nemi:~$ host v4.fud.no
v4.fud.no has address 87.238.60.0
v4.fud.no has IPv6 address 64:ff9b::57ee:3c00

bjorn nemi:~$ ip route get 87.238.60.0
87.238.60.0 dev clat  src 192.0.0.4 
    cache 

bjorn nemi:~$ ip route get  64:ff9b::57ee:3c00
64:ff9b::57ee:3c00 via fe80::b8aa:bdb9:24af:f588 dev wwan0  src 2a02:2121:1:8d03:f46f:9ff:fea5:cc39  metric 0 
    cache 

DNS64 works of course:

bjorn nemi:~$ traceroute6 v4.fud.no
traceroute to v4.fud.no (64:ff9b::57ee:3c00) from 2a02:2121:1:8d03:f46f:9ff:fea5:cc39, port 33434, from port 
58999, 30 hops max, 60 bytes packets
 1  77.16.1.186.tmi.telenormobil.no (64:ff9b::4d10:1ba)  17.965 ms  20.267 ms  15.270 ms 
 2  64:ff9b::afb:8231 (64:ff9b::afb:8231)  27.036 ms  23.192 ms  18.963 ms 
 3  64:ff9b::afb:8269 (64:ff9b::afb:8269)  23.759 ms  25.676 ms  20.156 ms 
 4  ti0001a211-vlan103.ti.telenor.net (64:ff9b::947a:4211)  27.435 ms  27.766 ms  21.166 ms 
 5  * * *         
 6  * * *         
 7  * * *         
 8  * ti0001a400-ae0-0.ti.telenor.net (64:ff9b::92ac:63aa)  202.062 ms  195.184 ms 
 9  xe-2-3-0.cr1-osl2.n.bitbit.net (64:ff9b::3e5c:e602)  201.862 ms  201.911 ms  34.691 ms 
10  vlan-9.cs1-osl2.n.bitbit.net (64:ff9b::57ee:3e57)  204.681 ms  30.920 ms  20.971 ms 
11  siitgw1-osl2.n.bitbit.net (64:ff9b::57ee:3e5b)  30.959 ms  25.729 ms  20.061 ms 
12  siit.n.bitbit.net (64:ff9b::57ee:210e)  27.685 ms  25.854 ms  20.163 ms 
13  * * *         
14  * * *         
15  * * *         
^C53% completed...


And so does 464XLAT:

bjorn nemi:~$ traceroute v4.fud.no
traceroute to v4.fud.no (87.238.60.0), 30 hops max, 60 byte packets
 1  192.168.255.1 (192.168.255.1)  0.141 ms  0.089 ms  0.090 ms
 2  * * *
 3  77.16.1.186.tmi.telenormobil.no (77.16.1.186)  14.716 ms  21.290 ms  21.186 ms
 4  * * *
 5  * * *
 6  ti0001a211-vlan103.ti.telenor.net (148.122.66.17)  38.745 ms  16.321 ms  23.047 ms
 7  * * *
 8  * * *
 9  * * *
10  ti0001a400-ae0-0.ti.telenor.net (146.172.99.170)  28.683 ms  29.000 ms  28.416 ms
11  xe-2-3-0.cr1-osl2.n.bitbit.net (62.92.230.2)  28.061 ms  27.915 ms  27.583 ms
12  vlan-9.cs1-osl2.n.bitbit.net (87.238.62.87)  38.117 ms  37.862 ms  39.722 ms
13  siitgw1-osl2.n.bitbit.net (87.238.62.91)  36.692 ms  36.577 ms  36.248 ms
14  siit.n.bitbit.net (87.238.33.14)  36.261 ms  36.783 ms  21.989 ms
15  * * *
16  * * *
17  * * *
18  * * *
19  * *^C



Thanks again!



Bjørn