Documentation > Basic Tutorials > SIIT + EAM
EAM Run
Index
Introduction
This document explains how to run Jool in EAM mode (which actually more than a “mode” is simply stock SIIT with records in the EAM table). Follow the link for more details on what to expect. See also the EAMT RFC summary for more details on how the EAMT works.
I really don’t want to have to maintain three almost identical tutorials (it’s a surprising amount of work), so please read the traditional SIIT tutorial first. You don’t need to follow it; just make sure you generally understand all the remarks.
Sample Network
Again, all the remarks in the traditional SIIT’s Sample Network section apply here.
This is nodes A through E:
user@A:~# /sbin/ip link set eth0 up
user@A:~# # Replace "::8" depending on which node you're on.
user@A:~# /sbin/ip addr add 2001:db8:6::8/96 dev eth0
user@A:~# /sbin/ip route add 2001:db8:4::/120 via 2001:db8:6::1
Nodes V through Z have the exact same configuration from the previous document.
user@V:~# /sbin/ip link set eth0 up
user@V:~# # Replace ".16" depending on which node you're on.
user@V:~# /sbin/ip addr add 192.0.2.16/24 dev eth0
user@V:~# /sbin/ip route add 198.51.100.0/24 via 192.0.2.1
Node T:
user@T:~# /sbin/ip link set eth0 up
user@T:~# /sbin/ip addr add 2001:db8:6::1/96 dev eth0
user@T:~#
user@T:~# /sbin/ip link set eth1 up
user@T:~# /sbin/ip addr add 192.0.2.1/24 dev eth1
user@T:~#
user@T:~# /sbin/sysctl -w net.ipv4.conf.all.forwarding=1
user@T:~# /sbin/sysctl -w net.ipv6.conf.all.forwarding=1
Make sure T can ping everyone before introducing Jool into the mix.
Jool
First, teach your kernel what SIIT is by attaching the jool_siit
module to your kernel:
user@T:~# /sbin/modprobe jool_siit
user@T:~# # Please remember: This assumes you're using the packages feed.
user@T:~# # If your Jool version is 3.5.7, you shouldn't be here!
user@T:~# insmod jool_common
user@T:~# insmod jool_siit
Then create and configure the instance:
This section discusses Netfilter Jool vs iptables Jool.
user@T:~# jool_siit instance add "example" --netfilter
user@T:~# jool_siit -i "example" eamt add 2001:db8:6::/120 198.51.100.0/24
user@T:~# jool_siit -i "example" eamt add 2001:db8:4::/120 192.0.2.0/24
user@T:~# jool_siit instance add "example" --iptables
user@T:~# jool_siit -i "example" eamt add 2001:db8:6::/120 198.51.100.0/24
user@T:~# jool_siit -i "example" eamt add 2001:db8:4::/120 192.0.2.0/24
user@T:~#
user@T:~# /sbin/ip6tables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"
user@T:~# /sbin/iptables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"
-i
stands for “instance.” The eamt add
commands build an Explicit Address Mappings Table. You can see it through the display
operation:
user@T:~# jool_siit -i "example" eamt display
+---------------------------------------------+--------------------+
| IPv6 Prefix | IPv4 Prefix |
+---------------------------------------------+--------------------+
| 2001:db8:4::/120 | 192.0.2.0/24 |
| 2001:db8:6::/120 | 198.51.100.0/24 |
+---------------------------------------------+--------------------+
And again, the IPv6 prefix and the EAM table are not exclusive operation modes. Jool will always try to translate an address using EAMs, and if that fails, fall back to use the prefix. Add --pool6
during the instance add
if you want this.
Testing
Remember the FAQ and debug logging if something goes south. Do not try a 2001:db8::X.X.X.X
ping from the translator; it’s not going to work.
Try to ping V from A like this:
user@A:~$ ping6 2001:db8:4::10 # Reminder: hex 10 = dec 16.
PING 2001:db8:4::10(2001:db8:4::10) 56 data bytes
64 bytes from 2001:db8:4::10: icmp_seq=1 ttl=63 time=2.95 ms
64 bytes from 2001:db8:4::10: icmp_seq=2 ttl=63 time=2.79 ms
64 bytes from 2001:db8:4::10: icmp_seq=3 ttl=63 time=4.13 ms
64 bytes from 2001:db8:4::10: icmp_seq=4 ttl=63 time=3.60 ms
^C
--- 2001:db8:4::10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 2.790/3.370/4.131/0.533 ms
Then ping A from V:
user@V:~$ ping 198.51.100.8
PING 198.51.100.8 (198.51.100.8) 56(84) bytes of data.
64 bytes from 198.51.100.8: icmp_seq=1 ttl=63 time=5.04 ms
64 bytes from 198.51.100.8: icmp_seq=2 ttl=63 time=2.55 ms
64 bytes from 198.51.100.8: icmp_seq=3 ttl=63 time=1.93 ms
64 bytes from 198.51.100.8: icmp_seq=4 ttl=63 time=2.47 ms
^C
--- 198.51.100.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.930/3.001/5.042/1.204 ms
How about hooking up a server in Y and access it from D:
Then maybe another one in B and request from X:
Stopping Jool
Remove the instance:
user@T:~# jool_siit instance remove "example"
user@T:~# /sbin/ip6tables -t mangle -D PREROUTING -j JOOL_SIIT --instance "example"
user@T:~# /sbin/iptables -t mangle -D PREROUTING -j JOOL_SIIT --instance "example"
user@T:~# jool_siit instance remove "example"
And (optionally) remove the kernel modules:
user@T:~# /sbin/modprobe -r jool_siit
user@T:~# rmmod jool_siit
user@T:~# rmmod jool_common
Afterwords
- If you care about performance, you might want to raise
lowest-ipv6-mtu
. - Please note that none of what was done in this tutorial survives reboots! Here’s documentation on persistence.
The next tutorial is a Stateful NAT64 run.