Documentation > Basic Tutorials > SIIT + EAM

EAM Run

Index

  1. Introduction
  2. Sample Network
  3. Jool
  4. Testing
  5. Stopping Jool
  6. Afterwords

Introduction

This document explains how to run Jool in EAM mode (which actually more than a “mode” is simply stock SIIT with records in the EAM table). Follow the link for more details on what to expect. See also the EAMT RFC summary for more details on how the EAMT works.

I really don’t want to have to maintain three almost identical tutorials (it’s a surprising amount of work), so please read the traditional SIIT tutorial first. You don’t need to follow it; just make sure you generally understand all the remarks.

Sample Network

Figure 1 - Sample Network

Again, all the remarks in the traditional SIIT’s Sample Network section apply here.

This is nodes A through E:

user@A:~# /sbin/ip link set eth0 up
user@A:~# # Replace "::8" depending on which node you're on.
user@A:~# /sbin/ip addr add 2001:db8:6::8/96 dev eth0
user@A:~# /sbin/ip route add 2001:db8:4::/120 via 2001:db8:6::1

Nodes V through Z have the exact same configuration from the previous document.

user@V:~# /sbin/ip link set eth0 up
user@V:~# # Replace ".16" depending on which node you're on.
user@V:~# /sbin/ip addr add 192.0.2.16/24 dev eth0
user@V:~# /sbin/ip route add 198.51.100.0/24 via 192.0.2.1

Node T:

user@T:~# /sbin/ip link set eth0 up
user@T:~# /sbin/ip addr add 2001:db8:6::1/96 dev eth0
user@T:~# 
user@T:~# /sbin/ip link set eth1 up
user@T:~# /sbin/ip addr add 192.0.2.1/24 dev eth1
user@T:~# 
user@T:~# /sbin/sysctl -w net.ipv4.conf.all.forwarding=1
user@T:~# /sbin/sysctl -w net.ipv6.conf.all.forwarding=1

Make sure T can ping everyone before introducing Jool into the mix.

Jool

First, teach your kernel what SIIT is by attaching the jool_siit module to your kernel:

Most distros OpenWRT
user@T:~# /sbin/modprobe jool_siit
user@T:~# # Please remember: This assumes you're using the packages feed.
user@T:~# # If your Jool version is 3.5.7, you shouldn't be here!
user@T:~# insmod jool_common
user@T:~# insmod jool_siit

Then create and configure the instance:

Note! This section discusses Netfilter Jool vs iptables Jool.

Netfilter Jool iptables Jool
user@T:~# jool_siit instance add "example" --netfilter
user@T:~# jool_siit -i "example" eamt add 2001:db8:6::/120 198.51.100.0/24
user@T:~# jool_siit -i "example" eamt add 2001:db8:4::/120 192.0.2.0/24
 
 
 
user@T:~# jool_siit instance add "example" --iptables
user@T:~# jool_siit -i "example" eamt add 2001:db8:6::/120 198.51.100.0/24
user@T:~# jool_siit -i "example" eamt add 2001:db8:4::/120 192.0.2.0/24
user@T:~#
user@T:~# /sbin/ip6tables -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"
user@T:~# /sbin/iptables  -t mangle -A PREROUTING -j JOOL_SIIT --instance "example"

-i stands for “instance.” The eamt add commands build an Explicit Address Mappings Table. You can see it through the display operation:

user@T:~# jool_siit -i "example" eamt display
+---------------------------------------------+--------------------+
|                                 IPv6 Prefix |        IPv4 Prefix |
+---------------------------------------------+--------------------+
|                            2001:db8:4::/120 |       192.0.2.0/24 |
|                            2001:db8:6::/120 |    198.51.100.0/24 |
+---------------------------------------------+--------------------+

And again, the IPv6 prefix and the EAM table are not exclusive operation modes. Jool will always try to translate an address using EAMs, and if that fails, fall back to use the prefix. Add --pool6 during the instance add if you want this.

Testing

Remember the FAQ and debug logging if something goes south. Do not try a 2001:db8::X.X.X.X ping from the translator; it’s not going to work.

Try to ping V from A like this:

user@A:~$ ping6 2001:db8:4::10 # Reminder: hex 10 = dec 16.
PING 2001:db8:4::10(2001:db8:4::10) 56 data bytes
64 bytes from 2001:db8:4::10: icmp_seq=1 ttl=63 time=2.95 ms
64 bytes from 2001:db8:4::10: icmp_seq=2 ttl=63 time=2.79 ms
64 bytes from 2001:db8:4::10: icmp_seq=3 ttl=63 time=4.13 ms
64 bytes from 2001:db8:4::10: icmp_seq=4 ttl=63 time=3.60 ms
^C
--- 2001:db8:4::10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 2.790/3.370/4.131/0.533 ms

Then ping A from V:

user@V:~$ ping 198.51.100.8
PING 198.51.100.8 (198.51.100.8) 56(84) bytes of data.
64 bytes from 198.51.100.8: icmp_seq=1 ttl=63 time=5.04 ms
64 bytes from 198.51.100.8: icmp_seq=2 ttl=63 time=2.55 ms
64 bytes from 198.51.100.8: icmp_seq=3 ttl=63 time=1.93 ms
64 bytes from 198.51.100.8: icmp_seq=4 ttl=63 time=2.47 ms
^C
--- 198.51.100.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.930/3.001/5.042/1.204 ms

How about hooking up a server in Y and access it from D:

Figure 1 - IPv6 TCP from an IPv4 node

Then maybe another one in B and request from X:

Figure 2 - IPv4 TCP from an IPv6 node

Stopping Jool

Remove the instance:

Netfilter Jool iptables Jool
 
 
user@T:~# jool_siit instance remove "example"
user@T:~# /sbin/ip6tables -t mangle -D PREROUTING -j JOOL_SIIT --instance "example"
user@T:~# /sbin/iptables  -t mangle -D PREROUTING -j JOOL_SIIT --instance "example"
user@T:~# jool_siit instance remove "example"

And (optionally) remove the kernel modules:

Most distros OpenWRT
user@T:~# /sbin/modprobe -r jool_siit
 
user@T:~# rmmod jool_siit
user@T:~# rmmod jool_common

Afterwords

  1. If you care about performance, you might want to raise lowest-ipv6-mtu.
  2. Please note that none of what was done in this tutorial survives reboots! Here’s documentation on persistence.

The next tutorial is a Stateful NAT64 run.