Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: nsp: ipv6

Question: Sharing an IP-connection

  

 
nsp ipv6 RSS feed   Index | Next | Previous | View Threaded


thomas at cis

May 20, 2012, 4:51 AM

Post #1 of 11 (610 views)
Permalink
Question: Sharing an IP-connection
Hi,

this may not be an IPv6-operator-, but a user-problem. This qustion is
only related to IPv6, no thoughts about IPv4/NAT and so on. (ipv6 only
or ipv6 only with NAT64 in background)

Given is a IPv6 connection with /64 and SLAAC bound to wwan0.
Given is at the moment a Linux-system, but the problem is OS-independent.

What would you do to share this via LAN (eth0) or WLAN(wlan0)?
Would you try bridging (bridge-utils with brctl) or special routing
hacks(neighbor proxy)?
Other suggestions?

Regards,

Thomas


gert at space

May 20, 2012, 11:47 AM

Post #2 of 11 (584 views)
Permalink
Re: Question: Sharing an IP-connection [In reply to]
Hi,

On Sun, May 20, 2012 at 01:51:56PM +0200, Thomas Schäfer wrote:
> What would you do to share this via LAN (eth0) or WLAN(wlan0)?
> Would you try bridging (bridge-utils with brctl) or special routing
> hacks(neighbor proxy)?
> Other suggestions?

The religiously correct answer is "run DHCP-PD to receive an extra /64
to be used on the 'LAN side' interface".

If that's not available, I think it very much depends on how "ethernet-like"
your wwan0 is, and whether it permits arbitrary MAC addresses, or just a
single one - in that case, brctl or ndp proxy might both work...

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279


bjorn at mork

May 20, 2012, 12:55 PM

Post #3 of 11 (589 views)
Permalink
Re: Question: Sharing an IP-connection [In reply to]
Gert Doering <gert [at] space> writes:
> On Sun, May 20, 2012 at 01:51:56PM +0200, Thomas Schäfer wrote:
>> What would you do to share this via LAN (eth0) or WLAN(wlan0)?
>> Would you try bridging (bridge-utils with brctl) or special routing
>> hacks(neighbor proxy)?
>> Other suggestions?
>
> The religiously correct answer is "run DHCP-PD to receive an extra /64
> to be used on the 'LAN side' interface".
>
> If that's not available, I think it very much depends on how "ethernet-like"
> your wwan0 is, and whether it permits arbitrary MAC addresses, or just a
> single one - in that case, brctl or ndp proxy might both work...

The wwan0 interface will allow any MAC address (the driver will often
use a random one), but the modem plays a few tricks with neigbour
discovery so I am not going to bet on *multiple* MAC addresses working
until it is tested.

Does bridging work, Thomas? If so, then that would be my favourite
alternative as long as there is no DHCP-PD (and I guess there isn't?)


Bjørn


thomas at cis

May 20, 2012, 1:27 PM

Post #4 of 11 (593 views)
Permalink
Re: Question: Sharing an IP-connection [In reply to]
> The wwan0 interface will allow any MAC address (the driver will often
> use a random one), but the modem plays a few tricks with neigbour
> discovery so I am not going to bet on *multiple* MAC addresses working
> until it is tested.
>
> Does bridging work, Thomas? If so, then that would be my favourite
> alternative as long as there is no DHCP-PD (and I guess there isn't?)

Until now it was only a theoretical thought. My hope was, that somebody says
this is ugly (splitting a /64) but it works with step one, two....

I will investigate the possibilities. But this takes a little bit longer. I
have no experience with bridging nor IPv6-dhcp, and arp-proxy will be very
different to ndp-tricks.

Thanks a lot for the hints so far.

We have endless addresses(privacy extensions work) but it is difficult share
this pool.


Regards,

Thomas


marc.blanchet at viagenie

May 21, 2012, 7:13 AM

Post #5 of 11 (595 views)
Permalink
Re: Question: Sharing an IP-connection [In reply to]
Le 2012-05-20 à 07:51, Thomas Schäfer a écrit :

> Hi,
>
> this may not be an IPv6-operator-, but a user-problem. This qustion is only related to IPv6, no thoughts about IPv4/NAT and so on. (ipv6 only or ipv6 only with NAT64 in background)
>
> Given is a IPv6 connection with /64 and SLAAC bound to wwan0.
> Given is at the moment a Linux-system, but the problem is OS-independent.

what you are describing is either:
a) a provider that does offer a prefix for your LAN but you are not requesting it.
b) a provider that does not offer any prefix for your LAN.

You should start trying solving a) by starting an instance of a DHCPv6 client and requesting a prefix (DHCPv6-PD). if no answer, then you are probably in b) mode. In this latter case, complain to your ISP.

Marc.

>
> What would you do to share this via LAN (eth0) or WLAN(wlan0)?
> Would you try bridging (bridge-utils with brctl) or special routing hacks(neighbor proxy)?
> Other suggestions?
>
> Regards,
>
> Thomas
>
>
>


bjorn at mork

May 21, 2012, 7:25 AM

Post #6 of 11 (588 views)
Permalink
Re: Question: Sharing an IP-connection [In reply to]
Marc Blanchet <marc.blanchet [at] viagenie> writes:

> what you are describing is either:
> a) a provider that does offer a prefix for your LAN but you are not requesting it.
> b) a provider that does not offer any prefix for your LAN.
>
> You should start trying solving a) by starting an instance of a DHCPv6
> client and requesting a prefix (DHCPv6-PD). if no answer, then you are
> probably in b) mode. In this latter case, complain to your ISP.

With my ISP hat on I am now wondering how common DHCPv6-PD is/will be on
mobile networks. Are there any providers actually supporting this?

I am also sort of wondering whether the modems will forward the DHCPv6
requests at all. Do they?


Bjørn


thomas at cis

May 21, 2012, 7:36 AM

Post #7 of 11 (587 views)
Permalink
Re: Question: Sharing an IP-connection [In reply to]
Am 21.05.2012 16:13, schrieb Marc Blanchet:

> what you are describing is either: a) a provider that does offer a
> prefix for your LAN but you are not requesting it. b) a provider that
> does not offer any prefix for your LAN.
>
> You should start trying solving a) by starting an instance of a
> DHCPv6 client and requesting a prefix (DHCPv6-PD). if no answer, then
> you are probably in b) mode. In this latter case, complain to your
> ISP.

a:) I get no DHCP at this point, but a have to check it more in detail,
also what RA is telling me.
If I am correctly informed, I have the "choice" between ppp with
DHCPv6-PD via serial interface or simply SLAAC/RA via
ethernet-like-interface. The latter is preferred mode.



b:) this is a mobile device, for one device one /64 should be enough.

b,1) to complain the ISP seems useless to me, it is a test-system

The only thing I want to have is a comfortable method to share some IPs
- I have 2â¶â´ and it seems more difficult than NAT in the old IPv4-days.

Regards,
Thomas






--

There’s no place like ::1

Thomas Schäfer (Systemverwaltung)
Ludwig-Maximilians-Universität
Centrum für Informations- und Sprachverarbeitung
Oettingenstraße 67 Raum C109
80538 München ☎ +49/89/2180-9706 ℻ +49/89/2180-9701


mohacsi at niif

May 21, 2012, 7:52 AM

Post #8 of 11 (594 views)
Permalink
Re: Question: Sharing an IP-connection [In reply to]
On Mon, 21 May 2012, Thomas Schäfer wrote:

> Am 21.05.2012 16:13, schrieb Marc Blanchet:
>
>> what you are describing is either: a) a provider that does offer a
>> prefix for your LAN but you are not requesting it. b) a provider that
>> does not offer any prefix for your LAN.
>>
>> You should start trying solving a) by starting an instance of a
>> DHCPv6 client and requesting a prefix (DHCPv6-PD). if no answer, then
>> you are probably in b) mode. In this latter case, complain to your
>> ISP.
>
> a:) I get no DHCP at this point, but a have to check it more in detail, also
> what RA is telling me.
> If I am correctly informed, I have the "choice" between ppp with DHCPv6-PD
> via serial interface or simply SLAAC/RA via ethernet-like-interface. The
> latter is preferred mode.

They are not exclusive:

1. SLAAC/RA on WAN interface - this is optional
2. get prefix for LAN interfaces via DHCPv6-PD independently from WAN
configuration.

On choice for WAN:
1. unnumbered:
- PPP on serial
- RA without prefix information on Ethernet

2. numbered
- RA with prefix information
- DHCPv6 if RA says so





>
>
>
> b:) this is a mobile device, for one device one /64 should be enough.

for

>
> b,1) to complain the ISP seems useless to me, it is a test-system
>
> The only thing I want to have is a comfortable method to share some IPs - I
> have 2?? and it seems more difficult than NAT in the old IPv4-days.

DHCPv6 prefix delegation is rather easy - your system should support it
(setting up routing for the delegated prefix - usually not very difficult)
and ISP also.

>
> Regards,
> Thomas
>
>
>
>
>
>
> --
>
> There?s no place like ::1
>
> Thomas Schäfer (Systemverwaltung)
> Ludwig-Maximilians-Universität
> Centrum für Informations- und Sprachverarbeitung
> Oettingenstraße 67 Raum C109
> 80538 München ? +49/89/2180-9706 ? +49/89/2180-9701
>
>


cb.list6 at gmail

May 21, 2012, 8:00 AM

Post #9 of 11 (589 views)
Permalink
Re: Question: Sharing an IP-connection [In reply to]
On May 21, 2012 7:26 AM, "Bjørn Mork" <bjorn [at] mork> wrote:
>
> Marc Blanchet <marc.blanchet [at] viagenie> writes:
>
> > what you are describing is either:
> > a) a provider that does offer a prefix for your LAN but you are not
requesting it.
> > b) a provider that does not offer any prefix for your LAN.
> >
> > You should start trying solving a) by starting an instance of a DHCPv6
> > client and requesting a prefix (DHCPv6-PD). if no answer, then you are
> > probably in b) mode. In this latter case, complain to your ISP.
>
> With my ISP hat on I am now wondering how common DHCPv6-PD is/will be on
> mobile networks. Are there any providers actually supporting this?
>
> I am also sort of wondering whether the modems will forward the DHCPv6
> requests at all. Do they?
>

Do not expect dhcp-pd any time soon in mobile. Feature requests are in ....

We use ndproxy and it works well

Android code and bin here http://dan.drown.org/android/clat/

CB

>
> Bjørn


thomas at cis

May 22, 2012, 5:02 AM

Post #10 of 11 (587 views)
Permalink
Re: Question: Sharing an IP-connection [In reply to]
Am 20.05.2012 21:55, schrieb Bjørn Mork:
> Does bridging work, Thomas?

Bridging did not work. But it is possible that the error was in front of
the screen.

The RA says this:

Internet Protocol Version 6, Src: fe80::4049:bbd8:9053:eb69
(fe80::4049:bbd8:9053:eb69), Dst: fe80::2a0:c6ff:fe00:0
(fe80::2a0:c6ff:fe00:0)
0110 .... = Version: 6
[.0110 .... = This field makes the filter "ip.version == 6"
possible: 6]
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
.... 0000 00.. .... .... .... .... .... = Differentiated
Services Field: Default (0x00000000)
.... .... ..0. .... .... .... .... .... = ECN-Capable Transport
(ECT): Not set
.... .... ...0 .... .... .... .... .... = ECN-CE: Not set
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 64
Next header: ICMPv6 (0x3a)
Hop limit: 255
Source: fe80::4049:bbd8:9053:eb69 (fe80::4049:bbd8:9053:eb69)
Destination: fe80::2a0:c6ff:fe00:0 (fe80::2a0:c6ff:fe00:0)
[Destination SA MAC: Qualcomm_00:00:00 (00:a0:c6:00:00:00)]
Internet Control Message Protocol v6
Type: 134 (Router advertisement)
Code: 0
Checksum: 0xff36 [correct]
Cur hop limit: 255
Flags: 0x00
0... .... = Not managed
.0.. .... = Not other
..0. .... = Not Home Agent
...0 0... = Router preference: Medium
.... .0.. = Not Proxied
Router lifetime: 65535
Reachable time: 0
Retrans timer: 0
ICMPv6 Option (Source link-layer address)
Type: Source link-layer address (1)
Length: 8
Link-layer address: 00:00:00:00:00:00
ICMPv6 Option (MTU)
Type: MTU (5)
Length: 8
MTU: 1500
ICMPv6 Option (Prefix information)
Type: Prefix information (3)
Length: 32
Prefix Length: 64
Flags: 0xc0
1... .... = On-link flag(L): Set
.1.. .... = Autonomous address-configuration flag(A): Set
..00 0000 = Reserved: 0
Valid lifetime: infinity
Preferred lifetime: infinity
Reserved
Prefix: 2a01:198:24c:c143::

So dhcp-pd is unlikely. dhcp-requests are also unanswered.


So I will try ndproxy.

Thanks a lot for the comments.

Regards,
Thomas


bjorn at mork

May 22, 2012, 6:36 AM

Post #11 of 11 (605 views)
Permalink
Re: Question: Sharing an IP-connection [In reply to]
Thomas Schäfer <thomas [at] cis> writes:
> Am 20.05.2012 21:55, schrieb Bjørn Mork:
>> Does bridging work, Thomas?
>
> Bridging did not work. But it is possible that the error was in front
> of the screen.


Nah, I don't think so. The ethernet frame emulation in the modem is
broken (or rather limited by assumptions). Just did a simple bridging
test using IPv4, and that doesn't work either for the same reason.

I have this bridge:

nemi:/home/bjorn# brctl show br1
bridge name bridge id STP enabled interfaces
br1 8000.cefc5f05ec52 no tap0.10
wwan0

Using these MAC adresses on the ports and the bridge:


nemi:/home/bjorn# ip link show wwan0
21: wwan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br1 state UNKNOWN mode DEFAULT qlen 1000
link/ether d6:c6:02:91:1c:41 brd ff:ff:ff:ff:ff:ff
nemi:/home/bjorn# ip link show tap0.10
9: tap0.10 [at] tap: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1 state UP mode DEFAULT
link/ether ce:fc:5f:05:ec:52 brd ff:ff:ff:ff:ff:ff
nemi:/home/bjorn# ip link show br1
31: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT
link/ether ce:fc:5f:05:ec:52 brd ff:ff:ff:ff:ff:ff

nemi:/home/bjorn# brctl showmacs br1
port no mac addr is local? ageing timer
1 02:50:f3:00:00:00 no 0.74
2 52:54:00:ff:05:00 no 0.76
2 ce:fc:5f:05:ec:52 yes 0.00
1 d6:c6:02:91:1c:41 yes 0.00


So, we have

modem: 02:50:f3:00:00:00
client: 52:54:00:ff:05:00
tap0.10 if: ce:fc:5f:05:ec:52
wwan0 if: d6:c6:02:91:1c:41

and we want the client and modem to talk together:


13.103922 10.105.75.185 -> 130.67.15.251 ICMP 98 Echo (ping) request id=0x07b6, seq=481/57601, ttl=64

0000 02 50 f3 00 00 00 52 54 00 ff 05 00 08 00 45 00 .P....RT......E.
0010 00 54 00 00 40 00 40 01 52 49 0a 69 4b b9 82 43 .T..@.@.RI.iK..C
0020 0f fb 08 00 e7 f3 07 b6 01 e1 c3 8d bb 4f 00 00 .............O..
0030 00 00 c8 c4 00 00 00 00 00 00 10 11 12 13 14 15 ................
0040 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 .......... !"#$%
0050 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 &'()*+,-./012345
0060 36 37 67

13.131276 130.67.15.251 -> 10.105.75.185 ICMP 98 Echo (ping) reply id=0x07b6, seq=481/57601, ttl=56

0000 d6 c6 02 91 1c 41 02 50 f3 00 00 00 08 00 45 00 .....A.P......E.
0010 00 54 5b 07 00 00 38 01 3f 42 82 43 0f fb 0a 69 .T[...8.?B.C...i
0020 4b b9 00 00 ef f3 07 b6 01 e1 c3 8d bb 4f 00 00 K............O..
0030 00 00 c8 c4 00 00 00 00 00 00 10 11 12 13 14 15 ................
0040 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 .......... !"#$%
0050 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 &'()*+,-./012345
0060 36 37 67


That won't work... Note how the reply destination address doesn't match
the request source address. The bridge will deliver this to the wwan0
interface instead of the client port.

Did some more experiments, and as expected this is tied to where the
initial DHCP request came from. Stopping and restarting the connection,
and then letting the *client* send the DHCP request will tie all packets
from the modem to the client MAC address instead.

So you can bridge, but not share the bridge among multiple clients. The
modem will select a single MAC address as your end of the link. It
doesn't really do ARP.

I assume the IPV6 implementation is similar. The modem doesn't really
do ND either. It just fakes them, and assumes a two-device
point-to-point link between modem and host. It does not expect the host
to be a bridge.

Started thinking of what can be done about this. The immediate thought
was that the "raw IP" mode would be better, but really it wouldn't. You
could just as well use ebtables to replace the destination MAC address
on packets from the modem with zeros, which is what the driver would
have to do if emulating an ethernet device with the modem in that mode.

Ideas are welcome.



Bjørn

nsp ipv6 RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.