Documentation > Basic Tutorials > SIIT + EAM



  1. Introduction
  2. Sample Network
  3. Jool
  4. Testing
  5. Stopping Jool
  6. Afterwords


This document explains how to run Jool in EAM mode (which actually more than a “mode” is simply stock SIIT with records in the EAM table). Follow the link for more details on what to expect. See also the EAMT RFC summary for more details on how the EAMT works.

Stock mode is faster to configure and you’re encouraged to learn it before, particularly because I will not ellaborate here on the steps which both modes have in common. Software-wise, you need a successful installation of both the kernel module and the userspace application for EAM.

Sample Network

Figure 1 - Sample Network

All the remarks in the previous document’s Sample Network section apply here.

This is nodes A through E:

user@A:~# service network-manager stop
user@A:~# /sbin/ip link set eth0 up
user@A:~# # Replace "::8" depending on which node you're on.
user@A:~# /sbin/ip addr add 2001:db8:6::8/96 dev eth0
user@A:~# /sbin/ip route add default via 2001:db8:6::1

Nodes V through Z have the exact same configuration from the previous document.

user@V:~# service network-manager stop
user@V:~# /sbin/ip link set eth0 up
user@V:~# # Replace ".16" depending on which node you're on.
user@V:~# /sbin/ip addr add dev eth0
user@V:~# /sbin/ip route add default via

Node T:

user@T:~# service network-manager stop
user@T:~# /sbin/ip link set eth0 up
user@T:~# /sbin/ip addr add 2001:db8:6::1/96 dev eth0
user@T:~# /sbin/ip link set eth1 up
user@T:~# /sbin/ip addr add dev eth1
user@T:~# sysctl -w net.ipv4.conf.all.forwarding=1
user@T:~# sysctl -w net.ipv6.conf.all.forwarding=1
user@T:~# ethtool --offload eth0 gro off
user@T:~# ethtool --offload eth0 lro off
user@T:~# ethtool --offload eth1 gro off
user@T:~# ethtool --offload eth1 lro off

Remember you might want to cross-ping T vs everything before continuing.


Most Distros OpenWRT
user@T:~# /sbin/modprobe --first-time jool_siit disabled
user@T:~# jool_siit --eamt --add 2001:db8:6::/120
user@T:~# jool_siit --eamt --add 2001:db8:4::/120
user@T:~# jool_siit --enable
user@T:~# insmod jool_siit disabled
user@T:~# jool_siit --eamt --add 2001:db8:6::/120
user@T:~# jool_siit --eamt --add 2001:db8:4::/120
user@T:~# jool_siit --enable

Unlike pool6, it is not practical to insert the entire EAM table in a single command, so we instruct Jool to start disabled. We then insert the EAM table rows, one by one, using the userspace application. When the table is complete, we tell Jool it can start translating traffic (--enable).

Using disabled and --enable is not actually neccesary; Jool will naturally figure out that it cannot translate traffic until the EAM table and/or pool6 are populated. The reason why Jool was “forced” to remain disabled until the table was complete was so there wouldn’t be a timespan where traffic was being translated inconsistently (ie. with a half-complete table).

And again, the IPv6 prefix and the EAM table are not exclusive operation modes. Jool will always try to translate an address using EAM, and if that fails, fall back to use the prefix. Add pool6 during the modprobe if you want this.


If something doesn’t work, try the FAQ.

Try to ping V from A like this:

user@A:~$ ping6 2001:db8:4::10 # Reminder: hex 10 = dec 16.
PING 2001:db8:4::10(2001:db8:4::10) 56 data bytes
64 bytes from 2001:db8:4::10: icmp_seq=1 ttl=63 time=2.95 ms
64 bytes from 2001:db8:4::10: icmp_seq=2 ttl=63 time=2.79 ms
64 bytes from 2001:db8:4::10: icmp_seq=3 ttl=63 time=4.13 ms
64 bytes from 2001:db8:4::10: icmp_seq=4 ttl=63 time=3.60 ms
--- 2001:db8:4::10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 2.790/3.370/4.131/0.533 ms

Then ping A from V:

user@V:~$ ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=63 time=5.04 ms
64 bytes from icmp_seq=2 ttl=63 time=2.55 ms
64 bytes from icmp_seq=3 ttl=63 time=1.93 ms
64 bytes from icmp_seq=4 ttl=63 time=2.47 ms
--- ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.930/3.001/5.042/1.204 ms

How about hooking up a server in Y and access it from D:

Figure 1 - IPv6 TCP from an IPv4 node

Then maybe another one in B and request from X:

Figure 2 - IPv4 TCP from an IPv6 node

Stopping Jool

Same as in the previous walkthrough.

Most Distros OpenWRT
user@T:~# /sbin/modprobe -r jool_siit
user@T:~# rmmod jool_siit


  1. More complex setups might require you to consider the MTU notes.
  2. The modprobe insertion and removal mechanism is fine if all you need is a simple single SIIT, but if you want to enclose it in a network namespace, or need multiple Jool instances in a single machine, check out --instance.
  3. Please note that none of what was done in this tutorial survives reboots! Documentation on persistence will be released in the future.

The next tutorial is a Stateful NAT64 run.