Documentation > Basic Tutorials > SIIT + EAM

EAM Run

Index

  1. Introduction
  2. Sample Network
  3. Jool
  4. Testing
  5. Stopping Jool
  6. Afterwords

Introduction

This document explains how to run Jool in EAM mode (which actually more than a “mode” is simply stock SIIT with records in the EAM table). Follow the link for more details on what to expect. See also the EAMT RFC summary for more details on how the EAMT works.

Stock mode is faster to configure and you’re encouraged to learn it before, particularly because I will not ellaborate here on the steps which both modes have in common.

Sample Network

Figure 1 - Sample Network

All the remarks in the previous document’s Sample Network section apply here.

This is nodes A through E:

user@A:~# service network-manager stop
user@A:~# /sbin/ip link set eth0 up
user@A:~# # Replace "::8" depending on which node you're on.
user@A:~# /sbin/ip addr add 2001:db8:6::8/96 dev eth0
user@A:~# /sbin/ip route add default via 2001:db8:6::1

Nodes V through Z have the exact same configuration from the previous document.

user@V:~# service network-manager stop
user@V:~# /sbin/ip link set eth0 up
user@V:~# # Replace ".16" depending on which node you're on.
user@V:~# /sbin/ip addr add 192.0.2.16/24 dev eth0
user@V:~# /sbin/ip route add default via 192.0.2.1

Node T:

user@T:~# service network-manager stop
user@T:~# 
user@T:~# /sbin/ip link set eth0 up
user@T:~# /sbin/ip addr add 2001:db8:6::1/96 dev eth0
user@T:~# 
user@T:~# /sbin/ip link set eth1 up
user@T:~# /sbin/ip addr add 192.0.2.1/24 dev eth1
user@T:~# 
user@T:~# sysctl -w net.ipv4.conf.all.forwarding=1
user@T:~# sysctl -w net.ipv6.conf.all.forwarding=1

Remember you might want to cross-ping T vs everything before continuing.

Jool

Most Distros OpenWRT
user@T:~# /sbin/modprobe jool_siit
user@T:~# jool_siit instance add "example" --iptables
user@T:~# jool_siit -i "example" eamt add 2001:db8:6::/120 198.51.100.0/24
user@T:~# jool_siit -i "example" eamt add 2001:db8:4::/120 192.0.2.0/24
user@T:~#
user@T:~# ip6tables -t mangle -A PREROUTING \
>		-s 2001:db8:6::/120 -d 2001:db8:4::/120 \
>		-j JOOL_SIIT --instance "example"
user@T:~# iptables  -t mangle -A PREROUTING \
>		-s 192.0.2.0/24 -d 198.51.100.0/24 \
>		-j JOOL_SIIT --instance "example"
user@T:~# insmod jool_siit
user@T:~# jool_siit instance add "example" --iptables
user@T:~# jool_siit -i "example" eamt add 2001:db8:6::/120 198.51.100.0/24
user@T:~# jool_siit -i "example" eamt add 2001:db8:4::/120 192.0.2.0/24
user@T:~#
user@T:~# ip6tables -t mangle -A PREROUTING \
>		-s 2001:db8:6::/120 -d 2001:db8:4::/120 \
>		-j JOOL_SIIT --instance "example"
user@T:~# iptables  -t mangle -A PREROUTING \
>		-s 192.0.2.0/24 -d 198.51.100.0/24 \
>		-j JOOL_SIIT --instance "example"

-i stands for “instance”. The eamt add commands build an Explicit Address Mappings Table. You can see it through the display operation:

user@T:~# jool_siit -i "example" eamt display
+---------------------------------------------+--------------------+
|                                 IPv6 Prefix |        IPv4 Prefix |
+---------------------------------------------+--------------------+
|                            2001:db8:4::/120 |       192.0.2.0/24 |
|                            2001:db8:6::/120 |    198.51.100.0/24 |
+---------------------------------------------+--------------------+

And again, the IPv6 prefix and the EAM table are not exclusive operation modes. Jool will always try to translate an address using EAMs, and if that fails, fall back to use the prefix. Add --pool6 during the instance add if you want this.

Testing

If something doesn’t work, try the FAQ.

Try to ping V from A like this:

user@A:~$ ping6 2001:db8:4::10 # Reminder: hex 10 = dec 16.
PING 2001:db8:4::10(2001:db8:4::10) 56 data bytes
64 bytes from 2001:db8:4::10: icmp_seq=1 ttl=63 time=2.95 ms
64 bytes from 2001:db8:4::10: icmp_seq=2 ttl=63 time=2.79 ms
64 bytes from 2001:db8:4::10: icmp_seq=3 ttl=63 time=4.13 ms
64 bytes from 2001:db8:4::10: icmp_seq=4 ttl=63 time=3.60 ms
^C
--- 2001:db8:4::10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 2.790/3.370/4.131/0.533 ms

Then ping A from V:

user@V:~$ ping 198.51.100.8
PING 198.51.100.8 (198.51.100.8) 56(84) bytes of data.
64 bytes from 198.51.100.8: icmp_seq=1 ttl=63 time=5.04 ms
64 bytes from 198.51.100.8: icmp_seq=2 ttl=63 time=2.55 ms
64 bytes from 198.51.100.8: icmp_seq=3 ttl=63 time=1.93 ms
64 bytes from 198.51.100.8: icmp_seq=4 ttl=63 time=2.47 ms
^C
--- 198.51.100.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.930/3.001/5.042/1.204 ms

How about hooking up a server in Y and access it from D:

Figure 1 - IPv6 TCP from an IPv4 node

Then maybe another one in B and request from X:

Figure 2 - IPv4 TCP from an IPv6 node

Stopping Jool

Same as in the previous walkthrough.

Most Distros OpenWRT
user@T:~# ip6tables -t mangle -D PREROUTING \
>		-s 2001:db8:6::/120 -d 2001:db8:4::/120 \
>		-j JOOL_SIIT --instance "example"
user@T:~# iptables  -t mangle -D PREROUTING \
>		-s 192.0.2.0/24 -d 198.51.100.0/24 \
>		-j JOOL_SIIT --instance "example"
user@T:~# jool_siit instance remove "example"
user@T:~# /sbin/modprobe -r jool_siit
user@T:~# ip6tables -t mangle -D PREROUTING \
>		-s 2001:db8:6::/120 -d 2001:db8:4::/120 \
>		-j JOOL_SIIT --instance "example"
user@T:~# iptables  -t mangle -D PREROUTING \
>		-s 192.0.2.0/24 -d 198.51.100.0/24 \
>		-j JOOL_SIIT --instance "example"
user@T:~# jool_siit instance remove "example"
user@T:~# rmmod jool_siit

Afterwords

  1. More complex setups might require you to consider the MTU notes.
  2. Please note that none of what was done in this tutorial survives reboots! Documentation on persistence will be released in the future.

The next tutorial is a Stateful NAT64 run.