Page History

...

•    MAP Customer Edge (CE): A device functioning as a Customer Edge
                             router in a MAP deployment.  A typical MAP CE
                             adopting MAP Rules will serve a residential
                             site with one WAN-side IPv6-addressed
                             interface and one or more LAN-side interfaces
                             addressed using private IPv4 addressing.
  
     MAP Border Relay (BR):  A MAP-enabled router managed by the service
                             provider at the edge of a MAP domain.  A BR
                             has at least an IPv6-enabled interface and an
                             IPv4 interface connected to the native IPv4
                             network.  A MAP BR may also be referred to as
                             simply a "BR" within the context of MAP.

...

High-Level Architecture

...

Block Diagram

Configuration

Customer Edge: Enable/Disable MAPT feature with below distro's from build

...

• Build the jool modules using below build instructions
  

  Code Block
  title Jool Installation
  sudo apt update sudo apt upgrade sudo apt install build-essential pkg-config sudo wget https://github.com/NICMx/Jool/releases/download/v4.2.0-rc2/jool-4.2.0.rc2.tar.gz sudo tar -xzf jool-4.2.0.rc2.tar.gz sudo /sbin/dkms install jool-4.2.0.rc2/ cd jool-4.2.0.rc2/ sudo ./configure sudo make sudo make install

• Once build completed, below modules will be generated in respective paths, add those modules to kernel path
  

  Code Block
  title MAPT modules
  ubuntu:~/jool-4.2.0~rc2$ find . -iname jool*ko ./src/mod/mapt/jool_mapt.ko ./src/mod/common/jool_common.ko ./src/mod/nat64/jool.ko /src/mod/siit/jool_siit.ko

  Jool configure

  Code Block
  title Modeprobe modules
  sudo modprobe jool_common sudo modprobe jool_mapt sudo modprobe jool Enable below modules as well if not enabled netfilter/nf_defrag_ipv4.ko netfilter/nf_defrag_ipv6.ko

• Once all modules are loaded and confirmed via lsmod

  Expand
  title lsmod
  ubuntu:~/ lsmod | grep jool* jool_mapt                    20480  0 jool_common             253952  1 jool_mapt nf_defrag_ipv6          24576  3 nf_conntrack,openvswitch,jool_mapt nf_defrag_ipv4         16384  2 nf_conntrack,jool_mapt x_tables                       53248  9 xt_conntrack,nft_compat,xt_state,xt_tcpudp,xt_addrtype,xt_nat,ip_tables,xt_MASQUERADE,jool_mapt

• Create an instance BR
  

  Code Block
  title BR instance creation
  sudo jool_mapt instance add "BR" --netfilter --dmr 64:ff9b::/64 sudo jool_mapt -i "BR" fmrt add 2001:558:6013::/48 192.168.20.0/24 8 8 sudo jool_mapt -i "BR" global update map-t-type BR

  View the created instance using:
  

  Code Block
  title View Instances
  akhil@CHTSL00399:~$ sudo jool_mapt -i BR fmrt display +---------------------------------------------+--------------------+----------------+----+ | IPv6 Prefix | IPv4 Prefix | EA-bits Length | a | +---------------------------------------------+--------------------+----------------+----+ | 2001:558:6013::/48 | 192.168.20.0/24 | 16 | 6 | +---------------------------------------------+--------------------+----------------+----+ akhil@CHTSL00399:~$ sudo jool_mapt instance display +--------------------+-----------------+-----------+ | Namespace | Name | Framework | +--------------------+-----------------+-----------+ | 89628c00 | BR | netfilter | +--------------------+-----------------+-----------+ akhil@CHTSL00399:~$

  Enable dubbing for jool using sudo jool_mapt -i BR global update logging-debug true
  cat /var/log/syslog
  
• Make changes in BR setup to make ping and internet work
• asas

Test Results

Ping and Internet should work in CE and connected clients

• Adding traffic control because iptables POSTROUTING (where MASQUERADE/SNAT stays) is never reached. When a traffic comes back before deNAT jool occupies the traffic. Since BR is behind a NAT with a private IP, outgoing packets have source 192.168.20.x which the upstream can't route back
  

  Code Block
  title Add tc rules
  sudo ip addr add 192.168.20.1/24 dev lo sudo tc qdisc add dev wlan0 root handle 1: prio sudo tc filter add dev wlan0 parent 1: protocol ip prio 1 u32 \ match ip src 192.168.20.0/24 \ action pedit ex munge ip src set 10.68.245.229 pipe \ action csum ip4h icmp sudo tc qdisc add dev wlan0 handle ffff: ingress sudo tc filter add dev wlan0 parent ffff: protocol ip prio 1 u32 \ match ip protocol 1 0xff \ match u8 0 0xff at 20 \ action pedit ex munge ip dst set 192.168.20.1 pipe \ action csum ip4h icmp ip route get 8.8.8.8 from 192.168.20.1

• Check tcpdump for wan interface and downlink interface which is connected to CE, will be able to see request and reply from upstream.
• Connectivity test updated below

Test Results

Ping and Internet should work in CE and connected clients

• Test Test result on CE

  Code Block
  title ping 8.8.8.8 & ping gmail.com
  root@Filogic-GW:~# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: seq=0 ttl=110 time=322.241 ms 64 bytes from 8.8.8.8: seq=1 ttl=110 time=357.163 ms 64 bytes from 8.8.8.8: seq=2 ttl=110 time=145.545 ms 64 bytes from 8.8.8.8: seq=3 ttl=110 time=163.061 ms ^C --- 8.8.8.8 ping statistics --- root@Filogic-GW:~# ping -4 gmail.com PING gmail.com (142.250.207.69): 56 data bytes 64 bytes from 142.250.207.69: seq=0 ttl=110 time=204.645 ms 64 bytes from 142.250.207.69: seq=1 ttl=110 time=228.521 ms 64 bytes from 142.250.207.69: seq=2 ttl=110 time=260.954 ms 64 bytes from 142.250.207.69: seq=3 ttl=110 time=276.700 ms ^C --- gmail.com ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss

• iptables & ip6tables in mapt mode

  Code Block
  title iptables & ip6tables
  root@Filogic-GW:~# iptables -L -v -n | grep map0 0 0 ACCEPT 47 -- map0 * 0.0.0.0/0 0.0.0.0/0 0 0 DROP all -- map0 map0 0.0.0.0/0 0.0.0.0/0 0 0 wan2lan all -- map0 br106 0.0.0.0/0 0.0.0.0/0 0 0 wan2lan all -- map0 brlan1 0.0.0.0/0 0.0.0.0/0 0 0 lan2wan all -- br106 map0 0.0.0.0/0 0.0.0.0/0 0 0 lan2wan all -- brlan1 map0 0.0.0.0/0 0.0.0.0/0 0 0 wan2lan all -- map0 br403 0.0.0.0/0 0.0.0.0/0 110 9240 wan2lan all -- map0 brlan0 0.0.0.0/0 0.0.0.0/0 0 0 lan2wan all -- br403 map0 0.0.0.0/0 0.0.0.0/0 587 52500 lan2wan all -- brlan0 map0 0.0.0.0/0 0.0.0.0/0 root@Filogic-GW:~# root@Filogic-GW:~# ip6tables -L -v -n | grep map0 212 58132 wan2lan all erouter0 map0 ::/0 ::/0 1086 216K lan2wan all map0 erouter0 ::/0 ::/0 root@Filogic-GW:~#

• Test Result on LAN client

  Code Block
  title ping test from lan client
  chtspc0041@chtspc0041-OptiPlex-7010:~$ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=248 time=5.26 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=248 time=5.56 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=248 time=7.65 ms ^C --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 5.260/6.160/7.653/1.063 ms chtspc0041@chtspc0041-OptiPlex-7010:~$ ping -4 gmail.com PING gmail.com (142.250.207.69) 56(84) bytes of data. 64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=2 ttl=109 time=494 ms 64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=3 ttl=109 time=312 ms 64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=4 ttl=109 time=543 ms 64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=5 ttl=109 time=364 ms 64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=6 ttl=109 time=182 ms 64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=7 ttl=109 time=200 ms 64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=8 ttl=109 time=1006 ms 64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=9 ttl=109 time=59.2 ms 64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=10 ttl=109 time=605 ms ^C --- gmail.com ping statistics --- 10 packets transmitted, 9 received, 10% packet loss, time 9011ms

assas

Datamodels

root@Filogic-GW:~# dmcli eRT getv Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapTransportMode
               type:     string,    value: MAPT 
Parameter    2 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapBRPrefix
               type:     string,    value: 64:ff9b::/64 
Parameter    3 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapRuleIPv4Prefix
               type:     string,    value: 192.168.20.0 
Parameter    4 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapRuleIPv6Prefix
               type:     string,    value: 2001:558:6013::/48 
Parameter    5 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapEALen
               type:       uint,    value: 8 
Parameter    6 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapPSIDOffset
               type:       uint,    value: 8 
Parameter    7 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapPSIDLen
               type:       uint,    value: 8 
Parameter    8 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapPSID
               type:       uint,    value: 0 
Parameter    9 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapIsFMR
               type:       bool,    value: false 
Parameter   10 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapIpv4Address
               type:     string,    value: 192.168.20.254 
Parameter   11 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapRatio
               type:       uint,    value: 1 

...