You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 17 Current »

Work In progress

Work in Progress

Introduction 

MAP-T (RFC 7599) is a stateless IPv4/IPv6 transition mechanism that enables IPv4 services over an IPv6-only network using algorithmic translation.

Translation happens at:

  •    MAP Customer Edge (CE): A device functioning as a Customer Edge
                           router in a MAP deployment.  A typical MAP CE
                           adopting MAP Rules will serve a residential
                           site with one WAN-side IPv6-addressed
                           interface and one or more LAN-side interfaces
                           addressed using private IPv4 addressing.

   MAP Border Relay (BR):  A MAP-enabled router managed by the service
                           provider at the edge of a MAP domain.  A BR
                           has at least an IPv6-enabled interface and an
                           IPv4 interface connected to the native IPv4
                           network.  A MAP BR may also be referred to as
                           simply a "BR" within the context of MAP.

High-Level Architecture


Block Diagram

Untitled Diagram-1775555063614

Configuration

Border Relay: Setup done in ubuntu machine ( linux kernel 5.15 )
Installation
  1. sudo apt-get install isc-dhcp-server
  2. Open file /etc/dhcp/dhcpd.conf and update as below

    ddns-update-style none;
    default-lease-time 3600;
    max-lease-time 7200;
    authoritative;
    option custom-upstream-rate code 242 = unsigned integer 32;
    option custom-downstream-rate code 243 = unsigned integer 32;

    option domain-name "hsd.pa.crnrstn.comcast.net" ;

    subnet 10.42.0.0 netmask 255.255.255.0 {
        option routers 10.42.0.10;
        option broadcast-address 10.42.0.255;
        option domain-name-servers 1.1.1.1, 8.8.8.8;
        range 10.42.0.3 10.42.0.254;

    }

  3. Open file /etc/radvd.conf

    interface eth1 {
        AdvSendAdvert on;
        AdvManagedFlag on;
        AdvOtherConfigFlag on;

        prefix 2001:558:6013:100::/64 {
            AdvOnLink on;
            AdvAutonomous on;
        };

    };

  4. Open file  /etc/dhcp/dhcpd6.conf and update as below 

    ddns-update-style none;
    default-lease-time 3600;
    max-lease-time 7200;
    option dhcp-renewal-time 1800;
    option dhcp-rebinding-time 2880;
    option client-class-information code 97 = string;
    authoritative;
    option dhcp6.map-option code 95 = string;
    subnet6 2001:558:6013:0100::/64 {
        range6 2001:558:6013:0100::1000 2001:558:6013:0100::1fff;
        prefix6 2001:558:6013:0100:: 2001:558:6013:fe00:: /56;
        option dhcp6.map-option 00:59:00:16:00:08:18:c0:a8:14:00:30:20:01:05:58:60:13:00:5d:00:04:08:08:00:00:00:5b:00:09:40:00:64:ff:9b:00:00:00:00;
        option dhcp6.name-servers
        2001:4860:4860::8888,
        2001:4860:4860::8844;
    }

  5. Once all changes are done, restart the dhcpd and radvd service.
    sudo systemctl restart isc-dhcp-server
    sudo systemctl restart isc-dhcp-server6
    sudo systemctl restart radvd
    isc-dhcp-server status 
    ● isc-dhcp-server.service - ISC DHCP IPv4 server
     Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; disabled; vendor preset: enabled)
     Active: active (running) since Mon 2026-04-06 15:22:33 IST; 135ms ago
       Docs: man:dhcpd(8)
   Main PID: 45322 (dhcpd)
      Tasks: 4 (limit: 18942)
     Memory: 4.6M
        CPU: 24ms
     CGroup: /system.slice/isc-dhcp-server.service
             └─45322 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf eth1

Apr 06 15:22:33 CHTSL00399 dhcpd[45322]: PID file: /run/dhcp-server/dhcpd.pid
Apr 06 15:22:33 CHTSL00399 dhcpd[45322]: Wrote 3 leases to leases file.
Apr 06 15:22:33 CHTSL00399 sh[45322]: Wrote 3 leases to leases file.
Apr 06 15:22:33 CHTSL00399 dhcpd[45322]: Listening on LPF/eth1/70:88:6b:81:04:e6/10.42.0.0/24
Apr 06 15:22:33 CHTSL00399 sh[45322]: Listening on LPF/eth1/70:88:6b:81:04:e6/10.42.0.0/24
Apr 06 15:22:33 CHTSL00399 sh[45322]: Sending on   LPF/eth1/70:88:6b:81:04:e6/10.42.0.0/24
Apr 06 15:22:33 CHTSL00399 sh[45322]: Sending on   Socket/fallback/fallback-net
Apr 06 15:22:33 CHTSL00399 dhcpd[45322]: Sending on   LPF/eth1/70:88:6b:81:04:e6/10.42.0.0/24
Apr 06 15:22:33 CHTSL00399 dhcpd[45322]: Sending on   Socket/fallback/fallback-net
Apr 06 15:22:33 CHTSL00399 dhcpd[45322]: Server starting service.
● isc-dhcp-server6.service - ISC DHCP IPv6 server
     Loaded: loaded (/lib/systemd/system/isc-dhcp-server6.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2026-04-06 15:22:33 IST; 122ms ago
       Docs: man:dhcpd(8)
   Main PID: 45333 (dhcpd)
      Tasks: 4 (limit: 18942)
     Memory: 3.3M
        CPU: 18ms
     CGroup: /system.slice/isc-dhcp-server6.service
             └─45333 dhcpd -user dhcpd -group dhcpd -f -6 -pf /run/dhcp-server/dhcpd6.pid -cf /etc/dhcp/dhcpd6.conf eth1

Apr 06 15:22:33 CHTSL00399 dhcpd[45333]: PID file: /run/dhcp-server/dhcpd6.pid
Apr 06 15:22:33 CHTSL00399 sh[45333]: Wrote 0 NA, 0 TA, 0 PD leases to lease file.
Apr 06 15:22:33 CHTSL00399 dhcpd[45333]: Wrote 0 NA, 0 TA, 0 PD leases to lease file.
Apr 06 15:22:33 CHTSL00399 dhcpd[45333]: Bound to *:547
Apr 06 15:22:33 CHTSL00399 sh[45333]: Bound to *:547
Apr 06 15:22:33 CHTSL00399 dhcpd[45333]: Listening on Socket/7/eth1/2001:558:6013:100::/64
Apr 06 15:22:33 CHTSL00399 sh[45333]: Listening on Socket/7/eth1/2001:558:6013:100::/64
Apr 06 15:22:33 CHTSL00399 sh[45333]: Sending on   Socket/7/eth1/2001:558:6013:100::/64
Apr 06 15:22:33 CHTSL00399 dhcpd[45333]: Sending on   Socket/7/eth1/2001:558:6013:100::/64
Apr 06 15:22:33 CHTSL00399 dhcpd[45333]: Server starting service.
● radvd.service - Router advertisement daemon for IPv6
     Loaded: loaded (/lib/systemd/system/radvd.service; disabled; vendor preset: enabled)
     Active: active (running) since Mon 2026-04-06 15:22:33 IST; 37ms ago
       Docs: man:radvd(8)
    Process: 45348 ExecStartPre=/usr/sbin/radvd --logmethod stderr_clean --configtest (code=exited, status=0/SUCCESS)
    Process: 45349 ExecStart=/usr/sbin/radvd --logmethod stderr_clean (code=exited, status=0/SUCCESS)
   Main PID: 45350 (radvd)
      Tasks: 2 (limit: 18942)
     Memory: 516.0K
        CPU: 64ms
     CGroup: /system.slice/radvd.service
             ├─45350 /usr/sbin/radvd --logmethod stderr_clean
             └─45351 /usr/sbin/radvd --logmethod stderr_clean

Apr 06 15:22:33 CHTSL00399 systemd[1]: Starting Router advertisement daemon for IPv6...
Apr 06 15:22:33 CHTSL00399 radvd[45348]: config file, /etc/radvd.conf, syntax ok
Apr 06 15:22:33 CHTSL00399 radvd[45349]: version 2.18 started
Apr 06 15:22:33 CHTSL00399 systemd[1]: Started Router advertisement daemon for IPv6.

Note: If using shared to other computers networkmanager will take care of sharing ipv4 and ipv6 internet. If using manual IP add required FORWARD rules in iptables.
To ping IPv6 add sudo ip6tables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

Jool Installation
  • Build the jool modules using below build instructions
    Jool Installation
    sudo apt update
sudo apt upgrade
sudo apt install build-essential pkg-config
sudo wget https://github.com/NICMx/Jool/releases/download/v4.2.0-rc2/jool-4.2.0.rc2.tar.gz
sudo tar -xzf jool-4.2.0.rc2.tar.gz
sudo /sbin/dkms install jool-4.2.0.rc2/
cd jool-4.2.0.rc2/
sudo ./configure
sudo make
sudo make install
  • Once build completed, below modules will be generated in respective paths, add those modules to kernel path
    MAPT modules
    ubuntu:~/jool-4.2.0~rc2$ find . -iname jool*ko
./src/mod/mapt/jool_mapt.ko
./src/mod/common/jool_common.ko
./src/mod/nat64/jool.ko
/src/mod/siit/jool_siit.ko
    Jool configure
    Modeprobe modules
    sudo modprobe jool_common
sudo modprobe jool_mapt
sudo modprobe jool

Enable below modules as well if not enabled
netfilter/nf_defrag_ipv4.ko
netfilter/nf_defrag_ipv6.ko
  • Once all modules are loaded and confirmed via lsmod

    ubuntu:~/ lsmod | grep jool*
    jool_mapt                    20480  0
    jool_common             253952  1 jool_mapt
    nf_defrag_ipv6          24576  3 nf_conntrack,openvswitch,jool_mapt
    nf_defrag_ipv4         16384  2 nf_conntrack,jool_mapt
    x_tables                       53248  9 xt_conntrack,nft_compat,xt_state,xt_tcpudp,xt_addrtype,xt_nat,ip_tables,xt_MASQUERADE,jool_mapt

  • Create an instance BR
    BR instance creation
    sudo jool_mapt instance add "BR" --netfilter --dmr 64:ff9b::/64
sudo jool_mapt -i "BR" fmrt add 2001:558:6013::/48 192.168.20.0/24 8 8
sudo jool_mapt -i "BR" global update map-t-type BR
    View the created instance using: (To remove instance sudo jool_mapt instance remove BR )
    View Instances
    akhil@CHTSL00399:~$ sudo jool_mapt -i BR fmrt display
+---------------------------------------------+--------------------+----------------+----+
|                                 IPv6 Prefix |        IPv4 Prefix | EA-bits Length |  a |
+---------------------------------------------+--------------------+----------------+----+
|                         2001:558:6013::/48  |    192.168.20.0/24 | 16             |  6 |
+---------------------------------------------+--------------------+----------------+----+
akhil@CHTSL00399:~$ sudo jool_mapt instance display
+--------------------+-----------------+-----------+
|          Namespace |            Name | Framework |
+--------------------+-----------------+-----------+
|           89628c00 |              BR | netfilter |
+--------------------+-----------------+-----------+
akhil@CHTSL00399:~$
    Enable debugging for jool using sudo jool_mapt -i BR global update logging-debug true
    cat /var/log/syslog
  • Make changes in BR setup to make ping and internet work
  • Adding traffic control because iptables POSTROUTING (where MASQUERADE/SNAT stays) is never reached. When a traffic comes back before deNAT jool occupies the traffic. Since BR is behind a NAT with a private IP, outgoing packets have source 192.168.20.x which the upstream can't route back
    Add tc rules
    sudo ip addr add 192.168.20.1/24 dev lo
sudo tc qdisc add dev wlan0 root handle 1: prio
sudo tc filter add dev wlan0 parent 1: protocol ip prio 1 u32 \
  match ip src 192.168.20.0/24 \
  action pedit ex munge ip src set 10.68.245.229 pipe \
  action csum ip4h icmp

sudo tc qdisc add dev wlan0 handle ffff: ingress

sudo tc filter add dev wlan0 parent ffff: protocol ip prio 1 u32 \
  match ip protocol 1 0xff \
  match u8 0 0xff at 20 \
  action pedit ex munge ip dst set 192.168.20.1 pipe \
  action csum ip4h icmp
ip route get 8.8.8.8 from 192.168.20.1
  • Check tcpdump for wan interface and downlink interface which is connected to CE, will be able to see request and reply from upstream.
  • Connectivity test updated below
  • To remove above rules 
    sudo tc qdisc del dev wlan0 root handle 1: prio
    sudo tc qdisc del dev wlan0 handle ffff: ingress
Customer Edge: Enable/Disable MAPT feature with below distro's from build

DISTRO_FEATURES_append = " feature_mapt"
DISTRO_FEATURES_append = " nat46"

Enable MAPT in BPI using the mapt rfc datatmodel

Enable MAPT
root@Filogic-GW:~# dmcli eRT getv Device.DeviceInfo.X_RDKCENTRAL-COM_RFC.Feature.MAP-T.Enable
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.DeviceInfo.X_RDKCENTRAL-COM_RFC.Feature.MAP-T.Enable
               type:       bool,    value: true

Check map0 interface created and erouter0 should have only IPv6 addr

map0
root@Filogic-GW:~# ifconfig map0
map0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet6 addr: fe80::c534:91eb:b45d:b579/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:123 errors:0 dropped:0 overruns:0 frame:0
          TX packets:90 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:5161 (5.0 KiB)  TX bytes:0 (0.0 B)
root@Filogic-GW:~# ifconfig erouter0
erouter0  Link encap:Ethernet  HWaddr 02:01:00:39:58:64  
          inet6 addr: 2001:558:6013:100::175f/128 Scope:Global
          inet6 addr: fe80::1:ff:fe39:5864/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:637 errors:0 dropped:0 overruns:0 frame:0
          TX packets:599 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:105610 (103.1 KiB)  TX bytes:105608 (103.1 KiB)

root@Filogic-GW:~#


Test Results

Ping and Internet should work in CE and connected clients

  • Test result on CE
    ping 8.8.8.8 & ping gmail.com
    root@Filogic-GW:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=110 time=322.241 ms
64 bytes from 8.8.8.8: seq=1 ttl=110 time=357.163 ms
64 bytes from 8.8.8.8: seq=2 ttl=110 time=145.545 ms
64 bytes from 8.8.8.8: seq=3 ttl=110 time=163.061 ms
^C
--- 8.8.8.8 ping statistics ---
root@Filogic-GW:~# ping -4 gmail.com
PING gmail.com (142.250.207.69): 56 data bytes
64 bytes from 142.250.207.69: seq=0 ttl=110 time=204.645 ms
64 bytes from 142.250.207.69: seq=1 ttl=110 time=228.521 ms
64 bytes from 142.250.207.69: seq=2 ttl=110 time=260.954 ms
64 bytes from 142.250.207.69: seq=3 ttl=110 time=276.700 ms
^C
--- gmail.com ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
  • iptables & ip6tables in mapt mode
    iptables & ip6tables
    root@Filogic-GW:~# iptables -L -v -n | grep map0
    0     0 ACCEPT     47   --  map0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  map0   map0    0.0.0.0/0            0.0.0.0/0           
    0     0 wan2lan    all  --  map0   br106   0.0.0.0/0            0.0.0.0/0           
    0     0 wan2lan    all  --  map0   brlan1  0.0.0.0/0            0.0.0.0/0           
    0     0 lan2wan    all  --  br106  map0    0.0.0.0/0            0.0.0.0/0           
    0     0 lan2wan    all  --  brlan1 map0    0.0.0.0/0            0.0.0.0/0           
    0     0 wan2lan    all  --  map0   br403   0.0.0.0/0            0.0.0.0/0           
  110  9240 wan2lan    all  --  map0   brlan0  0.0.0.0/0            0.0.0.0/0           
    0     0 lan2wan    all  --  br403  map0    0.0.0.0/0            0.0.0.0/0           
  587 52500 lan2wan    all  --  brlan0 map0    0.0.0.0/0            0.0.0.0/0           
root@Filogic-GW:~# 
root@Filogic-GW:~# ip6tables -L -v -n | grep map0                                                                                                     
  212 58132 wan2lan    all      erouter0 map0    ::/0                 ::/0                
 1086  216K lan2wan    all      map0   erouter0  ::/0                 ::/0                
root@Filogic-GW:~#
  • Test Result on LAN client
    ping test from lan client
    chtspc0041@chtspc0041-OptiPlex-7010:~$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=248 time=5.26 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=248 time=5.56 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=248 time=7.65 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 5.260/6.160/7.653/1.063 ms
chtspc0041@chtspc0041-OptiPlex-7010:~$ ping -4 gmail.com
PING gmail.com (142.250.207.69) 56(84) bytes of data.
64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=2 ttl=109 time=494 ms
64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=3 ttl=109 time=312 ms
64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=4 ttl=109 time=543 ms
64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=5 ttl=109 time=364 ms
64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=6 ttl=109 time=182 ms
64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=7 ttl=109 time=200 ms
64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=8 ttl=109 time=1006 ms
64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=9 ttl=109 time=59.2 ms
64 bytes from hkg12s32-in-f5.1e100.net (142.250.207.69): icmp_seq=10 ttl=109 time=605 ms
^C
--- gmail.com ping statistics ---
10 packets transmitted, 9 received, 10% packet loss, time 9011ms

Datamodels

root@Filogic-GW:~# dmcli eRT getv Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.
CR component name is: eRT.com.cisco.spvtg.ccsp.CR
subsystem_prefix eRT.
Execution succeed.
Parameter    1 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapTransportMode
               type:     string,    value: MAPT 
Parameter    2 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapBRPrefix
               type:     string,    value: 64:ff9b::/64 
Parameter    3 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapRuleIPv4Prefix
               type:     string,    value: 192.168.20.0 
Parameter    4 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapRuleIPv6Prefix
               type:     string,    value: 2001:558:6013::/48 
Parameter    5 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapEALen
               type:       uint,    value: 8 
Parameter    6 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapPSIDOffset
               type:       uint,    value: 8 
Parameter    7 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapPSIDLen
               type:       uint,    value: 8 
Parameter    8 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapPSID
               type:       uint,    value: 0 
Parameter    9 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapIsFMR
               type:       bool,    value: false 
Parameter   10 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapIpv4Address
               type:     string,    value: 192.168.20.254 
Parameter   11 name: Device.DHCPv6.Client.1.X_RDKCENTRAL-COM_RcvOption.MapRatio
               type:       uint,    value: 1

References

RFC7599: https://www.rfc-editor.org/rfc/rfc7599

Mapt simulation tool: https://map46.cisco.com/

Jool official: https://www.jool.mx/en/map-t.html

Mapt physical setup link: MAP-T Physical setup




  • No labels

DISCLAIMER: Please note that the use of the RDK Wiki is subject to its Privacy Policy & Terms of Use. In addition, this Wiki may be accessed by all RDK licensees and their contractors.