<div dir="ltr">Hi<br><br>I thought I might mention links to the relevant documentation, in case they have been missed:<br><br>> My question: is there a way to run multiple Jool instances on the same host? The Linux kernel itself supports multiple routing tables. Is Jool capable of installing multiple NAT64/SIIT rules that go to different address spaces?<br><br>Not sure exactly how you're setting things up, but if your translator is an SIIT, chances are you only need one instance, and you just need to add each customer network as an entry to the Explicit Address Mappings Table: [0]<br>Otherwise you can indeed set up multiple Jool instances and match their traffic with iptables: [1]<br><br>[0] <a href="https://jool.mx/en/usr-flags-eamt.html">https://jool.mx/en/usr-flags-eamt.html</a><br>[1] <a href="https://jool.mx/en/usr-flags-instance.html">https://jool.mx/en/usr-flags-instance.html</a><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Dec 15, 2020 at 3:11 AM Stefan Brudny via Jool-list <<a href="mailto:jool-list@nic.mx">jool-list@nic.mx</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Hi,<div dir="auto"><br></div><div dir="auto">Let's focus on use case.<br><div dir="auto"><br></div><div dir="auto">I am guessing using ipv6 and single address space is an approach to overcome limitation of a monitoring tool. If so, I'd suggest:</div><div dir="auto"><br></div><div dir="auto">* use single ipv6 /48 for all customers. You are not assigning networks, so RIPE doesn't bound you this time. Your monitoring tool may assign any subnet, /96 is fine, for a customer. Jool doesn't need to be aware of that assignment, it's business side, except constructing entries in name spaces. </div><div dir="auto">* use network namespace for each customer translation.</div><div dir="auto">* stateful NAT64 could be used to embed the customer traffic in a namespace</div><div dir="auto">* be ready to master routing in namespaces: what is planned to connect the customers networks? Vlan, gre, openvpn, wireguard? </div><div dir="auto">* do you foresee any services to be exposed (incoming)? If so, some extra DNAT rules are going to be necessary in each namespace. If monitoring tool uses only outgoing, eg Snmp polling, then this is not needed. Beware, this is always tempting to start with one direction, but application grows and using zabbix and / or syslog would change requirements. </div></div><div dir="auto"><br></div>For me such config works fine. <div dir="auto">Br, Stefan<br><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">On Tue, 15 Dec 2020, 09:51 JORDI PALET MARTINEZ via Jool-list, <<a href="mailto:jool-list@nic.mx" target="_blank">jool-list@nic.mx</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Are you serious about the /96 per customer? Maybe I'm missing the context, but you should provide a /48 to each customer! See RIPE-690.<br>
<br>
If I'm getting it correctly, for the multiple instances, you could use namespaces?<br>
<br>
Regards,<br>
Jordi<br>
@jordipalet<br>
<br>
<br>
<br>
El 15/12/20 1:00, "Jool-list en nombre de Art Cancro via Jool-list" <<a href="mailto:jool-list-bounces@nic.mx" rel="noreferrer" target="_blank">jool-list-bounces@nic.mx</a> en nombre de <a href="mailto:jool-list@nic.mx" rel="noreferrer" target="_blank">jool-list@nic.mx</a>> escribió:<br>
<br>
Hello Jool developers and community. First of all, THANK YOU for providing this excellent tool. Using the .deb packages I was able to make it work on the very first try.<br>
<br>
We are looking at the possibility of installing Jool in a service provider environment, to monitor and manage each of our customer IPv4 environments using a single IPv6 network. We would assign each customer a /96 prefix and then the final 32-bits would be their IPv4 networks. Since many customers will have overlapping private IPv4 space, this would allow us to manage them all at the same time without conflict. This would require a Jool instance at the edge of every customer network.<br>
<br>
My question: is there a way to run multiple Jool instances on the same host? The Linux kernel itself supports multiple routing tables. Is Jool capable of installing multiple NAT64/SIIT rules that go to different address spaces?<br>
<br>
Thank you for your consideration, and thank you again for providing such a useful tool.<br>
_______________________________________________<br>
Jool-list mailing list<br>
<a href="mailto:Jool-list@nic.mx" rel="noreferrer" target="_blank">Jool-list@nic.mx</a><br>
<a href="https://mail-lists.nic.mx/listas/listinfo/jool-list" rel="noreferrer noreferrer" target="_blank">https://mail-lists.nic.mx/listas/listinfo/jool-list</a><br>
<br>
<br>
<br>
**********************************************<br>
IPv4 is over<br>
Are you ready for the new Internet ?<br>
<a href="http://www.theipv6company.com" rel="noreferrer noreferrer" target="_blank">http://www.theipv6company.com</a><br>
The IPv6 Company<br>
<br>
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.<br>
<br>
<br>
<br>
_______________________________________________<br>
Jool-list mailing list<br>
<a href="mailto:Jool-list@nic.mx" rel="noreferrer" target="_blank">Jool-list@nic.mx</a><br>
<a href="https://mail-lists.nic.mx/listas/listinfo/jool-list" rel="noreferrer noreferrer" target="_blank">https://mail-lists.nic.mx/listas/listinfo/jool-list</a><br>
</blockquote></div></div></div>
_______________________________________________<br>
Jool-list mailing list<br>
<a href="mailto:Jool-list@nic.mx" target="_blank">Jool-list@nic.mx</a><br>
<a href="https://mail-lists.nic.mx/listas/listinfo/jool-list" rel="noreferrer" target="_blank">https://mail-lists.nic.mx/listas/listinfo/jool-list</a><br>
</blockquote></div>