[Jool-list] Active-active NAT64

Alberto Leiva ydahhrk at gmail.com
Tue Dec 3 11:44:26 CST 2019 

> a follow up from the recent joold discussion: how would one run
> active-active NAT64 with jool? We would like to get rid of keepalived in
> our setup and so far we decided to statically assign the routing IPs to
> both routers.

ss-enabled: true
ss-flush-asap: true
ss-flush-deadline: default is fine
ss-capacity: default is fine
ss-max-payload: <MTU of the link the translators are using to share traffic>

> What I'd assume joold could do is basically asking the other side, if it
> already has a session (if no entry is in the local table) and then
> create an entry on both sides, if there isn't.

The current implementation works the opposite way: Every time one of
the translator updates a session, it multicasts this change to let the
other translators know. There are no requests; only pushes.

Of course, this only works if this multicast traffic is reliably
faster than the normal (translating) traffic. If the normal traffic is
faster, all translators risk working with stale data.

I think the approach you're describing is somewhat more reliable, but
also substantially slower and not completely free from synchronization
issues. Suppose you have translators A and B, and both receive packets
from a stream from N6 (port 1234) to N4 (port 80):

1. A receives the first packet of the N6#1234 -> 64:ff9b::N4#80
stream. A asks "Who has a session for this packet?"
2. B receives the second packet of the N6#1234 -> 64:ff9b::N4#80
stream. B asks "Who has a session for this packet?"
3. A responds "I don't."
4. B responds "I don't."
5. A creates session entry N6#1234 | 64:ff9b::N4#80 | A#5678 | N4#80
6. B creates session entry N6#1234 | 64:ff9b::N4#80 | A#9123 | N4#80

As you can see, we just created a conflict.

The way I see it, active-active session synchronization is an
unsolvable problem, which is why I was honestly thinking about
removing it.

On Tue, Dec 3, 2019 at 11:10 AM Nico Schottelius
<nico.schottelius at ungleich.ch> wrote:
>
>
> Hello everyone,
>
> a follow up from the recent joold discussion: how would one run
> active-active NAT64 with jool? We would like to get rid of keepalived in
> our setup and so far we decided to statically assign the routing IPs to
> both routers.
>
> This way, if either of them goes down, the other one directly takes over
> the traffic.
>
> However, with NAT64, we will need to have the session table also
> synchronised at all times.
>
> What I'd assume joold could do is basically asking the other side, if it
> already has a session (if no entry is in the local table) and then
> create an entry on both sides, if there isn't.
>
> Is this something you have done already or is this a totally new topic
> in joold?
>
> Looking forward to hearing your opinions,
>
> Nico
>
>
>
> --
> Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch
> _______________________________________________
> Jool-list mailing list
> Jool-list at nic.mx
> https://mail-lists.nic.mx/listas/listinfo/jool-list

More information about the Jool-list mailing list