[Jool-list] Trying to route local traffic via SIIT instance
Nico Schottelius
nico.schottelius at ungleich.ch
Thu Jul 2 11:26:13 CDT 2020
Hey Alberto,
I'd argue that NAT64 should be the first, as it can enable v4 on a host
without having another network routed. I.e. the following test case
could work:
[ v4 only app ]
10.x.x.x/8
|
[ v6 only host ] -----> [ the-world-via-ipv6 ]
map to its
own IPv6 address for
source, destination from a known
NAT64
Just my 2 rappen, interested in hearing other opinons!
Cheers,
Nico
Alberto Leiva <ydahhrk at gmail.com> writes:
>> I think that this (Jool in private network namespace) just needs a slightly
>> better documented set of examples. Maybe some python that knows how to do all the
>> right system calls directly.
>
> Ok, I can give it a shot. (Just let me finish the 4.1.1 release
> first.) Which would you prefer: SIIT or NAT64?
>
>> (I still haven't been able to get Jool in netfilter mode to work so that
>> I can split traffic according to IPv6 origin between instances.
>> So I use the iptables method for now)
>
> Same question: SIIT or NAT64?
>
> On Tue, Jun 30, 2020 at 7:57 PM Michael Richardson <mcr at sandelman.ca> wrote:
>>
>>
>> Tore Anderson via Jool-list <jool-list at nic.mx> wrote:
>> > clatd predates Jool, or at least the necessary SIIT bits within Jool.
>> > If I was to re-implement clatd today, I would do it using Jool as the
>> > translation engine instead of TAYGA. As Alberto has pointed out
>> > already, you can do this with Jool no problem.
>>
>> > All you need to do is to enclose Jool in a private network namespace.
>> > Then you point the IPv4 default route to the veth device connecting to
>> > the Jool network namespace (in exactly the same manner that clatd
>> > points the IPv4 default route to the tun device connecting to the TAYGA
>> > process).
>>
>> I think that this (Jool in private network namespace) just needs a slightly
>> better documented set of examples. Maybe some python that knows how to do all the
>> right system calls directly. I was certainly... UGH... do I want to try.?
>>
>> (I still haven't been able to get Jool in netfilter mode to work so that
>> I can split traffic according to IPv6 origin between instances.
>> So I use the iptables method for now)
>>
>> If it gets into upstream nftables... woohoo. That would be awesome.
>> openwrt is moving to nftables sometime this year too.
>> Combine Jool+openwrt and draft-ietf-6man-v6only DHCP flag, and many places
>> could start to shed NAT44 quite easily... hmm. Seeing ungleigh on the
>> CC... I imagine Jool is in your VoCore IPv6 router? Looking forward to
>> receiving mine.
>>
>> {and many thanks for this work}
>>
>>
>> --
>> ] Never tell me the odds! | ipv6 mesh networks [
>> ] Michael Richardson, Sandelman Software Works | IoT architect [
>> ] mcr at sandelman.ca http://www.sandelman.ca/ | ruby on rails [
>>
--
Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch
More information about the Jool-list
mailing list