[Jool-list] [SOLVED] RE: Proxy DNP with Jool? [EXTERNAL]

Art Cancro Art.Cancro at tierpoint.com
Mon Nov 15 14:06:41 CST 2021 

For those interested, I have solved the problem.  To clarify, I have a gateway that is on a /64 network, and I would like to lay claim to a 2^32 range of addresses on the *same* network to run NAT64 mapping.  The objective here is to avoid requiring the network operator to route a separate /96 or larger block to my gateway.  The routing method is how we do it in our data centers, but this is for a lab environment where environments frequently come and go.

Anyway, the trick is to use NDPPD [https://github.com/DanielAdolfsson/ndppd] which is already present in the Debian/Ubuntu repositories so it was really easy to get running.   On a gateway host whose external IPv6 address is on a network 2600:2c03:1000:92::/64, I have laid claim to a block of addreses in the 2600:2c03:1000:0092:d389:4414::/96 range (but it's not an actual /96 subnet, it's just 2^32 addresses) and /etc/ndppd.conf looks like this:

proxy ens192 {
        rule 2600:2c03:1000:0092:d389:4414::/96 {
                static;
        }
}

Then we just do "jool instance add --netfilter --pool6 2600:2c03:1000:0092:d389:4414::/96" and we are done.

ndppd will make the host answer an NDP query for any address in that range, and then Jool maps the received traffic to IPv4 on another interface.  Again, we are *not* carving up our /64 into smaller /96 blocks.  We are simply consuming 2^32 addresses within that /64.

I understand this is not the all-around best solution.  When I have control of both ends of the link and it is in a long-term-stable configuration, I'll do the routing.  But if you don't have the ability to ask someone to route another block to you, this method gets it done, and is a beautiful companion to Jool.

  -- Art



-----Original Message-----
From: Michael Richardson <mcr at sandelman.ca> 
Sent: Wednesday, October 27, 2021 10:48 AM
To: Art Cancro <Art.Cancro at tierpoint.com>
Cc: jool-list at nic.mx
Subject: Re: [Jool-list] Proxy DNP with Jool? [EXTERNAL]


Art Cancro via Jool-list <jool-list at nic.mx> wrote:
    > Right now, we have things set up so that we route an assigned /96 block
    > to the NAT64 gateway.  Now, I am wondering, is it possible to get Jool
    > to answer IPv6 Neighbor Solicitations for the entire block?

It sounds like you've used a /96 block on which you have other hosts.
Don't do that.
IPv6 allocations should be large enough so that it doesn't matter.

I allocate the "zeroth" network in my /56, /48 or /44 blocks (depending upon site).  So, 2001:db8:0:0000::/64, 2001:db8:0:0000::/56, etc.
I put the /96 in that block.
I also use this to /128 number all my routers as their router-ID.
I also use this for a /128 for the internal anycast of my DNS servers, which is communicated by OSPF.
(where I run a network big enough for OSPF. For small installation, static routing)

    > Obviously we can do "ip neigh add proxy xxxx::xxxx dev eth0" for
    > *individual* hosts, but I would like the gateway to answer neighbor
    > solicitations for all 2^32 potential addresses in the pool.   Does Jool
    > offer any provision for doing something like this?  If not, where in
    > the code might I start looking to add it?

You have IPv4 think :-)

More information about the Jool-list mailing list