Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

T160: add NAT64 #2578

Merged
merged 2 commits into from
Dec 7, 2023
Merged

T160: add NAT64 #2578

merged 2 commits into from
Dec 7, 2023

Conversation

sever-sever
Copy link
Member

@sever-sever sever-sever commented Dec 6, 2023
edited
Loading

Change Summary

Add NAT64 feature

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes)
  • Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
  • Other (please describe):

Related Task(s)

Related PR(s)

Component(s) name

Proposed changes

How to test

Add a separate address 192.168.122.10, only for nat64 translations
NAT64-server

set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth0 address '192.168.122.10/24'
set interfaces ethernet eth2 address '2001:db8::1/64'

set nat64 source rule 100 source prefix '64:ff9b::/96'
set nat64 source rule 100 translation pool 10 address '192.168.122.10'
set nat64 source rule 100 translation pool 10 port '1-65535'

Check Jool instance:

vyos@r4# sudo jool instance display
+--------------------+-----------------+-----------+
|          Namespace |            Name | Framework |
+--------------------+-----------------+-----------+
|           bf9ee1c0 |    instance-100 | netfilter |
+--------------------+-----------------+-----------+
[edit]
vyos@r4#

Check Jool config instance

vyos@r4# cat /run/jool/instance-100.json 
{
  "instance": "instance-100",
  "framework": "netfilter",
  "global": {
    "pool6": "64:ff9b::/96",
    "manually-enabled": true
  },
  "pool4": [
    {
      "protocol": "TCP",
      "prefix": "192.168.122.10",
      "port range": "1-65535"
    },
    {
      "protocol": "UDP",
      "prefix": "192.168.122.10",
      "port range": "1-65535"
    },
    {
      "protocol": "ICMP",
      "prefix": "192.168.122.10",
      "port range": "1-65535"
    }
  ]
}[edit]
vyos@r4#

From the IPv6 only host 2001:db8::2 try to ping IPv4 hosts:

vyos@r12:~$ show int
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
eth0             -                                 u/u  
eth1             2001:db8::2/64                    u/u  
lo               127.0.0.1/8                       u/u  
                 ::1/128
vyos@r12:~$ 
vyos@r12:~$ show ipv6 route 
S>* ::/0 [1/0] via 2001:db8::1, eth1, 00:20:30
C>* 2001:db8::/64 is directly connected, eth1, 00:20:31
vyos@r12:~$ 
vyos@r12:~$ 
vyos@r12:~$ 
vyos@r12:~$ ping 64:ff9b::1.1.1.1 count 2
PING 64:ff9b::1.1.1.1(64:ff9b::101:101) 56 data bytes
64 bytes from 64:ff9b::101:101: icmp_seq=1 ttl=58 time=20.0 ms
64 bytes from 64:ff9b::101:101: icmp_seq=2 ttl=58 time=20.0 ms

--- 64:ff9b::1.1.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 20.087/20.090/20.093/0.003 ms
vyos@r12:~$

DUMP from the NAT64 host:

vyos@r4# sudo tcpdump -nti eth0 host 1.1.1.1
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
IP 192.168.122.10 > 1.1.1.1: ICMP echo request, id 28656, seq 1, length 64
IP 1.1.1.1 > 192.168.122.10: ICMP echo reply, id 28656, seq 1, length 64
IP 192.168.122.10 > 1.1.1.1: ICMP echo request, id 28656, seq 2, length 64
IP 1.1.1.1 > 192.168.122.10: ICMP echo reply, id 28656, seq 2, length 64

Smoketest result

vyos@r4:~$ /usr/libexec/vyos/tests/smoke/cli/test_nat64.py
test_snat64 (__main__.TestNAT64.test_snat64) ... ok

----------------------------------------------------------------------
Ran 1 test in 3.679s

OK
vyos@r4:~$

Checklist:

  • I have read the CONTRIBUTING document
  • I have linked this PR to one or more Phabricator Task(s)
  • I have run the components SMOKETESTS if applicable
  • My commit headlines contain a valid Task id
  • My change requires a change to the documentation
  • I have updated the documentation accordingly

@vyosbot vyosbot requested a review from a team December 6, 2023 07:25
@vyosbot vyosbot requested review from dmbaturin, sarthurdev, zdc, jestabro and c-po and removed request for a team December 6, 2023 07:25
This was referenced Dec 6, 2023
Closed
Closed
@sever-sever sever-sever force-pushed the nat64 branch 3 times, most recently from 74650ae to 5a844b9 Compare December 6, 2023 08:34
@sever-sever
T160: Rebase and fixes for NAT64
336bb5a 
 - Update the base (rebase)
 - Move include/nat64-protocol.xml.i => include/nat64/protocol.xml.i
 - Delete unwanted `write_json`, use `write_file` instead
 - Remove unnecessary deleting of default values for tagNodes T2665
 - Add smoketest

Example:
```
set interfaces ethernet eth0 address '192.168.122.14/24'
set interfaces ethernet eth0 address '192.168.122.10/24'
set interfaces ethernet eth2 address '2001:db8::1/64'

set nat64 source rule 100 source prefix '64:ff9b::/96'
set nat64 source rule 100 translation pool 10 address '192.168.122.10'
set nat64 source rule 100 translation pool 10 port '1-65535'
```
@sever-sever sever-sever merged commit 18ee242 into vyos:current Dec 7, 2023
@sever-sever
Copy link
Member Author

@Mergifyio backport sagitta

@mergify Mergify
Copy link
Contributor

mergify bot commented Dec 7, 2023
edited
Loading

backport sagitta

✅ Backports have been created

@mergify mergify bot mentioned this pull request Dec 7, 2023
Merged
sever-sever added a commit that referenced this pull request Dec 8, 2023
@sever-sever
Merge pull request #2581 from vyos/mergify/bp/sagitta/pr-2578
bcf6edc 
T160: add NAT64  (backport #2578)
@sever-sever sever-sever mentioned this pull request Dec 8, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dmbaturin dmbaturin dmbaturin approved these changes

@c-po c-po c-po approved these changes

@sarthurdev sarthurdev Awaiting requested review from sarthurdev sarthurdev is a code owner automatically assigned from vyos/reviewers

@zdc zdc Awaiting requested review from zdc zdc is a code owner automatically assigned from vyos/reviewers

@jestabro jestabro Awaiting requested review from jestabro jestabro is a code owner automatically assigned from vyos/reviewers

Assignees

@sever-sever sever-sever

Labels
current
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sever-sever @dmbaturin @c-po @frebib