From 23fa20f73f193818e586fd7979a51c53ea0c7121 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Thu, 21 Feb 2019 08:38:24 +0100 Subject: [PATCH] Plan update --- doc/plan.org | 89 ++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 69 insertions(+), 20 deletions(-) diff --git a/doc/plan.org b/doc/plan.org index 832c3df..8066bb4 100644 --- a/doc/plan.org +++ b/doc/plan.org @@ -1,31 +1,42 @@ * Time table / log -| 2019-02-21 | Kick-Off | -| 2019-02-21 | Clarifications Ueli Maurer (Mentor) | -| 2019-02-22 | Have all papers handed in | -| 2019-02-22 | Have rough definition of tasks | -| 2019-03-01 | Feature list / priority list / roadmap clear | -| 2019-03-08 | NAT46 1:1 table TCP/UDP working | -| 2019-03-15 | NAT46 1:1 table ICMP, ICMPv6 working | -| 2019-03-22 | NAT64 prefix based IPv6->IPv4 conversion | -| 2019-03-29 | NAT64 dynamic pool implementation | -| | | -| 2019-08-05 | Latest start writing documentation | -| 2019-08-21 | hand in thesis | +| 2019-02-21 | Kick-Off | +| 2019-02-21 | Clarifications Ueli Maurer (Mentor) | +| 2019-02-22 | Have all papers handed in | +| 2019-02-22 | Have rough definition of tasks | +| 2019-03-01 | Feature list / priority list / roadmap clear | +| 2019-03-08 | NAT46 1:1 table TCP/UDP working | +| 2019-03-15 | NAT46 1:1 table ICMP, ICMPv6 working | +| | Will need some switch local ip addresses | +| | | +| 2019-03-29 | Jool SIIT / range / offset support https://www.jool.mx/en/run-vanilla.html | +| | Jool EAMT support https://www.jool.mx/en/run-eam.html | +| | Bidirectional support | +| | Will need IPv6 embedding suport https://tools.ietf.org/html/rfc6052 | +| | | +| 2019-04-05 | NAT64 prefix based IPv6->IPv4 conversion [tayga] | +| | Use case: IPv6 hosts send to specific /96 | +| | | +| 2019-04-12 | NAT64 dynamic pool implementation: n:m ipv6 to ipv4 mapping | +| | And n:1 stateful mappings https://www.jool.mx/en/run-nat64.html | +| | | +| 2019-08-05 | Latest start writing documentation | +| 2019-08-21 | hand in thesis | * Topics / Tasks ** Admin +*** DONE Clarify PDF / form with Denise Spicher: free form description *** TODO Create task description to be handed in mystudies +*** DONE Create list of tasks / initial brainstorming *** TODO Get OK from Ueli Maurer that thesis is valid in Information Security Area -*** TODO Create list of tasks / initial brainstorming *** TODO Find out how-when-whom-where to meet / define schedule *** TODO Latex and/or org-mode for the thesis? *** TODO Add initial milestones **** 180d plan **** 25w ** Thesis implementation -*** TODO Get feature list of jool -*** TODO Get feature list of tayga -*** TODO Setup P4 base / structure *** DONE Setup test VM for P4: 2a0a:e5c0:2:12:400:f0ff:fea9:c3e3 +*** DONE Get feature list of jool +*** DONE Get feature list of tayga +*** TODO Setup P4 base / structure *** TODO Setup test VM [dual stack] for Jool: *** TODO Setup test VM [dual stack] for tayga: *** NAT64/NAT46 Features in jool and tayga @@ -34,15 +45,52 @@ ***** ICMP <-> ICMPv6 **** TODO Stateless Prefix based NAT64: IPv6 to IPv4 translation prefix based ***** Allows IPv6 hosts to reach the IPv4 Internet +**** See time table above *** Additional features queue (to be discussed) -**** TODO Offset based translation (v4->v6) +**** TODO Offset based translation (v4->v6) -> same as range (?) +**** ** Thesis documentation *** Motivation TBD +*** Translation mechanisms + - v4 to v6 / vice versa + - Stateful / stateless + - static / dynamic +**** Explicit Address Mappings Table (EAMT) + Range based mapping tables + See https://www.jool.mx/en/eamt.html, + https://tools.ietf.org/html/rfc7757 + *** Current state of the art tayga/jool TBD **** Tayga + - Single threaded + - Multi threaded work started due to initiative of ungleich / + Chrisrock [IPv6.chat] **** Jool + - EAMT bidirectional only (!) + +IPtables interaction + +``` + +user@T:~# # Create a Jool iptables instance named "example." +user@T:~# # Also, establish that the IPv6 representation of any IPv4 address should be +user@T:~# # `2001:db8::`. (See sections below for examples.) +user@T:~# jool_siit instance add "example" --iptables --pool6 2001:db8::/96 +user@T:~# +user@T:~# # Tell iptables which traffic should be handled by our newly-created instance: +user@T:~# +user@T:~# # IPv6: only packets from 2001:db8::198.51.100.8/125 to 2001:db8::192.0.2 +user@T:~# ip6tables -t mangle -A PREROUTING \ +> -s 2001:db8::198.51.100.8/125 -d 2001:db8::192.0.2.0/120 \ +> -j JOOL_SIIT --instance "example" +user@T:~# # IPv4: Only packets from 192.0.2 to 198.51.100.8/29 +user@T:~# iptables -t mangle -A PREROUTING \ +> -s 192.0.2.0/24 -d 198.51.100.8/29 \ +> -j JOOL_SIIT --instance "example" +``` +5656 **** Cisco (?) *** P4 based implementation TBD @@ -53,9 +101,10 @@ **** Not included - DNS64 - has already been solved in a different domain *** References / Follow up -**** RFC 6052 -**** RFC 6586 for deployment experiences using Stateful NAT64. - +**** RFC 6052: https://tools.ietf.org/html/rfc6052 IPv6 Addressing of IPv4/IPv6 Translators +**** RFC 6586 for deployment experiences using Stateful NAT64. +**** RFC 7757 Explicit Address Mappings for Stateless IP/ICMP Translation +**** EAMT/Jool: https://www.jool.mx/en/eamt.html * Proposal / task description ** Task description for mystudies *** High speed NAT64 with P4