master-thesis/doc/plan.org
2019-03-06 17:37:30 +01:00

49 KiB
Raw Blame History

Time table / log

When? What? Notes
2019-02-21 Kick-Off x
Finish all admin points x
Know when/how to coordinate x
2019-02-21 Clarifications Ueli Maurer (Mentor) x
Write mail / phone x
2019-02-22 Have all papers handed in
2019-02-22 Have rough definition of tasks x
2019-02-23 python2 / ipaddress is buggy x
p4utils is python2 only support
bmpy_utils is not installable with pip
python2 / latest ipaddress==1.0.22 still has the bug
ipaddress.ip_network("2001:db8:61::/64")
IPv6Network(u'3230:3031:3a64:6238:3a36:313a:3a2f:3634/128')
egress routing x
2019-02-24 non reliable neighbor entries / flushing addresses puts into failed
2019-02-28 Meet Laurent #2
- Status
* Setup base code
* Parser for all protocols (udp,tcp,icmp,icmp6)
* Started with icmp translation
* Investigating into IPv6 based checksums
* Reading into various RFCs, NDP, MLD
* Reading about multicast / trying to figure out dynamic membership
- Challenges
* Some issues with python2 (ipaddr) - slowing down x
https://github.com/phihag/ipaddress/issues/46
* Forwarded and received icmp6 packets are not "accepted"
- Questions
* Multicast: in controller x
* Re-using code (lee howard) -> ok & mention x
* A lot of redundant code / different tables / repeating: use if's x
* 65k parsing is insane x
- Next steps:
* Supporting MLD
* Save stuff in the controller
* checkout ipaddr bug / status
* Variable length / icmp6 in the controller
* Go simple…
* Meeting Edgar & Alexander week after
* Summary on Slack
* 1130 meeting now
2019-03-01 Feature list / priority list / roadmap clear x
Joining P4 Slack
2019-03-03 icmp6 revised:
- add address to table for forwarding to controller x
- select correct format for forwarding
- decode in controller
- send back to switch
- test with host
2019-03-06 Meet Laurent #3
- Checksum's in scapy x
- Python2 ipaddress fix (import future) x
- Added custom package format / additional information in packet x
- (partial) NDP working in controller x
- P4 checksum_with_payload x
- Reading scapy / inet6 x
- Further checksum tests -> required everywhere in IPv6 x
- icmp6 echo request working in controller x
- Hosts can ping6 the switch x
- Ran into P4 casting bug: https://github.com/p4lang/p4c/issues/1765 x
-> seems to be more than just casting bug x
- Default route for ipv6 hosts x
Next target:
- Focus on enabling the "Internet" with ICMP6 translation x
Next steps:
- Investigate again into checksumming with payload in P4 x
- Answering icmp6 echo request in in the switch x
- Translate icmp6 to icmp x
- Translate icmp to icmp6
- Multiple branches: x
* Work on checksumming / p4 x
* Work on metadata passing / p4 x
* Work on static mapping (w/ incorrect checksum) 1:1
* v1model/
Notes:
* Edgar back on Friday // check tofino checksumming
* Bugs mentioning in thesis
* Maybe run static mapping on tofino / p4_14
* Tofino p4_16: alpha compiler
* Send recap / mail next week
* week after 1130 Thursday
2019-03-08 NAT64 1:1 table ICMP, ICMPv6 working
Will need some switch local ip addresses
2019-03-15 NAT64 1:1 table TCP/UDP working
2019-03-29 Jool SIIT / range / offset support https://www.jool.mx/en/run-vanilla.html
Jool EAMT support https://www.jool.mx/en/run-eam.html
Bidirectional support
Will need IPv6 embedding suport https://tools.ietf.org/html/rfc6052
2019-04-05 NAT64 prefix based IPv6->IPv4 conversion [tayga]
Use case: IPv6 hosts send to specific /96
2019-04-19 NAT64 dynamic pool implementation: n:m ipv6 to ipv4 mapping
And n:1 stateful mappings https://www.jool.mx/en/run-nat64.html
Needs active controller
Needs timeout / leases
2019-05-10 Benmarking results between P4, Jool, Tayga
Real hardware of advantage
2019-08-01 Latest start writing documentation
2019-08-21 hand in thesis

Topics / Tasks

Admin

DONE Clarify PDF / form with Denise Spicher: free form description

TODO Create task description to be handed in mystudies

DONE Create list of tasks / initial brainstorming

TODO Get OK from Ueli Maurer that thesis is valid in Information Security Area

TODO Find out how-when-whom-where to meet / define schedule

TODO Latex and/or org-mode for the thesis?

TODO Add initial milestones

180d plan
25w

Thesis implementation

DONE Setup test VM for P4: 2a0a:e5c0:2:12:400:f0ff:fea9:c3e3

DONE Get feature list of jool

DONE Get feature list of tayga

DONE Setup P4 base / structure

DONE Create minimal controller for populating tables

DONE Checkout / review egress settings

TODO Implement ICMP <-> ICMP6 translation

DONE Parse icmp
DONE Parse icmpv6
DONE Add (static) egress configuration
DONE Calculate ICMP6 checksums in controller
Need to include the payload!?!!
DONE Implement minimal neighbor discovery in controller
DONE For the switch
DONE Register IPv6 address in table
DONE Parse ICMPv6 up to neighbor solicitation -> no: checksum problem
DONE Use NDP (Neighbor Solicitation (NDP) , Neighbor Advertisement (NDP)) -> no: controller
Approach 2: use cpu header, forward information to controller
DONE Fix the ip address match/mapping: 42 -> 2a -> use hex originally
DONE Find out why wrong type is used -> overlapping with NDP

DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> p=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:cpu = <CpuHeader task=DEBUG ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> DEBUG:main:Debug purpose only DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> p=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:cpu = <CpuHeader task=DEBUG ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> DEBUG:main:Debug purpose only DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> p=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:cpu = <CpuHeader task=DEBUG ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> DEBUG:main:Debug purpose only

Disable debug by default -> gives correct packets

DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x01\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:cpu = <CpuHeader task=ICMP6_NS ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> DEBUG:main:Doing neighbor solicitation DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x01\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:cpu = <CpuHeader task=ICMP6_NS ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> DEBUG:main:Doing neighbor solicitation DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x01\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:cpu = <CpuHeader task=ICMP6_NS ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>> DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> DEBUG:main:Doing neighbor solicitation

DONE For other nodes -> multicast
TODO Maybe implement link local addresses (missing at the moment)
ff02::/??
rfc4861

"Neighbor Solicitation messages are multicast to the solicited-node multicast address of the target address."

DONE multicasting / groups
create a group ("node") that contains "all other" ports
create a multicast group with an ID
associate the "node" with the multicast group ID
If destination is within ff02::1:ff00:0/104, multicast
DONE Make switch answer icmp6 echo request for
TODO Make switch answer icmp echo request for
TODO Introduce mixed mode: switch: icmp6 echo reply, controller: NDP
TODO try 1: reply seen, but checksum is incorrect
DONE Add default route for v6 hosts

p4@ubuntu:~/master-thesis$ mx h1 ip -6 r sudo: unable to resolve host ubuntu 2001:db8::/64 dev h1-eth0 proto kernel metric 256 pref medium fe80::/64 dev h1-eth0 proto kernel metric 256 pref medium default via 2001:db8::42 dev h1-eth0 metric 1024 pref medium p4@ubuntu:~/master-thesis$

TODO Add default route for v4 hosts
TODO Translate ipv6 > ipv4 with a (freely programmable) prefix
TODO Insert prefix into switch
TODO Implement the calculation
TODO Sketch the flow for session handling for icmp6 w/o packet loss
  • switch receives icmp6 packet for known prefix
  • controller needs to create session entry (?)
TODO Translate icmp <-> icmp6
TODO Create table entry for mapping v4->v6 [net]
TODO Create table entry for mapping v6->v4 [net]

TODO Setup test VM [dual stack] for Jool:

TODO Setup test VM [dual stack] for tayga:

NAT64/NAT46 Features in jool and tayga

TODO Static 1:1 NAT46: translate from IPv4 to IPv6 with a table
TODO TCP
TODO UDP
TODO ICMP <-> ICMPv6
TODO Stateless Prefix based NAT64: IPv6 to IPv4 translation prefix based
Allows IPv6 hosts to reach the IPv4 Internet
See time table above

Additional features queue (to be discussed)

TODO Offset based translation (v4->v6) -> same as range (?)
TODO IP address learning (v6/v4) for real life switch? How do hosts find it?

Thesis documentation

Motivation

TBD

Translation mechanisms

  • v4 to v6 / vice versa
  • Stateful / stateless
  • static / dynamic
Explicit Address Mappings Table (EAMT)

Current state of the art tayga/jool

TBD

Tayga
  • Single threaded
  • Multi threaded work started due to initiative of ungleich / Chrisrock [IPv6.chat]
Jool
  • EAMT bidirectional only (!)

IPtables interaction

```

user@T:~# # Create a Jool iptables instance named "example." user@T:~# # Also, establish that the IPv6 representation of any IPv4 address should be user@T:~# # `2001:db8::<IPv4 address>`. (See sections below for examples.) user@T:~# jool_siit instance add "example" iptables pool6 2001:db8::/96 user@T:~# user@T:~# # Tell iptables which traffic should be handled by our newly-created instance: user@T:~# user@T:~# # IPv6: only packets from 2001:db8::198.51.100.8/125 to 2001:db8::192.0.2 user@T:~# ip6tables -t mangle -A PREROUTING \ > -s 2001:db8::198.51.100.8/125 -d 2001:db8::192.0.2.0/120 \ > -j JOOL_SIIT instance "example" user@T:~# # IPv4: Only packets from 192.0.2 to 198.51.100.8/29 user@T:~# iptables -t mangle -A PREROUTING \ > -s 192.0.2.0/24 -d 198.51.100.8/29 \ > -j JOOL_SIIT instance "example" ``` 5656

Cisco (?)

P4 based implementation

TBD

General
  • IPv6 subnet 2001:db8::/32
  • IPv6 hosts are in 2001:db8:6::/64
  • IPv6 default router (::/0) is 2001:db8:6::42/64
  • IPv4 mapped Internet "NAT64 prefix" 2001:db8:4444::/96 (should go into a table)
  • IPv4 hosts are in 10.0.4.0/24
  • IPv6 in IPv4 mapped hosts are in 10.0.6.0/24
  • IPv4 default router = 10.0.0.42
Neighbor discover protocol
Initial log
  • Matching on prefix & ingress port, setting multicast

Being forwarded:

p4@ubuntu:~/master-thesis$ mx h1 tcpdump -ni h1-eth0 sudo: unable to resolve host ubuntu tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes ^C14:59:22.871803 IP6 2001:db8:62::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:db8:62::2, length 32 14:59:23.863913 IP6 2001:db8:62::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:db8:62::2, length 32 14:59:24.864033 IP6 2001:db8:62::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:db8:62::2, length 32

3 packets captured 3 packets received by filter 0 packets dropped by kernel

But no answer yet!

root@ubuntu:~/master-thesis/p4app# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: h1-eth0@if123: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9500 qdisc netem state UP group default qlen 1000 link/ether 00:00:0a:00:00:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet6 2001:db8:62::2/64 scope global valid_lft forever preferred_lft forever inet6 2001:db8:61::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::200:aff:fe00:1/64 scope link valid_lft forever preferred_lft forever root@ubuntu:~/master-thesis/p4app#

Link local communication does not work:

root@ubuntu:~/master-thesis/p4app# ping6 -c1 fe80::200:aff:fe00:2%h1-eth0 PING fe80::200:aff:fe00:2%h1-eth0(fe80::200:aff:fe00:2) 56 data bytes From fe80::200:aff:fe00:1 icmp_seq=1 Destination unreachable: Address unreachable

— fe80::200:aff:fe00:2%h1-eth0 ping statistics — 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

root@ubuntu:~/master-thesis/p4app#

Packet is received on the other host, but not answered. Why?

Real trace from my network:

18:48:17.008524 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > ff02::1:ffb7:e225: ICMP6, neighbor solicitation, who has 2a0a:e5c1:111:111:1016:3c5a:38b7:e225, length 32 18:48:18.015016 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > ff02::1:ffb7:e225: ICMP6, neighbor solicitation, who has 2a0a:e5c1:111:111:1016:3c5a:38b7:e225, length 32 18:48:18.031165 IP6 2a0a:e5c1:111:111:1016:3c5a:38b7:e225 > 2a0a:e5c1:111:111:eb7:ffdb:e245:f712: ICMP6, neighbor advertisement, tgt is 2a0a:e5c1:111:111:1016:3c5a:38b7:e225, length 32 18:48:18.031236 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > 2a0a:e5c1:111:111:1016:3c5a:38b7:e225: ICMP6, echo request, seq 1, length 64 18:48:18.031267 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > 2a0a:e5c1:111:111:1016:3c5a:38b7:e225: ICMP6, echo request, seq 2, length 64 18:48:18.131709 IP6 2a0a:e5c1:111:111:1016:3c5a:38b7:e225 > 2a0a:e5c1:111:111:eb7:ffdb:e245:f712: ICMP6, echo reply, seq 1, length 64 18:48:18.131732 IP6 2a0a:e5c1:111:111:1016:3c5a:38b7:e225 > 2a0a:e5c1:111:111:eb7:ffdb:e245:f712: ICMP6, echo reply, seq 2, length 64

root@ubuntu:~/master-thesis/p4app# cat /proc/sys/net/ipv6/conf/*/disable_ipv6 1 1 0 0 root@ubuntu:~/master-thesis/p4app# root@ubuntu:~/master-thesis/p4app# ls -1 /proc/sys/net/ipv6/conf/*/disable_ipv6 /proc/sys/net/ipv6/conf/all/disable_ipv6 /proc/sys/net/ipv6/conf/default/disable_ipv6 /proc/sys/net/ipv6/conf/h1-eth0/disable_ipv6 /proc/sys/net/ipv6/conf/lo/disable_ipv6 root@ubuntu:~/master-thesis/p4app#

Works on mininet

mininet> h2 bash root@line:~# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: h2-eth0@if93: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 32:0e:1e:bf:3c:4b brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.0.0.2/8 brd 10.255.255.255 scope global h2-eth0 valid_lft forever preferred_lft forever inet6 fe80::300e:1eff:febf:3c4b/64 scope link valid_lft forever preferred_lft forever root@line:~# ip addr add 2001:db8:61::42/64 dev h2-eth0 root@line:~# ^Dexit mininet> h1 bash root@line:~# ip addr add 2001:db8:61::42/64^[[D^[[D^?^?^?^?^?^?^?^?^?^?^?^C^C root@line:~# ^Dexit mininet> h1 ip addr add 2001:db8:61::2/64 dev h1-eth0 mininet> h2 ping6 -c2 2001:db8:61::2 PING 2001:db8:61::2(2001:db8:61::2) 56 data bytes 64 bytes from 2001:db8:61::2: icmp_seq=1 ttl=64 time=0.230 ms 64 bytes from 2001:db8:61::2: icmp_seq=2 ttl=64 time=0.138 ms

— 2001:db8:61::2 ping statistics — 2 packets transmitted, 2 received, 0% packet loss, time 1018ms rtt min/avg/max/mdev = 0.138/0.184/0.230/0.046 ms mininet>

mininet on VM also works

mininet> h1 ip addr add 2001:db8:61::1/64 dev h1-eth0 mininet> h2 ip addr add 2001:db8:61::2/64 dev h2-eth0 mininet> h2 ping6 -c2 2001:db8:61::2 PING 2001:db8:61::2(2001:db8:61::2) 56 data bytes 64 bytes from 2001:db8:61::2: icmp_seq=1 ttl=64 time=0.053 ms 64 bytes from 2001:db8:61::2: icmp_seq=2 ttl=64 time=0.082 ms

— 2001:db8:61::2 ping statistics — 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.053/0.067/0.082/0.016 ms mininet>

WORKING trace on mininet on the VM

19:38:49.852088 IP6 2001:db8:61::2 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:db8:61::1, length 32 19:38:49.852144 IP6 2001:db8:61::1 > 2001:db8:61::2: ICMP6, neighbor advertisement, tgt is 2001:db8:61::1, length 32 19:38:49.852163 IP6 2001:db8:61::2 > 2001:db8:61::1: ICMP6, echo request, seq 1, length 64 19:38:49.852176 IP6 2001:db8:61::1 > 2001:db8:61::2: ICMP6, echo reply, seq 1, length 64

checking ipv6 in p4-utils

p4@ubuntu:~/p4-utils$ grep -ri ipv6 . ./p4utils/mininetlib/p4_mininet.py: # disable IPv6 ./p4utils/mininetlib/p4_mininet.py: self.cmd("sysctl -w net.ipv6.conf.all.disable_ipv6=1") ./p4utils/mininetlib/p4_mininet.py: self.cmd("sysctl -w net.ipv6.conf.default.disable_ipv6=1") ./p4utils/mininetlib/p4_mininet.py: self.cmd("sysctl -w net.ipv6.conf.lo.disable_ipv6=1") ./p4utils/mininetlib/p4net.py: #remove Ipv6 for all the interfaces ./p4utils/mininetlib/p4net.py: cmd2 = "sysctl net.ipv6.conf.{0}.disable_ipv6=1" ./p4utils/mininetlib/p4net.py: #remove ipv6 Binary file ./p4utils/mininetlib/p4_mininet.pyc matches Binary file ./p4utils/mininetlib/p4net.pyc matches Binary file ./p4utils/utils/runtime_API.pyc matches ./p4utils/utils/runtime_API.py:class UIn_BadIPv6Error(UIn_Error): ./p4utils/utils/runtime_API.py:def ipv6Addr_to_bytes(addr): ./p4utils/utils/runtime_API.py: from ipaddr import IPv6Address ./p4utils/utils/runtime_API.py: ip = IPv6Address(addr) ./p4utils/utils/runtime_API.py: raise UIn_BadIPv6Error() ./p4utils/utils/runtime_API.py: raise UIn_BadIPv6Error() ./p4utils/utils/runtime_API.py: return ipv6Addr_to_bytes(input_str) ./p4utils/utils/runtime_API.py: except UIn_BadIPv6Error: ./p4utils/utils/runtime_API.py: raise UIn_BadParamError("Invalid IPv6 address") p4@ubuntu:~/p4-utils$

Messages we see in the controller on startup

DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=:: dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6d6d reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:01:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=36 nh=Hop-by-Hop Option Header hlim=1 src=fe80::201:aff:fe00:2 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6604 reserved=0 records_number=1 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>] |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=36 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:1 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6607 reserved=0 records_number=1 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 |>] |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=:: dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6d6d reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=36 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:1 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6607 reserved=0 records_number=1 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 |>] |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:2 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x63ea reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:2 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72d res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:02 |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:2 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x63ea reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:2 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72d res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:02 |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:2 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72d res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:02 |>>>>

Ignored ICMPv6 packets

We are not using router advertisements, so we ignore RS packets DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>

Double table entries due to collision
  • NDP: last 24 bit
  • Switch has same ending address in different networks -> equal last 24 bit
  • results in trying to add multicast address multiple times

Adding entry to exact match table v6_addresses match key: EXACT-ff:02:00:00:00:00:00:00:00:00:00:01:ff:00:00:42 action: controller_reply runtime data: 00:01 Invalid table operation (DUPLICATE_ENTRY) Adding entry to exact match table v6_addresses match key: EXACT-ff:02:00:00:00:00:00:00:00:00:00:01:ff:00:00:43 action: controller_reply runtime data: 00:01 Invalid table operation (DUPLICATE_ENTRY) Adding entry to exact match table v6_addresses match key: EXACT-20:01:0d:b8:00:00:00:01:00:00:00:00:00:00:00:43 action: icmp6_echo_reply runtime data: Entry has been added with handle 5

Static mappings
  • likely need table(s)
  • need tcp & udp translation
ICMPv6

Different lengths possible

[20:35] line:~% ping -6 -s 20 ::1 PING ::1(::1) 20 data bytes 28 bytes from ::1: icmp_seq=1 ttl=64 time=0.045 ms 28 bytes from ::1: icmp_seq=2 ttl=64 time=0.064 ms ^C — ::1 ping statistics — 2 packets transmitted, 2 received, 0% packet loss, time 1018ms rtt min/avg/max/mdev = 0.045/0.054/0.064/0.012 ms [20:36] line:~% ping -6 -s 80 ::1 PING ::1(::1) 80 data bytes 88 bytes from ::1: icmp_seq=1 ttl=64 time=0.053 ms 88 bytes from ::1: icmp_seq=2 ttl=64 time=0.095 ms ^C — ::1 ping statistics — 2 packets transmitted, 2 received, 0% packet loss, time 1001ms rtt min/avg/max/mdev = 0.053/0.074/0.095/0.021 ms [20:36] line:~%

Different checksum in most packets.

root@ubuntu:~/master-thesis# ip -6 neigh show root@ubuntu:~/master-thesis# ip -6 neigh add 2001:db8:61::42 dev h1-eth0 lladdr 00:00:0a:00:00:42 root@ubuntu:~/master-thesis# ip -6 neigh show 2001:db8:61::42 dev h1-eth0 lladdr 00:00:0a:00:00:42 PERMANENT root@ubuntu:~/master-thesis#

root@ubuntu:~/master-thesis# tcpdump -ni h1-eth0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes ^C20:22:43.944152 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 1, length 64 20:22:43.945992 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 1, length 64 20:22:44.952453 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 2, length 64 20:22:44.953995 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 2, length 64

4 packets captured 4 packets received by filter 0 packets dropped by kernel root@ubuntu:~/master-thesis#

When pinging we see

DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8:61::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd343 res=0 tgt=2001:db8:61::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8:61::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd343 res=0 tgt=2001:db8:61::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>> DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8:61::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd343 res=0 tgt=2001:db8:61::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>

Hosts
Left side: IPv6
Right side: IPv4
Included in the header
Requirements

Performance comparison

Feature/Functionality difference / overview / Challenges in P4

ICMP6: checksum over payload
  • variable length, up to 65k
Synchronisation with the controller
  • Double data type definition -> might differ
  • TYPE_CPU for ethernet
  • Port ingress offset (9 vs. 16 bit)
Not included
  • DNS64 - has already been solved in a different domain

References / Follow up

RFC 4861: https://tools.ietf.org/html/rfc4861 Neighbor discovery
RFC 6052: https://tools.ietf.org/html/rfc6052 IPv6 Addressing of IPv4/IPv6 Translators
RFC 6586 for deployment experiences using Stateful NAT64.
RFC 7757 Explicit Address Mappings for Stateless IP/ICMP Translation

Proposal / task description

Task description for mystudies

High speed NAT64 with P4

Currently there are two main open source NAT64 solution available: tayga and jool. The former is a single threaded, cpu bound user space solution, the latter a custom Linux kernel module.

This thesis challenges this status quo by developing a P4 based solution supporting all features of jool/tayga and comparing the performance, security and adaptivity of the solutions.

  • Milestone 1: Stateless NAT64/NAT46 translations in P4
  • Milestone 2: Stateful (dynamic) NAT64/NAT46 translations
  • Milestone 3: Hardware adaption

Original ideas

Proposal 1: Automating NAT64 with P4

In IPv6 only data centers IPv4 connectivity is still a business requirement. Current state of the art methods include layer 7 proxying or static assignments. both featuring static assignments.

A flexible, dynamic assignment of IPv4 addresses to IPv6 hosts, similar to lease times in DHCPv4 and prefix delegations in DHCPv6 could reduce the pressure on IPv4 addresses.

I would suggest the develop of a new protocol (likely UDP embedded) that allows hosts to request on-network support for IPv4 addresses. As IPv4 addresses have to be treated as "expensive", an accounting metric has to be introduced. While in the business world this is usually related to money, in the network world IPv4 users could be paying the network by (reduced) bandwidth.

If such a metric existed, devices attached to the network could also try to negotiate and wait for using IPv4, when the price / penality for IPv4 is low (this might be very suitable for mail exchangers for instance).

Proposal 2: High speed NAT64 with P4

Currently there are two main open source NAT64 solution available: tayga[0] and jool[1]. The former is a single threaded, cpu bound user space solution, the latter a custom Linux kernel module.

I would like to challenge this status quo and develop a P4 based solution supporting all features of jool/tayga and comparing the performance and adaptivity of the solutions.

[0] http://www.litech.org/tayga/ [1] https://www.jool.mx/en/index.html

Proposal 3: Challenging the status quo with IPv10

The de facto standard in networking is to treat IPv4 and IPv6 as "impossible to combine". This proposal is to challenge this notion with three different methods:

  • Extensions to IPv4 to request remote IPv6 transport
  • Extensions to IPv6 to request remote IPv4 transport
  • Support in network equipment to handle the extensions

As the IPv4 header does not allow embedding IPv6 addresses due to size limitations, embedding the destination address in a secondary header might be necessary (possibly encapsulated in UDP).

Detail LOG

2019-02-28

pinging in router mode: nothing shown in the controller, multicast forwarded -> "ok"

root@ubuntu:~/master-thesis/p4app# ping6 -c1 2001:db8:61::42 PING 2001:db8:61::42(2001:db8:61::42) 56 data bytes From 2001:db8:61::1 icmp_seq=1 Destination unreachable: Address unreachable

— 2001:db8:61::42 ping statistics — 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

root@ubuntu:~/master-thesis/p4app#

sudo: unable to resolve host ubuntu tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 09:47:07.191569 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32 09:47:08.190331 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32 09:47:09.190279 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32

TODO special rule for ff02::1:ff00:42

Semi works, replies are there, but host still retries:

p4@ubuntu:~/master-thesis$ h=1; mx h$h tcpdump -lni h$h-eth0 sudo: unable to resolve host ubuntu tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 09:58:04.786979 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32 09:58:04.793560 IP6 2001:db8:61::42 > 2001:db8:61::1: ICMP6, neighbor advertisement, tgt is 2001:db8:61::42, length 32 09:58:05.786311 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32 09:58:05.790506 IP6 2001:db8:61::42 > 2001:db8:61::1: ICMP6, neighbor advertisement, tgt is 2001:db8:61::42, length 32 09:58:06.786254 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32 09:58:06.792325 IP6 2001:db8:61::42 > 2001:db8:61::1: ICMP6, neighbor advertisement, tgt is 2001:db8:61::42, length 32

Maybe checksums?