736 lines
51 KiB
Org Mode
736 lines
51 KiB
Org Mode
* Time table / log
|
|
| When? | What? | Notes |
|
|
| 2019-02-21 | Kick-Off | x |
|
|
| | Finish all admin points | x |
|
|
| | Know when/how to coordinate | x |
|
|
| 2019-02-21 | Clarifications Ueli Maurer (Mentor) | x |
|
|
| | Write mail / phone | x |
|
|
| 2019-02-22 | Have all papers handed in | |
|
|
| | | |
|
|
| 2019-02-22 | Have rough definition of tasks | x |
|
|
| | | |
|
|
| 2019-02-23 | python2 / ipaddress is buggy | x |
|
|
| | p4utils is python2 only support | |
|
|
| | bmpy_utils is not installable with pip | |
|
|
| | python2 / latest ipaddress==1.0.22 still has the bug | |
|
|
| | ipaddress.ip_network("2001:db8:61::/64") | |
|
|
| | IPv6Network(u'3230:3031:3a64:6238:3a36:313a:3a2f:3634/128') | |
|
|
| | | |
|
|
| | egress routing | x |
|
|
| | | |
|
|
| 2019-02-24 | non reliable neighbor entries / flushing addresses puts into failed | |
|
|
| | | |
|
|
| | | |
|
|
| 2019-02-28 | Meet Laurent #2 | |
|
|
| | - Status | |
|
|
| | * Setup base code | |
|
|
| | * Parser for all protocols (udp,tcp,icmp,icmp6) | |
|
|
| | * Started with icmp translation | |
|
|
| | * Investigating into IPv6 based checksums | |
|
|
| | * Reading into various RFCs, NDP, MLD | |
|
|
| | * Reading about multicast / trying to figure out dynamic membership | |
|
|
| | | |
|
|
| | - Challenges | |
|
|
| | * Some issues with python2 (ipaddr) - slowing down | x |
|
|
| | https://github.com/phihag/ipaddress/issues/46 | |
|
|
| | * Forwarded and received icmp6 packets are not "accepted" | |
|
|
| | | |
|
|
| | - Questions | |
|
|
| | * Multicast: in controller | x |
|
|
| | * Re-using code (lee howard) -> ok & mention | x |
|
|
| | * A lot of redundant code / different tables / repeating: use if's | x |
|
|
| | * 65k parsing is insane | x |
|
|
| | | |
|
|
| | - Next steps: | |
|
|
| | * Supporting MLD | |
|
|
| | * Save stuff in the controller | |
|
|
| | * checkout ipaddr bug / status | |
|
|
| | * Variable length / icmp6 in the controller | |
|
|
| | * Go simple... | |
|
|
| | * Meeting Edgar & Alexander week after | |
|
|
| | * Summary on Slack | |
|
|
| | * 1130 meeting now | |
|
|
| | | |
|
|
| | | |
|
|
| 2019-03-01 | Feature list / priority list / roadmap clear | x |
|
|
| | Joining P4 Slack | |
|
|
| | | |
|
|
| 2019-03-03 | icmp6 revised: | |
|
|
| | - add address to table for forwarding to controller | x |
|
|
| | - select correct format for forwarding | |
|
|
| | - decode in controller | |
|
|
| | - send back to switch | |
|
|
| | - test with host | |
|
|
| | | |
|
|
| 2019-03-06 | Meet Laurent #3 | |
|
|
| | - Checksum's in scapy | x |
|
|
| | - Python2 ipaddress fix (import future) | x |
|
|
| | - Added custom package format / additional information in packet | x |
|
|
| | - (partial) NDP working in controller | x |
|
|
| | - P4 checksum_with_payload | x |
|
|
| | - Reading scapy / inet6 | x |
|
|
| | - Further checksum tests -> required everywhere in IPv6 | x |
|
|
| | - icmp6 echo request working in controller | x |
|
|
| | - Hosts can ping6 the switch | x |
|
|
| | - Ran into P4 casting bug: https://github.com/p4lang/p4c/issues/1765 | x |
|
|
| | -> seems to be more than just casting bug | x |
|
|
| | - Default route for ipv6 hosts | x |
|
|
| | | |
|
|
| | Next target: | |
|
|
| | - Focus on enabling the "Internet" with ICMP6 translation | x |
|
|
| | | |
|
|
| | Next steps: | |
|
|
| | - Investigate again into checksumming with payload in P4 | x |
|
|
| | - Answering icmp6 echo request *in* in the switch | x |
|
|
| | - Translate icmp6 to icmp | x |
|
|
| | - Translate icmp to icmp6 | |
|
|
| | - Multiple branches: | x |
|
|
| | * Work on checksumming / p4 | x |
|
|
| | * Work on metadata passing / p4 | x |
|
|
| | * Work on static mapping (w/ incorrect checksum) 1:1 | |
|
|
| | * v1model/ | |
|
|
| | | |
|
|
| | Notes: | |
|
|
| | * Edgar back on Friday // check tofino checksumming | |
|
|
| | * Bugs mentioning in thesis | |
|
|
| | * Maybe run static mapping on tofino / p4_14 | |
|
|
| | * Tofino p4_16: alpha compiler | |
|
|
| | * Send recap / mail next week | |
|
|
| | * week after 1130 Thursday | |
|
|
| | | |
|
|
| | | |
|
|
| 2019-03-08 | NAT64 1:1 table ICMP, ICMPv6 working | |
|
|
| | Will need some switch local ip addresses | |
|
|
| | | |
|
|
| | | |
|
|
| 2019-03-15 | NAT64 1:1 table TCP/UDP working | |
|
|
| | | |
|
|
| | | |
|
|
| 2019-03-29 | Jool SIIT / range / offset support https://www.jool.mx/en/run-vanilla.html | |
|
|
| | Jool EAMT support https://www.jool.mx/en/run-eam.html | |
|
|
| | Bidirectional support | |
|
|
| | Will need IPv6 embedding suport https://tools.ietf.org/html/rfc6052 | |
|
|
| | | |
|
|
| 2019-04-05 | NAT64 prefix based IPv6->IPv4 conversion [tayga] | |
|
|
| | Use case: IPv6 hosts send to specific /96 | |
|
|
| | | |
|
|
| 2019-04-19 | NAT64 dynamic pool implementation: n:m ipv6 to ipv4 mapping | |
|
|
| | And n:1 stateful mappings https://www.jool.mx/en/run-nat64.html | |
|
|
| | Needs active controller | |
|
|
| | Needs timeout / leases | |
|
|
| | | |
|
|
| 2019-05-10 | Benmarking results between P4, Jool, Tayga | |
|
|
| | Real hardware of advantage | |
|
|
| | | |
|
|
| | | |
|
|
| | | |
|
|
| | | |
|
|
| 2019-08-01 | Latest start writing documentation | |
|
|
| 2019-08-21 | hand in thesis | |
|
|
* Topics / Tasks
|
|
** Admin
|
|
*** DONE Clarify PDF / form with Denise Spicher: free form description
|
|
*** TODO Create task description to be handed in mystudies
|
|
*** DONE Create list of tasks / initial brainstorming
|
|
*** TODO Get OK from Ueli Maurer that thesis is valid in Information Security Area
|
|
*** TODO Find out how-when-whom-where to meet / define schedule
|
|
*** TODO Latex and/or org-mode for the thesis?
|
|
*** TODO Add initial milestones
|
|
**** 180d plan
|
|
**** 25w
|
|
** Thesis implementation
|
|
*** DONE Setup test VM for P4: 2a0a:e5c0:2:12:400:f0ff:fea9:c3e3
|
|
*** DONE Get feature list of jool
|
|
*** DONE Get feature list of tayga
|
|
*** DONE Setup P4 base / structure
|
|
*** DONE Create minimal controller for populating tables
|
|
*** DONE Checkout / review egress settings
|
|
*** TODO Implement ICMP <-> ICMP6 translation
|
|
**** DONE Parse icmp
|
|
**** DONE Parse icmpv6
|
|
**** DONE Add (static) egress configuration
|
|
**** DONE Calculate ICMP6 checksums in controller
|
|
***** Need to include the payload!?!!
|
|
**** DONE Implement minimal neighbor discovery in controller
|
|
***** DONE For the switch
|
|
****** DONE Register IPv6 address in table
|
|
****** DONE Parse ICMPv6 up to neighbor solicitation -> no: checksum problem
|
|
****** DONE Use NDP (Neighbor Solicitation (NDP) , Neighbor Advertisement (NDP)) -> no: controller
|
|
****** Approach 2: use cpu header, forward information to controller
|
|
****** DONE Fix the ip address match/mapping: 42 -> 2a -> use hex originally
|
|
****** DONE Find out why wrong type is used -> overlapping with NDP
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
p=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:cpu = <CpuHeader task=DEBUG ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
DEBUG:main:Debug purpose only
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
p=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:cpu = <CpuHeader task=DEBUG ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
DEBUG:main:Debug purpose only
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
p=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x03\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:cpu = <CpuHeader task=DEBUG ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
DEBUG:main:Debug purpose only
|
|
****** Disable debug by default -> gives correct packets
|
|
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x01\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:cpu = <CpuHeader task=ICMP6_NS ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
DEBUG:main:Doing neighbor solicitation
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x01\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:cpu = <CpuHeader task=ICMP6_NS ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
DEBUG:main:Doing neighbor solicitation
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x4242 |<Raw load='\x00\x01\x00\x01\x86\xdd`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:cpu = <CpuHeader task=ICMP6_NS ingress_port=1 type=0x86dd |<Raw load='`\x00\x00\x00\x00 :\xff \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\xff\x00\x00B\x87\x00\xd3\xa4\x00\x00\x00\x00 \x01\r\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00B\x01\x01\x00\x00\n\x00\x00\x01' |>>
|
|
DEBUG:main:o=<Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd3a4 res=0 tgt=2001:db8::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
DEBUG:main:Doing neighbor solicitation
|
|
|
|
***** DONE For other nodes -> multicast
|
|
***** TODO Maybe implement link local addresses (missing at the moment)
|
|
****** ff02::/??
|
|
****** rfc4861
|
|
"Neighbor Solicitation messages are multicast to the solicited-node
|
|
multicast address of the target address."
|
|
****** DONE multicasting / groups
|
|
******* create a group ("node") that contains "all other" ports
|
|
******* create a multicast group with an ID
|
|
******* associate the "node" with the multicast group ID
|
|
***** If destination is within ff02::1:ff00:0/104, multicast
|
|
|
|
**** DONE Make switch answer icmp6 echo request for
|
|
**** TODO Make switch answer icmp echo request for
|
|
**** TODO Introduce mixed mode: switch: icmp6 echo reply, controller: NDP
|
|
***** DONE try 1: reply seen, but checksum is incorrect
|
|
***** TODO try 2: analysing tagya checksumming code
|
|
static uint16_t ip6_checksum(struct ip6 *ip6, uint32_t data_len, uint8_t proto)
|
|
{
|
|
uint32_t sum = 0;
|
|
uint16_t *p;
|
|
int i;
|
|
|
|
for (i = 0, p = ip6->src.s6_addr16; i < 16; ++i)
|
|
sum += *p++;
|
|
sum += htonl(data_len) >> 16;
|
|
sum += htonl(data_len) & 0xffff;
|
|
sum += htons(proto);
|
|
|
|
while (sum > 0xffff)
|
|
sum = (sum & 0xffff) + (sum >> 16);
|
|
|
|
return ~sum;
|
|
}
|
|
|
|
static uint16_t convert_cksum(struct ip6 *ip6, struct ip4 *ip4)
|
|
{
|
|
uint32_t sum = 0;
|
|
uint16_t *p;
|
|
int i;
|
|
|
|
sum += ~ip4->src.s_addr >> 16;
|
|
sum += ~ip4->src.s_addr & 0xffff;
|
|
sum += ~ip4->dest.s_addr >> 16;
|
|
sum += ~ip4->dest.s_addr & 0xffff;
|
|
|
|
for (i = 0, p = ip6->src.s6_addr16; i < 16; ++i)
|
|
sum += *p++;
|
|
|
|
while (sum > 0xffff)
|
|
sum = (sum & 0xffff) + (sum >> 16);
|
|
|
|
return sum;
|
|
}
|
|
...
|
|
static int xlate_payload_4to6(struct pkt *p, struct ip6 *ip6)
|
|
{
|
|
uint16_t *tck;
|
|
uint16_t cksum;
|
|
|
|
if (p->ip4->flags_offset & htons(IP4_F_MASK))
|
|
return 0;
|
|
|
|
switch (p->data_proto) {
|
|
case 1:
|
|
cksum = ip6_checksum(ip6, htons(p->ip4->length) -
|
|
p->header_len, 58);
|
|
cksum = ones_add(p->icmp->cksum, cksum);
|
|
if (p->icmp->type == 8) {
|
|
p->icmp->type = 128;
|
|
p->icmp->cksum = ones_add(cksum, ~(128 - 8));
|
|
} else {
|
|
p->icmp->type = 129;
|
|
p->icmp->cksum = ones_add(cksum, ~(129 - 0));
|
|
}
|
|
return 0;
|
|
|
|
|
|
**** DONE Add default route for v6 hosts
|
|
p4@ubuntu:~/master-thesis$ mx h1 ip -6 r
|
|
sudo: unable to resolve host ubuntu
|
|
2001:db8::/64 dev h1-eth0 proto kernel metric 256 pref medium
|
|
fe80::/64 dev h1-eth0 proto kernel metric 256 pref medium
|
|
default via 2001:db8::42 dev h1-eth0 metric 1024 pref medium
|
|
p4@ubuntu:~/master-thesis$
|
|
**** TODO Add default route for v4 hosts
|
|
**** TODO Translate ipv6 --> ipv4 with a (freely programmable) prefix
|
|
***** TODO Insert prefix into switch
|
|
***** TODO Implement the calculation
|
|
***** TODO Sketch the flow for session handling for icmp6 w/o packet loss
|
|
- switch receives icmp6 packet for known prefix
|
|
- controller needs to create session entry (?)
|
|
|
|
**** TODO Translate icmp <-> icmp6
|
|
**** TODO Create table entry for mapping v4->v6 [net]
|
|
**** TODO Create table entry for mapping v6->v4 [net]
|
|
*** TODO Setup test VM [dual stack] for Jool:
|
|
*** TODO Setup test VM [dual stack] for tayga:
|
|
*** NAT64/NAT46 Features in jool and tayga
|
|
**** TODO Static 1:1 NAT46: translate from IPv4 to IPv6 with a table
|
|
***** TODO TCP
|
|
***** TODO UDP
|
|
***** TODO ICMP <-> ICMPv6
|
|
**** TODO Stateless Prefix based NAT64: IPv6 to IPv4 translation prefix based
|
|
***** Allows IPv6 hosts to reach the IPv4 Internet
|
|
**** See time table above
|
|
*** Additional features queue (to be discussed)
|
|
**** TODO Offset based translation (v4->v6) -> same as range (?)
|
|
**** TODO IP address learning (v6/v4) for real life switch? How do hosts find it?
|
|
** Thesis documentation
|
|
*** Motivation
|
|
TBD
|
|
*** Translation mechanisms
|
|
- v4 to v6 / vice versa
|
|
- Stateful / stateless
|
|
- static / dynamic
|
|
**** Explicit Address Mappings Table (EAMT)
|
|
Range based mapping tables
|
|
See https://www.jool.mx/en/eamt.html,
|
|
https://tools.ietf.org/html/rfc7757
|
|
|
|
*** Current state of the art tayga/jool
|
|
TBD
|
|
**** Tayga
|
|
- Single threaded
|
|
- Multi threaded work started due to initiative of ungleich /
|
|
Chrisrock [IPv6.chat]
|
|
**** Jool
|
|
- EAMT bidirectional only (!)
|
|
|
|
IPtables interaction
|
|
|
|
```
|
|
|
|
user@T:~# # Create a Jool iptables instance named "example."
|
|
user@T:~# # Also, establish that the IPv6 representation of any IPv4 address should be
|
|
user@T:~# # `2001:db8::<IPv4 address>`. (See sections below for examples.)
|
|
user@T:~# jool_siit instance add "example" --iptables --pool6 2001:db8::/96
|
|
user@T:~#
|
|
user@T:~# # Tell iptables which traffic should be handled by our newly-created instance:
|
|
user@T:~#
|
|
user@T:~# # IPv6: only packets from 2001:db8::198.51.100.8/125 to 2001:db8::192.0.2
|
|
user@T:~# ip6tables -t mangle -A PREROUTING \
|
|
> -s 2001:db8::198.51.100.8/125 -d 2001:db8::192.0.2.0/120 \
|
|
> -j JOOL_SIIT --instance "example"
|
|
user@T:~# # IPv4: Only packets from 192.0.2 to 198.51.100.8/29
|
|
user@T:~# iptables -t mangle -A PREROUTING \
|
|
> -s 192.0.2.0/24 -d 198.51.100.8/29 \
|
|
> -j JOOL_SIIT --instance "example"
|
|
```
|
|
5656
|
|
**** Cisco (?)
|
|
*** P4 based implementation
|
|
TBD
|
|
**** General
|
|
|
|
- IPv6 subnet 2001:db8::/32
|
|
- IPv6 hosts are in 2001:db8:6::/64
|
|
- IPv6 default router (::/0) is 2001:db8:6::42/64
|
|
- IPv4 mapped Internet "NAT64 prefix" 2001:db8:4444::/96 (should
|
|
go into a table)
|
|
- IPv4 hosts are in 10.0.4.0/24
|
|
- IPv6 in IPv4 mapped hosts are in 10.0.6.0/24
|
|
- IPv4 default router = 10.0.0.42
|
|
**** Neighbor discover protocol
|
|
***** Initial log
|
|
- Matching on prefix & ingress port, setting multicast
|
|
|
|
Being forwarded:
|
|
|
|
p4@ubuntu:~/master-thesis$ mx h1 tcpdump -ni h1-eth0
|
|
sudo: unable to resolve host ubuntu
|
|
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
|
|
listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
|
|
^C14:59:22.871803 IP6 2001:db8:62::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:db8:62::2, length 32
|
|
14:59:23.863913 IP6 2001:db8:62::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:db8:62::2, length 32
|
|
14:59:24.864033 IP6 2001:db8:62::1 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:db8:62::2, length 32
|
|
|
|
3 packets captured
|
|
3 packets received by filter
|
|
0 packets dropped by kernel
|
|
|
|
But no answer yet!
|
|
|
|
|
|
root@ubuntu:~/master-thesis/p4app# ip a
|
|
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
|
|
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
|
|
inet 127.0.0.1/8 scope host lo
|
|
valid_lft forever preferred_lft forever
|
|
inet6 ::1/128 scope host
|
|
valid_lft forever preferred_lft forever
|
|
2: h1-eth0@if123: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9500 qdisc netem state UP group default qlen 1000
|
|
link/ether 00:00:0a:00:00:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0
|
|
inet6 2001:db8:62::2/64 scope global
|
|
valid_lft forever preferred_lft forever
|
|
inet6 2001:db8:61::1/64 scope global
|
|
valid_lft forever preferred_lft forever
|
|
inet6 fe80::200:aff:fe00:1/64 scope link
|
|
valid_lft forever preferred_lft forever
|
|
root@ubuntu:~/master-thesis/p4app#
|
|
|
|
Link local communication does not work:
|
|
|
|
root@ubuntu:~/master-thesis/p4app# ping6 -c1 fe80::200:aff:fe00:2%h1-eth0
|
|
PING fe80::200:aff:fe00:2%h1-eth0(fe80::200:aff:fe00:2) 56 data bytes
|
|
From fe80::200:aff:fe00:1 icmp_seq=1 Destination unreachable: Address unreachable
|
|
|
|
--- fe80::200:aff:fe00:2%h1-eth0 ping statistics ---
|
|
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
|
|
|
|
root@ubuntu:~/master-thesis/p4app#
|
|
|
|
Packet is received on the other host, but not answered. Why?
|
|
|
|
Real trace from my network:
|
|
|
|
18:48:17.008524 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > ff02::1:ffb7:e225: ICMP6, neighbor solicitation, who has 2a0a:e5c1:111:111:1016:3c5a:38b7:e225, length 32
|
|
18:48:18.015016 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > ff02::1:ffb7:e225: ICMP6, neighbor solicitation, who has 2a0a:e5c1:111:111:1016:3c5a:38b7:e225, length 32
|
|
18:48:18.031165 IP6 2a0a:e5c1:111:111:1016:3c5a:38b7:e225 > 2a0a:e5c1:111:111:eb7:ffdb:e245:f712: ICMP6, neighbor advertisement, tgt is 2a0a:e5c1:111:111:1016:3c5a:38b7:e225, length 32
|
|
18:48:18.031236 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > 2a0a:e5c1:111:111:1016:3c5a:38b7:e225: ICMP6, echo request, seq 1, length 64
|
|
18:48:18.031267 IP6 2a0a:e5c1:111:111:eb7:ffdb:e245:f712 > 2a0a:e5c1:111:111:1016:3c5a:38b7:e225: ICMP6, echo request, seq 2, length 64
|
|
18:48:18.131709 IP6 2a0a:e5c1:111:111:1016:3c5a:38b7:e225 > 2a0a:e5c1:111:111:eb7:ffdb:e245:f712: ICMP6, echo reply, seq 1, length 64
|
|
18:48:18.131732 IP6 2a0a:e5c1:111:111:1016:3c5a:38b7:e225 > 2a0a:e5c1:111:111:eb7:ffdb:e245:f712: ICMP6, echo reply, seq 2, length 64
|
|
|
|
|
|
root@ubuntu:~/master-thesis/p4app# cat /proc/sys/net/ipv6/conf/*/disable_ipv6
|
|
1
|
|
1
|
|
0
|
|
0
|
|
root@ubuntu:~/master-thesis/p4app#
|
|
root@ubuntu:~/master-thesis/p4app# ls -1 /proc/sys/net/ipv6/conf/*/disable_ipv6
|
|
/proc/sys/net/ipv6/conf/all/disable_ipv6
|
|
/proc/sys/net/ipv6/conf/default/disable_ipv6
|
|
/proc/sys/net/ipv6/conf/h1-eth0/disable_ipv6
|
|
/proc/sys/net/ipv6/conf/lo/disable_ipv6
|
|
root@ubuntu:~/master-thesis/p4app#
|
|
|
|
Works on mininet
|
|
|
|
mininet> h2 bash
|
|
root@line:~# ip a
|
|
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
|
|
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
|
|
inet 127.0.0.1/8 scope host lo
|
|
valid_lft forever preferred_lft forever
|
|
inet6 ::1/128 scope host
|
|
valid_lft forever preferred_lft forever
|
|
2: h2-eth0@if93: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
|
|
link/ether 32:0e:1e:bf:3c:4b brd ff:ff:ff:ff:ff:ff link-netnsid 0
|
|
inet 10.0.0.2/8 brd 10.255.255.255 scope global h2-eth0
|
|
valid_lft forever preferred_lft forever
|
|
inet6 fe80::300e:1eff:febf:3c4b/64 scope link
|
|
valid_lft forever preferred_lft forever
|
|
root@line:~# ip addr add 2001:db8:61::42/64 dev h2-eth0
|
|
root@line:~# ^Dexit
|
|
mininet> h1 bash
|
|
root@line:~# ip addr add 2001:db8:61::42/64^[[D^[[D^?^?^?^?^?^?^?^?^?^?^?^C^C
|
|
root@line:~# ^Dexit
|
|
mininet> h1 ip addr add 2001:db8:61::2/64 dev h1-eth0
|
|
mininet> h2 ping6 -c2 2001:db8:61::2
|
|
PING 2001:db8:61::2(2001:db8:61::2) 56 data bytes
|
|
64 bytes from 2001:db8:61::2: icmp_seq=1 ttl=64 time=0.230 ms
|
|
64 bytes from 2001:db8:61::2: icmp_seq=2 ttl=64 time=0.138 ms
|
|
|
|
--- 2001:db8:61::2 ping statistics ---
|
|
2 packets transmitted, 2 received, 0% packet loss, time 1018ms
|
|
rtt min/avg/max/mdev = 0.138/0.184/0.230/0.046 ms
|
|
mininet>
|
|
|
|
|
|
mininet on VM also works
|
|
|
|
mininet> h1 ip addr add 2001:db8:61::1/64 dev h1-eth0
|
|
mininet> h2 ip addr add 2001:db8:61::2/64 dev h2-eth0
|
|
mininet> h2 ping6 -c2 2001:db8:61::2
|
|
PING 2001:db8:61::2(2001:db8:61::2) 56 data bytes
|
|
64 bytes from 2001:db8:61::2: icmp_seq=1 ttl=64 time=0.053 ms
|
|
64 bytes from 2001:db8:61::2: icmp_seq=2 ttl=64 time=0.082 ms
|
|
|
|
--- 2001:db8:61::2 ping statistics ---
|
|
2 packets transmitted, 2 received, 0% packet loss, time 999ms
|
|
rtt min/avg/max/mdev = 0.053/0.067/0.082/0.016 ms
|
|
mininet>
|
|
|
|
WORKING trace on mininet on the VM
|
|
|
|
19:38:49.852088 IP6 2001:db8:61::2 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:db8:61::1, length 32
|
|
19:38:49.852144 IP6 2001:db8:61::1 > 2001:db8:61::2: ICMP6, neighbor advertisement, tgt is 2001:db8:61::1, length 32
|
|
19:38:49.852163 IP6 2001:db8:61::2 > 2001:db8:61::1: ICMP6, echo request, seq 1, length 64
|
|
19:38:49.852176 IP6 2001:db8:61::1 > 2001:db8:61::2: ICMP6, echo reply, seq 1, length 64
|
|
|
|
|
|
checking ipv6 in p4-utils
|
|
|
|
p4@ubuntu:~/p4-utils$ grep -ri ipv6 .
|
|
./p4utils/mininetlib/p4_mininet.py: # disable IPv6
|
|
./p4utils/mininetlib/p4_mininet.py: self.cmd("sysctl -w net.ipv6.conf.all.disable_ipv6=1")
|
|
./p4utils/mininetlib/p4_mininet.py: self.cmd("sysctl -w net.ipv6.conf.default.disable_ipv6=1")
|
|
./p4utils/mininetlib/p4_mininet.py: self.cmd("sysctl -w net.ipv6.conf.lo.disable_ipv6=1")
|
|
./p4utils/mininetlib/p4net.py: #remove Ipv6 for all the interfaces
|
|
./p4utils/mininetlib/p4net.py: cmd2 = "sysctl net.ipv6.conf.{0}.disable_ipv6=1"
|
|
./p4utils/mininetlib/p4net.py: #remove ipv6
|
|
Binary file ./p4utils/mininetlib/p4_mininet.pyc matches
|
|
Binary file ./p4utils/mininetlib/p4net.pyc matches
|
|
Binary file ./p4utils/utils/runtime_API.pyc matches
|
|
./p4utils/utils/runtime_API.py:class UIn_BadIPv6Error(UIn_Error):
|
|
./p4utils/utils/runtime_API.py:def ipv6Addr_to_bytes(addr):
|
|
./p4utils/utils/runtime_API.py: from ipaddr import IPv6Address
|
|
./p4utils/utils/runtime_API.py: ip = IPv6Address(addr)
|
|
./p4utils/utils/runtime_API.py: raise UIn_BadIPv6Error()
|
|
./p4utils/utils/runtime_API.py: raise UIn_BadIPv6Error()
|
|
./p4utils/utils/runtime_API.py: return ipv6Addr_to_bytes(input_str)
|
|
./p4utils/utils/runtime_API.py: except UIn_BadIPv6Error:
|
|
./p4utils/utils/runtime_API.py: raise UIn_BadParamError("Invalid IPv6 address")
|
|
p4@ubuntu:~/p4-utils$
|
|
|
|
|
|
Messages we see in the controller on startup
|
|
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=:: dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6d6d reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:01:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=36 nh=Hop-by-Hop Option Header hlim=1 src=fe80::201:aff:fe00:2 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6604 reserved=0 records_number=1 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>] |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=36 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:1 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6607 reserved=0 records_number=1 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 |>] |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=:: dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6d6d reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=36 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:1 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x6607 reserved=0 records_number=1 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 |>] |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:2 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x63ea reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:2 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72d res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:02 |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:16 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=56 nh=Hop-by-Hop Option Header hlim=1 src=fe80::200:aff:fe00:2 dst=ff02::16 |<IPv6ExtHdrHopByHop nh=ICMPv6 len=0 autopad=On options=[<RouterAlert otype=Router Alert [00: skip, 0: Don't change en-route] optlen=2 value=Datagram contains a MLD message |>, <PadN otype=PadN [00: skip, 0: Don't change en-route] optlen=0 |>] |<ICMPv6MLReport2 type=MLD Report Version 2 res=0 cksum=0x63ea reserved=0 records_number=2 records=[<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:1 sources=[ ] auxdata='' |<ICMPv6MLDMultAddrRec rtype=4 auxdata_len=0 sources_number=0 dst=ff02::1:ff00:2 |>>] |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:2 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72d res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:02 |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:02 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:2 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72d res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:02 |>>>>
|
|
|
|
***** Ignored ICMPv6 packets
|
|
We are not using router advertisements, so we ignore RS packets
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:00:00:00:02 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=16 nh=ICMPv6 hlim=255 src=fe80::200:aff:fe00:1 dst=ff02::2 |<ICMPv6ND_RS type=Router Solicitation code=0 cksum=0xf72e res=0 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
|
|
***** Double table entries due to collision
|
|
- NDP: last 24 bit
|
|
- Switch has same ending address in different networks -> equal
|
|
last 24 bit
|
|
- results in trying to add multicast address multiple times
|
|
|
|
Adding entry to exact match table v6_addresses
|
|
match key: EXACT-ff:02:00:00:00:00:00:00:00:00:00:01:ff:00:00:42
|
|
action: controller_reply
|
|
runtime data: 00:01
|
|
Invalid table operation (DUPLICATE_ENTRY)
|
|
Adding entry to exact match table v6_addresses
|
|
match key: EXACT-ff:02:00:00:00:00:00:00:00:00:00:01:ff:00:00:43
|
|
action: controller_reply
|
|
runtime data: 00:01
|
|
Invalid table operation (DUPLICATE_ENTRY)
|
|
Adding entry to exact match table v6_addresses
|
|
match key: EXACT-20:01:0d:b8:00:00:00:01:00:00:00:00:00:00:00:43
|
|
action: icmp6_echo_reply
|
|
runtime data:
|
|
Entry has been added with handle 5
|
|
|
|
|
|
|
|
**** Static mappings
|
|
- likely need table(s)
|
|
- need tcp & udp translation
|
|
**** ICMPv6
|
|
Different lengths possible
|
|
|
|
[20:35] line:~% ping -6 -s 20 ::1
|
|
PING ::1(::1) 20 data bytes
|
|
28 bytes from ::1: icmp_seq=1 ttl=64 time=0.045 ms
|
|
28 bytes from ::1: icmp_seq=2 ttl=64 time=0.064 ms
|
|
^C
|
|
--- ::1 ping statistics ---
|
|
2 packets transmitted, 2 received, 0% packet loss, time 1018ms
|
|
rtt min/avg/max/mdev = 0.045/0.054/0.064/0.012 ms
|
|
[20:36] line:~% ping -6 -s 80 ::1
|
|
PING ::1(::1) 80 data bytes
|
|
88 bytes from ::1: icmp_seq=1 ttl=64 time=0.053 ms
|
|
88 bytes from ::1: icmp_seq=2 ttl=64 time=0.095 ms
|
|
^C
|
|
--- ::1 ping statistics ---
|
|
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
|
|
rtt min/avg/max/mdev = 0.053/0.074/0.095/0.021 ms
|
|
[20:36] line:~%
|
|
|
|
Different checksum in most packets.
|
|
|
|
root@ubuntu:~/master-thesis# ip -6 neigh show
|
|
root@ubuntu:~/master-thesis# ip -6 neigh add 2001:db8:61::42 dev h1-eth0 lladdr 00:00:0a:00:00:42
|
|
root@ubuntu:~/master-thesis# ip -6 neigh show
|
|
2001:db8:61::42 dev h1-eth0 lladdr 00:00:0a:00:00:42 PERMANENT
|
|
root@ubuntu:~/master-thesis#
|
|
|
|
root@ubuntu:~/master-thesis# tcpdump -ni h1-eth0
|
|
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
|
|
listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
|
|
^C20:22:43.944152 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 1, length 64
|
|
20:22:43.945992 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 1, length 64
|
|
20:22:44.952453 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 2, length 64
|
|
20:22:44.953995 IP6 2001:db8:61::1 > 2001:db8:61::42: ICMP6, echo request, seq 2, length 64
|
|
|
|
4 packets captured
|
|
4 packets received by filter
|
|
0 packets dropped by kernel
|
|
root@ubuntu:~/master-thesis#
|
|
***** When pinging we see
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8:61::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd343 res=0 tgt=2001:db8:61::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8:61::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd343 res=0 tgt=2001:db8:61::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
DEBUG:main:INCOMING: <Ether dst=33:33:ff:00:00:42 src=00:00:0a:00:00:01 type=0x86dd |<IPv6 version=6 tc=0 fl=0 plen=32 nh=ICMPv6 hlim=255 src=2001:db8:61::1 dst=ff02::1:ff00:42 |<ICMPv6ND_NS type=Neighbor Solicitation code=0 cksum=0xd343 res=0 tgt=2001:db8:61::42 |<ICMPv6NDOptSrcLLAddr type=1 len=1 lladdr=00:00:0a:00:00:01 |>>>>
|
|
|
|
***** Hosts
|
|
****** Left side: IPv6
|
|
****** Right side: IPv4
|
|
***** Included in the header
|
|
|
|
**** Requirements
|
|
*** Performance comparison
|
|
*** Feature/Functionality difference / overview / Challenges in P4
|
|
**** ICMP6: checksum over payload
|
|
- variable length, up to 65k
|
|
**** Synchronisation with the controller
|
|
- Double data type definition -> might differ
|
|
- TYPE_CPU for ethernet
|
|
- Port ingress offset (9 vs. 16 bit)
|
|
|
|
|
|
**** Not included
|
|
- DNS64 - has already been solved in a different domain
|
|
|
|
*** References / Follow up
|
|
**** RFC 2460 IPv6 (Checksum https://tools.ietf.org/html/rfc2460#section-8.1)
|
|
**** RFC 3810 MLD2 https://tools.ietf.org/html/rfc3810
|
|
**** RFC 4443 ICMPv6 https://tools.ietf.org/html/rfc4443
|
|
**** RFC 4861: https://tools.ietf.org/html/rfc4861 Neighbor discovery
|
|
**** RFC 6052: https://tools.ietf.org/html/rfc6052 IPv6 Addressing of IPv4/IPv6 Translators
|
|
**** RFC 6586 for deployment experiences using Stateful NAT64.
|
|
**** RFC 7757 Explicit Address Mappings for Stateless IP/ICMP Translation
|
|
**** EAMT/Jool: https://www.jool.mx/en/eamt.html
|
|
**** Solicited node multicast address https://en.wikipedia.org/wiki/Solicited-node_multicast_address
|
|
**** Scapy / IPv6: https://www.idsv6.de/Downloads/IPv6PacketCreationWithScapy.pdf
|
|
**** V1 model: https://github.com/p4lang/p4c/blob/master/p4include/v1model.p4
|
|
**** Cisco NAT64 https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/nat-xe-3s-book/iadnat-stateful-nat64.pdf
|
|
* Proposal / task description
|
|
** Task description for mystudies
|
|
*** High speed NAT64 with P4
|
|
Currently there are two main open source NAT64 solution available:
|
|
tayga and jool. The former is a single threaded, cpu bound user
|
|
space solution, the latter a custom Linux kernel module.
|
|
|
|
This thesis challenges this status quo by developing a P4 based
|
|
solution supporting all features of jool/tayga and comparing the
|
|
performance, security and adaptivity of the solutions.
|
|
|
|
- Milestone 1: Stateless NAT64/NAT46 translations in P4
|
|
- Milestone 2: Stateful (dynamic) NAT64/NAT46 translations
|
|
- Milestone 3: Hardware adaption
|
|
** Original ideas
|
|
Proposal 1: Automating NAT64 with P4
|
|
|
|
In IPv6 only data centers IPv4 connectivity is still a business
|
|
requirement. Current state of the art methods include layer 7 proxying
|
|
or static assignments. both featuring static assignments.
|
|
|
|
A flexible, dynamic assignment of IPv4 addresses to IPv6 hosts, similar
|
|
to lease times in DHCPv4 and prefix delegations in DHCPv6 could reduce
|
|
the pressure on IPv4 addresses.
|
|
|
|
I would suggest the develop of a new protocol (likely UDP embedded) that
|
|
allows hosts to request on-network support for IPv4 addresses. As IPv4
|
|
addresses have to be treated as "expensive", an accounting metric has to
|
|
be introduced. While in the business world this is usually related to
|
|
money, in the network world IPv4 users could be paying the network by
|
|
(reduced) bandwidth.
|
|
|
|
If such a metric existed, devices attached to the network could also try
|
|
to negotiate and wait for using IPv4, when the price / penality for IPv4
|
|
is low (this might be very suitable for mail exchangers for instance).
|
|
|
|
|
|
Proposal 2: High speed NAT64 with P4
|
|
|
|
Currently there are two main open source NAT64 solution available:
|
|
tayga[0] and jool[1]. The former is a single threaded, cpu bound user
|
|
space solution, the latter a custom Linux kernel module.
|
|
|
|
I would like to challenge this status quo and develop a P4 based
|
|
solution supporting all features of jool/tayga and comparing the
|
|
performance and adaptivity of the solutions.
|
|
|
|
[0] http://www.litech.org/tayga/
|
|
[1] https://www.jool.mx/en/index.html
|
|
|
|
|
|
Proposal 3: Challenging the status quo with IPv10
|
|
|
|
The de facto standard in networking is to treat IPv4
|
|
and IPv6 as "impossible to combine". This proposal is
|
|
to challenge this notion with three different methods:
|
|
|
|
- Extensions to IPv4 to request remote IPv6 transport
|
|
- Extensions to IPv6 to request remote IPv4 transport
|
|
- Support in network equipment to handle the extensions
|
|
|
|
As the IPv4 header does not allow embedding IPv6 addresses due to size
|
|
limitations, embedding the destination address in a secondary header
|
|
might be necessary (possibly encapsulated in UDP).
|
|
* Detail LOG
|
|
** 2019-02-28
|
|
*** pinging in router mode: nothing shown in the controller, multicast forwarded -> "ok"
|
|
|
|
root@ubuntu:~/master-thesis/p4app# ping6 -c1 2001:db8:61::42
|
|
PING 2001:db8:61::42(2001:db8:61::42) 56 data bytes
|
|
From 2001:db8:61::1 icmp_seq=1 Destination unreachable: Address unreachable
|
|
|
|
--- 2001:db8:61::42 ping statistics ---
|
|
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
|
|
|
|
root@ubuntu:~/master-thesis/p4app#
|
|
|
|
|
|
sudo: unable to resolve host ubuntu
|
|
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
|
|
listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
|
|
09:47:07.191569 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
|
|
09:47:08.190331 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
|
|
09:47:09.190279 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
|
|
*** TODO special rule for ff02::1:ff00:42
|
|
|
|
Semi works, replies are there, but host still retries:
|
|
|
|
p4@ubuntu:~/master-thesis$ h=1; mx h$h tcpdump -lni h$h-eth0
|
|
sudo: unable to resolve host ubuntu
|
|
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
|
|
listening on h1-eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
|
|
09:58:04.786979 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
|
|
09:58:04.793560 IP6 2001:db8:61::42 > 2001:db8:61::1: ICMP6, neighbor advertisement, tgt is 2001:db8:61::42, length 32
|
|
09:58:05.786311 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
|
|
09:58:05.790506 IP6 2001:db8:61::42 > 2001:db8:61::1: ICMP6, neighbor advertisement, tgt is 2001:db8:61::42, length 32
|
|
09:58:06.786254 IP6 2001:db8:61::1 > ff02::1:ff00:42: ICMP6, neighbor solicitation, who has 2001:db8:61::42, length 32
|
|
09:58:06.792325 IP6 2001:db8:61::42 > 2001:db8:61::1: ICMP6, neighbor advertisement, tgt is 2001:db8:61::42, length 32
|
|
|
|
|
|
Maybe checksums?
|