Discussion:
[OpenWrt-Devel] dslite tunnel setup
Henning Schild
2014-04-07 18:12:08 UTC
Permalink
Hi,

i set up an openwrt router a few days ago. My provider offers native
IPv6 and v4 is available via a dslite tunnel. I ran into trouble
setting it up according to the available documentation and decided to
get a trunk image first. Now my router runs a trunk image with version
(Bleeding Edge, r40383).
Still i could not figure out how to get the dslite tunnel to work so i
started digging through the code. Eventually i patched the dslite
script to get my setup to work. Now i would like to find out whether my
configuration is wrong or whether a patch is necessary.
config interface 'lan'
option ifname 'eth0.1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '64'
option ip6hint 'ab'
config interface 'wan'
option ifname 'eth1.40'
option proto 'pppoe'
option username 'XXXX'
option password 'XXXX'
option ipv6 '1'
config interface 'wan6'
option proto 'dhcpv6'
config interface 'wan4'
option proto 'dslite'
option peeraddr '2001:XXXX'
I am getting a /56 prefix from my provider. The pppoe runs in vlan 40
on the "wan" interface. "wan6" gets the prefix via dhcpv6 and i assign
a /64 to my "lan".
Now dslite.sh will find "wan6" to be the wanif using network_find_wan6.
And later it will use network_get_ipaddr6 to try to get its ip6addr.
But wan6 does not actually have an ip6addr
# network_find_wan6 wanif && echo $wanif
wan6
# network_get_ipaddr6 ip6addr "wan6" && echo $ip6addr
The only interface that actually has a global IPv6 address is "lan" but
setting it as tunlink did not work and does not seem to make sense
anyways.
The solution was to use the ip6addr from "lan" and not set tunlink or
set it to wan6. But since my v6 prefix is dynamic that can not be done
with the current dslite.sh.

So as a workaround i added
network_get_ipaddr6 ip6addr lan
just above the
[ -z "$ip6addr" ] && {
...
I guess what i really want is that wan6 actually has an ip6addr from
the prefix range it got via dhcp. But i did not find a way to assign
one. The second option would be to tell wan4 to use the ip6addr from
lan directly in the configuration. Is there a way to express
"network_get_ipaddr6 ip6addr lan" in the configuration file?

regards,
Henning
Steven Barth
2014-04-08 06:22:45 UTC
Permalink
Hello Henning,

i find it very strange that your ISP doesn't offer public addresses on
the WAN interface however I think this is actually standards compliant
so we have to deal with it.

please see: https://dev.openwrt.org/changeset/40422
I added an option "weakif" which allows you to specify an interface from
which we take the local IPv6 address defaulting to "lan".

Cheers,

Steven
Henning Schild
2014-04-08 08:19:37 UTC
Permalink
Hey Steven,

thanks for the patch, it works with just peeraddr and proto in the
config. And it confirms that hours of trying to get my config right
where nothing but learning time ;).

regards,
Henning

On Tue, 08 Apr 2014 08:22:45 +0200
Post by Steven Barth
Hello Henning,
i find it very strange that your ISP doesn't offer public addresses
on the WAN interface however I think this is actually standards
compliant so we have to deal with it.
please see: https://dev.openwrt.org/changeset/40422
I added an option "weakif" which allows you to specify an interface
from which we take the local IPv6 address defaulting to "lan".
Cheers,
Steven
_______________________________________________
openwrt-devel mailing list
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Gert Doering
2014-04-08 19:52:35 UTC
Permalink
Hi,
Post by Steven Barth
i find it very strange that your ISP doesn't offer public addresses on
the WAN interface however I think this is actually standards compliant
so we have to deal with it.
It's called "IPv4 exhaustion"... DS-Lite is one of the way to deal
with it (which effectively gives you "only one NAT in the path"), the
other way is "hand out RFC1918 or 100.64.* addresses and double-NAT".

Both stinks, but unless someone finds another few billion IPv4 addresses
somewhere, this is what large scale providers need to do.

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany ***@greenie.muc.de
fax: +49-89-35655025 ***@net.informatik.tu-muenchen.de
Steven Barth
2014-04-08 20:34:21 UTC
Permalink
Hi Gert,
Post by Gert Doering
Post by Steven Barth
i find it very strange that your ISP doesn't offer public addresses on
the WAN interface however I think this is actually standards compliant
so we have to deal with it.
It's called "IPv4 exhaustion"... DS-Lite is one of the way to deal
with it (which effectively gives you "only one NAT in the path"), the
other way is "hand out RFC1918 or 100.64.* addresses and double-NAT".
Both stinks, but unless someone finds another few billion IPv4 addresses
somewhere, this is what large scale providers need to do.
I'm sorry but it seems you misunderstood me. We were talking about IPv6
addresses here. It seems that Hennings' ISP "only" offers a delegated
prefix but no global IPv6-address on the WAN-connection (or there is an
unknown issue acquiring said address which I don't know of). I know that
RFC 7084 requires a CER to actually deal with this (Weak ES model and
all) so I added a fix to allow the DS-Lite source endpoint address to be
acquired from a downstream interface.

Cheers,

Steven
Henning Schild
2014-04-08 22:18:27 UTC
Permalink
Hi,

judging from Gerts mail domain he might well be stuck with the very
same provider i unfortunatelly signed a contract with. Small, local
German providers seem to be going for native ipv6 with dslite. That
allows them to grow even though they own a relatively small ipv4 pool.
Most users are probably happy with the high bandwidth connection they
get, most likely subsidized by the state ...
But if you would like to use any service listening on an ipv4 port in
your home, you will react allergic to the term "dslite".

Henning

On Tue, 08 Apr 2014 22:34:21 +0200
Post by Steven Barth
Hi Gert,
Post by Gert Doering
Post by Steven Barth
i find it very strange that your ISP doesn't offer public
addresses on the WAN interface however I think this is actually
standards compliant so we have to deal with it.
It's called "IPv4 exhaustion"... DS-Lite is one of the way to deal
with it (which effectively gives you "only one NAT in the path"),
the other way is "hand out RFC1918 or 100.64.* addresses and
double-NAT".
Both stinks, but unless someone finds another few billion IPv4
addresses somewhere, this is what large scale providers need to do.
I'm sorry but it seems you misunderstood me. We were talking about
IPv6 addresses here. It seems that Hennings' ISP "only" offers a
delegated prefix but no global IPv6-address on the WAN-connection (or
there is an unknown issue acquiring said address which I don't know
of). I know that RFC 7084 requires a CER to actually deal with this
(Weak ES model and all) so I added a fix to allow the DS-Lite source
endpoint address to be acquired from a downstream interface.
Cheers,
Steven
_______________________________________________
openwrt-devel mailing list
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Gert Doering
2014-04-09 09:50:44 UTC
Permalink
Hi,
Post by Steven Barth
Hi Gert,
Post by Gert Doering
Post by Steven Barth
i find it very strange that your ISP doesn't offer public addresses on
the WAN interface however I think this is actually standards compliant
so we have to deal with it.
It's called "IPv4 exhaustion"... DS-Lite is one of the way to deal
with it (which effectively gives you "only one NAT in the path"), the
other way is "hand out RFC1918 or 100.64.* addresses and double-NAT".
Both stinks, but unless someone finds another few billion IPv4 addresses
somewhere, this is what large scale providers need to do.
I'm sorry but it seems you misunderstood me. We were talking about IPv6
addresses here.
Indeed, I misunderstood you. I was just returning from yet another
discussion about the unfairness of global IPv4 run-out...
Post by Steven Barth
It seems that Hennings' ISP "only" offers a delegated
prefix but no global IPv6-address on the WAN-connection (or there is an
unknown issue acquiring said address which I don't know of). I know that
RFC 7084 requires a CER to actually deal with this (Weak ES model and
all) so I added a fix to allow the DS-Lite source endpoint address to be
acquired from a downstream interface.
There has been quite a bit of discussion in the ISP camp regarding WAN
IPv6 addresses. It's not actually straightforward what to do as an ISP,
so multiple variants exist

- RA for WAN, DHCPv6-PD for LAN
disadvantage: on PPPoE-type deployments, you need two prefixes per
client, one /64 for the WAN-RA, one /56 for DHCP
(but this works quite nicely in cable deployments where you have a
"large shared WAN segment" anyway)

- DHCPv6-IA for WAN, DHCPv6-PD for LAN
disadvantage: extra pool management for WAN needed, basically similar
to RA for WAN

- "require use of an IPv6 address out of the delegated /56 for WAN"
disadvantage: this sort of forces a certain way to segment the /56 onto
the client, so I have not actually seen this in the wild

- run the WAN over link-local only
advantage: only single prefix per customer, easier management for the ISP
(in point-to-point deployment scenarios, like PPPoE)
disadvantage: well, it complicates source address selection on the
CPE, as locally sourced packets leaving via WAN need to use a global
address elsewhere - you named it, already.

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany ***@greenie.muc.de
fax: +49-89-35655025 ***@net.informatik.tu-muenchen.de
Steven Barth
2014-04-09 10:23:44 UTC
Permalink
Hi Gert,
Post by Gert Doering
There has been quite a bit of discussion in the ISP camp regarding WAN
IPv6 addresses. It's not actually straightforward what to do as an ISP,
so multiple variants exist
- RA for WAN, DHCPv6-PD for LAN
- DHCPv6-IA for WAN, DHCPv6-PD for LAN
- "require use of an IPv6 address out of the delegated /56 for WAN"
- run the WAN over link-local only
Now you can feel my pain trying to make OpenWrt compatible with all of
that + deal with weird quirks from every other ISP. On a side note not
all ISPs seem to like ds-lite as it requires Carrier-Grade-NAT. So I
hope to get other stuff like lw4o6 and / or MAP-E/T in there at some
point. Soo much todo, so little time *sigh*.

Steven
Bjørn Mork
2014-04-09 11:38:48 UTC
Permalink
This post might be inappropriate. Click to display it.
Henning Schild
2014-04-08 21:04:45 UTC
Permalink
I am not an ipv6 expert at all but from what i understand it has to do
with the providers configuration that my "wan6" does not actually have
a routeable ipv6 addr.

On a subject related to that dslite setup i found another problem. I am
not sure what i am supposed to see on the overview page of luci. But i
certainly would like to see the routers current ipv6 addr, which i do
not see because my wan6 interface does not have one. I can derive it
from the dhcpv6 leas section if dhcpv6 clients are connected, but that
is not really what one would expect.
/usr/lib/lua/luci/view/admin_status/index.htm does not really seem to
allow me to configure another interface for that section.

The ipv6 section should show my current prefix, ip and a ticking clock
for the current leas.

Henning

On Tue, 08 Apr 2014 08:22:45 +0200
Post by Steven Barth
Hello Henning,
i find it very strange that your ISP doesn't offer public addresses
on the WAN interface however I think this is actually standards
compliant so we have to deal with it.
please see: https://dev.openwrt.org/changeset/40422
I added an option "weakif" which allows you to specify an interface
from which we take the local IPv6 address defaulting to "lan".
Cheers,
Steven
_______________________________________________
openwrt-devel mailing list
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Steven Barth
2014-04-09 10:28:08 UTC
Permalink
Hi Henning,

yeah that is another side-effect of your - well - "irregular"
ISP-behaviour. I will try to put it on the TODO but it's not very high
on the list as its more or less cosmetic, sorry I'm a little short on
time at the moment.


Cheers,

Steven
Henning Schild
2014-04-09 12:45:13 UTC
Permalink
Well its also not a pressing issue for me. I just wanted to report it so it ends
up on a TODO list ;).

Henning
Post by Steven Barth
Hi Henning,
yeah that is another side-effect of your - well - "irregular"
ISP-behaviour. I will try to put it on the TODO but it's not very high
on the list as its more or less cosmetic, sorry I'm a little short on
time at the moment.
Cheers,
Steven
_______________________________________________
openwrt-devel mailing list
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Loading...