Hi Ole,
Thanks for your cooperation. My Ph.D. research is about IPv6 transition technologies and its security analysis, I am trying to analyze the vulnerabilities of DS-Lite and its tunneling method then publish a paper about it this semester hopefully. I have repeated the operation and followed your recommendations, still no progress. Below are the commands I used: - *[root@B4 ~]#vppctl* *vpp# dslite set b4-tunnel-endpoint-address 2001:db8:0:1::1* *vpp# dslite set aftr-tunnel-endpoint-address 2001:db8:0:1::2* *vpp# show dslite b4-tunnel-endpoint-address* *2001:db8:0:1::1* *vpp# show dslite b4-tunnel-endpoint-address* *2001:db8:0:1::2* In AFTR, I added the followings: - *[root@AFTR ~]#vppctl* *vpp# dslite set aftr-tunnel-endpoint-address 2001:db8:0:1::2* *vpp# show dslite aftr-tunnel-endpoint-address* * 2001:db8:0:1::2* *vpp# dslite add pool address 198.51.100.3* *vpp# show dslite pool* *DS-Lite pool:* *198.51.100.3* *vpp# show dslite sessions* The last command doesn’t show any response which is an indication that there are no sessions created. I really believe that there is something wrong or missing in the wiki documentation. Regards Ameen On Mon, Nov 15, 2021 at 9:42 AM <otr...@employees.org> wrote: > Ameen, > > > As part of my Ph.D. research, I am building DS-Lite topology with the > help of VPP hopefully. > > What's your research about? > > > My DS-Lite topology in a nutshell (as every normal ds-lite) consists of > 4 machines: - > > · Sender: IPv4 only machine, sends traffic to the receiver, the > traffic passes at first through B4 router. > > · B4 router: receive IPv4 packet, performs encapsulation, then > sends it as IP4 in IPv6 datagram. > > · AFTR router: receive the encapsulated packets, decapsulate it > and forward the IPv4 packet to the internal NAT interface, where NAT44 > function to be performed before forwarding the IPv4 packet to the receiver. > > · Receiver: normal IPv4 only machine. > > > > So, the idea to be able to ping (ICMP v4) from Sender to receiver > while having IPv6 infrastructure in the middle > > > > I have attached a picture of my topology. > > > > VPP software is supposed to be installed on B4 & AFTR routers, which I > did. > > Note: Normally B4 & AFTR routers are not directly connected, this is > just for testing purposes. > > > > All interfaces are configured through “/etc/sysconfig/network-scripts/” > folder > > > > I have configured the tunnel endpoints on both sides (B4 and AFTR) with > commands below: - > > > > > > In B4, I added the following: - > > > > > > [root@B4 ~]#vppctl > > vpp# dslite set b4-tunnel-endpoint-address 2001:db8:0:1::2 > > vpp# show dslite b4-tunnel-endpoint-address > > 2001:db8:0:1::2 > > You also need to configure the aftr-tunnel-endpoint-address on the B4. > dslite set aftr-tunnel-endpoint-address 2001:db8:0:1::1 > > > > In AFTR, I added the followings: - > > > > [root@AFTR ~]#vppctl > > vpp# dslite set aftr-tunnel-endpoint-address 2001:db8:0:1::1 > > vpp# show dslite aftr-tunnel-endpoint-address > > 2001:db8:0:1::1 > > > > vpp# dslite add pool address 198.51.100.2 - 198.51.100.10 > > vpp# show dslite pool > > DS-Lite pool: > > 198.51.100.2 > > 198.51.100.3 > > 198.51.100.4 > > 198.51.100.5 > > 198.51.100.6 > > 198.51.100.7 > > 198.51.100.8 > > 198.51.100.9 > > 198.51.100.10 > > vpp# > > > > I am not sure about the “pool” configuration, but this is how I thought > it should be configured. > > > The pool address range is for the NAT44 part of DSlite. Looks like you are > overlapping the pool with the receiver's eth1 interface address. > Don't do that. E.g. just set pool to a single address initially. > > > The thing is, I read the documentation here: - > > > > https://wiki.fd.io/view/VPP/NAT#DS-Lite > > However, I am still missing something because the below command shows no > output: - > > > > vpp# show dslite sessions > > > > > > > > “startup.conf” file is also attached, it is the same for both B4 & AFTR > machines. > > they should not be equal. > Remove dslite { ce } from the AFTR side. > > > > Do I need to add API stuff in “startup.conf” ? > > > > To be more honest, I looked at this API config example Below: - > > > > define dslite_add_del_pool_addr_range { > > u32 client_index; > > u32 context; > > u8 start_addr[4]; > > u8 end_addr[4]; > > u8 is_add; > > }; > > The API is for programming. There are bindings in different languages. > Python, C, Go, etc. > You don't need to use that for this feature for this simple setup. > > Ole > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20582): https://lists.fd.io/g/vpp-dev/message/20582 Mute This Topic: https://lists.fd.io/mt/87045923/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
