• State Not Answered
  • Replies 15 replies
  • Subscribers 73 subscribers
  • Views 5400 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 124833
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF2840: IPv6 over BLE to IPv4 internet via NAT64

BoKarolis

Hello,

I am really new to the field, I apologise, if things I am saying do not make sense, explanations and corrections appreciated :) I am trying to reach IPv4 internet from my PCA10056 nRF52840 node which is running IoT icmp example with adapted headers from PCA10040 nRF52832 so the buttons and LED's work. It is connected via BLE to my border router Raspberry Pi 3B, running Debian Stretch.

I can ping the nodes local "fe80" and "2001" addresses from the router. The node can ping local bt0 IPv6 address, tcp server/client setup works as well. As my ISP does not provide IPv6, I am using Tayga to communicate to IPv4 internet via IPv6. I have tried pinging Google's IPv4 address using NAT64 prefix from my Raspberry Pi and it works, although when I am trying to do the same with from the node, I get an error in tcpdump destination unreachable, beyond scope <prefix::808:808>.

I was thinking, that the bt0 interface cannot access anything beyond bt0, hence the ethernet interface is unreachable. My question is, would a bridge between the bt0 and ethernet interface help to solve my problem? If so, I would appreciate any tutorials or explanations how to successfully do that. Or would a tunnel broker such as hurricane electric be a better idea to just bypass all the IPv4 translation?

tayga.conf:

tun-device nat64
ipv4-addr 192.168.255.1
prefix 2001:db8:1:ffff::/96
dynamic-pool 192.168.255.0/24
data-dir /var/db/tayga

My ifconfig:

bt0: flags=4177<UP,POINTOPOINT,RUNNING,MULTICAST>  mtu 1280
        inet6 2001:db8::1  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::4343:a1ff:fe12:1fac  prefixlen 64  scopeid 0x20<link>
        unspec 41-43-A1-FF-FE-12-1F-AC-00-00-00-00-00-00-00-00  txqueuelen 1  (UNSPEC)
        RX packets 12  bytes 496 (496.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 37  bytes 2187 (2.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enxb827eb0ab32d: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.5.129  netmask 255.255.255.0  broadcast 192.168.5.255
        inet6 2001:db8:1::1  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::ba27:ebff:fe0a:b32d  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:0a:b3:2d  txqueuelen 1000  (Ethernet)
        RX packets 4281  bytes 4697929 (4.4 MiB)
        RX errors 0  dropped 4  overruns 0  frame 0
        TX packets 2934  bytes 341453 (333.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 270  bytes 19420 (18.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 270  bytes 19420 (18.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

nat64: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 192.168.5.129  netmask 255.255.255.255  destination 192.168.5.129
        inet6 fe80::e95a:684b:91f5:e2ca  prefixlen 64  scopeid 0x20<link>
        inet6 2001:db8:1::1  prefixlen 128  scopeid 0x0<global>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 500  (UNSPEC)
        RX packets 6  bytes 564 (564.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 20  bytes 1544 (1.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

route -n -A inet6:

Destination                    Next Hop                   Flag Met Ref Use If    
2001:db8::/64                  ::                         U    256 0     0 bt0
2001:db8:1::1/128              ::                         U    256 0     0 nat64
2001:db8:1::/64                ::                         U    256 0     0 wlan0
2001:db8:1::/64                ::                         U    256 0     0 enxb827eb0ab32d
2001:db8:1:ffff::/96           ::                         U    1024 1    11 nat64
fe80::/64                      ::                         U    256 0     0 wlan0
fe80::/64                      ::                         U    256 0     0 enxb827eb0ab32d
fe80::/64                      ::                         U    256 0     0 nat64
fe80::/64                      ::                         U    256 1    23 bt0
::/0                           ::                         !n   -1  1   212 lo
::1/128                        ::                         Un   0   5     8 lo
2001:db8::/128                 ::                         Un   0   1     0 lo
2001:db8::1/128                ::                         Un   0   1     0 lo
2001:db8:1::/128               ::                         Un   0   1     0 lo
2001:db8:1::/128               ::                         Un   0   1     0 lo
2001:db8:1::1/128              ::                         Un   0   3     6 lo
2001:db8:1::1/128              ::                         Un   0   1     0 lo
2001:db8:1::1/128              ::                         Un   0   2     3 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::/128                     ::                         Un   0   1     0 lo
fe80::4343:a1ff:fe12:1fac/128  ::                         Un   0   2     5 lo
fe80::ba27:ebff:fe0a:b32d/128  ::                         Un   0   1     0 lo
fe80::ba27:ebff:fe5f:e678/128  ::                         Un   0   1     0 lo
fe80::e95a:684b:91f5:e2ca/128  ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 2    12 wlan0
ff00::/8                       ::                         U    256 3   233 enxb827eb0ab32d
ff00::/8                       ::                         U    256 1     3 nat64
ff00::/8                       ::                         U    256 3    13 bt0
::/0                           ::                         !n   -1  1   212 lo

I appreciate the help,

Karolis

  • 0

    For example, if I need to monitor sensors' data on, say, IBM's quickstart, which is IPv4, I would need to use NAT64 to reach it, right? Could you elaborate and expand on the packet unpacking and the IPv4 tunnel a bit more?

  • 0

    Hi Karolis,

    It seems that you are close to getting it working. Could you share the /etc/tayga.conf, and 'ifconfig' (here we are interested in bt0 and tayga interfaces), 'route -n -A inet6'?

    Please hide the sensitive data (especially public/global IPv4 and IPv6 addresses, 'ifconfig' for interfaces other than 'bt0' or tayga interface.

    On which interface where you running the tcpdump? You can run it on the tayga interface to see it IPv6 packets from bt0 reach it.

    We are successfully used tayga in our Thread Border Router for some time now, you can take a look at the init_nat64() function: github.com/.../thread_border_router

    We use non-standard prefix in the following form: prefix_nat48="fd00:0064:0123::" prefix_nat64="fd00:0064:0123:4567::"

    Kind regards, Piotr Szkotak

  • 0

    Hello Piotr, Thank you for the informative comment, I have edited the question with the info you requested. I was monitoring bt0 interface where I can see the packets coming in. In the nat64 interface, nothing is received. Regards, Karolis

  • 0

    Hi Karolis,

    It seems that you have selected the same prefix to address your bt network and for tayga to perform IPv6 to IPv4 translation. I would rather use well defined 64:ff9b::/96 prefix for tayga.

    Please look at the routing table. The most important entries I would expect to see there are:

    64:ff9b::/96 :: U 1024 0 0 nat64

    2001:db8::/64 :: U 256 0 0 bt0

    According to rfc3849 2001:db8 should serve documentation only, but lets leave it for now.

    Please also make sure that you have ipv4 and ipv6 forwarding enabled.

    I do not have much experience with tunnels or bridging with BT, so I cannot comment much on that.

    Regards, Piotr

    Edit: Adding some commands.

    If you receive "no route" error I expect there is missing entry in the routing table. I do not have the proper hardware on my desk at this moment, and I am not sure what exactly did you do. As the starting point I would set tayga.conf to:

    tun-device nat64

    ipv4-addr 192.168.64.1

    prefix 64:ff9b::/96

    data-dir /var/db/tayga

    Then I would clean current tayga database:

    rm -r /var/db/tayga

    mkdir -p /var/db/tayga/

    touch /var/db/tayga/dynamic.map

    ip link del dev nat64

    Then I would set it back again.

    tayga --mktun

    ip link set nat64 up

    ip addr add 64:ff9b::1 dev nat64

    ip addr add 64:ff9b::/64 dev nat64

    ip route add 192.168.64.0/24 dev nat64

    ip route add 64:ff9b::/64 dev nat64

    I would also set bt0 addr and add route to it.

    ip addr add fdff:cafe:cafe:cafe::/64 dev bt0

    ip route add fdff:cafe:cafe:cafe::/64 dev bt0

    Kind regards, Piotr Szkotak

  • 0 in reply to Piotr Szkotak

    Hi, thanks for the answer, however this does not solve the problem. If I set the tayga prefix to 64:ff9b::/96 it asks me to set taygas ipv6 address and then I couldn't manage setting the routing tables correctly to ping myself or anything. Hence I tried setting different prefixes to bt0 and tayga interfaces, as you suggested, 2003:db8:1:ffff::/96 for tayga and 2004:db8:1:ffff::1/64 for bt0. The thing is, that when I look at tcpdump on bt0 interface, the node is using it's local fe80 address to ping google with nat64 prefix. IP6 fe80::282:73ff:fe90:8a48 > 2003:db8:1:ffff::808:808: ICMP6, echo request, seq 2, length 18. And then my bt0 interface replies fe80::ba27:ebff:fea0:1987 > fe80::282:73ff:fe90:8a48 : ICMP6, destination unreachable, beyond scope 2003:db8:1:ffff::808:808, source address fe80::282:73ff:fe90:8a48, length 66

Related
Terms of service