IPv6-only Network based on Jool

82 点作者 unclet5 个月前

13 条评论

The UK IPv6 Council has a bunch of videos on running IPv6-mostly/only networks:* <a href="https://www.youtube.com/@ukipv6council468/videos" rel="nofollow">https://www.youtube.com/@ukipv6council468/videos</a>This includes at academic institutions where it's basically all BYOD so they have to deal with a more 'random' assortment of systems:* <a href="https://www.youtube.com/watch?v=2B-liebzcOM" rel="nofollow">https://www.youtube.com/watch?v=2B-liebzcOM</a>And enterprise networks, like Jen Linkova at Google:* <a href="https://www.youtube.com/watch?v=hb98hAb5_W8" rel="nofollow">https://www.youtube.com/watch?v=hb98hAb5_W8</a>Jen also had a presentation recently (2024-11) at RIPE87, "Mission Possible: How Google Plans to Turn Off IPv4!", where they've managed to reclaim 300K IPv4 addresses:* <a href="https://www.youtube.com/watch?v=UTRsi6mbAWM" rel="nofollow">https://www.youtube.com/watch?v=UTRsi6mbAWM</a>She's currently co-chair of the IETF IPv6 Maintenance (6man) working group.

sgjohnson5 个月前

NAT64 covers most of the cases. However, in my homelab experiements I very quickly found out that IPv4 literal addresses are a bit problematic for me.There are ways to fix that with 464XLAT/CLAT, but I never got around to deploying it.These days I'm just running dual-stack, with no NAT64. I hate NAT with a burning passion, so adding another layer of stateful NAT is a bit of a net negative in my eyes.Someday I'll go full IPv6 on my home network with 464XLAT. And then I'll realize that some stupid IoT device or something is not CLAT aware. Obviously there are solutions around that too, but they require an intermediate device.

评论 #42610135 未加载

评论 #42611469 未加载

rendaw5 个月前

I used Jool! It worked great, but with some caveats.My ISP does DS-lite which is some abomination where the shared (split by port) IPv4 address is calculated based on the IPv6 address? Using a fixed mapping table? Which is both very popular here and has zero linux support.They had another option to do PPPoE IPv4 + SLAAC IPv6, but for this option they didn't support DHCP prefix delegation. So I had to use this, and to work around that I needed to make my IPv6 network bridged.The problem is Jool hooks into the linux routing table, and in the bridged network none of the outbound packets reach that table. So I had to 1. rewrite their RAs with my own DNS64 server and 2. mangle NAT64 packets to look as if they're sent to the router directly so they hit the routing table (and get processed by Jool): <a href="https://github.com/andrewbaxter/portalino/blob/main/source/os/ipv6_bridge_template_mangle_jool.nftables">https://github.com/andrewbaxter/portalino/blob/main/source/o...</a>Then I hit random MTU issues. MTU should be auto configured (and fixed when there's issues) but I saw problems with Chrome/Firefox refusing to load pages until I tried again at least 30s later until I forced the MTU lower.So close, but still so far.

评论 #42625315 未加载

eqvinox5 个月前

It should be noted in-network DNS64 is a fallback for situations where end devices don't have native support for NAT64 (either with a CLAT or with local DNS64). (Network side DNS64 breaks DNSsec)RedHat is working to get CLAT on regular Linux hosts, where it has been direly missing.

评论 #42618997 未加载

fulafel5 个月前

It's not immediately clear from the page but this is a NAT style hack for people who don't have normal IPv6 connectivity, and NAT'ed connectivity is inferior to native.

评论 #42610938 未加载

ipython5 个月前

I have to admit, at first read I thought the headline was referring to the e-cig Juul and I was scratching my head wondering how one could build an ipv6 mesh network out of vapes.

evanjrowley5 个月前

I would love to do something like this except Verizon only provides IPv4 in my area. Some of the. Workarounds, like IPv6 tunnels, seem to have big drawbacks like being blocked by major providers.I wish it were possible to force major operating systems to prefer IPv4 over IPv6, which might be a viable workaround to a less reliable IPv6 workaround, but such a configuration appears to be unfeasible for mobile phones, Windows, and perhaps MacOS too.

elnappo5 个月前

Would love to enable NAT64 on my OpenWRT router, sadly setting up Jool on OpenWRT feels to hacky to me. Based on option 2 described here: <a href="https://openwrt.org/docs/guide-user/network/ipv6/nat64" rel="nofollow">https://openwrt.org/docs/guide-user/network/ipv6/nat64</a>

gertrunde5 个月前

Not sure I entirely agree with :"Here is the classical topology of home network." ... "And all the LAN hosts have one /64 IPv6 prefix."Are people really deploying IPv6 like this? Rather than a /64 to a vlan?(Personally, in the home, I'm just using DHCPv6-PD to delegate a different /64 to each VLAN).

评论 #42609654 未加载

评论 #42609565 未加载

NewJazz5 个月前

Doesn't openbsd do this without out of tree kernel modules? I'm kind of allergic to dkms and friends.

评论 #42608732 未加载

LorenDB5 个月前

I read Jool and expected something in Kerbal Space Program. For example, here's some network setup around Jool: <a href="https://youtube.com/watch?v=n2eBwgW6sig" rel="nofollow">https://youtube.com/watch?v=n2eBwgW6sig</a>

throw0101d5 个月前

See also perhaps "IPv6-mostly on OpenWRT" from RIPE 87:* <a href="https://www.youtube.com/watch?v=GZ6pxh6ukCg" rel="nofollow">https://www.youtube.com/watch?v=GZ6pxh6ukCg</a>* <a href="https://ripe87.ripe.net/archives/video/1136/" rel="nofollow">https://ripe87.ripe.net/archives/video/1136/</a>* <a href="https://ripe87.ripe.net/wp-content/uploads/presentations/8-IPv6-mostly_on_OpenWRT.pdf" rel="nofollow">https://ripe87.ripe.net/wp-content/uploads/presentations/8-I...</a>Ansible roles:* <a href="https://github.com/oskar456/ansible-openwrt-ipv6-mostly">https://github.com/oskar456/ansible-openwrt-ipv6-mostly</a>

zorked5 个月前

Why do I need to even think about entering a contractual relationship with "13 TCF vendor(s) and 64 ad partners" before reading a blog post? The subject sounded interesting but the lack of respect for me is enormous.

评论 #42609108 未加载

评论 #42609164 未加载