...
- all people connected within 192.168.128.0/17
- to access the external world.
First step, let's:
- create an interface Loopback0 within 192.168.128.0/17, let's say 192.168.254.1/32
- and try to ping 8.8.8.8
At the present time, it seems that no one is able to reach outside world.
Article objective
In this article we will pursue the SOHO network appliance installation and enable IPv4 connectivity for all host connected within your internal network to the external world.
Diagrams
[
...
#004 ] -
...
Do you need translation ?
| Expand |
|---|
| title | Create router loopback in VRF inet |
|---|
|
First step, let's create an interface Loopback0 within 192.168.128.0/17, let's say 192.168.254.1/32 | Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
| title | ping 8.8.8.8SOHO router in VRF inet |
|---|
| sh run loopback0
interface loopback0
no description
vrf forwarding inet
ipv4 address 192.168.254.1 255.255.255.255
no shutdown
no log-link-change
exit
! |
|
...
| Expand |
|---|
| title | First troubleshooting action |
|---|
|
| Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
| title | traceroute 8.8.8.8 using looback0 as source address |
|---|
| traceroute 8.8.8.8 /vrf inet /interface lo0
tracing 8.8.8.8, src=192.168.254.1, vrf=inet, prt=0/33440, tim=1000, tos=0, len=64
1 192.168.254.1 time=0
2 null time=1000
3 null time=1000
4 null time=1000
5 null time=1000
6 null time=1000
7 null time=1000
8 null time=1000
9 null time=1000
10 null time=1000 |
This confirms the ping failures we observed previously. The output above indicate the packet does not even egress our SOHO router. What is the inet VRF says ? | Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
| title | routes inside VRF inet |
|---|
| show ipv4 route inet
typ prefix metric iface hop time
C 192.168.0.0/24 0/0 sdn1 null 14:30:07
LOC 192.168.0.90/32 0/1 sdn1 null 14:30:07
C 192.168.128.0/24 0/0 sdn999 null 14:30:13
LOC 192.168.128.1/32 0/1 sdn999 null 14:30:13
C 192.168.254.1/32 0/0 loopback0 null 14:30:15 |
So we have no default routes . Let's configure one then pointing towards ISP BOX gateway: | Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
| title | Default route configuration |
|---|
| conf t
ipv4 route inet 0.0.0.0 0.0.0.0 192.168.0.254 |
| Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
| title | routes inside VRF inet |
|---|
| show ipv4 route inet
typ prefix metric iface hop time
S 0.0.0.0/0 1/0 sdn1 192.168.0.254 14:30:07
C 192.168.0.0/24 0/0 sdn1 null 14:30:07
LOC 192.168.0.90/32 0/1 sdn1 null 14:30:07
C 192.168.128.0/24 0/0 sdn999 null 14:30:13
LOC 192.168.128.1/32 0/1 sdn999 null 14:30:13
C 192.168.254.1/32 0/0 loopback0 null 14:30:15 |
So at that point, packet send to 8.8.8.8 are sent to nexthop 192.168.0.254 via sdn1. | Code Block |
|---|
| language | bash |
|---|
| theme | Midnight |
|---|
| title | ping 8.8.8.8 |
|---|
| ping 8.8.8.8 /vrf inet /interface lo0
pinging 8.8.8.8, src=192.168.254.1, vrf=inet, cnt=5, len=64, tim=1000, ttl=255, tos=0, sweep=false
.....
result=0%, recv/sent/lost=0/5/5, rtt min/avg/max/total=10000/0/0/5003 |
But ping is still not not working. Let's figure out what's going on here. |
| Expand |
|---|
| title | Netwroking Networking environment assumption |
|---|
|
As depicted in previous article: - ISP box has a demarcation point set to 192.168.0.254
- So ISP box at some point is configured to perform Network Address Translation from 192.168.0.0/24 → ISP public IPv4 interface
- When ISP box receives a ICMP ping from 192.168.254.1 which does not match any ISP box NAT rules → Packet is discarded
Therefore in order to have a working seamless networking environment from the ISP box point of view, traffic coming from 192.168.128.0/17 might need to be NAT(ed) into 192.168.0.0/24 network. Let's see If our guess is right. |
...
| Tip |
|---|
| title | RARE validated design: [ SOHO #004 ] - key take-away |
|---|
|
In this example we are proposing a basic connectivity scenario. However, keep in mind that depending on your location the configuration might be drastically different. But do not fear ! RARE/freeRouter has all the features need to enable connectivity ! - NAT64 is available. So in case you want to run a pure IPv6 network, freeRouter can NAT64 traffif traffic for you.
- NAT46 is also available. In case you are desperate and don't want to implement a pure IPv6 home network and have an ISP running only IPv6, freeRouter can NAT46 your traffic for you !
- In the example described, we are lucky to have IPv6 public global IPv6 address. We will see IPv6 configuration in subsequent articles.
|
...