Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
Emerging Member
Posts: 56
Registered: ‎08-21-2013
Kudos: 21
Solutions: 1
Contributions: 1

SIXXS connectivity without AICCU with minimum system modification

[ Edited ]

Disregarding the missing aiccu support of the stock edgerouter, aiccu is very hard to bring up at boot since the clock will not be within tolerances at that time. It also can't be told to do heartbeat only since it is apparently buggy.

Provided you have a static ipv4 address, you can already connect to sixxs without doing anything, you just have to setup a sit tunnel like this:

     tunnel tun0 {
         address (your tunnel endpoint ipv6 address/64)
         encapsulation sit
         local-ip (local ipv4)
         remote-ip (sixxs PoP ipv4)
     }

and set the route to it:

protocols {
     static {
         route6 ::/0 {
             next-hop a:b:c:d::1 {
             }
         }
     }
 }

 

That doesn't work without a static ipv4 since the sixxs PoP will not know your endpoint address.

sixxs also supports dynamic 6in4 heartbeat tunnels. Since we already can do the sit part, the only thing missing is getting a heartbeat to work, preferably without aiccu.

Thanks to a guy named Oliver Walter, we have such an alternative heartbeat script, which I converted to python so it's not necessary to install netcat.

localv6 is your ipv6 tunnel endpoint address, usually something like a:b:c:d::2/64

remotev6 is the ipv6 tunnel remote address, usually something like a:b:c:d::1/64

remotev4 is the sixxs PoP ipv4

password is the heartbeat password of this tunnel, not your sixxs password

#!/usr/bin/python
#

import time,hashlib,subprocess,socket,os

localv6=""
password=""
remotev4=""
remotev6=""


while 1:
        hbBase="HEARTBEAT TUNNEL " + localv6 + " sender " + str(int(time.time()))
        hbToSend=hbBase + " " + hashlib.md5(hbBase + " " + password).hexdigest()
        sock = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)                  
        sock.sendto(hbToSend, (remotev4, 3740))                                 
        sock.close()                                          
        with open(os.devnull, "w") as fnull:                  
                subprocess.call(["/bin/ping6", "-s", "8", "-c", "1", "-q", remotev6], stdout=fnull, stderr=fnull)
        time.sleep(60)

 

So I put that with login data in /config/scripts/post-config.d/heartbeat.py and the tunnel works.

Highlighted
Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5393
Solutions: 1656
Contributions: 2

Re: SIXXS connectivity without AICCU with minimum system modification

Great! Do you think this could go into the Knowledge Base? Thanks for your contribution!

Emerging Member
Posts: 56
Registered: ‎08-21-2013
Kudos: 21
Solutions: 1
Contributions: 1

Re: SIXXS connectivity without AICCU with minimum system modification

sure

Regular Member
Posts: 504
Registered: ‎03-03-2012
Kudos: 126
Solutions: 11

Re: SIXXS connectivity without AICCU with minimum system modification

[ Edited ]

Thank you for pointing this out, barkas! Robot Happy

Three questions:

  1. Will /usr/local/bin survive a reboot?
  2. Wouldn't be /config/scripts/post-config.d the right™ place for the startup script?
  3. Shouldn't the startup script contain localv6, password, remotev4, remotev6 as arguments?

P.S.: Brocade != Broadcom Robot wink

Emerging Member
Posts: 56
Registered: ‎08-21-2013
Kudos: 21
Solutions: 1
Contributions: 1

Re: SIXXS connectivity without AICCU with minimum system modification

1. yes

2. no idea

3. yes

P.S. absolutely

Previous Employee
Posts: 10,504
Registered: ‎06-09-2011
Kudos: 3055
Solutions: 945
Contributions: 16

Re: SIXXS connectivity without AICCU with minimum system modification


FTZ wrote:

Thank you for pointing this out, barkas! Robot Happy

Three questions:

  1. Will /usr/local/bin survive a reboot?
  2. Wouldn't be /config/scripts/post-config.d the right™ place for the startup script

1. Yes, it'll survive a reboot, but will not survive when you upgrade to a new software image

2. The entire /config directory does get copied during a software upgrade, so this is where we recommend scripts, auth keys, etc to be placed.

EdgeMAX Router Software Development
Emerging Member
Posts: 56
Registered: ‎08-21-2013
Kudos: 21
Solutions: 1
Contributions: 1

Re: SIXXS connectivity without AICCU with minimum system modification

What would be the correct way to deposit a script that is run on boot?

Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5393
Solutions: 1656
Contributions: 2

Re: SIXXS connectivity without AICCU with minimum system modification

As FTZ mentioned above you can put the script in the "/config/scripts/post-config.d" directory.

Regular Member
Posts: 504
Registered: ‎03-03-2012
Kudos: 126
Solutions: 11

Re: SIXXS connectivity without AICCU with minimum system modification

[ Edited ]

What would I use as tunnel tun0 local-ip?

EDIT:
You can use any RFC1918 address that is attached to any of the ERL's interfaces.

Regular Member
Posts: 504
Registered: ‎03-03-2012
Kudos: 126
Solutions: 11

Re: SIXXS connectivity without AICCU with minimum system modification

[ Edited ]

The Python script works nicely. Thank you, barkas.

However the infinite loop it contains seems to render the serial console unuseable when the script is run from /config/scripts/post-config.d/. Console output stops at "Starting EdgeOS router: migrate rl-system configure." and doesn't accept any input. 

Any ideas how to prevent this, UBNT?

 

EDIT:
I just confirmed the suspected behavior by killing the script from a SSH console and *drumroll* the serial console prints the login banner.

Previous Employee
Posts: 13,551
Registered: ‎06-10-2011
Kudos: 5393
Solutions: 1656
Contributions: 2

Re: SIXXS connectivity without AICCU with minimum system modification


FTZ wrote:

I just confirmed the suspected behavior by killing the script from a SSH console and *drumroll* the serial console prints the login banner.


Yeah, the "/config/scripts/post-config.d" scripts are basically like "rc.local" and cannot "block" (otherwise the boot won't finish). One possible solution is to create a wrapper script that starts this python script "in the background" (maybe also use nohup, redirect output, etc.), and then put the wrapper script in the post-config.d directory.

Regular Member
Posts: 504
Registered: ‎03-03-2012
Kudos: 126
Solutions: 11

Re: SIXXS connectivity without AICCU with minimum system modification

I ended up simply removing the loop and timer from the script, then calling it from crontab. Now I'll have to type a single line to get it working again after a system update - big effin' deal! Robot LOL


Apart from that, a heads-up to SIXXS users:
The correct password to use in the script posted above is the random-generated one you'll find on the "Live Tunnel Status" page at sixxs.net!

Regular Member
Posts: 504
Registered: ‎03-03-2012
Kudos: 126
Solutions: 11

Re: SIXXS connectivity without AICCU with minimum system modification

Just a quick heads-up:

Since cronjobs have been integrated into the EdgeOS CLI in v1.5.0 under system task-scheduler, it is now safe to call the Python script listed above via that mechanism, since it will now survive upgrades without the need for manual restoration of the crontab. Have fun!

Regular Member
Posts: 504
Registered: ‎03-03-2012
Kudos: 126
Solutions: 11

Re: SIXXS connectivity without AICCU with minimum system modification

This thread can be deleted since SixxS has ceased operations.

 

https://www.sixxs.net/sunset/

Reply