Prerequisites
MMB Enterprise Gateway loaded with OTBR image
An OpenThread Full Thread Device
For the purpose of this Demo, MMB recommends the Nordic Semiconductor nRf52840 Dongle loaded with the correct OpenThread FTD CLI firmware
LAN Ethernet Access
an SSH client
Hardware Setup
Power on the MMB Enterprise Gateway using the provided barrel jack connector and connect it to your network over Ethernet. Connect the Full Thread Device to the computer you will be using to run the test.
Setting up a Thread Network
Forming the Network
After determining your board’s IP address, direct your browser to the Gateway’s IP address. You will be presented with the OpenThread Border Router landing page. Click on ‘Form’ on the left side of the page to get to the Form Network page. This will allow you to configure most parameters of the network.
Adjust the parameters to your choosing, and take note of the Passphrase. You will need to enter this in Thread Commissioning App to connect to the Border Agent. (I have had trouble with the default 6 digit 123456, but a longer 8 digit passphrase seemed to work). This is your Border Agent passphrase.
When you are satisfied with the network settings click ‘FORM’ at the bottom of the screen.
You will be prompted with a Dialog to confirm your settings, click ‘OK’
You will then see a dialog confirming the successful formation of the network.
Commissioning a Device to the Thread Network
Establish an SSH connection to your Enterprise OTBR
Follow the instructions on our Establishing an SSH connection to the Gateway page for detailed instructions on setting up an SSH connection with your Gateway.
Starting the Commissioning process on the Enterprise OTBR
Open an ssh connection to your Enterprise and enter the following commands to begin the commissioning process. You will need to run the following commands:
[mmb@Tripoli-0000e4:~]$ sudo wpanctl commissioner start [mmb@Tripoli-0000e4:~]$ sudo wpanctl commissioner joiner-add "*" 60 password
What these commands do:
Start the commissioner
Add a joiner of ANY EUI64, with a timeout of 60 seconds, with the joiner password of “password”
You can change the timeout value to be longer if you feel it is necessary.
Commissioning an OpenThread Full Thread Device
Open a serial connection to a supported device running OpenThread’s Full Thread Device (ftd) CLI (the CLI must have been compiled with the JOINER=1 flag, if the thread device was provided by MMB, it will have been compiled with this flag). If you did not receive a pre-compiled dongle from MMB, compile with the following arguments:
make -f examples/Makefile-nrf52840 USB=1 BOOTLOADER=USB BORDER_AGENT=1 BORDER_ROUTER=1 COMMISSIONER=1 JOINER=1 UDP_PROXY=1 UDP_FORWARD=1 COAP=1 COAPS=1 DNS_CLIENT=1 LINK_RAW=1
Run the following commands to commission the device to the network.
> factoryreset > reset > ifconfig up > joiner start password
There will be no response to the factoryreset or the reset command. Output should match the image below, with ‘12345678’ being the password used.
The password is the same as the one used in the previous section. The join process can take up to a minute and will show ‘Join Success’ upon completion. Then run the following command to start thread on the device:
> thread start
You can check that the device is joined to the network by running the following command:
> state
If state returns ‘child’ or ‘router’, the device was successfully joined.
On-Mesh Pinging to Test Thread Network Connectivity
Run the following command on the Enterprise OTBR ssh session to obtain its IP Addresses
[mmb@Tripoli-0000e4:~]$ ifconfig wpan0
and the output should look something like this:
wpan0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet6 addr: fe80::7266:d7c6:b667:2c68/64 Scope:Link inet6 addr: fd11:1111:1122:0:167e:20d5:ce:2d56/64 Scope:Global inet6 addr: fe80::44e6:cb4e:6eee:cd25/64 Scope:Link inet6 addr: fd11:22::23ae:dabb:89f2:eef0/64 Scope:Global UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 B) TX bytes:956 (956.0 B)
The ‘inet6 addr’ we are interested in is the one which has an address inside our On-Mesh Prefix (fd11:22::) that we specified when we created the network in the ‘Setting up a Thread Network’ section above.
Moving over to the OpenThread end-device, run the following command over serial to ping the Enterprise OTBR from the end-device (Note: The address will differ from the one shown):
> ping fd11:22::23ae:dabb:89f2:eef0
and the ping should return immediately with output that looks similar to this:
> 16 bytes from fd11:22:0:0:23ae:dabb:89f2:eef0: icmp_seq=1 hlim=64 time=40ms
Off-Mesh Pinging Across the Border Router
Now that we have an On-Mesh prefix, the next thing we need is an Off-Mesh Route to tell the Border Agent to handle requests for that routing destination, which will allow an on-mesh device to ping across the border router and onto the LAN. Run the following command on the Enterprise OTBR to automatically determine which interfaces need IPv6 connectivity, start router advertisements as necessary, and add the Off-Mesh Routes to the thread network.
[mmb@Tripoli-0000e4:~]$ sudo ipv6-radvd-dispatcher
If you don’t have LAN IPv6 support, it should output something similar to the following:
Adding route prefix "fd11:2446:a836:9b82::" with len 64, priority "medium", stable:yes, domain-id 0. Route prefix added. Adding route prefix "fd11:2446:a285:cdb2::" with len 64, priority "medium", stable:yes, domain-id 0. Route prefix added.
After this command is run, router advertisements will be broadcast by the Enterprise OTBR, giving your LAN IPv6 connectivity. You can confirm this by checking the IPv6 addresses associated with another device on your LAN.
Example, my developer machine now has an address from the prefix that matches the output from ipv6-radvd-dispatcher (fd11:2446:a285:cdb2:ec89:a088:3f76:bdf6
):
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.50.222 netmask 255.255.255.0 broadcast 192.168.50.255 inet6 fd11:2446:a285:cdb2:ec89:a088:3f76:bdf6 prefixlen 64 scopeid 0x0<global> inet6 fe80::8bb:1fa4:9a6d:79f0 prefixlen 64 scopeid 0x20<link> inet6 fd11:2446:a285:cdb2:952f:5a63:313:45d7 prefixlen 64 scopeid 0x0<global> ether 00:0c:29:4b:03:91 txqueuelen 1000 (Ethernet) RX packets 101953 bytes 53166515 (53.1 MB) RX errors 0 dropped 7 overruns 0 frame 0 TX packets 184973 bytes 189003031 (189.0 MB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
The thread end device and the developer machine on the LAN can now contact each other via the border router. Run the ping command on the thread end device to see it in action:
> ping fd11:2446:a285:cdb2:ec89:a088:3f76:bdf6 > 16 bytes from fd11:2446:a285:cdb2:ec89:a088:3f76:bdf6: icmp_seq=1 hlim=63 time=36ms
Congratulations, you are now running a Thread Border Router on the Enterprise OTBR.
Pinging an Internet IPv4 Resource Using NAT64
The Enterprise OTBR is equipped with Tayga for NAT64 translations that allow an IPv6 network to contact an IPv4 network such as the internet. Tayga is configured using two files, /etc/tayga.conf and /etc/default/tayga, which can be altered to meet network requirements.
Tayga on the Enterprise OTBR is preconfigured to use the well known 6-to-4 prefix of “64:ff9b::/96”. In order to ping an internet IPv4 resource from the thread end device, embed the IPv4 address inside the prefix.
e.g. To ping the Google public DNS server of 8.8.8.8, issue the following command on the thread end device:
> ping 64:ff9b::808:808
which should return:
16 bytes from 64:ff9b::808:808: icmp_seq=1 hlim=63 time=41ms
Limitations
The 6-to-4 well known prefix does not allow NAT64 to operate inside the LAN on which it sits. In order to 6-to-4 ping a LAN device, the “prefix” directive inside /etc/tayga.conf would have to be changed to something in the Unique Local Unicast range of fc00::/7.
Confirm that you cannot ping a LAN device
Begin by converting your LAN device’s IPv4 address to the 4-in-6 format inside the well-known prefix.
Example: 192.168.0.2 becomes 64:ff9b::c0a8:0002 (where ‘c0’ is 192 in hex, ‘a8’ is 168 in hex, etc.)
Attempt to ping the device with the newly generated address:
> ping 64:ff9b::c0a8:0002
and nothing should return because the well-known prefix is Internet-only!
To remedy this, open /etc/tayga.conf and change the “prefix” directive to a prefix in fc00::/7.
An example of a prefix in this range is fd11:2446:64::/96 which is included in the file at the time of this writing, so all that is required is to comment out the existing prefix and uncomment the provided one.
Then restart Tayga with the following command:
[mmb@Tripoli-0000e4:~]$ sudo /etc/init.d/tayga restart
After Tayga restarts, run the ping command with the new prefix and it should return successfully.
> ping fd11:2446:64::c0a8:0002 > 16 bytes from fd11:2446:64:0:0:0:c0a8:0002: icmp_seq=6 hlim=61 time=34ms