Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Prerequisites

  • MMB Enterprise Gateway loaded with OTBR image

  • LAN Ethernet Access

  • an SSH client

Hardware Setup

Power on the MMB Enterprise Gateway using the provided barrel jack connector and connect it to your network over Ethernet. Connect the Full Thread Device to the computer you will be using to run the test.

Setting up a Thread Network

Forming the Network

After determining your board’s IP address, direct your browser to the Gateway’s IP address. You will be presented with the OpenThread Border Router landing page. Click on ‘Form’ on the left side of the page to get to the Form Network page. This will allow you to configure most parameters of the network.

Adjust the parameters to your choosing, and take note of the Passphrase. You will need to enter this in Thread Commissioning App to connect to the Border Agent. (I have had trouble with the default 6 digit 123456, but a longer 8 digit passphrase seemed to work). This is your Border Agent passphrase.

When you are satisfied with the network settings click ‘FORM’ at the bottom of the screen.

You will be prompted with a Dialog to confirm your settings, click ‘OK’

You will then see a dialog confirming the successful formation of the network.

Commissioning a Device to the Thread Network

Establish an SSH connection to your Enterprise OTBR

Follow the instructions on our Establishing an SSH connection to the Gateway page for detailed instructions on setting up an SSH connection with your Gateway.

Starting the Commissioning process on the Enterprise OTBR

Open an ssh connection to your Enterprise and enter the following commands to begin the commissioning process. You will need to run the following commands:

[mmb@Tripoli-0000e4:~]$ sudo wpanctl commissioner start
[mmb@Tripoli-0000e4:~]$ sudo wpanctl commissioner joiner-add "*" 60 password

What these commands do:

  • Start the commissioner

  • Add a joiner of ANY EUI64, with a timeout of 60 seconds, with the joiner password of “password”

You can change the timeout value to be longer if you feel it is necessary.

Commissioning an OpenThread Full Thread Device

Open a serial connection to a supported device running OpenThread’s Full Thread Device (ftd) CLI (the CLI must have been compiled with the JOINER=1 flag, if the thread device was provided by MMB, it will have been compiled with this flag). If you did not receive a pre-compiled dongle from MMB, compile with the following arguments:

make -f examples/Makefile-nrf52840 USB=1 BOOTLOADER=USB BORDER_AGENT=1 BORDER_ROUTER=1 COMMISSIONER=1 JOINER=1 UDP_PROXY=1 UDP_FORWARD=1 COAP=1 COAPS=1 DNS_CLIENT=1 LINK_RAW=1

Run the following commands to commission the device to the network.

> factoryreset
> reset
> ifconfig up
> joiner start password

There will be no response to the factoryreset or the reset command. Output should match the image below, with ‘12345678’ being the password used.

The password is the same as the one used in the previous section. The join process can take up to a minute and will show ‘Join Success’ upon completion. Then run the following command to start thread on the device:

> thread start

You can check that the device is joined to the network by running the following command:

> state

If state returns ‘child’ or ‘router’, the device was successfully joined.

On-Mesh Pinging to Test Thread Network Connectivity

Run the following command on the Enterprise OTBR ssh session to obtain its IP Addresses

[mmb@Tripoli-0000e4:~]$ ifconfig wpan0

and the output should look something like this:

wpan0     Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet6 addr: fe80::7266:d7c6:b667:2c68/64 Scope:Link
          inet6 addr: fd11:1111:1122:0:167e:20d5:ce:2d56/64 Scope:Global
          inet6 addr: fe80::44e6:cb4e:6eee:cd25/64 Scope:Link
          inet6 addr: fd11:22::23ae:dabb:89f2:eef0/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1280  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:0 (0.0 B)  TX bytes:956 (956.0 B)

The ‘inet6 addr’ we are interested in is the one which has an address inside our On-Mesh Prefix (fd11:22::) that we specified when we created the network in the ‘Setting up a Thread Network’ section above.

Moving over to the OpenThread end-device, run the following command over serial to ping the Enterprise OTBR from the end-device (Note: The address will differ from the one shown):

> ping fd11:22::23ae:dabb:89f2:eef0

and the ping should return immediately with output that looks similar to this:

> 16 bytes from fd11:22:0:0:23ae:dabb:89f2:eef0: icmp_seq=1 hlim=64 time=40ms

Off-Mesh Pinging Across the Border Router

Now that we have an On-Mesh prefix, the next thing we need is an Off-Mesh Route to tell the Border Agent to handle requests for that routing destination, which will allow an on-mesh device to ping across the border router and onto the LAN. Run the following command on the Enterprise OTBR to automatically determine which interfaces need IPv6 connectivity, start router advertisements as necessary, and add the Off-Mesh Routes to the thread network.

[mmb@Tripoli-0000e4:~]$ sudo ipv6-radvd-dispatcher

If you don’t have LAN IPv6 support, it should output something similar to the following:

Adding route prefix "fd11:2446:a836:9b82::" with len 64, priority "medium", stable:yes, domain-id 0.
Route prefix added.
Adding route prefix "fd11:2446:a285:cdb2::" with len 64, priority "medium", stable:yes, domain-id 0.
Route prefix added.

After this command is run, router advertisements will be broadcast by the Enterprise OTBR, giving your LAN IPv6 connectivity. You can confirm this by checking the IPv6 addresses associated with another device on your LAN.

Example, my developer machine now has an address from the prefix that matches the output from ipv6-radvd-dispatcher (fd11:2446:a285:cdb2:ec89:a088:3f76:bdf6):

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.50.222  netmask 255.255.255.0  broadcast 192.168.50.255
        inet6 fd11:2446:a285:cdb2:ec89:a088:3f76:bdf6  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::8bb:1fa4:9a6d:79f0  prefixlen 64  scopeid 0x20<link>
        inet6 fd11:2446:a285:cdb2:952f:5a63:313:45d7  prefixlen 64  scopeid 0x0<global>
        ether 00:0c:29:4b:03:91  txqueuelen 1000  (Ethernet)
        RX packets 101953  bytes 53166515 (53.1 MB)
        RX errors 0  dropped 7  overruns 0  frame 0
        TX packets 184973  bytes 189003031 (189.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The thread end device and the developer machine on the LAN can now contact each other via the border router. Run the ping command on the thread end device to see it in action:

> ping fd11:2446:a285:cdb2:ec89:a088:3f76:bdf6
> 16 bytes from fd11:2446:a285:cdb2:ec89:a088:3f76:bdf6: icmp_seq=1 hlim=63 time=36ms

Congratulations, you are now running a Thread Border Router on the Enterprise OTBR.

Pinging an Internet IPv4 Resource Using NAT64

The Enterprise OTBR is equipped with Tayga for NAT64 translations that allow an IPv6 network to contact an IPv4 network such as the internet. Tayga is configured using two files, /etc/tayga.conf and /etc/default/tayga, which can be altered to meet network requirements.

Tayga on the Enterprise OTBR is preconfigured to use the well known 6-to-4 prefix of “64:ff9b::/96”. In order to ping an internet IPv4 resource from the thread end device, embed the IPv4 address inside the prefix.

e.g. To ping the Google public DNS server of 8.8.8.8, issue the following command on the thread end device:

> ping 64:ff9b::808:808

which should return:

16 bytes from 64:ff9b::808:808: icmp_seq=1 hlim=63 time=41ms

Limitations

The 6-to-4 well known prefix does not allow NAT64 to operate inside the LAN on which it sits. In order to 6-to-4 ping a LAN device, the “prefix” directive inside /etc/tayga.conf would have to be changed to something in the Unique Local Unicast range of fc00::/7.

Confirm that you cannot ping a LAN device

Begin by converting your LAN device’s IPv4 address to the 4-in-6 format inside the well-known prefix.

Example: 192.168.0.2 becomes 64:ff9b::c0a8:0002 (where ‘c0’ is 192 in hex, ‘a8’ is 168 in hex, etc.)

Attempt to ping the device with the newly generated address:

> ping 64:ff9b::c0a8:0002

and nothing should return because the well-known prefix is Internet-only!

To remedy this, open /etc/tayga.conf and change the “prefix” directive to a prefix in fc00::/7.

An example of a prefix in this range is fd11:2446:64::/96 which is included in the file at the time of this writing, so all that is required is to comment out the existing prefix and uncomment the provided one.

Then restart Tayga with the following command:

[mmb@Tripoli-0000e4:~]$ sudo /etc/init.d/tayga restart

After Tayga restarts, run the ping command with the new prefix and it should return successfully.

> ping fd11:2446:64::c0a8:0002
> 16 bytes from fd11:2446:64:0:0:0:c0a8:0002: icmp_seq=6 hlim=61 time=34ms
  • No labels

Legal Notices

Copyright © 2020 MMB Networks, Inc. All rights reserved.
Confidential materials prepared and delivered by MMB Networks for receipt and review only by any partner subject to a valid and enforceable MMB Networks confidentiality agreement. Any receipt, review, or misuse of any of the content exchanged hereunder by any party not a party to this confidential exchange shall be subject to any and all rights available under the law. All rights, title and interest to the materials shall remain with MMB Networks.
Any suggestions provided to MMB Networks with respect to MMB Networks' products or services shall be collectively deemed “Feedback.” You, on behalf of yourself, or if you are providing Feedback on behalf of your employer or another entity, represent and warrant that you have full legal authority to bind such entity to these terms, agree to grant and hereby grant to MMB Networks a nonexclusive, perpetual, irrevocable, royalty free, worldwide license to use and otherwise exploit such Feedback within any MMB Networks products and services.