How to bridge IPv6-over-BLE and native (or tap in general)?

gabrielication · 7 February 2022 14:37

Hi!

I am trying to let a nrf52840dk board connected via IPv6-over-BLE to a Linux host communicate to another RIOT instance on native on tap. I cannot apparently use the “ip bridge” command because of the differences of the bluetooth interface on Linux which is unsupported on the bridge. The problem can probably be solved using “ip route” in order to route the packets and practically bridging the two, but I did not find any tutorial on the RIOT wiki on how to do that correctly.

Can someone help me suggesting the procedure that I should execute? Thank you very much

P.S. the nrf board connects fine to Linux and I can ping it normally from there. I just followed this: https://github.com/RIOT-OS/RIOT/blob/master/pkg/nimble/README.ipv6-over-ble.md

bergzand · 8 February 2022 16:29

Hi,

As you said, bridging two different link layer protocols together is not going to work. These don’t mix. You’re going to have to connect them by routing traffic. There is not much of a tutorial on the RIOT wiki on this, but generic routing tutorials for this should work fine. Mostly what you need is to tell nodes on both side that they can reach each other via your Linux host. A default route pointing to the Linux host should do fine in most cases and especially if the Linux host is the gateway to the internet anyway. The other thing is to tell your Linux host how to reach both nodes and that it is allowed to forward traffic between the two interfaces.

For this to work both the IPv6-over-BLE need their own routable IPv6 range. Either take blocks from the range you already have, or generate two unique ULA ranges, or for development setups take two subnets from the 2001:db8::/32 range.

One should be used on the bl0 interface for the IPv6-over-BLE range and one on the tapbr0 device (just guessing interface names here). Both ranges should show up in ip -6 route on Linux. Make sure that you can ping devices on either side from Linux to confirm that you have connectivity from Linux to the devices.

Forwarding packets from one subnet to the other can be enabled with:

sysctl -w net.ipv6.conf.all.forwarding=1

(please note that this usually causes Linux to stop responding to router advertisements)

Make sure that any firewall active on the Pi has rules to allow traffic between the two interfaces. Something along the lines of (but please check to make sure) makes Linux allow traffic flow between the two interfaces:

ip6tables -A FORWARD -i bt0 -o tapbr0 -j ACCEPT
ip6tables -A FORWARD -o bt0 -i tapbr0 -j ACCEPT

Last thing is to check if the RIOT nodes themselves know that they can reach the other subnet via the Linux host. For test setups you can manually add a route on them with the nib route shell command:

> nib route add $interface_id $other_subnet $linux_address

For example:

> nib route add 7 2001:db8:0:2::/64 2001:db8:0:1::1

I think this should cover everything needed to route traffic between the instances. As this is all from the top of my head please let me know if this indeed works for you or if you have any further questions.

citrullin · 8 February 2022 21:31

@gabrielication Just some additional information, in case you don’t know. You can also do this only for each device. Instead of all, just use the name of the network interface.

There is also a neat IPv6 cheat sheet. It’s helpful when configuring an IPv6 network.