So everyone inside home network can:

reach the Internet thanks to NAT translation described in SOHO #004
reach now their favorite Internet service by name thanks for SOHO #005
and get IPv4 (or IPv6) address from DHCP server (we took as a switch connected to sdn6)

Requirement

Basic Linux/Unix knowledge
Service provider networking knowledge

Overview

In the previous articles we describe the hardware in SOHO #001 and initial staging steps in SOHO #002.

You technically juts have to cut'n paste the config if you get the same hardware and operating system.

But if you pay attention, we did not cover one particular aspect of the hardware: integrated WIFI

Article objective

In this article we will pursue the SOHO network appliance installation and enable the integrated module so that all mobile host @ home can benefit from connectivity offered by SOHO router. In this basic example I'll show you basic WIFI implementation

WIFI is b/g/n module (therefore no 5Ghz wifi)
WIFI won't be directly under RARE/freeRouter control

Diagrams

RARE > 2020/11/03 > RARE validated design: [ SOHO #007 ] - "I'm not wired ... I need connectivity too !" > image2020-10-30_18-17-53.png

[ SOHO #007 ] - "I'm not wired ... I need connectivity too !"

Log into linux appliance via management interface using previously configured veth1a IPv4 address: 192.168.128.1

lspci | grep -i wire
09:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network Adapter (PCI-Express) (rev 01)

My google-fu indicated me that the lunux driver should be ath9k

lsmod | grep ath
ath9k                 139264  0
ath9k_common           20480  1 ath9k
ath9k_hw              487424  2 ath9k_common,ath9k
ath                    36864  3 ath9k_common,ath9k,ath9k_hw
mac80211              917504  1 ath9k
cfg80211              897024  4 ath9k_common,ath9k,ath,mac80211

So it seems that Debian kernel has detected and loaded the proper module

ifconfig | grep w
wlan0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500

wlan0 interface appeared !

When freshly configured, wlan0 is disabled. You can enable it:

ip link set wlan0 up

However, note that in SOHO #002, all is set during startup script (/rtr/hwdet-all.sh) via systemd
Last observation is that in SOHO #002 we also disabled Linux systemd networking
- systemd use to name linux interface based on their pcie id: wlp9s0
- after disabling it, WIFI interface name appears to become: wlan0

Now that the hardware and corresponding linux driver is loaded we can proceed to Linux access point software installation

apt-get update
apt-get install hostapd

hostapd configuration is Debian is in /etc/hostapd/hostapd.conf. But remember this is no more under systemd startup control as we disabled entirely systemd networking.

cat /etc/hostapd/hostapd.conf
#change wlan0 to your wireless device
interface=wlan0
# "g" simply means 2.4GHz band
hw_mode=g
# the channel to use
channel=acs_survey
# limit the frequencies used to those allowed in the country
ieee80211d=1
# the country code
country_code=FR
# 802.11n support
ieee80211n=1
# QoS support, also required for full speed on 802.11n/ac/ax
wmm_enabled=1
driver=nl80211
ssid=YOUR_HOME_WIFI_SSID
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=y0urverys1cr1tpassw0rd
wpa_key_mgmt=WPA-PSK FT-PSK WPA-PSK-SHA256 SAE FT-SAE
wpa_pairwise=CCMP
rsn_pairwise=CCMP

You can check that hostapd is correctly configured by launching it manually

hostapd /etc/hostapd/hostapd.conf 
...

From that point from your mobile phone or laptop:

you should be able to see YOUR_HOME_WIFI_SSID appearing in the list of available wireless network
you should be able to connect to YOUR_HOME_WIFI_SSID
But your mobile device might say: "Internet might not be available or Cannot retrieve IP from YOUR_HOME_WIFI_SSID"

hostapd id triggered when SOHO router is booting up (described in rtr-hw.txt)
Remember wlan0 is visible from the Linux kernel and managed by hostapd
we created a veth pair (veth2a@linux side and veth2b@sdn998 SOHO router side)
we bind wlan0 to veth2a (Cf. rtr-hw.txt → proc wlan /rtr/pcap2pcap.bin wlan0 veth2a)
and then veth2a is bound to sdn998 which is interface veth2b controlled by DPDK (Cf. SOHO #002 and SOHO #003)

So at that point all traffic coming from wlan0 will also make its way to sdn998

Now we need to make wireless traffic visible through VRF inet as we need to enable IPv4 (or IPv6) connectivity for mobile device.

So this is done in 2 steps.

Step - 1 - Create a bridge for wireless

bridge 1
 mac-learn
 mac-move
 exit

Creating a bridge will also create interface bvi.

Step - 2 - Add veth2b to the wireless bridge

interface sdn998
 description SOHO@WLAN[veth2b-veth2a]
 mtu 1500
 bridge-group 1
 no shutdown
 no log-link-change
 exit

Make sure that bridge 1, sdn998, hairpin11 and hairpin12 are in declared into p4lang server

conf t
server p4lang p4 
 export-bridge 1
 export-port sdn998 7 1 0 0 0
 export-port hairpin11 11 0 0 0 0
 export-port hairpin12 12 0 0 0 0

The trick is to use hairpin interfaces. For experienced Junos user, this corresponds to Junos logical tunnel lt interface

Step - 1 - Create a hairpin pair in order to redirect wireless traffic into VRF inet

conf t
hairpin 1

Creating a hairpin 1 will also create interface hairpin11 and hairpin12.

Step - 2 - Add hairpin11 to the wireless bridge

interface hairpin11
 no description
 bridge-group 1
 no shutdown
 no log-link-change
 exit

Step - 3 - Add hairpin12 into VRF inet

interface hairpin12
 description SOHO@hairpin11
 mtu 1500
 vrf forwarding inet
 ipv4 address 192.168.129.1 255.255.255.0
 no shutdown
 no log-link-change
 exit

At that point all traffic from/to wireless will transit via hairpin12 and reach VRF inet

Now, DHCP request coming from mobile client can reach SOHO router VRF inet via hairpin12.

Step - 1 - Create DHCP server for Wireless client in VRF inet

server dhcp4 dh4-wlan
 pool 192.168.129.2 192.168.129.254
 gateway 192.168.129.1
 netmask 255.255.255.0
 dns-server 192.168.254.1
 domain-name local
 interface hairpin12
 vrf inet
 exit

Creating hairpin 1 will also create interface hairpin11 and hairpin12.

Verification

Connect to WIFI via laptop wifi

debug server dhcp?                                                     
  dhcp4      - ipv4 dynamic host config protocol
  dhcp6      - ipv6 dynamic host config protocol

mjolnir#debug server dhcp4 ?                                                   
  <cr>
mjolnir#debug server dhcp4                                                     
mjolnir#terminal monitor

mjolnir#debug server dhcp4                                                     
mjolnir#term mon                                                               
mjolnir#info ip.ipCor6.parseIPheader:ipCor6.java:95 got bad version from ::    
debug serv.servDhcp4worker.doer:servDhcp4.java:679 rx op=req sec=1 cia=0.0.0.0 yia=0.0.0.0 sia=0.0.0.0 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=discover dhcpsrv=null hstnm=MBP-de-Frederic dom=null lease=7776000 renew=0 mask=null gw=null dns1=null dns2=null req=null
debug serv.servDhcp4.sendPack:servDhcp4.java:482 tx 192.168.129.83 op=rep sec=1 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=offer dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:686 tx op=rep sec=1 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=offer dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:679 rx op=req sec=2 cia=0.0.0.0 yia=0.0.0.0 sia=0.0.0.0 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=request dhcpsrv=192.168.129.1 hstnm=MBP-de-Frederic dom=null lease=0 renew=0 mask=null gw=null dns1=null dns2=null req=192.168.129.83
debug serv.servDhcp4.sendPack:servDhcp4.java:482 tx 192.168.129.83 op=rep sec=2 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=ack dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
debug serv.servDhcp4worker.doer:servDhcp4.java:686 tx op=rep sec=2 cia=0.0.0.0 yia=192.168.129.83 sia=192.168.129.1 gia=0.0.0.0 cha=88e9.fe76.7f9b srv= fil= op=ack dhcpsrv=192.168.129.1 hstnm=null dom=lan lease=43200 renew=21600 mask=255.255.255.0 gw=192.168.129.1 dns1=192.168.254.1 dns2=null req=null
...
mjolnir#

So based on the debug output:

DHCP allocated 192.168.129.83
Primary DNS (dns1) is 192.168.254.1
Network has /24 CIDR

mjolnir#sh ipv4 arp hairpin12                                                  
mac             address          time      static
...
88e9.fe76.7f9b  192.168.129.83   00:00:13  false
...
mjolnir#

╭─[11/3/20|3:17:21]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  ifconfig en0    
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=400<CHANNEL_IO>
        ether 88:e9:fe:76:7f:9b 
        inet6 fe80::1cf1:eacf:9ba9:43c3%en0 prefixlen 64 secured scopeid 0x5 
        inet 192.168.129.83 netmask 0xffffff00 broadcast 192.168.129.255
        inet6 2a01:e0a:159:2857:86:8cf9:a786:8f18 prefixlen 64 autoconf secured 
        inet6 2a01:e0a:159:2857:904b:4faa:5684:b7a0 prefixlen 64 autoconf temporary 
        nd6 options=201<PERFORMNUD,DAD>
        media: autoselect
        status: active
╭─[11/3/20|3:24:08]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  nslookup 212.27.48.10
Server:         fd00:2200::1
Address:        fd00:2200::1#53

Non-authoritative answer:
10.48.27.212.in-addr.arpa       name = www.free.fr.

Authoritative answers can be found from:

Pay attention to the server that answered ! At the present moment it should not be fd00:2200::1. It is simply because I had a setup with IPv6 fully enabled.

╭─[11/3/20|3:14:17]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  ping 212.27.48.10
PING www.free.fr (212.27.48.10): 56 data bytes
64 bytes from 212.27.48.10: icmp_seq=0 ttl=57 time=6.528 ms
64 bytes from 212.27.48.10: icmp_seq=1 ttl=57 time=4.666 ms
64 bytes from 212.27.48.10: icmp_seq=2 ttl=57 time=4.330 ms
64 bytes from 212.27.48.10: icmp_seq=3 ttl=57 time=4.446 ms

show ipv4 nat inet translations | i 192.168.129.83                     
1      192.168.129.83 -211222528  212.27.48.10 -211222528  192.168.0.90 -211222528  212.27.48.10 -211222528    00:00:17  00:00:17  00:05:00  1        84
1      212.27.48.10 -211222528    192.168.0.90 -211222528  212.27.48.10 -211222528  192.168.129.83 -211222528  00:00:17  00:00:17  00:05:00  1        84
1      192.168.129.83 -211222527  212.27.48.10 -211222527  192.168.0.90 -211222527  212.27.48.10 -211222527    00:00:16  00:00:16  00:05:00  1        84
1      212.27.48.10 -211222527    192.168.0.90 -211222527  212.27.48.10 -211222527  192.168.129.83 -211222527  00:00:16  00:00:16  00:05:00  1        84
1      192.168.129.83 -211222526  212.27.48.10 -211222526  192.168.0.90 -211222526  212.27.48.10 -211222526    00:00:15  00:00:15  00:05:00  1        84
1      212.27.48.10 -211222526    192.168.0.90 -211222526  212.27.48.10 -211222526  192.168.129.83 -211222526  00:00:15  00:00:15  00:05:00  1        84

╭─[11/2/20|4:36:18]loui@MacBook-Pro-de-Frederic.local ~  
╰─➤  ping www.free.fr -c 5 
PING www.free.fr (212.27.48.10): 56 data bytes
64 bytes from 212.27.48.10: icmp_seq=0 ttl=57 time=3.903 ms
64 bytes from 212.27.48.10: icmp_seq=1 ttl=57 time=5.883 ms
64 bytes from 212.27.48.10: icmp_seq=2 ttl=57 time=3.658 ms
64 bytes from 212.27.48.10: icmp_seq=3 ttl=57 time=4.872 ms
64 bytes from 212.27.48.10: icmp_seq=4 ttl=57 time=4.488 ms

--- www.free.fr ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.658/4.561/5.883/0.787 ms

show ipv4 nat inet translations | i 192.168.129.83                     
1      192.168.129.83 -211222528  212.27.48.10 -211222528  192.168.0.90 -211222528  212.27.48.10 -211222528    00:00:17  00:00:17  00:05:00  1        84
1      212.27.48.10 -211222528    192.168.0.90 -211222528  212.27.48.10 -211222528  192.168.129.83 -211222528  00:00:17  00:00:17  00:05:00  1        84
1      192.168.129.83 -211222527  212.27.48.10 -211222527  192.168.0.90 -211222527  212.27.48.10 -211222527    00:00:16  00:00:16  00:05:00  1        84
1      212.27.48.10 -211222527    192.168.0.90 -211222527  212.27.48.10 -211222527  192.168.129.83 -211222527  00:00:16  00:00:16  00:05:00  1        84
1      192.168.129.83 -211222526  212.27.48.10 -211222526  192.168.0.90 -211222526  212.27.48.10 -211222526    00:00:15  00:00:15  00:05:00  1        84
1      212.27.48.10 -211222526    192.168.0.90 -211222526  212.27.48.10 -211222526  192.168.129.83 -211222526  00:00:15  00:00:15  00:05:00  1        84

Conclusion

In this article we enabled the appliance WIFI integrated hardware:

We ensured that wifi hardware was detected by Linux kernel
We also ensured that Linux loaded the right wifi driver kernel module
hostapd would control wireless interface
we create a veth pair (veth2a Linux side - veth2b / DPDK side)
wlan0 traffic is bound to veth2a using pcap2pcap utility (in freeRouter binaries bundle)
veth2b is bound to sdn998 (and declalred in p4lang server)
we create a hairpin 1 (hairpin11 , hairpin12) interface
bridge 1 has also been created
sdn998 and hairpin11 have been added to the bridge
hairpin12 is a routed interface declared in VRF inet and has an IP 192.168.129.1 inside wireless subnet 192.168.129.0/24

In this example the key take-away are:

The above action lead to bridge wireless traffic and pour it into VRF inet
From that point all defined previsously will apply (NAT, DHCP) but now with wireless subnetwork

This example cover the case of a basic bridge in which we included a basic interface sdn998 and a hairpin interfaces pouring traffic from/to VRF inet. freeRouter is acting as a wireless controller local to the integrated WIFI. We will see in further article another typical WIFI implementation more flexible.