[AusNOG] Telstra Mobile NAT64 Gateway dropping UDP?

Matthew H Matthew at marrold.co.uk
Wed Jan 5 22:47:04 AEDT 2022 

Hi All,

Thanks for the replies. I think Andras has cracked it, the SDP body of a
SIP message contains an IPv4 address and is encrypted with TLS so even if a
SIP Helper or ALG is present it won't work.

The SDP RFCs imply you can use a FQDN so I will look into it. It's odd that
it works on Android but now I know what to look for I should be able to
compare the two.

Russell - Thanks for the offer that's really appreciated. Now I know what
to go on I'll look into it a bit more from our side and give you a shout if
we need anything.

Thanks again
Matthew

On Wed, Jan 5, 2022 at 10:59 AM Russell Langton <russell3901 at gmail.com>
wrote:

> Hi Matthew,
>
> As others have said, get that Ipv6 enabled asap ;)
>
> Telstra is currently in shutdown mode for non-critical staff until next
> week.
>
> I'll reach out to you next week and we work together to see whats going on.
>
> -Russell at Telstra.
>
>
>
> On Wed, 5 Jan 2022, 6:33 pm Andras Toth, <diosbejgli at gmail.com> wrote:
>
>> Hi Matthew,
>>
>> As long as you use a DNS hostname instead of an IPv4 literal address,
>> things should work fine for both local apps or tethered/hotspot access
>> because Telstra's DNS servers can do DNS64. Locally on the iPhone you can
>> use a literal IPv4 too because iOS will do local address translation
>> (CLAT), but it can't translate IPv4 literals to IPv6 for connections via
>> the hotspot.
>>
>> I don't have any problems with UDP on Telstra IPv6-only connection, I
>> just tried and I can send and receive UDP packets via the Telstra NAT64
>> gateway when visiting https://h2o.examp1e.net/ in a browser that
>> supports QUIC (because that uses UDP) and since that hostname does not have
>> an IPv6 address, Telstra converts it to IPv6 via DNS64. You can see from
>> the packet capture below that both src and dst addresses are Telstra (one
>> is mine, other side is the DNS64 gateway).
>>
>> 18:25:12.424022 IP6 (flowlabel 0xd0300, hlim 64, next-header UDP (17)
>> payload length: 1238) 2001:8004:c81:6820:f5b6:b0a:c39c:7cf.58910 >
>> 2001:8004:11d0:4e2a::84e2:18c.443: [udp sum ok] UDP, length 1230
>> 18:25:12.666177 IP6 (hlim 45, next-header UDP (17) payload length: 1288)
>> 2001:8004:11d0:4e2a::84e2:18c.443 >
>> 2001:8004:c81:6820:f5b6:b0a:c39c:7cf.58910: [udp sum ok] UDP, length 1280
>> 18:25:12.667703 IP6 (flowlabel 0xd0300, hlim 64, next-header UDP (17)
>> payload length: 1238) 2001:8004:c81:6820:f5b6:b0a:c39c:7cf.58910 >
>> 2001:8004:11d0:4e2a::84e2:18c.443: [udp sum ok] UDP, length 1230
>> 18:25:12.668868 IP6 (hlim 45, next-header UDP (17) payload length: 1288)
>> 2001:8004:11d0:4e2a::84e2:18c.443 >
>> 2001:8004:c81:6820:f5b6:b0a:c39c:7cf.58910: [udp sum ok] UDP, length 1280
>>
>> I would suggest trying to replicate the issue and gathering a packet
>> capture to see what packets go through and what gets lost. It might be MTU
>> related issues if too large packets can't go through but I can send 1410
>> bytes packets via the cellular connection successfully.
>>
>> Regards,
>> Andras
>>
>>
>> On Tue, Jan 4, 2022 at 9:34 PM Matthew H <Matthew at marrold.co.uk> wrote:
>>
>>> Hi,
>>>
>>> The app works fine on other IPv6 only networks with NAT64 in place which
>>> appears to satisfy Apple's requirements.
>>>
>>> We are looking into adding proxies with IPv6 support, however it's
>>> likely to take some time and it would be good if we can find a fix /
>>> workaround in the meantime
>>>
>>> Thanks
>>>
>>> On Tue, Jan 4, 2022 at 10:10 AM Troy <troy at troykelly.com> wrote:
>>>
>>>> Apologies for a non answer, but any app (at least with Apple) is
>>>> required to support IPv6 only networks.
>>>>
>>>> https://developer.apple.com/support/ipv6/
>>>>
>>>> Rather than work on a 6 to 4 fix, why not put some energy into
>>>> supporting IPv6?
>>>>
>>>> *Regards, Troy*
>>>> Brevity is the elixir of life.
>>>> Father Hector McGrath, Pixie 2020
>>>>
>>>>
>>>>
>>>>
>>>> -------- Original Message --------
>>>> On 4 Jan 2022, 9:03 pm, Matthew H < Matthew at marrold.co.uk> wrote:
>>>>
>>>>
>>>> Hi,
>>>>
>>>> We are developing a WebRTC mobile app that sets up a media session via
>>>> Web Socket and then sends the media via RTP over UDP. It's working on most
>>>> networks but we've had users report issues with the app when their iPhone
>>>> is connected to the Telstra Mobile network.
>>>>
>>>> Unfortunately our network only supports IPv4, and after examining the
>>>> available logs it appears their iPhone only gets an IPv6 address. The Web
>>>> Socket communication is able to reach us so I assume a NAT64 gateway is in
>>>> use, but we don't see any RTP / UDP arrive at our network edge.
>>>>
>>>> We found a couple of posts that suggest users have had similar issues
>>>> with UDP being dropped:
>>>>
>>>>
>>>> https://crowdsupport.telstra.com.au/t5/network-roaming/unable-to-stream-video-over-udp-on-ipv6-only-connection/td-p/933472
>>>>
>>>> https://crowdsupport.telstra.com.au/t5/network-roaming/ios-and-ipv6/td-p/931449
>>>>
>>>> https://crowdsupport.telstra.com.au/t5/apple-ios/nordvpn-won-t-connect-on-4g-ios/td-p/932511
>>>>
>>>> Is anyone aware of Telstra's NAT64 gateway dropping UDP?
>>>>
>>>> Thanks
>>>> Matthew
>>>>
>>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20220105/f8f802cf/attachment.htm>

More information about the AusNOG mailing list