DS-Lite (IPv4 over IPv6) Internet connection with VyOS

This article implemented DS-Lite Internet access at ZOOT NATIVE & CentOS.

en-designetwork.hatenablog.com

However, it is troublesome (problem of familiarity) to operate CentOS (Linux) as a router, so build an equivalent DS-Lite environment with VyOS.

Network diagram
VyOS interface setting
IPv6 address and communication confirmation
IPv4 over IPv6 tunnel setting
IPv4 correspondence confirmation
Speed comparison
You can also use IPoE
Conclusion - DS-Lite (IPv4 over IPv6) Internet connection with ZOOT NATIVE & VyOS

Network diagram

As described in the previous article, ONU access as a outside VLAN in the Catalyst 2960 is multipointed.

VyOS interface setting

inside NIC

set interfaces ethernet eth0 address '192.168.1.2/24'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 smp_affinity 'auto'
set interfaces ethernet eth0 speed 'auto'

outside physical NIC

Use Sub Interface because of Hardware limitation.

set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 smp_affinity 'auto'
set interfaces ethernet eth1 speed 'auto'

outside subinterface

set interfaces ethernet eth1 vif 99 ipv6 address 'autoconf'
set interfaces ethernet eth1 vif 99 ipv6 'disable-forwarding'
set interfaces ethernet eth1 vif 99 ipv6 dup-addr-detect-transmits '1'

IPv6 address and communication confirmation

IPv6 address

You can get the IPv6 global address of 2409:10:24e0:2000::/64

$ show interfaces ethernet eth1 vif 99
eth1.99@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 00:0c:29:05:52:3b brd ff:ff:ff:ff:ff:ff
    inet6 2409:10:24e0:2000:20c:29ff:fe05:xxxx/64 scope global dynamic
       valid_lft 2591863sec preferred_lft 604663sec
    inet6 fe80::20c:29ff:fe05:xxxx/64 scope link

IPv6 neighbor

$ show ipv6 neighbors
fe80::221:d8ff:fe9a:d1c1 dev eth1.99 lladdr 00:21:d8:9a:d1:c1 router REACHABLE

IPv6 default route

$ show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng, O - OSPFv3,
       I - ISIS, B - BGP, * - FIB route.

S   ::/0 [1/0] via fe80::221:d8ff:fe9a:d1c1, eth1.99
K>* ::/0 via fe80::221:d8ff:fe9a:d1c1, eth1.99
C>* ::1/128 is directly connected, lo
C>* 2409:10:24e0:2000::/64 is directly connected, eth1.99

DS-Lite communication confirmation

$ ping 2404:8e00::feed:100
PING 2404:8e00::feed:100(2404:8e00::feed:100) 56 data bytes
64 bytes from 2404:8e00::feed:100: icmp_seq=1 ttl=59 time=8.07 ms
64 bytes from 2404:8e00::feed:100: icmp_seq=2 ttl=59 time=3.13 ms

$ traceroute 2404:8e00::feed:100
traceroute to 2404:8e00::feed:100 (2404:8e00::feed:100), 30 hops max, 80 byte packets
 1  2409:10:24e0:2000::fffe (2409:10:24e0:2000::fffe)  1.830 ms  2.385 ms  2.384 ms
 2  * * *
 3  * * *
 4  * * *
 5  * 2404:8e00:feed:ff00::a (2404:8e00:feed:ff00::a)  6.766 ms *
 6  2404:8e00:feed:ff07::2 (2404:8e00:feed:ff07::2)  8.938 ms  5.160 ms  5.095 ms
 7  2404:8e00::feed:100 (2404:8e00::feed:100)  12.168 ms  16.176 ms  12.136 ms

IPv4 over IPv6 tunnel setting

IPv4 over IPv6 tunnel

set interfaces tunnel tun0 encapsulation 'ipip6'
set interfaces tunnel tun0 local-ip '2409:10:24e0:2000:20c:29ff:fe05:xxxx'
set interfaces tunnel tun0 multicast 'disable'
set interfaces tunnel tun0 remote-ip '2404:8e00::feed:100'

IPv4 routing configuration

set protocols static interface-route 0.0.0.0/0 next-hop-interface 'tun0'

IPv4 correspondence confirmation

$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=61 time=4.56 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=61 time=4.04 ms

$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  ike-gw00.transix.jp (14.0.9.66)  3.461 ms  3.910 ms  3.899 ms
 2  ike-bbrt10.transix.jp (14.0.9.65)  3.976 ms  3.961 ms  3.946 ms
 3  210.173.176.243 (210.173.176.243)  4.726 ms  4.555 ms  5.002 ms
 4  108.170.242.161 (108.170.242.161)  4.994 ms 108.170.242.97 (108.170.242.97)  4.984 ms  5.273 ms
 5  108.170.238.35 (108.170.238.35)  5.264 ms 108.170.236.181 (108.170.236.181)  5.254 ms 72.14.236.33 (72.14.236.33)  4.938 ms
 6  google-public-dns-a.google.com (8.8.8.8)  4.624 ms  4.387 ms  7.371 ms

Speed comparison

Conventional IPv4 FLET'S PPPoE

@nifty IPv4 PPPoE + Cisco ASA 5505
-> about 5.8 Mbps

ZOOT NATIVE DS-Lite

ZOOT NATIVE DS-Lite + VyOS
-> Approximately 61 Mbps

It is approximately 10 times the communication speed (throughput).

You can also use IPoE

ZOOT NATIVE supports IPv6 native communication in IPoE system together with DS-Lite. Therefore, the IPv6 Internet access by the IPv6 NAPT method with the Cisco ASA 5505 written in this article is also possible.

en-designetwork.hatenablog.com

Conclusion - DS-Lite (IPv4 over IPv6) Internet connection with ZOOT NATIVE & VyOS

DS-Lite (IPv4 over IPv6) Internet connection to transix (Internet multifeed) via ZOOT NATIVE using VyOS. As a result, the communication speed to the IPv4 internet network has improved 10 times . Continue to use DS-Lite for free period and consider whether to continue using ZOOT NATIVE.