初歩レベル、かんたんな手順メモ
これまでAterm WG1200HP4でDS-Liteしていたのですが、同時セッション300あたりで性能上限に達し、DNS解決機能が停止し、ルータにログインもできなくなってました。
なのでヤフオクで、2台で五千円のやつを買ってみることにしてみました。
大前提
「ONUとひかり電話ルータ」が合体した機材の、LANポート以下にIX2015を接続するシナリオです。
- https://jpn.nec.com/univerge/ix/Support/ipv6/ds-lite/index.html#ipv6ra
- https://ameblo.jp/garage-komatech/entry-12754888560.html
LAN側は、ポートが沢山使える GE2 を使うことにします。
よくある落とし穴
情報収集でありがちな罠は、「ひかり電話アリとナシ、どちらのconfigを選べばいいの?」という部分です。
結論から言うと
- ひかり電話を契約していない →ひかり電話ナシconfig
- 「ONUとひかり電話ルータの合体機材」なら、ひかり電話契約の有無に関わらず、ひかり電話ナシconfig
- ひかり電話を契約し、「ONU単機能モデル(Bフレッツ時代のやつとか)」直下に直接IXをつなぐなら、ひかり電話アリconfig
になるという。一般家庭なら2番目ですね。
firmを最新に上げる
時間をドブに捨てないために、必ずfirmwareを 10.7まで上げましょう。
この申請書を書いてメールするだけで、すぐにdownload ID が貰えます。
どうやってfirmを上げるの?
webuiを有効化して、ブラウザ経由で上げるのが一番簡単かな・・
# conf t
http-server ip enable
http-server username admin
conf
# sh run
! NEC Portable Internetwork Core Operating System Software
! IX Series IX2215 (magellan-sec) Software, Version 10.7.18, RELEASE SOFTWARE
! Compiled Oct 25-Tue-2022 12:37:13 JST #2
! Current time Mar 22-Wed-2023 11:59:17 JST
!
hostname gate
timezone +09 00
!
!
!
ip ufs-cache max-entries 20000
ip ufs-cache enable
ip route default Tunnel0.0
ip dhcp enable
!
!
ipv6 ufs-cache max-entries 10000
ipv6 ufs-cache enable
ipv6 dhcp enable
ipv6 access-list block-list deny ip src any dest any
ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 546
ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 547
ipv6 access-list icmpv6-list permit icmp src any dest any
ipv6 access-list permit-list permit ip src any dest any
ipv6 access-list dynamic cache 65535
ipv6 access-list dynamic dflt-list access permit-list
!
!
!
!
no dns fqdn-database roundrobin
!
proxy-dns ip enable
proxy-dns ip request both
!
telnet-server ip enable
!
http-server username admin
http-server ip enable
!
!
!
!
ip dhcp profile dhcpv4-sv
dns-server 192.168.10.1
!
ipv6 dhcp client-profile dhcpv6-cl
information-request
option-request dns-servers
!
ipv6 dhcp server-profile dhcpv6-sv
dns-server dhcp
!
interface GigaEthernet0.0
description FletsNet
no ip address
ipv6 enable
ipv6 dhcp client dhcpv6-cl
ipv6 nd proxy GigaEthernet2.0
ipv6 filter dhcpv6-list 1 in
ipv6 filter icmpv6-list 2 in
ipv6 filter block-list 100 in
ipv6 filter dhcpv6-list 1 out
ipv6 filter icmpv6-list 2 out
ipv6 filter dflt-list 100 out
no shutdown
!
interface GigaEthernet1.0
no ip address
shutdown
!
interface GigaEthernet2.0
description HomeNet
ip address 192.168.10.1/24
ip dhcp binding dhcpv4-sv
ipv6 enable
ipv6 dhcp server dhcpv6-sv
ipv6 nd ra enable
ipv6 nd ra other-config-flag
no shutdown
!
interface Tunnel0.0
description dslite.v6connect.net
tunnel mode 4-over-6
tunnel destination fqdn dslite.v6connect.net
tunnel source GigaEthernet2.0
ip unnumbered GigaEthernet2.0
ip tcp adjust-mss auto
no shutdown
!
動作確認
IPoE周りの確認
まず全てはNDから始まります。NDが動いているか確認。それからRA をもらっているか確認
yn-gate(config)# sh ipv6 neighbors GigaEthernet0.0
Neighbor cache - 11 dynamic, 1013 free, 0 static
Interface GigaEthernet0.0 is up, line protocol is up
Neighbor 2405:6583:***:***:3ae0:8eff:fe5a:e0a6 (router)
REACHABLE, linklayer 38:e0:8e:5a:e0:a6, uptime 0:00:00, age 42d9h59m40s
Neighbor fe80::3ae0:8eff:fe5a:e0a6 (router)
REACHABLE, linklayer 38:e0:8e:5a:e0:a6, uptime 0:00:09, age 42d9h59m40s
yn-gate(config)# sh ipv6 routers
Interface GigaEthernet0.0 is up, line protocol is up
Router fe80::3ae0:8eff:fe5a:e0a6, uptime 0:22:21 seconds
Hops 64, lifetime 5400 seconds, MTU 0, other
Reachable time 30 seconds, retransmit time 1 seconds
Prefix 2405:6583:****:****::/64, on-link, autonomous
RAを元に、自分のIPv6が決定されたか確認
yn-gate(config)# sh ipv6 prefix
Interface GigaEthernet2.0 is up, line protocol is up
Advertising prefix is auto-prefix11:
2405:6583:*****:***:: prefixlen 64
Valid life time 2592000 seconds
Preferred life time 604800 seconds
On-link flag is on
Autonomous flag is on
yn-gate(config)# sh ipv6 address
Interface GigaEthernet0.0 is up, line protocol is up
Link-local address(es):
fe80::260:b9ff:fef9:5312 prefixlen 64
fe80:: prefixlen 64 anycast
Multicast address(es):
ff02::1
ff02::2
ff02::1:2
ff02::1:ff00:0
ff02::1:fff9:5312
Interface GigaEthernet2.0 is up, line protocol is up
Global address(es):
2405:6583:6640:***:260:b9ff:fef9:5352 prefixlen 64
2405:6583:6640:***:: prefixlen 64 anycast
Link-local address(es):
fe80::260:b9ff:fef9:5352 prefixlen 64
fe80:: prefixlen 64 anycast
Multicast address(es):
ff02::1
ff02::2
ff02::1:2
ff02::1:ff00:0
ff02::1:fff9:5312
Interface GigaEthernet2.0 is up, line protocol is up
Global address(es):
2405:6583:6640:***:260:b9ff:fef9:5352 prefixlen 64
2405:6583:6640:***:: prefixlen 64 anycast
Link-local address(es):
fe80::260:b9ff:fef9:5352 prefixlen 64
fe80:: prefixlen 64 anycast
Multicast address(es):
ff02::1
ff02::2
ff02::1:2
ff02::1:ff00:0
ff02::1:fff9:5352
Interface Loopback0.0 is up, line protocol is up
Orphan address(es):
::1 prefixlen 128
NDを元に、デフォルトゲートウェイが設定されたか確認
yn-gate(config)# sh ipv6 route
IPv6 Routing Table - 4 entries, unlimited
Codes: C - Connected, L - Local, S - Static
R - RIPng, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2, B - BGP
s - Summary
Timers: Uptime/Age
S ::/0 orphan [100/1]
via fe80::3ae0:8eff:fe5a:e0a6, GigaEthernet0.0, 42d10h/0:00:00
C 2405:6583:***:***::/64 global [0/1]
via ::, GigaEthernet2.0, 42d9h59m59s/0:00:00
L 2405:6583:***:***::/128 global [0/1]
via ::, GigaEthernet2.0, 42d10h/0:00:00
L 2405:6583:***:***:260:b9ff:fef9:5352/128 global [0/1]
via ::, GigaEthernet2.0, 42d9h59m59s/0:00:00
DHCPv6で、DNSサーバーアドレスを受け取っているか確認
yn-gate(config)#sh ipv6 dhcp client
DHCPv6 client is enabled
System DUID 00:03:00:01:00:60:b9:f9:53:12
Statistics:
Information request-reply:
5 send, 3664581 seconds ago
1 receive, 0 drops, 3664581 seconds ago
Reconfigure:
1 receive, 1 drops, 3664581 seconds ago
Interface GigaEthernet0.0 is active
Server address fe80::3ae0:8eff:fe5a:e0a6
Server identifier 00:03:00:01:38:e0:8e:5a:e0:a6
Uptime 42d9h56m27s
DNS Servers:
2405:6583:6640:100:3ae0:8eff:fe5a:e0a6
Statistics:
Information request-reply:
5 send, 3664581 seconds ago
1 receive, 0 drops, 3664581 seconds ago
Reconfigure:
1 receive, 1 drops, 3664581 seconds ago
yn-gate(config)#
DS-Lite回りの確認
トンネルの存在を確認
yn-gate(config)# sh interfaces brief
Interface GigaEthernet0.0 is up
IPv6 subsystem connected, physical layer is up, 0:29:27
Interface GigaEthernet2.0 is up
IPv4 subsystem connected, physical layer is up, 0:29:40
ARP subsystem connected, physical layer is up, 0:29:40
IPv6 subsystem connected, physical layer is up, 0:29:40
Interface Tunnel0.0 is up
IPv4 subsystem connected, physical layer is up, 0:28:49
トンネル状態が「Tunnel is ready」かを確認。
yn-gate(config)# sh interfaces Tunnel0.0
Interface Tunnel0.0 is up
Description: dslite.v6connect.net
Fundamental MTU is 1460 octets
Current bandwidth 1G b/s, QoS is disabled
Datalink header cache type is ipv6-tunnel: 1/0 (standby/dynamic)
IPv4 subsystem connected, physical layer is up, 0:32:55
Dialer auto-connect is enabled
Inbound call is enabled
Outbound call is enabled
Dial on demand restraint is disabled, 0 disconnect
SNMP MIB-2:
ifIndex is 1208
Logical INTERFACE:
Elapsed time after clear counters 0:33:55
132750 packets input, 179432696 bytes, 0 errors
132750 unicasts, 0 non-unicasts, 0 unknown protos
0 drops, 0 misc errors
88448 output requests, 19580385 bytes, 0 errors
88448 unicasts, 0 non-unicasts
0 overflows, 0 neighbor unreachable, 0 misc errors
1 link-up detected, 0 link-down detected
Encapsulation TUNNEL:
Tunnel mode is 4-over-6
Tunnel is ready
Destination address is 2001:c28:1:301::11
Destination FQDN is dslite.v6connect.net
Source address is 2405:6583:6666:6666:2666b9ff:6666:5392
Source interface GigaEthernet2.0
Nexthop address is fe80::3ae0:8eff:fe5a:e0a6
Outgoing interface is GigaEthernet0.0
Interface MTU is 1460
Path MTU is 1500
Tunnel-link cache:
38:e0:8e:5a:e0:a6:00:60:b9:f9:53:12:86:dd
Statistics:
132761 packets input, 179434513 bytes, 0 errors
88458 packets output, 19582225 bytes, 0 errors
Received ICMP messages:
0 errors
できました!
備考:PPPoEパススルーをやりたい場合
bridge irb enable
bridge 1 bridge-only pppoe
interface GigaEthernet0.0
bridge-group 1
interface GigaEthernet2.0
bridge-group 1
小ネタ
-
NECが教科書的テキストをオープンアクセスしています。
→ https://www.express.nec.co.jp/idaten/network/ix/ix2k3k-learning-ver8.10_10.0.pdf -
IX2215のwebUIに接続できない(ERR_TUNNEL_CONNECTION_FAILEDエラー) 。
→ そのときはChromeやEdgeではなく、Operaを使いましょう。