VyOS 1.1.0 and NIFTY Cloud New Features

>100 Views

November 02, 14

#vyos #VyOS #NIFTY Cloud #L2TPv3 #IPsec #VPN

スライド概要

https://www.slideshare.net/higebu/vyos-110-and-nifty-cloudnew-features
のミラーです。
2014/11/02に開催されたVyOS Users Meeting #2の発表資料です。
https://vyosjp.connpass.com/event/9667/
https://www.higebu.com/blog/2014/11/05/vyos-user-meeting-japan-2/

Yuya Kusakabe

@higebu

スライド一覧

@higebu

またはPlayer版

埋め込む »CMSなどでJSが使えない場合

ダウンロード

ダウンロード(pdf - 1.23MB)

関連スライド

ENOG63 モバイルネットワークのデータプレーンをXDPで作る話

xdp ebpf enog

Yuya Kusakabe 4.9K

Open Mobile Network Infra Meetup #4 XDPのテストとCI

xdp ebpf test ci go omni_jp

Yuya Kusakabe 2.8K

JANOG42 GoでEPC作って本番運用している話

go epc janog

Yuya Kusakabe 1.5K

さくらの夕べ in すごい広島さくらのセキュアモバイルコネクトの裏側

Yuya Kusakabe 0.9K

Zabbixを利用した仮想環境監視 - Zabbix Conference Japan 2013

zabbix vmware

Yuya Kusakabe 456

Zabbixによる大規模仮想基盤の監視 - Zabbix Conference Japan 2014

zabbix vmware

Yuya Kusakabe 290

各ページのテキスト

VyOS 1.1.0 released!   Release date: Oct. 9, 2014 New features:       Experimental features:    Unmanaged L2TPv3 Dummy interfaces QinQ Event handler IGMP proxy VXLAN -> @upaa DMVPN For more detail:  http://vyos.net/wiki/1.1.0/release_notes Copyright © NIFTY Corporation All Rights Reserved. Confidential 2

http://vyos.net/wiki/1.1.0/release_notes

VyOS on IaaS  AWS   AMI さくらのクラウド ( Sakura Cloud ) Images  VPCルータ ( VPC Router )   IDCFクラウド ( IDCF Cloud )   Images NIFTY Cloud Images  New network features  Copyright © NIFTY Corporation All Rights Reserved. Confidential 5

https://aws.amazon.com/marketplace/pp/B00JK5UPF6

http://cloud.sakura.ad.jp/

http://www.slideshare.net/sakuranocloud/20140727-vyosuserspost?qid=4616b826-dfa1-4ff9-9dce-d9f13516fd84

http://www.idcf.jp/cloud/

10.

11.

New network features Release date: Nov. 2014  プライベートLAN ( Private network )    ルーター ( Router )   You can use multiple private network. DHCP, NAT, Routing, Web Proxy VPNゲートウェイ ( VPN Gateway ) IPsec  Unmanaged L2TPv3 over IPsec  Managed L2TPv3 over IPsec  Copyright © NIFTY Corporation All Rights Reserved. Confidential 11

12.

About Managed L2TPv3  Enhanced xl2tpd For Managed L2TPv3  The source code will be released as open source.   Enhanced ebtables For storm control  This is NIFTY Cloud original commands…   Special thanks to @m_asama ! Copyright © NIFTY Corporation All Rights Reserved. Confidential 12

13.

Managed L2TPv3 Commands set system l2tpv3 router-id { local address } set interfaces l2tpv3 l2tpeth0 bridge-group bridge br0 set interfaces l2tpv3 l2tpeth0 encapsulation udp set interfaces l2tpv3 l2tpeth0 mode { lns or lac } set interfaces l2tpv3 l2tpeth0 remote-ip { remote address } set interfaces l2tpv3 l2tpeth0 remote-end-id { remote end id } Copyright © NIFTY Corporation All Rights Reserved. Confidential 13

14.

Storm control Commands set service nifty-cloud-bridge-filter interface eth3 set service nifty-cloud-bridge-filter mac-addr-limit 20/30 set service nifty-cloud-bridge-filter mcast-limit 1000/s set service nifty-cloud-bridge-filter mcast-limit-burst 2000 And if above setting is enabled, ebtables drops except IPv4 and ARP packets. Copyright © NIFTY Corporation All Rights Reserved. Confidential 14

15.

16.

Network configuration The Internet FLET'S HIKARI NEXT High-Speed Type For Houses My Home Managed L2TPv3 / IPsec 121.94.82.26 Customized VyOS 1.0.5 amd64 dhcp YAMAHA RTX1200 192.168.100.0/24 192.168.100.0/24 Same subnet Copyright © NIFTY Corporation All Rights Reserved. Confidential 16

17.

18.

Setting up YAMAHA RTX1200 # # IP configuration # ip route default gateway pp 1 # # Bridge configuration # bridge member bridge1 lan1 tunnel4 ip bridge1 address 192.168.100.1/24 ### PP 1 ### pp select 1 pp always-on on pppoe use lan2 pp auth accept pap chap pp auth myname {FLET’S ID} {FLET’S Password} ppp lcp mru on 1454 ppp ipcp ipaddress on ppp ipcp msext on ip pp mtu 1454 ip pp nat descriptor 1 pp enable 1 # # NAT Descriptor configuration # nat descriptor type 1 masquerade Copyright © NIFTY Corporation All Rights Reserved. Confidential 18

19.

Setting up YAMAHA RTX1200 ### TUNNEL 4 ### tunnel select 4 tunnel encapsulation l2tpv3 tunnel endpoint address 192.168.100.1 121.94.82.26 ipsec tunnel 104 ipsec sa policy 104 4 esp aes256-cbc sha-hmac ipsec ike duration ipsec-sa 4 3600 ipsec ike duration ike-sa 4 28800 ipsec ike encryption 4 aes256-cbc ipsec ike group 4 modp1024 ipsec ike hash 4 sha ipsec ike keepalive use 4 on dpd ipsec ike local address 4 192.168.100.1 ipsec ike pfs 4 on ipsec ike pre-shared-key 4 text {pre shared key} ipsec ike remote address 4 121.94.82.26 Copyright © NIFTY Corporation All Rights Reserved. Confidential 19

20.

Setting up YAMAHA RTX1200 l2tp always-on on l2tp hostname YAMAHA-RTX1200 l2tp tunnel auth off l2tp tunnel disconnect time off l2tp keepalive use on 20 3 l2tp keepalive log on l2tp syslog on l2tp local router-id {WAN IP Address} l2tp remote router-id 121.94.82.26 l2tp remote end-id niftycloud tunnel enable 4 # # IPSEC configuration # ipsec auto refresh on ipsec transport 4 104 udp 1701 Copyright © NIFTY Corporation All Rights Reserved. # # L2TP configuration # l2tp service on # # DHCP configuration # dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 192.168.100.10-192.168.100.254/24 For more detail: http://jp.yamaha.com/products/network/solut ion/vpn-connect-l2tpv3-rtx1200/ Confidential 20

http://jp.yamaha.com/products/network/solut

21.

Performance 700 600 600 500 400 300 200 100 30 15 Cloud->Home Home->Cloud 80 70 Cloud->Home Home->Cloud 0 L2TPv3/Ipsec/Internet Internet Cloud->Cloud L2TPv3/IPsec This is for reference. NIFTY Cloud does not guarantee the performance. Copyright © NIFTY Corporation All Rights Reserved. Confidential 21

22.

Conculusion VyOS 1.1.0 released!  Lithium branch!  You can use VyOS on some IaaS.  NIFTY Cloud new features, private network, router, and VPN gateway.  Enhanced xl2tpd and ebtables will be released as open source.  VPN gateway can connect to YAMAHA RTX1200 with L2TPv3/IPsec.  Copyright © NIFTY Corporation All Rights Reserved. Confidential 22

23.

http://www.nifty.co.jp/recruit/

24.