ds-lite(iij)

ネットワーク

何番煎じかわからないけど、自分用のメモ。
IX のファームウェアが申請しなくてもダウンロードできるようになったので回線変えました。

iijmio IPoE オプション、ra(/64) 環境での場合。
資料: transix IPv4接続(DS-Lite) 設定ガイド : UNIVERGE IXシリーズ | NEC

IX2105(config)# show ver
NEC Portable Internetwork Core Operating System Software
IX Series IX2105 (magellan-sec) Software, Version 10.2.42, RELEASE SOFTWARE
Compiled Sep 09-Fri-2022 13:40:53 JST #2 by sw-build, coregen-10.2(42)

ROM: System Bootstrap, Version 19.1
System Diagnostic, Version 19.1
Initialization Program, Version 1.5

System uptime is 1 day 14 hours 19 minutes
System woke up by reload, caused by command execution
System started at Mar 14-Thu-2024 15:56:22 JST
System image file is "ix2105-ms-10.2.42.ldc"

Processor board ID <0>
IX2105 (MPC8314E) processor with 131072K bytes of memory.
2 GigaEthernet/IEEE 802.3 interfaces
512K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
IX2105(config)#

config

IX2105(config)# show run
! NEC Portable Internetwork Core Operating System Software
! IX Series IX2105 (magellan-sec) Software, Version 10.2.42, RELEASE SOFTWARE
! Compiled Sep 09-Fri-2022 13:40:53 JST #2
! Current time Mar 16-Sat-2024 06:19:31 JST
!
hostname IX2105
timezone +09 00
!
username admin password hash 2785c3b707d4fe7a03a0cdebb3335787 administrator
!
!
ip ufs-cache max-entries 20000
ip ufs-cache enable
ip route default Tunnel0.0
ip dhcp enable
!
!
ipv6 ufs-cache max-entries 10000
ipv6 ufs-cache enable
ipv6 dhcp enable
ipv6 access-list block-list deny ip src any dest any
ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 546
ipv6 access-list dhcpv6-list permit udp src any sport any dest any dport eq 547
ipv6 access-list icmpv6-list permit icmp src any dest any
ipv6 access-list permit-list permit ip src any dest any
ipv6 access-list dynamic cache 65535
ipv6 access-list dynamic dflt-list access permit-list
!
!
!
!
!
!
!
no dns fqdn-database roundrobin
!
proxy-dns ip enable
proxy-dns ip request both
!
!
!
!
ip dhcp profile dhcpv4-sv
  dns-server 192.168.3.1
!
ipv6 dhcp client-profile dhcpv6-cl
  information-request
  option-request dns-servers
!
ipv6 dhcp server-profile dhcpv6-sv
  dns-server dhcp
!
device GigaEthernet0
!
device GigaEthernet1
!
interface GigaEthernet0.0
  no ip address
  ipv6 enable
  ipv6 dhcp client dhcpv6-cl
  ipv6 nd proxy GigaEthernet1.0
  ipv6 filter dhcpv6-list 1 in
  ipv6 filter icmpv6-list 2 in
  ipv6 filter block-list 100 in
  ipv6 filter dhcpv6-list 1 out
  ipv6 filter icmpv6-list 2 out
  ipv6 filter dflt-list 100 out
  no shutdown
!
interface GigaEthernet1.0
  ip address 192.168.3.1/24
  ip dhcp binding dhcpv4-sv
  ipv6 enable
  ipv6 dhcp server dhcpv6-sv
  ipv6 nd ra enable
  ipv6 nd ra other-config-flag
  no shutdown
!
interface Loopback0.0
  no ip address
!
interface Null0.0
  no ip address
!
interface Tunnel0.0
  tunnel mode 4-over-6
  tunnel destination fqdn gw.transix.jp
  tunnel source GigaEthernet1.0
  ip unnumbered GigaEthernet1.0
  ip tcp adjust-mss auto
  no shutdown

確認コマンドなど
IX2105(config)# show ipv6 neighbors GigaEthernet0.0
Neighbor cache - 3 dynamic, 1021 free, 0 static
Interface GigaEthernet0.0 is up, line protocol is up
  Neighbor fe80::10ff:fe04:2085 (router)
    REACHABLE, linklayer 02:00:10:04:20:85, uptime 0:00:06, age 0:33:46
IX2105(config)#
IX2105(config)# show ipv6 prefix
Interface GigaEthernet1.0 is up, line protocol is up
  Advertising prefix is auto-prefix11:
    2409:10:feed:beef:: prefixlen 64
    Valid life time 2592000 seconds
    Preferred life time 604800 seconds
    On-link flag is on
    Autonomous flag is on
IX2105(config)#
IX2105(config)# show ipv6 address
Interface GigaEthernet0.0 is up, line protocol is up
  Link-local address(es):
    fe80::260:b9ff:fee5:40bc prefixlen 64
    fe80:: prefixlen 64 anycast
  Multicast address(es):
    ff02::1
    ff02::2
    ff02::1:2
    ff02::1:ff00:0
    ff02::1:ffe5:40bc
Interface GigaEthernet1.0 is up, line protocol is up
  Global address(es):
    2409:10:feed:beef:260:b9ff:fee5:407c prefixlen 64
    2409:10:feed:beef:: prefixlen 64 anycast
  Link-local address(es):
    fe80::260:b9ff:fee5:407c prefixlen 64
    fe80:: prefixlen 64 anycast
  Multicast address(es):
    ff02::1
    ff02::2
    ff02::1:2
    ff02::1:ff00:0
    ff02::1:ffe5:407c
Interface Loopback0.0 is up, line protocol is up
  Orphan address(es):
    ::1 prefixlen 128
Interface Loopback1.0 is up, line protocol is up
Interface Null0.0 is up, line protocol is up
Interface Null1.0 is up, line protocol is up
IX2105(config)#
IX2105(config)# show ipv6 route
IPv6 Routing Table - 4 entries, unlimited
Codes: C - Connected, L - Local, S - Static
       R - RIPng, O - OSPF, IA - OSPF inter area
       E1 - OSPF external type 1, E2 - OSPF external type 2, B - BGP
       s - Summary
Timers: Uptime/Age
S      ::/0 orphan [100/1]
         via fe80::10ff:fe04:2085, GigaEthernet0.0, 1d10h17m17s/0:00:00
C      2409:10:feed:beef::/64 global [0/1]
         via ::, GigaEthernet1.0, 1d10h6m33s/0:00:00
L      2409:10:feed:beef::/128 global [0/1]
         via ::, GigaEthernet1.0, 1d10h6m35s/0:00:00
L      2409:10:feed:beef:260:b9ff:fee5:407c/128 global [0/1]
         via ::, GigaEthernet1.0, 1d10h6m34s/0:00:00
IX2105(config)#
IX2105(config)# show int brie
Interface GigaEthernet0.0 is up
  IPv6 subsystem connected, physical layer is up, 1d10h17m29s
Interface GigaEthernet1.0 is up
  IPv4 subsystem connected, physical layer is up, 1d10h6m43s
  ARP subsystem connected, physical layer is up, 1d10h6m44s
  IPv6 subsystem connected, physical layer is up, 1d10h6m44s
Interface Null0.0 is up
  IPv4 subsystem connected, physical layer is up, 1d14h36m53s
  IPv6 subsystem connected, physical layer is up, 1d14h36m53s
Interface Loopback0.0 is up
  IPv6 subsystem connected, physical layer is up, 1d14h36m53s
Interface Tunnel0.0 is up
  IPv4 subsystem connected, physical layer is up, 0:01:42
IX2105(config)#
IX2105(config)# show int Tunnel0.0
Interface Tunnel0.0 is up
  Fundamental MTU is 1460 octets
  Current bandwidth 1G b/s, QoS is disabled
  Datalink header cache type is ipv6-tunnel: 1/0 (standby/dynamic)
  IPv4 subsystem connected, physical layer is up, 0:01:55
  Dialer auto-connect is enabled
  Inbound call is enabled
  Outbound call is enabled
  Dial on demand restraint is disabled, 0 disconnect
  SNMP MIB-2:
    ifIndex is 798
  Logical INTERFACE:
    Elapsed time after clear counters 1d14h37m17s
    3838 packets input, 2159578 bytes, 0 errors
      3838 unicasts, 0 non-unicasts, 0 unknown protos
      0 drops, 0 misc errors
    4063 output requests, 981218 bytes, 0 errors
      4063 unicasts, 0 non-unicasts
      0 overflows, 0 neighbor unreachable, 0 misc errors
    6 link-up detected, 5 link-down detected
  Encapsulation TUNNEL:
    Tunnel mode is 4-over-6
    Tunnel is ready
    Destination address is 2404:8e00::feed:100
    Destination FQDN is gw.transix.jp
    Source address is 2409:10:feed:beef:260:b9ff:fee5:407c
    Source interface GigaEthernet1.0
    Nexthop address is fe80::10ff:fe04:2085
    Outgoing interface is GigaEthernet0.0
    Interface MTU is 1460
    Path MTU is 1500
    Tunnel-link cache:
      02:00:10:04:20:85:00:60:b9:e5:40:bc:86:dd
    Statistics:
      3838 packets input, 2159578 bytes, 0 errors
      4063 packets output, 981218 bytes, 0 errors
    Received ICMP messages:
      0 errors
IX2105(config)#
IX2105(config)# show ipv6 dhcp client
DHCPv6 client is enabled
  System DUID 00:03:00:01:00:60:b9:e5:40:bc
  Statistics:
    Information request-reply:
      145 send, 123018 seconds ago
      2 receive, 0 drops, 123018 seconds ago
Interface GigaEthernet0.0 is active
  Server address fe80::10ff:fe04:2085
  Server identifier 00:03:00:01:00:19:e7:13:6c:1b
  Uptime 1d10h17m51s
  DNS Servers:
    2404:1a8:7f01:b::3
    2404:1a8:7f01:a::3
  NTP Servers:
    2404:1a8:1102::b
    2404:1a8:1102::a
  Statistics:
    Information request-reply:
      11 send, 123019 seconds ago
      1 receive, 0 drops, 123019 seconds ago

時間がずれていたのでついでに NTP の設定。DHCPv6 で取得したアドレスを使用する場合。

IX2105(config)# ntp ?
  interval  -- Configure NTP interval
  ip        -- NTP IPv4 commands
  ipv6      -- NTP IPv6 commands
  master    -- Configure NTP local time server
  retry     -- Configure NTP retry times
  server    -- Configure NTP server
  source    -- NTP source address configuration
IX2105(config)# ntp server ?
  A.B.C.D          -- IPv4 address
  X:X:X:X:X:X:X:X  -- IPv6 address
  dhcpv6           -- DHCPv6
IX2105(config)# ntp server dhcpv6
IX2105(config)# clear ntp
IX2105(config)# show ntp
NTP status:
  Clock is not synchronized, reference is nothing
    Rcvd: 0 requests, 0 responses
    Sent: 0 requests, 0 responses
  NTP server                                   St  Ver   Timeout   Last Receive
  2404:1a8:1102::b                              0    0        64       0:00:00
  2404:1a8:1102::a                              0    0        64       0:00:00
IX2105(config)#
IX2105(config)#
IX2105(config)# show clock
Saturday, 16 March 2024 06:44:40 +09 00
IX2105(config)#
IX2105(config)# show clock
Sunday, 17 March 2024 00:33:01 +09 00
IX2105(config)#
IX2105(config)# show ntp
NTP status:
  Clock is synchronized, reference is 2404:1a8:1102::b
    Rcvd: 0 requests, 1 responses
    Sent: 1 requests, 0 responses
  NTP server                                   St  Ver   Timeout   Last Receive
  2404:1a8:1102::b                              2    3        64       0:32:22
  2404:1a8:1102::a                              0    0        64       0:00:00
IX2105(config)# wri mem
Building configuration...
% Warning: do NOT enter CNTL/Z while saving to avoid config corruption.

はまったところ。

上位スイッチで DHCP Security が入っており、v6 アドレスはとれてるのに DNS が取れない事象が発生したぐらい。

IX とても優秀。

コメント

タイトルとURLをコピーしました