MAP å¯¾å¿œ Vyattaï¼ˆASAMAPï¼‰ä»®ç½®ãå ´
MAP supported Vyatta (as known as ASAMAP)

ï¼Šæ³¨æ„ï¼Š vyatta-2013-03-14.iso ã‹ã‚‰ IID ã‚’ draft-ietf-softwire-map-04 ã®å½¢å¼ã«å¤‰æ›´ã—ã¾ã—ãŸã€‚éŽåŽ»ã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¨ã®äº’æ›æ€§ãŒç„¡ããªã£ã¦ãŠã‚Šã¾ã™ã®ã§ã‚¢ãƒƒãƒ—ã‚°ãƒ¬ãƒ¼ãƒ‰ã™ã‚‹éš›ã¯å¿…ãšå…¨ã¦ã® BR ã¨ CE ã‚’åŒæ™‚ã«ã‚¢ãƒƒãƒ—ã‚°ãƒ¬ãƒ¼ãƒ‰ã—ã¦ãã ã•ã„ã€‚ã¾ãŸã€ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã® PSID offset ã‚‚ 4 ã‹ã‚‰ 6 ã«å¤‰æ›´ã—ã¾ã—ãŸã€‚ã“ã¡ã‚‰ã‚‚åŒæ§˜ã« BR ã¨ CE ã§è¨å®šãŒçµ±ä¸€ã•ã‚Œã¦ã„ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã®ã§ã”æ³¨æ„ä¸‹ã•ã„ã€‚ï¼ˆã“ã®çµŒç·¯ã«ã¤ã„ã¦ã¯ http://www.ietf.org/mail-archive/web/softwires/current/msg05266.html ã‚’ã”ç¢ºèªä¸‹ã•ã„ã€‚ï¼‰
NOTE: vyatta-2013-03-14.iso or later is implemented based on draft-ietf-softwire-map-04. When upgrading, you need to do that on all of BRs/CEs at once because of compatibility issues about IID and changing PSID offset from 4 to 6. Please read http://www.ietf.org/mail-archive/web/softwires/current/msg05266.html for detailed story.

Name	Last modified	Size

Parent Directory		-
vyatta-op_999.dev_all.deb	04-Mar-2020 11:00	132K
vyatta-op-2014-03-07.patch	04-Mar-2020 11:00	1.5K
vyatta-cfg-system_999.dev_i386.deb	04-Mar-2020 11:00	218K
vyatta-cfg-system-2014-03-07.patch	04-Mar-2020 11:00	16K
vyatta-2014-03-07.iso	04-Mar-2020 11:00	212M
old/	04-Mar-2020 11:00	-
linux-vyatta-kbuild_999.dev_i386.deb	04-Mar-2020 11:00	57M
linux-libc-dev_999.dev_i386.deb	04-Mar-2020 11:00	1.2M
linux-image-2014-03-07.patch	04-Mar-2020 11:00	179K
linux-image-3.3.8-1-586-vyatta_999.dev_i386.deb	04-Mar-2020 11:00	21M
iproute_20120801-vyatta+2+pacifica1_i386.deb	04-Mar-2020 11:00	665K
iproute-2014-03-07.patch	04-Mar-2020 11:00	37K
img/	04-Mar-2020 11:00	-
LICENSE	04-Mar-2020 11:00	445

MAP ã®è©³ç´°ã¯ draft-ietf-softwire-map ã‚’å‚ç…§ã®ã“ã¨ã€‚
Please refer to draft-ietf-softwire-map for details of MAP protocol.

åˆ©ç”¨æ–¹æ³•
Getting started

vyatta-YYYY-MM-DD.iso ã®æœ€æ–°ç‰ˆã‚’ãƒ€ã‚¦ãƒ³ãƒãƒ¼ãƒ‰ã—ã¦ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã—ã¦ãã ã•ã„ã€‚
Download the latest version of vyatta-YYYY-MM-DD.iso, and then install it.

ãƒˆãƒãƒã‚¸ãƒ¼ã¨ãƒžãƒƒãƒ”ãƒ³ã‚°ãƒ«ãƒ¼ãƒ«
Topology & mapping rule

MAP-T ã¨ã—ã¦åˆ©ç”¨ã—ãŸã„ã¨ãã¯ä»¥ä¸‹ã®ã‚ˆã†ã«è¨å®šã—ã¾ã™ã€‚
If you configure ASAMAP for MAP-T, please set the following command.

# set interfaces map map0 default-forwarding-mode translation

MAP-E ã¨ã—ã¦åˆ©ç”¨ã—ãŸã„ã¨ãã¯ä»¥ä¸‹ã®ã‚ˆã†ã«è¨å®šã—ã¾ã™ã€‚
If you configure ASAMAP for MAP-E, please set the following command.

# set interfaces map map0 default-forwarding-mode encapsulation

default-forwarding-mode ã¯ã™ã¹ã¦ã® BR/CE ã§åŒã˜è¨å®šãŒã•ã‚Œã¦ã„ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚
All BR/CE are required to have same default-forwarding-mode.

Mesh æ§‹æˆã¨ã—ãŸã„å ´åˆï¼ˆCE é–“ã®ç›´æŽ¥é€šä¿¡ã‚’è¨±å¯ã—ãŸã„å ´åˆï¼‰ã¯ CE ã§ä»¥ä¸‹ã®ã‚ˆã†ã«è¨å®šã—ã¾ã™ã€‚ï¼ˆã“ã®è¨å®šã¯ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆãªã®ã§çœç•¥å¯èƒ½ã§ã™ã€‚ï¼‰
In the case of mesh topology in the MAP domain, please set the following on all CEs. This configuration is default setting.

# set interfaces map map0 default-forwarding-rule true

Hub & Spoke æ§‹æˆã¨ã—ãŸã„å ´åˆï¼ˆCE é–“ã®é€šä¿¡ã¯ã‹ãªã‚‰ãš BR ã‚’çµŒç”±ã•ã›ãŸã„å ´åˆï¼‰ã¯ CE ã§ä»¥ä¸‹ã®ã‚ˆã†ã«è¨å®šã—ã¾ã™ã€‚
In the case of hub & spoke topology in the MAP domain, please set the following on all CEs.

# set interfaces map map0 default-forwarding-rule false

Meshã€ Hub & Spoke å…±ã« BR å´ã¯å¿…ãš default-forwarding-rule true ã«ã—ã¦ãã ã•ã„ã€‚
Regarding BRs, please set "default-forwarding-rule true", regardless of topology type.

ä»¥ä¸‹ã®ã‚ˆã†ã« Mapping Rule æ¯Žã« forwarding-mode ã¨ forwarding-rule ã‚’å€‹åˆ¥ã«æŒ‡å®šã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚ãŸã ã— forwarding-mode ã¯ã™ã¹ã¦ã® BR/CE ã§åŒã˜ã‚ˆã†ã«è¨å®šã•ã‚Œã¦ã„ã‚‹å¿…è¦ãŒæœ‰ã‚Šã¾ã™ã€‚
You can set the individual parameter of "forwarding-mode" and "forwarding-rule" according to each mapping rule. Below is an example of configuration.

# set interfaces map map0 rule 1 forwarding-mode encapsulation
# set interfaces map map0 rule 1 forwarding-rule false

forwarding-mode ã‚’æ··åœ¨ã•ã›ã‚‹ã“ã¨ã‚‚å¯èƒ½ã§ã™ã€‚ãŸã¨ãˆã° Mapping Rule A ã¨ Mapping Rule B ãŒã‚ã£ãŸå ´åˆã€ Mapping Rule A ã® forwarding-mode ã‚’ translation ã¨ã—ã€ Mapping Rule B ã® forwarding-mode ã‚’ encapsulation ã¨ã™ã‚‹ã‚ˆã†ãªè¨å®šã‚‚å¯èƒ½ã§ã™ã€‚ãã®å ´åˆã™ã¹ã¦ã® BR/CE ã§ Mapping Rule A ã® forwarding-mode ã‚’ translation ã«ã€ Mapping Rule B ã® forwarding-mode ã‚’ encapsulation ã«ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚
You can set the both forwarding modes. If Mapping Rule A and Mapping Rule B exist, you can set the "translation" as a "forwarding-mode" on the Mapping Rule A, and the "encapsulation" as a "forwarding-mode" on the Mapping Rule B. In this case, you need to set the same "forwarding-mode" for Mapping Rule A (which is translation) and Mapping Rule B (which is encapsulation) on all of BRs/CEs.

forwarding-mode ã‚’æ··åœ¨ã•ã›ãŸå ´åˆã€ destination address å´ã« match ã™ã‚‹ Mapping Rule ã® forwarding-mode ãŒé©ç”¨ã•ã‚Œã¾ã™ã€‚ãŸã¨ãˆã° default-forwarding-mode ãŒ encapsulation ã§ã€ Mapping Rule ã® forwarding-mode ãŒã™ã¹ã¦ translation ã®å ´åˆã€ CE ã‹ã‚‰ BR æ–¹å‘ã¯ encapsulation ãŒé©ç”¨ã•ã‚Œã€ BR ã‹ã‚‰ CE æ–¹å‘ã¯ translation ãŒé©ç”¨ã•ã‚Œã¾ã™ã€‚
If both forwarding modes are set, "forwarding-mode" that match with the side of destination address is applied as a "forwarding-mode". For example, if the "default-forwarding-mode" is "encapsulation" and the all "forwarding-mode" is "translation" on the Mapping Rule, encapsulation is applied for the packets from CE to BR, and translation is applied the packets from BR to CE.

BR ã§ã¯ forwarding-rule ã¯å¿…ãš true ã«ã—ã¦ãã ã•ã„ã€‚
"forwarding rule" needs to be "true" on the BR.

BR ã®è¨å®šä¾‹
Sample configuration for the BR

# set firewall send-redirects disable

# set interfaces map map0 role br
# set interfaces map map0 br-address 2001:db8::1/64
# set interfaces map map0 default-forwarding-mode translation
# set interfaces map map0 default-forwarding-rule true
# set interfaces map map0 rule 1 ipv6-prefix 2001:db8:89ab::/48
# set interfaces map map0 rule 1 ipv4-prefix 192.0.2.0/24
# set interfaces map map0 rule 1 ea-length 16

# set protocols static interface-route 192.0.2.0/24 next-hop-interface map0

ï¼Šæ³¨æ„ï¼Š BR ã‚¢ãƒ‰ãƒ¬ã‚¹ã§ã‚ã‚‹ 2001:db8::1/64 ã‚’ã©ã“ã‹ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã«æ‰‹å‹•ã§è¨å®šã—ãŸã‚Šã—ãªã„ã§ãã ã•ã„ã€‚
NOTE: You must not set any interface address to 2001:db8::1/64(BR address) manually.

ä¸Šè¨˜ã®ã‚ˆã†ã«è¨å®šã™ã‚‹ã¨ br-address ã§æŒ‡å®šã—ãŸãƒ—ãƒ¬ãƒ•ã‚£ã‚¯ã‚¹ã‚’ map0 ä»®æƒ³ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã«å‘ã‘ã‚‹é™çš„ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã®è¨å®šãŒè‡ªå‹•ã§å…¥ã‚Šã¾ã™ã€‚
When the above configuration is set, the static route with next hop of map0 virtual interface is automatically set. This static route is for IPv6 prefix which is set as a br-address.

$ show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng, O - OSPFv3,
       I - ISIS, B - BGP, * - FIB route.

C>* ::1/128 is directly connected, lo
K>* 2001:db8::/64 is directly connected, map0
S>* 2001:db8:100::/40 [1/0] via 2001:db8:ffff:ffff::2, eth1
C>* 2001:db8:ffff:ffff::/64 is directly connected, eth1
C * fe80::/64 is directly connected, eth0
C>* fe80::/64 is directly connected, eth1

IPv6 ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯å†…ã®ä»–ã®ãƒ«ãƒ¼ã‚¿ã§ã¯ 2001:db8::/64 ã‚’ã“ã® BR ã«å‘ã‘ã‚‹ã‚ˆã†ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚
You need to set the IPv6 routing for 2001:db8::/64 toward BR on the routers in the IPv6 network.

CE ã®è¨å®šä¾‹
Sample configuration for the CE

# set firewall send-redirects disable

# set interfaces ethernet eth1 address 2001:db8:89ab:cdef::1/64
# set interfaces ethernet eth1 address 192.168.1.1/24

# set interfaces map map0 role ce
# set interfaces map map0 tunnel-source eth1
# set interfaces map map0 br-address 2001:db8::1/64
# set interfaces map map0 default-forwarding-mode translation
# set interfaces map map0 default-forwarding-rule true
# set interfaces map map0 rule 1 ipv6-prefix 2001:db8:89ab::/48
# set interfaces map map0 rule 1 ipv4-prefix 192.0.2.0/24
# set interfaces map map0 rule 1 ea-length 16

# set protocols static interface-route 0.0.0.0/0 next-hop-interface map0

# set policy route mssclamp rule 1 protocol tcp
# set policy route mssclamp rule 1 tcp flags SYN
# set policy route mssclamp rule 1 set tcp-mss 1200
# set interfaces ethernet eth1 policy route mssclamp

# set system name-server 2001:db8:ffff:ffff::1
# set system name-server 2001:db8:ffff:ffff::2

# set service dhcp-server shared-network-name MY_NET subnet 192.168.1.0/24 start 192.168.1.100 stop 192.168.1.199
# set service dhcp-server shared-network-name MY_NET subnet 192.168.1.0/24 default-router 192.168.1.1
# set service dhcp-server shared-network-name MY_NET subnet 192.168.1.0/24 dns-server 192.168.1.1

# set service dns forwarding listen-on eth1

ï¼Šæ³¨æ„ï¼Š MAP IPv6 ã‚¢ãƒ‰ãƒ¬ã‚¹ã§ã‚ã‚‹ 2001:db8:89ab:cdef:0:c000:2cd:ef/128 ã¯é™çš„ãƒ«ãƒ¼ãƒ†ã‚£ãƒ³ã‚°ã¨ã—ã¦è‡ªå‹•ã§è¨å®šã•ã‚Œã¾ã™ã€‚ã“ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’ã©ã“ã‹ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã«æ‰‹å‹•ã§è¨å®šãŸã‚Šã—ãªã„ã§ãã ã•ã„ã€‚
NOTE: 2001:db8:89ab:cdef:0:c000:2cd:ef/128(MAP IPv6 address) will be configured as static route to MAP virtual interface by automatically. You must not set any interface address to this manually.
ï¼Šæ³¨æ„ï¼Š CE å´ã§åˆ©ç”¨ã™ã‚‹ DNS ã‚ãƒ£ãƒƒã‚·ãƒ¥ã‚µãƒ¼ãƒã¯ IPv6 ã®ã‚‚ã®ã‚’åˆ©ç”¨ã™ã‚‹ã“ã¨ã‚’å¼·ãæŽ¨å¥¨ã—ã¾ã™ã€‚
NOTE: It is strongly recommended to set IPv6 DNS server as the "system name-server" on the CE.

ãã®ä»–ã®ã‚ªãƒ—ã‚·ãƒ§ãƒ³
The other options

ä»¥ä¸‹ã®ã‚ˆã†ãªè¨å®šã‚‚å¯èƒ½ã§ã™ï¼ˆãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã¯ 6ï¼‰ã€‚
You can set the following command. (Default value of PSID offset is 6)

# set interfaces map map0 rule 1 psid-offset 4

PSID length ãŒæ£ã®æ•°ä»¥å¤–ã®æ¡ä»¶ï¼ˆdraft-ietf-softwire-map ã®ç”¨èªžã«å¾“ã†ã¨ Complete IPv4 address ã®ã‚±ãƒ¼ã‚¹ã¨ IPv4 prefix ã®ã‚±ãƒ¼ã‚¹ï¼‰ã§ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ NAPT ãŒæœ‰åŠ¹ã§ã™ã€‚ã“ã‚Œã‚‰ã®æ¡ä»¶æ™‚ã« NAPT ã‚’æ®ºã—ãŸã„ã¨ãã¯ä»¥ä¸‹ã®è¨å®šã‚’ã—ã¾ã™ã€‚
When PSID length is not positive value (According to in the draft-ietf-softwire-map terms, the case is Complete IPv4 address or IPv4 prefix) , NAPT is enabled by default. In this case, you can disable NAPT by the following command.

# set interfaces map map0 napt-always false

NAPT ã‚’æ®ºã—ãŸçŠ¶æ…‹ã§ã¯ MAP ä»®æƒ³ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã« IPv4 ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’æŒ¯ã‚Š iptables ã«ã‚ˆã‚‹ NAT ã‚’åˆ©ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚
When NAPT is disabled, you can use NAT on iptables by assigning IPv4 address on the MAP virtual interface.

# set interfaces map map0 address 192.0.2.205/32
# set nat source rule 1 outbound-interface map0
# set nat source rule 1 translation address masquerade
# set nat destination rule 1 inbound-interface map0
# set nat destination rule 1 protocol tcp
# set nat destination rule 1 destination port 80
# set nat destination rule 1 translation address 192.168.1.10

TCP ã®ãƒãƒ¼ãƒˆç•ªå·ãŒæž¯æ¸‡ã—ãŸéš›ã«ã‚‚ã£ã¨ã‚‚ä½¿ç”¨é »åº¦ã®ä½Žã„ NAPT ã‚¨ãƒ³ãƒˆãƒªãƒ¼ã‚’å¼·åˆ¶çš„ã«å†åˆ©ç”¨ã™ã‚‹ã‚ˆã†ã«è¨å®šã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ï¼ˆãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã¯ falseï¼‰ã€‚
In case of TCP port number exhaustion, you can set the following command for enforced reusing less frequently used NAPT entries. (Default setting is false)

# set interfaces map map0 napt-force-recycle true

ãƒãƒ¼ãƒˆç•ªå·å¼·åˆ¶å†åˆ©ç”¨ã®æ©Ÿèƒ½ã¯ UDP ã¨ ICMP ã§ã¯ç„¡åŠ¹åŒ–ã™ã‚‹ã“ã¨ã¯ã§ãã¾ã›ã‚“ã€‚
However, UDP and ICMP is unable to reuse port number.

å®Ÿéš›ã« MAP ã‚’å±•é–‹ã™ã‚‹éš›ã«ã¯å…¨ã¦ã® BR/CE ã® MTU ã®å€¤ã‚’çµ±ä¸€ã™ã‚‹ã“ã¨ãŒæœ›ã¾ã—ã„ã§ã™ã€‚ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã™ã‚‹ã“ã¨ã§ IPv6 ãƒ‘ã‚±ãƒƒãƒˆã®æœ€å¤§ã‚µã‚¤ã‚ºã‚’è¨å®šã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚ä»¥ä¸‹ã®ä¾‹ã§ã¯ MAP ã«ã‚ˆã‚Š encapsulation/translation ã•ã‚Œã‚‹ IPv6 ãƒ‘ã‚±ãƒƒãƒˆã®ã‚µã‚¤>ã‚ºãŒæœ€å¤§ã§ 1500 ãƒã‚¤ãƒˆã¨ãªã‚‹ã‚ˆã†åˆ†å‰²ã•ã‚Œã¾ã™ï¼ˆãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã¯ 1280ï¼‰ã€‚
When you deploy MAP in your network, you should set same MTU value on all of BRs/CEs. You can set the MTU value as below. The following command does the fragmentation to 1500 Byte for IPv6 packets toward encapsulation/translation. (Default value is 1280)

# set interfaces map map0 ipv6-fragment-size 1500

encapsulation ã®å ´åˆã€ãƒ‡ãƒ•ã‚©ãƒ«ãƒˆã§ã¯ IPv6 ãƒ˜ãƒƒãƒ€ã®ç›´å¾Œã«ã‹ãªã‚‰ãš IPv4 ãƒ˜ãƒƒãƒ€ãŒä»˜ãã‚ˆã† IPv4 ã‚¹ã‚¿ãƒƒã‚¯ã§ãƒ•ãƒ©ã‚°ãƒ¡ãƒ³ãƒˆå‡¦ç†ã‚’è¡Œã„ã¾ã™ã€‚ä»¥ä¸‹ã®è¨å®šã‚’ã™ã‚‹ã“ã¨ã§ IPv4 ã‚¹ã‚¿ãƒƒã‚¯ã§ã¯ãªã IPv6 ã‚¹ã‚¿ãƒƒã‚¯ã§ãƒ•ãƒ©ã‚°ãƒ¡ãƒ³ãƒˆã™ã‚‹ã‚ˆã†è¨å®šã‚’å¤‰æ›´ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚
In case that encapsulation is configured, the fragmentation process is performed in the IPv4 stack by default so that IPv4 packet header puts right behind IPv6 packet header. You can change the fragmentation handling from the IPv4 stack to the IPv6 stack by the following command.

# set interfaces map map0 ipv4-fragment-inner false

ä»¥ä¸‹ã®ã‚ˆã†ã«è¨å®šã™ã‚‹ã“ã¨ã§ MAP 1:1 ã¨ã—ã¦åˆ©ç”¨ã™ã‚‹ã“ã¨ã‚‚ã§ãã¾ã™ã€‚
You can configure MAP 1:1 as below.

# set interfaces map map0 rule 1 ipv6-prefix 2001:db8:1234::/48
# set interfaces map map0 rule 1 ipv4-prefix 192.0.2.18/32
# set interfaces map map0 rule 1 psid-prefix 0x34/8
# set interfaces map map0 rule 1 ea-length 0

# set interfaces map map0 rule 2 ipv6-prefix 2001:db8:5678::/48
# set interfaces map map0 rule 2 ipv4-prefix 192.0.2.18/32
# set interfaces map map0 rule 2 psid-prefix 0x56/8
# set interfaces map map0 rule 2 ea-length 0

ä¸Šè¨˜ã®è¨å®šã§ã¯ 192.0.2.18/32 ã¨ã„ã† 1 ã¤ã® IPv4 ã‚¢ãƒ‰ãƒ¬ã‚¹ã‚’ PSID ãŒ 0x34 ã® CE ã¨ PSID ãŒ 0x56 ã® CE ã® 2 å°ã§å…±æœ‰ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚PSID ãŒ 0x34 ã® CE ã® MAP IPv6 ã‚¢ãƒ‰ãƒ¬ã‚¹ã¨ PSID ãŒ 0x56 ã® CE ã® MAP IPv6 ã‚¢ãƒ‰ãƒ¬ã‚¹ã¯ãã‚Œãžã‚Œ 2001:db8:1234::c000:212:34 ã¨ 2001:db8:5678::c000:212:56 ã«ãªã‚Šã¾ã™ã€‚
On the above configuration, an IPv4 address of 192.0.2.18/32 can be shared by the CE with 0x34 as a PSID and the other CE with 0x56. The CE with 0x34 has 2001:db8:1234::c000:212:34 as a MAP IPv6 address, and the other CE with 0x56 has 2001:db8:5678::c000:212:56.

464XLAT CLAT äº’æ›ã®è¨å®š
464XLAT CLAT configuration

ä»¥ä¸‹ã®ã‚ˆã†ã«è¨å®šã™ã‚‹ã“ã¨ã§ 464XLAT CLAT ã¨ã—ã¦åˆ©ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã¾ã™ã€‚
You can set 464XLAT CLAT on this implementation by the following configuration.

# set interfaces ethernet eth1 address 2001:db8:89ab:cdef::1/64
# set interfaces ethernet eth1 address 192.168.1.1/24

# set interfaces map map0 role ce
# set interfaces map map0 tunnel-source eth1
# set interfaces map map0 br-address 2001:db8::1/64
# set interfaces map map0 default-forwarding-mode translation

# set protocols static interface-route 0.0.0.0/0 next-hop-interface map0

JPIX ã•ã‚“ãŒå®Ÿé¨“çš„ã«æä¾›ã•ã‚Œã¦ã„ã‚‹ IPv6v4 ã‚¨ã‚¯ã‚¹ãƒã‚§ãƒ³ã‚¸ã‚µãƒ¼ãƒ“ã‚¹ ã§å‹•ä½œæ¤œè¨¼ã‚’è¡Œã£ã¦ã„ã¾ã™ã€‚ JPIX ã•ã‚“ã® IPv6v4 ã‚¨ã‚¯ã‚¹ãƒã‚§ãƒ³ã‚¸ã‚µãƒ¼ãƒ“ã‚¹ã‚’åˆ©ç”¨ã™ã‚‹å ´åˆã¯ br-address ã® 2001:db8::1/64 ã®éƒ¨åˆ†ã‚’ JPIX ã•ã‚“ãŒæä¾›ã•ã‚Œã¦ã„ã‚‹ NAT64 ã®ãƒ—ãƒ¬ãƒ•ã‚£ã‚¯ã‚¹ï¼ˆ****:****:****:****::/96ï¼‰ã«ç½®ãæ›ãˆã¦ãã ã•ã„ã€‚
This implementation was tested in IPv6v4 Exchange Service by JPIX. If you use this implementation in the JPIX service, you need to change "br-address" to NAT64 prefix (****:****:****:****::/96) provided by JPIX.

ï¼Šæ³¨æ„ï¼Š LAN å´ãƒ—ãƒ¬ãƒ•ã‚£ã‚¯ã‚¹ã®ã†ã¡ ****:****:****:****:0:6464:****:****/96 ã®éƒ¨åˆ†ï¼ˆä¸Šè¨˜ã®ä¾‹ã§ã¯ 2001:db8:89ab:cdef:0:6464:****:****/96 ã®éƒ¨åˆ†ï¼‰ã¯ translation ã®ç‚ºã«ä½¿ç”¨ã•ã‚Œã‚‹ãŸã‚ä½¿ç”¨ã§ããªããªã‚Šã¾ã™ã®ã§ã”æ³¨æ„ãã ã•ã„ã€‚
NOTE: ****:****:****:****:0:6464:****:****/96 is unable to use as an IPv6 prefix for the LAN-side.

ã¾ãŸ MAP CE ã®è¨å®šã¨åŒæ§˜ã€ãƒ•ãƒ©ã‚°ãƒ¡ãƒ³ãƒˆã‚’å›žé¿ã™ã‚‹ãŸã‚ã« TCP MSS ã®æ›¸ãæ›ãˆå‡¦ç†ã¯å¿…ãšè¡Œã„ã¾ã™ã€‚ä»¥ä¸‹ã®ä¾‹ã§ã¯ eth1 ã‹ã‚‰å‡ºã¦è¡Œã“ã†ã¨ã™ã‚‹ TCP SYN ãƒ‘ã‚±ãƒƒãƒˆã® MSS ã®å€¤ã‚’ 1212 ã¨ã™ã‚‹ã‚ˆã†è¨å®šã—ã¦ã„ã¾ã™ã€‚ä»¥ä¸‹ã®ä¾‹ã®ã†ã¡ eth1 ã®éƒ¨åˆ†ã¯é©å®œ LAN å´ã®ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹åã«ç½®ãæ›ãˆã¦ãã ã•ã„ã€‚
As is the case for MAP CE, you need to set the TCP MSS clamping for avoiding fragmentation. In the following example, The value of MSS in the TCP SYN packet is set to 1212. If you set this configuration, the interface name ("eth1" in this example) might be needed to change.

# set policy route mssclamp rule 1 protocol tcp
# set policy route mssclamp rule 1 tcp flags SYN
# set policy route mssclamp rule 1 set tcp-mss 1212
# set interfaces ethernet eth1 policy route mssclamp

DS-Lite B4 äº’æ›ã®è¨å®šï¼ˆæœªæ¤œè¨¼ï¼‰
DS-Lite B4 configuration (untested)

# set interfaces ethernet eth1 address 2001:db8:89ab:cdef::1/64
# set interfaces ethernet eth1 address 192.168.1.1/24

# set interfaces map map0 role ce
# set interfaces map map0 tunnel-source eth1
# set interfaces map map0 br-address 2001:db8::1/64
# set interfaces map map0 default-forwarding-mode encapsulation

# set protocols static interface-route 0.0.0.0/0 next-hop-interface map0

# set policy route mssclamp rule 1 protocol tcp
# set policy route mssclamp rule 1 tcp flags SYN
# set policy route mssclamp rule 1 set tcp-mss 1200
# set interfaces ethernet eth1 policy route mssclamp

464XLAT PLAT äº’æ›ã®è¨å®šï¼ˆæœªæ¤œè¨¼ï¼‰
464XLAT PLAT configuration (untested)

# set interfaces map map0 role br
# set interfaces map map0 br-address 2001:db8::1/64
# set interfaces map map0 default-forwarding-mode translation
# set interfaces map map0 pool 1 pool-prefix 203.0.113.123/32

# set protocols static interface-route 203.0.113.123/32 next-hop-interface map0

DS-Lite AFTR äº’æ›ã®è¨å®šï¼ˆæœªæ¤œè¨¼ï¼‰
DS-Lite AFTR configuration (untested)

# set interfaces map map0 role br
# set interfaces map map0 br-address 2001:db8::1/64
# set interfaces map map0 default-forwarding-mode encapsulation
# set interfaces map map0 pool 1 pool-prefix 203.0.113.123/32

# set protocols static interface-route 203.0.113.123/32 next-hop-interface map0

å‹•ä½œç¢ºèªã®ç‚ºã®ã‚³ãƒžãƒ³ãƒ‰
Commands for confirming status

ç¾åœ¨ã® MAP ä»®æƒ³ã‚¤ãƒ³ã‚¿ãƒ¼ãƒ•ã‚§ãƒ¼ã‚¹ã®è¨å®šã‚’ç¢ºèªã—ãŸã„ã¨ãã¯ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã—ã¾ã™ã€‚
Use the following command to display the current configuration for MAP virtual interface.

$ show interfaces map map0      

    Interface name          : map0
    Role                    : CE
    Tunnel source           : eth1
    BR address              : 2001:db8::1/96
    IPv4 pool               :
    Default forwarding mode : translation
    Default forwarding rule : true
    IPv6 fragment size      : 1500
    IPv4 fragment inner     : true
    NAPT always             : true
    NAPT force recycle      : false
    Basic mapping rule      :
        Rule IPv6 prefix        : 2001:db8:100::/40
        Rule IPv4 prefix        : 172.16.1.0/32
        Rule PSID prefix        : 0x88/8
        EA-bits length          : 0
        PSID offset             : 6
        Forwarding mode         : translation
        Forwarding rule         : true
    MAP IPv6 address        : 2001:db8:100::ac10:100:88/128
    Shared IPv4 address     : 172.16.1.0
    Assigned port-set ID    : 0x88/8
    Port-set                :
        Port-set #0000          :   1568(0x0620) -   1571(0x0623)
        Port-set #0001          :   2592(0x0a20) -   2595(0x0a23)
        Port-set #0002          :   3616(0x0e20) -   3619(0x0e23)
...é•·ã„ã®ã§é€”ä¸çœç•¥...
        Port-set #0062          :  65056(0xfe20) -  65059(0xfe23)

ç¾åœ¨è¨å®šã•ã‚Œã¦ã„ã‚‹ MAP Rule ã®ä¸€è¦§ã‚’ç¢ºèªã—ãŸã„ã¨ãã¯ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã—ã¾ã™ã€‚
The following command is for displaying the current MAP rule.

$ show interfaces map map0 rule 

 Mode: 'E' = Encapsulation, 'T' = Translation. FMR: 'T' = FMR, '-' = Not FMR.

 IPv6 prefix, IPv4 prefix, PSID prefix, EA-bits length, PSID offset, Mode, FMR.
       0:             2001:db8:100::/40       172.16.1.0/32 0x0088/8   0  6 T F

ç¾åœ¨ã® NAPT ã®ã‚»ãƒƒã‚·ãƒ§ãƒ³ãƒ»ãƒ†ãƒ¼ãƒ–ãƒ«ã‚’ç¢ºèªã—ãŸã„ã¨ãã¯ä»¥ä¸‹ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’å®Ÿè¡Œã—ã¾ã™ã€‚
The following command is for displaying the current NAPT session table.

$ show interfaces map map0 napt 

 Proto: 'I' = ICMP, 'T' = TCP, 'U' = UDP.
 Flags: SynOut, SynAckIn, AckOut, FinOut, FinAckIn, FinIn, FinAckOut, Rst.
        '!' = Up, '.' = Down.

 Last used, Local address:port, Mapped port, Remote address:port, Proto, Flags.
 09:34:38   192.168.11.11:3129   32288(0x7e20)       10.1.1.11:0     I ........

464XLAT PLAT ã‹ DS-Lite AFTR ã¨ã—ã¦å‹•ä½œã•ã›ã¦ã„ã‚‹ã¨ãã¯ä»¥ä¸‹ã®ã‚ˆã†ã«è¡¨ç¤ºã•ã‚Œã¾ã™ã€‚
The following shows a result in the case of 464XLAT PLAT or DS-Lite AFTR.

$ show interfaces map map0 napt 

 Proto: 'I' = ICMP, 'T' = TCP, 'U' = UDP.
 Flags: SynOut, SynAckIn, AckOut, FinOut, FinAckIn, FinIn, FinAckOut, Rst.
        '!' = Up, '.' = Down.

 Last used, Local IPv6 address, Local address:port, Mapped address:port, Remote address:port, Proto, Flags.
 09:31:43 2001:db8:112:3400:c0:0:200:0               192.168.11.11:3129       172.16.2.0:(0x84d9)34009        10.1.1.11:0     I ........

è¬è¾žã¨é€£çµ¡å…ˆ
Acknowledgements & contact

å®Ÿè£…ã«ã‚ãŸã‚Šã‚½ãƒ•ãƒˆãƒãƒ³ã‚¯ãƒ†ãƒ¬ã‚³ãƒ ã®æ¾å¶‹ã•ã‚“ã«ã„ã‚ã„ã‚ã¨æ•™ãˆã¦ã„ãŸã ãã¾ã—ãŸã€‚ãã®ä¸Š ASAMAP ã¨ã„ã†ç´ æ•µãªåå‰ã¾ã§ã¤ã‘ã¦é ‚ã„ã¡ã‚ƒã„ã¾ã—ãŸã€‚ã‚ã‚ŠãŒã¨ã†ã”ã–ã„ã¾ã™ï¼ï¼ï¼
Thanks Matsushima-san from Softbank Telecom for lots of advices and giving nice name "ASAMAP" to this implementation.

JPIX ã®é¦¬æ¸¡ã•ã‚“ã«ã“ã®æ–‡æ›¸ã®è‹±è¨³ã‚’ã—ã¦ã„ãŸã ãã¾ã—ãŸã€‚ã‚ã‚ŠãŒã¨ã†ã”ã–ã„ã¾ã™ï¼ï¼ï¼ã‚ã¡ã‚ƒãã¡ã‚ƒå¬‰ã—ã„ã§ã™ï¼ï¼ï¼
Thanks Mawatari-san from JPIX for English translation of this document. I'm insanely happy! (I was translated into English this sentence only ;) ).

ã‚ã€ã‚‚ã¡ã‚ã‚“å®Ÿè£…ä¸Šã®å•é¡Œã¯æµ…é–“ã®å•é¡Œã§ã™ã®ã§ç‚ºå¿µã€‚ã‚‚ã—ãªã«ã‹ã”ã–ã„ã¾ã—ãŸã‚‰ Twitter ã§ @m_asama ã«ãƒ¡ãƒ³ã‚·ãƒ§ãƒ³ã§ã‚‚é£›ã°ã—ã¦ã„ãŸã ã‘ã‚Œã°å¹¸ã„ã§ã™ã€‚ã‚‚ã—ã‹ã—ãŸã‚‰ãªã‚“ã¨ã‹ã™ã‚‹ã‹ã‚‚ã€‚
If you have any questions or notice any problems, those are due to Asama's issues. In that case, please feel free to contact @m_asama by twitter. Something might be done.

MAP å¯¾å¿œ Vyattaï¼ˆASAMAPï¼‰ä»®ç½®ãå ´ MAP supported Vyatta (as known as ASAMAP)

åˆ©ç”¨æ–¹æ³• Getting started

ãƒˆãƒãƒ­ã‚¸ãƒ¼ã¨ãƒžãƒƒãƒ”ãƒ³ã‚°ãƒ«ãƒ¼ãƒ« Topology & mapping rule

BR ã®è¨­å®šä¾‹ Sample configuration for the BR

CE ã®è¨­å®šä¾‹ Sample configuration for the CE

ãã®ä»–ã®ã‚ªãƒ—ã‚·ãƒ§ãƒ³ The other options

464XLAT CLAT äº’æ›ã®è¨­å®š 464XLAT CLAT configuration

DS-Lite B4 äº’æ›ã®è¨­å®šï¼ˆæœªæ¤œè¨¼ï¼‰ DS-Lite B4 configuration (untested)

464XLAT PLAT äº’æ›ã®è¨­å®šï¼ˆæœªæ¤œè¨¼ï¼‰ 464XLAT PLAT configuration (untested)

DS-Lite AFTR äº’æ›ã®è¨­å®šï¼ˆæœªæ¤œè¨¼ï¼‰ DS-Lite AFTR configuration (untested)

å‹•ä½œç¢ºèªã®ç‚ºã®ã‚³ãƒžãƒ³ãƒ‰ Commands for confirming status

è¬è¾žã¨é€£çµ¡å…ˆ Acknowledgements & contact