SlideShare a Scribd company logo

20141102 VyOS 1.1.0 and NIFTY Cloud New Features

雄也 日下部
雄也 日下部

The document discusses new features of VyOS 1.1.0 including unmanaged L2TPv3, dummy interfaces, and QinQ. It also describes running VyOS on various IaaS platforms and NIFTY Cloud's new network features such as private networks, routers, and VPN gateways. Enhanced software for managed L2TPv3 will be released as open source to allow VPN connectivity between routers and NIFTY Cloud via L2TPv3/IPsec tunnels.

Technology
1 of 24
Download to read offline
Copyright © NIFTY Corporation All Rights Reserved. VyOS1.1.0 and NIFTY CloudNew Features Yuya Kusakabe-@higebu NIFTY Corp. VyOSUsers Meeting #2, Nov. 2, 2014
Copyright © NIFTY Corporation All Rights Reserved. Confidential 2 VyOS1.1.0 released! Release date: Oct. 9, 2014 New features: Unmanaged L2TPv3 Dummy interfaces QinQ Event handler IGMP proxy Experimental features: VXLAN -> @upaa DMVPN For more detail: http://vyos.net/wiki/1.1.0/release_notes
Copyright © NIFTY Corporation All Rights Reserved. Confidential 3 Lithium branch Helium is now feature frozen, please submit all patches to lithium.
Copyright © NIFTY Corporation All Rights Reserved. VyOSon IaaS
Copyright © NIFTY Corporation All Rights Reserved. Confidential 5 VyOSon IaaS AWS AMI さくらのクラウド( Sakura Cloud ) Images VPCルータ( VPC Router ) IDCFクラウド( IDCF Cloud ) Images NIFTY Cloud Images New network features
Copyright © NIFTY Corporation All Rights Reserved. Confidential 6 AWS VyOS1.0.5 64bit https://aws.amazon.com/marketplace/pp/B00JK5UPF6
Copyright © NIFTY Corporation All Rights Reserved. Confidential 7 さくらのクラウド( Sakura Cloud ) VyOS1.0.5 64bit http://cloud.sakura.ad.jp/
Copyright © NIFTY Corporation All Rights Reserved. Confidential 8 さくらのクラウド( Sakura Cloud ) http://www.slideshare.net/sakuranocloud/20140727-vyosuserspost?qid=4616b826-dfa1-4ff9-9dce-d9f13516fd84
Copyright © NIFTY Corporation All Rights Reserved. Confidential 9 IDCFクラウド( IDCF Cloud ) VyOS1.0.464bit http://www.idcf.jp/cloud/
Copyright © NIFTY Corporation All Rights Reserved. Confidential 10 NIFTY Cloud VyOS1.0.5 64bitand 1.1.0 64bit
Copyright © NIFTY Corporation All Rights Reserved. Confidential 11 New network features Release date: Nov. 2014 プライベートLAN ( Private network ) You can use multiple private network. ルーター( Router ) DHCP, NAT, Routing, Web Proxy VPNゲートウェイ( VPNGateway ) IPsec Unmanaged L2TPv3 over IPsec Managed L2TPv3 over IPsec
Copyright © NIFTY Corporation All Rights Reserved. Confidential 12 About Managed L2TPv3 Enhanced xl2tpd For Managed L2TPv3 The source code will be released as open source. Enhanced ebtables For storm control This is NIFTY Cloud original commands… Special thanks to @m_asama!
Copyright © NIFTY Corporation All Rights Reserved. Confidential 13 Managed L2TPv3 Commands set system l2tpv3 router-id { local address } set interfaces l2tpv3 l2tpeth0 bridge-group bridge br0 set interfaces l2tpv3 l2tpeth0 encapsulation udp set interfaces l2tpv3 l2tpeth0 mode { lnsor lac } set interfaces l2tpv3 l2tpeth0 remote-ip{ remote address } set interfaces l2tpv3 l2tpeth0 remote-end-id { remote end id }
Copyright © NIFTY Corporation All Rights Reserved. Confidential 14 Storm control Commands set service nifty-cloud-bridge-filter interface eth3 set service nifty-cloud-bridge-filter mac-addr-limit 20/30 set service nifty-cloud-bridge-filter mcast-limit 1000/s set service nifty-cloud-bridge-filter mcast-limit-burst 2000 And if above setting is enabled, ebtablesdrops except IPv4 and ARP packets.
Copyright © NIFTY Corporation All Rights Reserved. Extending Home networkto NIFTY Cloudacross the Internet with L2TPv3 / IPsec
Copyright © NIFTY Corporation All Rights Reserved. Confidential 16 The Internet Network configuration ManagedL2TPv3 / IPsec My Home FLET'S HIKARI NEXT High-Speed Type For Houses 192.168.100.0/24 121.94.82.26 192.168.100.0/24 Same subnet dhcp Customized VyOS1.0.5 amd64 YAMAHA RTX1200
Copyright © NIFTY Corporation All Rights Reserved. Confidential 17 Setting up NIFTY Cloud VPN Gateway Demo No Photographs
Copyright © NIFTY Corporation All Rights Reserved. Confidential 18 Setting up YAMAHA RTX1200 # # IP configuration # iproute default gateway pp 1 # # Bridge configuration # bridge member bridge1 lan1 tunnel4 ipbridge1 address 192.168.100.1/24 # # NAT Descriptor configuration # nat descriptor type 1 masquerade ### PP 1 ### pp select 1 pp always-on on pppoeuse lan2 pp authaccept pap chap pp authmyname{FLET’S ID} {FLET’S Password} ppplcpmruon 1454 pppipcpipaddresson pppipcpmsexton ippp mtu1454 ippp natdescriptor 1 pp enable 1
Copyright © NIFTY Corporation All Rights Reserved. Confidential 19 Setting up YAMAHA RTX1200 ### TUNNEL 4 ### tunnel select 4 tunnel encapsulation l2tpv3 tunnel endpoint address 192.168.100.1 121.94.82.26 ipsectunnel 104 ipsecsapolicy 104 4 espaes256-cbc sha-hmac ipsecikeduration ipsec-sa4 3600 ipsecikeduration ike-sa4 28800 ipsecikeencryption 4 aes256-cbc ipsecikegroup 4 modp1024 ipsecikehash 4 sha ipsecikekeepaliveuse 4 on dpd ipsecikelocal address 4 192.168.100.1 ipsecikepfs4 on ipsecikepre-shared-key 4 text {pre shared key} ipsecikeremote address 4 121.94.82.26
Copyright © NIFTY Corporation All Rights Reserved. Confidential 20 Setting up YAMAHA RTX1200 l2tp always-on on l2tp hostname YAMAHA-RTX1200 l2tp tunnel authoff l2tp tunnel disconnect time off l2tp keepaliveuse on 20 3 l2tp keepalivelog on l2tp syslog on l2tp local router-id {WAN IP Address} l2tp remote router-id 121.94.82.26 l2tp remote end-id niftycloud tunnel enable 4 # # IPSEC configuration # ipsecauto refresh on ipsectransport 4 104 udp1701 # # L2TP configuration # l2tp service on # # DHCP configuration # dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 192.168.100.10-192.168.100.254/24 For more detail: http://jp.yamaha.com/products/network/solution/vpn-connect-l2tpv3-rtx1200/
Copyright © NIFTY Corporation All Rights Reserved. Confidential 21 Performance This is for reference. NIFTY Cloud does not guarantee the performance. 30 15 80 70 600 0 100 200 300 400 500 600 700 Cloud->Home Home->Cloud Cloud->Home Home->Cloud Cloud->Cloud L2TPv3/Ipsec/Internet Internet L2TPv3/IPsec
Copyright © NIFTY Corporation All Rights Reserved. Confidential 22 Conculusion VyOS1.1.0 released! Lithium branch! You can use VyOSon some IaaS. NIFTY Cloud new features, private network, router, and VPN gateway. Enhanced xl2tpd and ebtableswill be released as open source. VPN gateway can connect to YAMAHA RTX1200 with L2TPv3/IPsec.
Copyright © NIFTY Corporation All Rights Reserved. Thank you for listening! We are hiring! http://www.nifty.co.jp/recruit/
Copyright © NIFTY Corporation All Rights Reserved. Confidential 24

Recommended

Building and Customizing CoreOS
Building and Customizing CoreOSBuilding and Customizing CoreOS
Building and Customizing CoreOS
雄也 日下部
 
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack
OpenStack Korea Community
 
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728
jieun kim
 
SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home. SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home.
LinuxCon ContainerCon CloudOpen China
 
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Kentaro Ebisawa
 
2014-4Q-OpenStack-Fall-presentation-public-20150310a
2014-4Q-OpenStack-Fall-presentation-public-20150310a2014-4Q-OpenStack-Fall-presentation-public-20150310a
2014-4Q-OpenStack-Fall-presentation-public-20150310a
Ken Igarashi
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
upaa
 
KubeCon EU 2016: What is OpenStack's role in a Kubernetes world?
KubeCon EU 2016: What is OpenStack's role in a Kubernetes world?KubeCon EU 2016: What is OpenStack's role in a Kubernetes world?
KubeCon EU 2016: What is OpenStack's role in a Kubernetes world?
KubeAcademy
 

Recommended

Building and Customizing CoreOS
Building and Customizing CoreOSBuilding and Customizing CoreOS
Building and Customizing CoreOS
雄也 日下部
 
[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack[2015-11월 정기 세미나]K8s on openstack
[2015-11월 정기 세미나]K8s on openstack
OpenStack Korea Community
 
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728
OpenStack Korea 2015 상반기스터디(devops) 스크립트로 오픈스택 설치하기 20150728
jieun kim
 
SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home. SecurityPI - Hardening your IoT endpoints in Home.
SecurityPI - Hardening your IoT endpoints in Home.
LinuxCon ContainerCon CloudOpen China
 
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Kentaro Ebisawa
 
2014-4Q-OpenStack-Fall-presentation-public-20150310a
2014-4Q-OpenStack-Fall-presentation-public-20150310a2014-4Q-OpenStack-Fall-presentation-public-20150310a
2014-4Q-OpenStack-Fall-presentation-public-20150310a
Ken Igarashi
 
VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話VyOS Users Meeting #2, VyOSのVXLANの話
VyOS Users Meeting #2, VyOSのVXLANの話
upaa
 
KubeCon EU 2016: What is OpenStack's role in a Kubernetes world?
KubeCon EU 2016: What is OpenStack's role in a Kubernetes world?KubeCon EU 2016: What is OpenStack's role in a Kubernetes world?
KubeCon EU 2016: What is OpenStack's role in a Kubernetes world?
KubeAcademy
 
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASAОсновные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Cisco Russia
 
Easy vpn
Easy vpnEasy vpn
Easy vpn
Hồ Đắc Biên
 
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるK8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
JUNICHI YOSHISE
 
VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法
Naoto MATSUMOTO
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
VirtualTech Japan Inc.
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석
Yongyoon Shin
 
Ansible x napalm x nso 解説・比較パネルディスカッション nso
Ansible x napalm x nso 解説・比較パネルディスカッション nsoAnsible x napalm x nso 解説・比較パネルディスカッション nso
Ansible x napalm x nso 解説・比較パネルディスカッション nso
Akira Iwamoto
 
Fortinet Ansible Solution Part 2
Fortinet Ansible Solution Part 2Fortinet Ansible Solution Part 2
Fortinet Ansible Solution Part 2
Salim Haniff
 
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
VirtualTech Japan Inc.
 
IxVM on CML
IxVM on CMLIxVM on CML
IxVM on CML
npsg
 
XPDS14: Efficient Interdomain Transmission of Performance Data - John Else, C...
XPDS14: Efficient Interdomain Transmission of Performance Data - John Else, C...XPDS14: Efficient Interdomain Transmission of Performance Data - John Else, C...
XPDS14: Efficient Interdomain Transmission of Performance Data - John Else, C...
The Linux Foundation
 
Reference CNF development journey and outcomes
Reference CNF development journey and outcomesReference CNF development journey and outcomes
Reference CNF development journey and outcomes
Victor Morales
 
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
VirtualTech Japan Inc.
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)
Motonori Shindo
 
CoreOS @Codetalks Hamburg
CoreOS @Codetalks HamburgCoreOS @Codetalks Hamburg
CoreOS @Codetalks Hamburg
Timo Derstappen
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
LinuxCon ContainerCon CloudOpen China
 
Building cloud native network functions - outcomes from the gw-tester nsm imp...
Building cloud native network functions - outcomes from the gw-tester nsm imp...Building cloud native network functions - outcomes from the gw-tester nsm imp...
Building cloud native network functions - outcomes from the gw-tester nsm imp...
Victor Morales
 
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
VirtualTech Japan Inc.
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs mode
Victor Morales
 
vSRX
vSRXvSRX
vSRX
MarketingArrowECS_CZ
 
10.) vxlan
10.) vxlan10.) vxlan
10.) vxlan
Jeff Green
 
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000
Vinod Kumar Balasubramanyam
 

More Related Content

What's hot

How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
VirtualTech Japan Inc.
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)
Motonori Shindo
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
LinuxCon ContainerCon CloudOpen China
 
Building cloud native network functions - outcomes from the gw-tester nsm imp...
Building cloud native network functions - outcomes from the gw-tester nsm imp...Building cloud native network functions - outcomes from the gw-tester nsm imp...
Building cloud native network functions - outcomes from the gw-tester nsm imp...
Victor Morales
 
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
VirtualTech Japan Inc.
 

What's hot (20)

Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASAОсновные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
Основные понятия и аспекты построения отказоустойчивых Site-to-Site VPN на ASA
 
Easy vpn
Easy vpnEasy vpn
Easy vpn
 
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみるK8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
K8s上の containerized cloud foundryとcontainerized open stackをprometheusで監視してみる
 
VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法VYATTAによるマルチパスVPN接続手法
VYATTAによるマルチパスVPN接続手法
 
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
NTTドコモ様 導入事例 OpenStack Summit 2016 Barcelona 講演「Expanding and Deepening NTT D...
 
OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석OpenStack networking-sfc flow 분석
OpenStack networking-sfc flow 분석
 
Ansible x napalm x nso 解説・比較パネルディスカッション nso
Ansible x napalm x nso 解説・比較パネルディスカッション nsoAnsible x napalm x nso 解説・比較パネルディスカッション nso
Ansible x napalm x nso 解説・比較パネルディスカッション nso
 
Fortinet Ansible Solution Part 2
Fortinet Ansible Solution Part 2Fortinet Ansible Solution Part 2
Fortinet Ansible Solution Part 2
 
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
How logging makes a private cloud a better cloud - OpenStack最新情報セミナー(2016年12月)
 
IxVM on CML
IxVM on CMLIxVM on CML
IxVM on CML
 
XPDS14: Efficient Interdomain Transmission of Performance Data - John Else, C...
XPDS14: Efficient Interdomain Transmission of Performance Data - John Else, C...XPDS14: Efficient Interdomain Transmission of Performance Data - John Else, C...
XPDS14: Efficient Interdomain Transmission of Performance Data - John Else, C...
 
Reference CNF development journey and outcomes
Reference CNF development journey and outcomesReference CNF development journey and outcomes
Reference CNF development journey and outcomes
 
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
NTTドコモ様 導入事例 OpenStack Summit 2015 Tokyo 講演「After One year of OpenStack Cloud...
 
L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)L2 over l3 ecnaspsulations (english)
L2 over l3 ecnaspsulations (english)
 
CoreOS @Codetalks Hamburg
CoreOS @Codetalks HamburgCoreOS @Codetalks Hamburg
CoreOS @Codetalks Hamburg
 
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
High Performance Linux Virtual Machine on Microsoft Azure: SR-IOV Networking ...
 
Building cloud native network functions - outcomes from the gw-tester nsm imp...
Building cloud native network functions - outcomes from the gw-tester nsm imp...Building cloud native network functions - outcomes from the gw-tester nsm imp...
Building cloud native network functions - outcomes from the gw-tester nsm imp...
 
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
GMOインターネット様 発表「OpenStackのモデルの最適化とConoHa, Z.comとGMOアプリクラウドへの適用」 - OpenStack最新情...
 
Understanding kube proxy in ipvs mode
Understanding kube proxy in ipvs modeUnderstanding kube proxy in ipvs mode
Understanding kube proxy in ipvs mode
 
vSRX
vSRXvSRX
vSRX
 

Similar to 20141102 VyOS 1.1.0 and NIFTY Cloud New Features

10.) vxlan
10.) vxlan10.) vxlan
10.) vxlan
Jeff Green
 
SR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and ImprovementSR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and Improvement
LF Events
 
Configure basic firewall and vpn
Configure basic firewall and vpnConfigure basic firewall and vpn
Configure basic firewall and vpn
Kumar
 
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad HedlundSDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
Chef Software, Inc.
 
VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration
Eddie Parra
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
Maximilan Wilhelm
 

Similar to 20141102 VyOS 1.1.0 and NIFTY Cloud New Features (20)

10.) vxlan
10.) vxlan10.) vxlan
10.) vxlan
 
Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000Deploying Carrier Ethernet features on ASR 9000
Deploying Carrier Ethernet features on ASR 9000
 
Deploying Carrier Ethernet Features on Cisco ASR 9000
Deploying Carrier Ethernet Features on Cisco ASR 9000Deploying Carrier Ethernet Features on Cisco ASR 9000
Deploying Carrier Ethernet Features on Cisco ASR 9000
 
Icnd210 s02l01
Icnd210 s02l01Icnd210 s02l01
Icnd210 s02l01
 
SR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and ImprovementSR-IOV ixgbe Driver Limitations and Improvement
SR-IOV ixgbe Driver Limitations and Improvement
 
Day 14.2 configuringvla ns
Day 14.2 configuringvla nsDay 14.2 configuringvla ns
Day 14.2 configuringvla ns
 
Approaching hyperconvergedopenstack
Approaching hyperconvergedopenstackApproaching hyperconvergedopenstack
Approaching hyperconvergedopenstack
 
Configure basic firewall and vpn
Configure basic firewall and vpnConfigure basic firewall and vpn
Configure basic firewall and vpn
 
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad HedlundSDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
SDN, Network Virtualization and the Software Defined Data Center – Brad Hedlund
 
ENSA_Module_10.pptx
ENSA_Module_10.pptxENSA_Module_10.pptx
ENSA_Module_10.pptx
 
Open contrail slides for BANV meetup
Open contrail slides for BANV meetupOpen contrail slides for BANV meetup
Open contrail slides for BANV meetup
 
Network Enhancements on BitVisor for BitVisor Summit 12
Network Enhancements on BitVisor for BitVisor Summit 12Network Enhancements on BitVisor for BitVisor Summit 12
Network Enhancements on BitVisor for BitVisor Summit 12
 
cisco-ws-c3560cx-12pd-s-datasheet.pdf
cisco-ws-c3560cx-12pd-s-datasheet.pdfcisco-ws-c3560cx-12pd-s-datasheet.pdf
cisco-ws-c3560cx-12pd-s-datasheet.pdf
 
Nexus 1000v part ii
Nexus 1000v part iiNexus 1000v part ii
Nexus 1000v part ii
 
Exploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul CogginExploiting First Hop Protocols to Own the Network - Paul Coggin
Exploiting First Hop Protocols to Own the Network - Paul Coggin
 
VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration VXLAN: Enhancements and Network Integration
VXLAN: Enhancements and Network Integration
 
Contemporary Linux Networking
Contemporary Linux NetworkingContemporary Linux Networking
Contemporary Linux Networking
 
Neutron Deep Dive
Neutron Deep Dive Neutron Deep Dive
Neutron Deep Dive
 
Deeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay NetworksDeeper Dive in Docker Overlay Networks
Deeper Dive in Docker Overlay Networks
 
Présentation Ikoula au Meet-up Docker à l'école 42
Présentation Ikoula au Meet-up Docker à l'école 42Présentation Ikoula au Meet-up Docker à l'école 42
Présentation Ikoula au Meet-up Docker à l'école 42
 

More from 雄也 日下部

More from 雄也 日下部 (11)

GoでEPC作って本番運用している話
GoでEPC作って本番運用している話GoでEPC作って本番運用している話
GoでEPC作って本番運用している話
 
VyOS Users Meeting Japan #4 VyOS 1.2.0の開発の様子と自動テストの話
VyOS Users Meeting Japan #4 VyOS 1.2.0の開発の様子と自動テストの話VyOS Users Meeting Japan #4 VyOS 1.2.0の開発の様子と自動テストの話
VyOS Users Meeting Japan #4 VyOS 1.2.0の開発の様子と自動テストの話
 
VyOSでMPLS
VyOSでMPLSVyOSでMPLS
VyOSでMPLS
 
20141121 zabbix conference_japan_2014_nifty_kusakabe
20141121 zabbix conference_japan_2014_nifty_kusakabe20141121 zabbix conference_japan_2014_nifty_kusakabe
20141121 zabbix conference_japan_2014_nifty_kusakabe
 
CoreOS OEM on NIFTY Cloud - CoreOS Meetup Tokyo #1 #coreosjp
CoreOS OEM on NIFTY Cloud - CoreOS Meetup Tokyo #1 #coreosjpCoreOS OEM on NIFTY Cloud - CoreOS Meetup Tokyo #1 #coreosjp
CoreOS OEM on NIFTY Cloud - CoreOS Meetup Tokyo #1 #coreosjp
 
JANOG 34 LT VyOS
JANOG 34 LT VyOSJANOG 34 LT VyOS
JANOG 34 LT VyOS
 
VYATTA USERS MEETING Spring 2014 VyOS
VYATTA USERS MEETING Spring 2014 VyOSVYATTA USERS MEETING Spring 2014 VyOS
VYATTA USERS MEETING Spring 2014 VyOS
 
VYATTA USERS MEETING Spring 2014 NIFTY Cloud
VYATTA USERS MEETING Spring 2014 NIFTY CloudVYATTA USERS MEETING Spring 2014 NIFTY Cloud
VYATTA USERS MEETING Spring 2014 NIFTY Cloud
 
Zabbix Conference Japan 2013 VMware monitoring
Zabbix Conference Japan 2013 VMware monitoringZabbix Conference Japan 2013 VMware monitoring
Zabbix Conference Japan 2013 VMware monitoring
 
jvum2013a niftycloud
jvum2013a niftycloudjvum2013a niftycloud
jvum2013a niftycloud
 
Jvum2013s niftycloud
Jvum2013s niftycloudJvum2013s niftycloud
Jvum2013s niftycloud
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Recently uploaded (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

20141102 VyOS 1.1.0 and NIFTY Cloud New Features

  • 1. Copyright © NIFTY Corporation All Rights Reserved. VyOS1.1.0 and NIFTY CloudNew Features Yuya Kusakabe-@higebu NIFTY Corp. VyOSUsers Meeting #2, Nov. 2, 2014
  • 2. Copyright © NIFTY Corporation All Rights Reserved. Confidential 2 VyOS1.1.0 released! Release date: Oct. 9, 2014 New features: Unmanaged L2TPv3 Dummy interfaces QinQ Event handler IGMP proxy Experimental features: VXLAN -> @upaa DMVPN For more detail: http://vyos.net/wiki/1.1.0/release_notes
  • 3. Copyright © NIFTY Corporation All Rights Reserved. Confidential 3 Lithium branch Helium is now feature frozen, please submit all patches to lithium.
  • 4. Copyright © NIFTY Corporation All Rights Reserved. VyOSon IaaS
  • 5. Copyright © NIFTY Corporation All Rights Reserved. Confidential 5 VyOSon IaaS AWS AMI さくらのクラウド( Sakura Cloud ) Images VPCルータ( VPC Router ) IDCFクラウド( IDCF Cloud ) Images NIFTY Cloud Images New network features
  • 6. Copyright © NIFTY Corporation All Rights Reserved. Confidential 6 AWS VyOS1.0.5 64bit https://aws.amazon.com/marketplace/pp/B00JK5UPF6
  • 7. Copyright © NIFTY Corporation All Rights Reserved. Confidential 7 さくらのクラウド( Sakura Cloud ) VyOS1.0.5 64bit http://cloud.sakura.ad.jp/
  • 8. Copyright © NIFTY Corporation All Rights Reserved. Confidential 8 さくらのクラウド( Sakura Cloud ) http://www.slideshare.net/sakuranocloud/20140727-vyosuserspost?qid=4616b826-dfa1-4ff9-9dce-d9f13516fd84
  • 9. Copyright © NIFTY Corporation All Rights Reserved. Confidential 9 IDCFクラウド( IDCF Cloud ) VyOS1.0.464bit http://www.idcf.jp/cloud/
  • 10. Copyright © NIFTY Corporation All Rights Reserved. Confidential 10 NIFTY Cloud VyOS1.0.5 64bitand 1.1.0 64bit
  • 11. Copyright © NIFTY Corporation All Rights Reserved. Confidential 11 New network features Release date: Nov. 2014 プライベートLAN ( Private network ) You can use multiple private network. ルーター( Router ) DHCP, NAT, Routing, Web Proxy VPNゲートウェイ( VPNGateway ) IPsec Unmanaged L2TPv3 over IPsec Managed L2TPv3 over IPsec
  • 12. Copyright © NIFTY Corporation All Rights Reserved. Confidential 12 About Managed L2TPv3 Enhanced xl2tpd For Managed L2TPv3 The source code will be released as open source. Enhanced ebtables For storm control This is NIFTY Cloud original commands… Special thanks to @m_asama!
  • 13. Copyright © NIFTY Corporation All Rights Reserved. Confidential 13 Managed L2TPv3 Commands set system l2tpv3 router-id { local address } set interfaces l2tpv3 l2tpeth0 bridge-group bridge br0 set interfaces l2tpv3 l2tpeth0 encapsulation udp set interfaces l2tpv3 l2tpeth0 mode { lnsor lac } set interfaces l2tpv3 l2tpeth0 remote-ip{ remote address } set interfaces l2tpv3 l2tpeth0 remote-end-id { remote end id }
  • 14. Copyright © NIFTY Corporation All Rights Reserved. Confidential 14 Storm control Commands set service nifty-cloud-bridge-filter interface eth3 set service nifty-cloud-bridge-filter mac-addr-limit 20/30 set service nifty-cloud-bridge-filter mcast-limit 1000/s set service nifty-cloud-bridge-filter mcast-limit-burst 2000 And if above setting is enabled, ebtablesdrops except IPv4 and ARP packets.
  • 15. Copyright © NIFTY Corporation All Rights Reserved. Extending Home networkto NIFTY Cloudacross the Internet with L2TPv3 / IPsec
  • 16. Copyright © NIFTY Corporation All Rights Reserved. Confidential 16 The Internet Network configuration ManagedL2TPv3 / IPsec My Home FLET'S HIKARI NEXT High-Speed Type For Houses 192.168.100.0/24 121.94.82.26 192.168.100.0/24 Same subnet dhcp Customized VyOS1.0.5 amd64 YAMAHA RTX1200
  • 17. Copyright © NIFTY Corporation All Rights Reserved. Confidential 17 Setting up NIFTY Cloud VPN Gateway Demo No Photographs
  • 18. Copyright © NIFTY Corporation All Rights Reserved. Confidential 18 Setting up YAMAHA RTX1200 # # IP configuration # iproute default gateway pp 1 # # Bridge configuration # bridge member bridge1 lan1 tunnel4 ipbridge1 address 192.168.100.1/24 # # NAT Descriptor configuration # nat descriptor type 1 masquerade ### PP 1 ### pp select 1 pp always-on on pppoeuse lan2 pp authaccept pap chap pp authmyname{FLET’S ID} {FLET’S Password} ppplcpmruon 1454 pppipcpipaddresson pppipcpmsexton ippp mtu1454 ippp natdescriptor 1 pp enable 1
  • 19. Copyright © NIFTY Corporation All Rights Reserved. Confidential 19 Setting up YAMAHA RTX1200 ### TUNNEL 4 ### tunnel select 4 tunnel encapsulation l2tpv3 tunnel endpoint address 192.168.100.1 121.94.82.26 ipsectunnel 104 ipsecsapolicy 104 4 espaes256-cbc sha-hmac ipsecikeduration ipsec-sa4 3600 ipsecikeduration ike-sa4 28800 ipsecikeencryption 4 aes256-cbc ipsecikegroup 4 modp1024 ipsecikehash 4 sha ipsecikekeepaliveuse 4 on dpd ipsecikelocal address 4 192.168.100.1 ipsecikepfs4 on ipsecikepre-shared-key 4 text {pre shared key} ipsecikeremote address 4 121.94.82.26
  • 20. Copyright © NIFTY Corporation All Rights Reserved. Confidential 20 Setting up YAMAHA RTX1200 l2tp always-on on l2tp hostname YAMAHA-RTX1200 l2tp tunnel authoff l2tp tunnel disconnect time off l2tp keepaliveuse on 20 3 l2tp keepalivelog on l2tp syslog on l2tp local router-id {WAN IP Address} l2tp remote router-id 121.94.82.26 l2tp remote end-id niftycloud tunnel enable 4 # # IPSEC configuration # ipsecauto refresh on ipsectransport 4 104 udp1701 # # L2TP configuration # l2tp service on # # DHCP configuration # dhcp service server dhcp server rfc2131 compliant except remain-silent dhcp scope 1 192.168.100.10-192.168.100.254/24 For more detail: http://jp.yamaha.com/products/network/solution/vpn-connect-l2tpv3-rtx1200/
  • 21. Copyright © NIFTY Corporation All Rights Reserved. Confidential 21 Performance This is for reference. NIFTY Cloud does not guarantee the performance. 30 15 80 70 600 0 100 200 300 400 500 600 700 Cloud->Home Home->Cloud Cloud->Home Home->Cloud Cloud->Cloud L2TPv3/Ipsec/Internet Internet L2TPv3/IPsec
  • 22. Copyright © NIFTY Corporation All Rights Reserved. Confidential 22 Conculusion VyOS1.1.0 released! Lithium branch! You can use VyOSon some IaaS. NIFTY Cloud new features, private network, router, and VPN gateway. Enhanced xl2tpd and ebtableswill be released as open source. VPN gateway can connect to YAMAHA RTX1200 with L2TPv3/IPsec.
  • 23. Copyright © NIFTY Corporation All Rights Reserved. Thank you for listening! We are hiring! http://www.nifty.co.jp/recruit/
  • 24. Copyright © NIFTY Corporation All Rights Reserved. Confidential 24