The document discusses new features of VyOS 1.1.0 including unmanaged L2TPv3, dummy interfaces, and QinQ. It also describes running VyOS on various IaaS platforms and NIFTY Cloud's new network features such as private networks, routers, and VPN gateways. Enhanced software for managed L2TPv3 will be released as open source to allow VPN connectivity between routers and NIFTY Cloud via L2TPv3/IPsec tunnels.

1. Copyright © NIFTY Corporation All Rights Reserved.
VyOS1.1.0 and NIFTY CloudNew Features
Yuya Kusakabe-@higebu
NIFTY Corp.
VyOSUsers Meeting #2,
Nov. 2, 2014

2. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
2
VyOS1.1.0 released!
Release date: Oct. 9, 2014
New features:
Unmanaged L2TPv3
Dummy interfaces
QinQ
Event handler
IGMP proxy
Experimental features:
VXLAN -> @upaa
DMVPN
For more detail:
http://vyos.net/wiki/1.1.0/release_notes

3. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
3
Lithium branch
Helium is now feature frozen, please submit all patches to lithium.

4. Copyright © NIFTY Corporation All Rights Reserved.
VyOSon IaaS

5. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
5
VyOSon IaaS
AWS
AMI
さくらのクラウド( Sakura Cloud )
Images
VPCルータ( VPC Router )
IDCFクラウド( IDCF Cloud )
Images
NIFTY Cloud
Images
New network features

6. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
6
AWS
VyOS1.0.5 64bit
https://aws.amazon.com/marketplace/pp/B00JK5UPF6

7. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
7
さくらのクラウド( Sakura Cloud )
VyOS1.0.5 64bit
http://cloud.sakura.ad.jp/

8. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
8
さくらのクラウド( Sakura Cloud )
http://www.slideshare.net/sakuranocloud/20140727-vyosuserspost?qid=4616b826-dfa1-4ff9-9dce-d9f13516fd84

9. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
9
IDCFクラウド( IDCF Cloud )
VyOS1.0.464bit
http://www.idcf.jp/cloud/

10. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
10
NIFTY Cloud
VyOS1.0.5 64bitand 1.1.0 64bit

11. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
11
New network features
Release date: Nov. 2014
プライベートLAN ( Private network )
You can use multiple private network.
ルーター( Router )
DHCP, NAT, Routing, Web Proxy
VPNゲートウェイ( VPNGateway )
IPsec
Unmanaged L2TPv3 over IPsec
Managed L2TPv3 over IPsec

12. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
12
About Managed L2TPv3
Enhanced xl2tpd
For Managed L2TPv3
The source code will be released as open source.
Enhanced ebtables
For storm control
This is NIFTY Cloud original commands…
Special thanks to @m_asama!

13. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
13
Managed L2TPv3 Commands
set system l2tpv3 router-id { local address }
set interfaces l2tpv3 l2tpeth0 bridge-group bridge br0
set interfaces l2tpv3 l2tpeth0 encapsulation udp
set interfaces l2tpv3 l2tpeth0 mode { lnsor lac }
set interfaces l2tpv3 l2tpeth0 remote-ip{ remote address }
set interfaces l2tpv3 l2tpeth0 remote-end-id { remote end id }

14. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
14
Storm control Commands
set service nifty-cloud-bridge-filter interface eth3
set service nifty-cloud-bridge-filter mac-addr-limit 20/30
set service nifty-cloud-bridge-filter mcast-limit 1000/s
set service nifty-cloud-bridge-filter mcast-limit-burst 2000
And if above setting is enabled, ebtablesdrops except IPv4 and ARP packets.

15. Copyright © NIFTY Corporation All Rights Reserved.
Extending Home networkto NIFTY Cloudacross the Internet with L2TPv3 / IPsec

16. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
16
The Internet
Network configuration
ManagedL2TPv3 / IPsec
My Home
FLET'S HIKARI NEXT
High-Speed Type
For Houses
192.168.100.0/24
121.94.82.26
192.168.100.0/24
Same subnet
dhcp
Customized
VyOS1.0.5 amd64
YAMAHA RTX1200

17. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
17
Setting up NIFTY Cloud VPN Gateway
Demo
No Photographs

18. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
18
Setting up YAMAHA RTX1200
#
# IP configuration
#
iproute default gateway pp 1
#
# Bridge configuration
#
bridge member bridge1 lan1 tunnel4
ipbridge1 address 192.168.100.1/24
#
# NAT Descriptor configuration
#
nat descriptor type 1 masquerade
### PP 1 ###
pp select 1
pp always-on on
pppoeuse lan2
pp authaccept pap chap
pp authmyname{FLET’S ID} {FLET’S Password}
ppplcpmruon 1454
pppipcpipaddresson
pppipcpmsexton
ippp mtu1454
ippp natdescriptor 1
pp enable 1

19. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
19
Setting up YAMAHA RTX1200
### TUNNEL 4 ###
tunnel select 4
tunnel encapsulation l2tpv3
tunnel endpoint address 192.168.100.1 121.94.82.26
ipsectunnel 104
ipsecsapolicy 104 4 espaes256-cbc sha-hmac
ipsecikeduration ipsec-sa4 3600
ipsecikeduration ike-sa4 28800
ipsecikeencryption 4 aes256-cbc
ipsecikegroup 4 modp1024
ipsecikehash 4 sha
ipsecikekeepaliveuse 4 on dpd
ipsecikelocal address 4 192.168.100.1
ipsecikepfs4 on
ipsecikepre-shared-key 4 text {pre shared key}
ipsecikeremote address 4 121.94.82.26

20. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
20
Setting up YAMAHA RTX1200
l2tp always-on on
l2tp hostname YAMAHA-RTX1200
l2tp tunnel authoff
l2tp tunnel disconnect time off
l2tp keepaliveuse on 20 3
l2tp keepalivelog on
l2tp syslog on
l2tp local router-id {WAN IP Address}
l2tp remote router-id 121.94.82.26
l2tp remote end-id niftycloud
tunnel enable 4
#
# IPSEC configuration
#
ipsecauto refresh on
ipsectransport 4 104 udp1701
#
# L2TP configuration
#
l2tp service on
#
# DHCP configuration
#
dhcp service server
dhcp server rfc2131 compliant except remain-silent
dhcp scope 1 192.168.100.10-192.168.100.254/24
For more detail:
http://jp.yamaha.com/products/network/solution/vpn-connect-l2tpv3-rtx1200/

21. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
21
Performance
This is for reference.
NIFTY Cloud does not guarantee the performance.
30
15
80
70
600
0
100
200
300
400
500
600
700
Cloud->Home
Home->Cloud
Cloud->Home
Home->Cloud
Cloud->Cloud
L2TPv3/Ipsec/Internet
Internet
L2TPv3/IPsec

22. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
22
Conculusion
VyOS1.1.0 released!
Lithium branch!
You can use VyOSon some IaaS.
NIFTY Cloud new features, private network, router, and VPN gateway.
Enhanced xl2tpd and ebtableswill be released as open source.
VPN gateway can connect to YAMAHA RTX1200 with L2TPv3/IPsec.

23. Copyright © NIFTY Corporation All Rights Reserved.
Thank you for listening!
We are hiring!
http://www.nifty.co.jp/recruit/

24. Copyright © NIFTY Corporation All Rights Reserved.
Confidential
24