fakemanhk / openwrt-jp-ipoe

Configure OpenWRT to work with Japan NTT IPv6 service
132 stars 14 forks source link
docomo ipoe ipv6 map-e ntt openwrt

Configuring OpenWrt to work with Japan NTT IPv6 (MAP-E) service

The problem:

ISPs with NTT mostly support both IPv4 & IPv6 implementations, while former one usually by using PPPoE which can introduce higher latency, during peak hours it can be also very slow in some busy districts. IPv6 is their newly promoted way to connect to internet which doesn't require PPPoE (note there is no PPPoE for 10G plan, IPoE is the only option),  they also claim this is a much faster option, with IPv4 over IPv6 together users should retain traditional IPv4 connectivity. Unfortunately if you subscribe the internet service without using Hikari Denwa (ひかり電話) residential phone service, you will end up getting /64 prefix address as well as without router advertisement (RA), if you don't use vendor provided router it would be extremely difficult to set up your IPv6 network with IPv4 over IPv6 connectivity.

There exist a few different implementations (DS-LITE/Transix/MAP-E)  in Japan, so not all providers can do the same way, here I am only referring to my own provider NTT ぷらら (plala), which is MAP-E implementation.

Setup:

The whole setup was first tested with GL-INET MT1300 (beryl, v22.03.3) and verified with NanoPi R4S (4GB, v22.03.3) as well as Linksys WRT3200ACM (rango, v22.03.2) and Jetway NF9HG-N2930 (x86, v22.03.3) on 1G plan.

In October 2023 I have verified this setup is also working with Netgear WAX206 (v23.05.0) on upgraded 10G plan.

Note: I didn't notice that my upgraded 10G plan is slightly different from the original 1G plan, the old one comes with /64 prefix without prefix delegation (PD), while the 10G plan already give you /56 prefix with PD even you don't pay for the Hikari phone service! Here is a discussion about it.

Under DHCP Server > IPv6 Setting, follow these settings:

  • Designated master ON
  • RA-Service: relay mode
  • DHCPv6-Service: relay mode
  • NDP-Proxy: relay mode
  • Learn routes: ON

Save & Apply setting, you should see a public IPv6 address being assigned to your WAN6 interface (usually starting with 2400)

config interface 'wan6'

            option device 'eth1'

            option proto 'dhcpv6'

            option reqaddress 'try'

            option reqprefix 'auto'

            option ip6prefix '2400:aaaa:bbbb:cccc::/64'

Note: Previously I had failed my setup because of missing this step, it wasn't mentioned in most resources I found on web, and I eventually got a MAP rule invalid error.

You clients can probably get public IPv6 addresses (*) from router now! But this will be IPv6 access only and you are still missing the IPv4 connectivity, another MAP-E interface is required to fill the gap.

(*) Some clients might not work with DHCPv6, and you'll need SLAAC, please refer to the discussion here to change the settings.

Note: Before I ran the above calculator, I used the Buffalo router that came with ISP to connect the internet service, logged into that router and from status page I can see that at least the IPv4 address and port numbers are the same as above, so I believe the parameters I get from the calculator should be correct, you might want to do this as a verification.

Note: Don't forget to add this WAN6MAPE interface to same firewall zone as WAN/WAN6 since this is also part of WAN.

ADVANCED CUSTOM CONFIGURATION

MAP-E with IPv4 sharing from ISP is designed to share same IPv4 address with many customers, with different ports being assigned based on IETF rules, the above linked parameter calculator already shown the assigned ports, usually it's divided into groups of 16 ports, according to this discussion JPNE assigns 15 groups (240 ports), while OCN/plala assign 63 groups (1008 ports). In most cases this should be enough for most home uses (since only IPv4 connections will use them), however a recent test with well known IPv4 based website that uses many sessions showing a significant lagging while loading. After investigation the OpenWrt firewall statistics indicating only first group of assigned ports (i.e. only 16 ports) being used and this is the reason of lagging when a large number of simultaneous IPv4 sessions opening, also IPv4 PING is not working. Not sure if it's because Japan ISP MAP-E configuration has something MAP package can't deal with, as a result a system change is required for /lib/netifd/proto/map.sh.

You can download the whole file here and replace it, don't forget to turn on the execute bit of the file after replacement.

After editing, please restart IPv6 interface, or simply reboot router, you'll see that IPv4 PING is working as well as observing more port groups passing traffic now.

Eventually you should see the following screen under Network > Interfaces, WAN6MAPE should get the IPv4 exactly the same as using the ISP provided router, there is also a Virtual dynamic interface automatically created when MAP-E interface started correctly.

From Status > Overview you'll see both IPv4 Upstream and IPv6 Upstream information:

(Note: If your plan comes with prefix delegation, your IPv6 Upstream might not show you any address, only a prefix will be shown, this is NORMAL)

Testing with my Linux laptop by visiting the OCN connectivity verification page, both IPv4/IPv6 addresses should be the same as above upstream informations:

SUCCESS!!

Some speed test results

From time to time, you might observe ip6_tunnel: map-MAPE xmit: Local address not yet configured! in kernel log, this can be ignored and you don't need to worry about it.

Reference materials:

https://datatracker.ietf.org/doc/html/draft-ietf-softwire-map-03#page-6

https://www.labohyt.net/blog/lan/post-6760/

https://zenn.dev/yakumo/articles/19cbc6309d8143cc9349b2fb0d29771e

https://blog.hinaloe.net/2020/03/14/openwrt-mape-ocn/

First draft: 17 Jan 2023

Last Edit: 05 June 2024