機器実装の理解: ルータ製品によって設定概念が大きく異なる(FortiGateの抽象化 vs YAMAHAの直接定義)。
Introduction
This document provides a systematic explanation for engineers on the IPoE (IP over Ethernet) method, which has become the mainstream for recent internet connections, covering its mechanism, related technologies, and differences from the conventional PPPoE method.
1 | Prerequisites for IPoE: Scope and Major Services
1-1 | IPoE is Specific to NTT Group Lines
The IPoE and VNE operator-mediated connection model described in this document is a mechanism specific to NTT East/West FLET'S Hikari lines (and Hikari Collaboration models).
NTT Group Lines (FLET'S Hikari / Hikari Collaboration)
A new bypass route called IPoE + VNE was established to avoid the bottleneck of the PPPoE method (congestion at the Network Termination Equipment: NTE). Therefore, the technologies explained in this document (MAP-E, DS-Lite, etc.) are only applicable when using these lines.
Independent Line Operators (au Hikari, NURO Hikari, eo Hikari, etc.)
These operators build and operate their own fiber-optic networks, different from NTT. Therefore, they do not pass through NTT's NTE, which is the bottleneck for PPPoE, and are generally unrelated to PPPoE congestion issues. Their connection method is also a more direct way to connect to the internet (a broader sense of IPoE).
Why is "IPv4 over IPv6" needed even for independent lines?
The main reason for implementing IPv4 over IPv6 technology on independent lines, unrelated to avoiding NTT network congestion, is to address the global "IPv4 address exhaustion problem."
Issue
Explanation
IPv4 Address Exhaustion
The pool of assignable global IPv4 addresses is nearly depleted worldwide, making it physically impossible to provide a unique IPv4 address to every user.
IPv4/IPv6 Coexistence
While network infrastructure is shifting towards an IPv6-centric design, many websites and services on the internet still only support IPv4.
Solution
By combining tunneling technologies like DS-Lite with Carrier-Grade NAT (CGN) on the operator side, a limited number of global IPv4 addresses can be shared among many users, ensuring connectivity from the IPv6 network to the IPv4 internet.
Difference in Purpose
The primary purpose of IPv4 over IPv6 on independent lines is "effective use of IPv4 addresses" rather than "congestion avoidance," which is a major difference from NTT Group lines.
1-2 | Major IPoE Services and VNE Operators
The following are representative examples of VNE operators and the major IPoE services provided using their platforms.
Service Brand Name
VNE Operator
IPv4 over IPv6 Method
Example ISPs/Line Services
v6 Plus
JPNE
MAP-E
@nifty Hikari, So-net Hikari Plus, GMO Tokutoku BB Hikari, etc.
transix
IIJ
DS-Lite (IPIP for fixed IP)
IIJmio Hikari, Excite MEC Hikari, etc.
OCN Virtual Connect
NTT Communications
MAP-E / DS-Lite
OCN Hikari, docomo Hikari, anovo, etc.
Cross Pass
ARTERIA Networks
MAP-E
DTI Hikari, U-NEXT Hikari, etc.
IPv6 Option
BIGLOBE
MAP-E
BIGLOBE Hikari, etc.
2 | Overview and Comparison of IPoE and PPPoE
2-1 | PPPoE (Point-to-Point Protocol over Ethernet)
Connection Method
Communicates by encapsulating the PPP protocol within Ethernet frames. It authenticates the user (ID/password) and establishes a virtual one-to-one tunnel with the NTE (Network Termination Equipment) to connect to the internet.
Historical Background
In the early days of the internet, PPP was the standard for dial-up connections to handle user authentication and IP address assignment. As the broadband era began and physical lines were replaced by Ethernet, ISPs wanted to reuse their existing authentication and billing systems (like RADIUS servers). PPPoE was devised to establish a logical PPP session over Ethernet, allowing ISPs to offer broadband services without major equipment changes.
Features
Authentication: Requires user ID and password.
Bottleneck: Structurally, the processing capacity of the NTE and the ISP's capacity planning often became a bottleneck for communication speed.
2-2 | IPoE (IP over Ethernet)
Connection Method
A simple method that places IP packets directly on Ethernet frames. It does not use tunneling like PPP and connects more directly to the VNE operator's network.
Authentication
It does not perform user authentication with an ID/password but identifies the user based on physical line information (line authentication).
2-3 | Comparison
Item
PPPoE
IPoE
Communication Method
PPP Tunnel Method
Native Method (IP over Ethernet)
Authentication Method
ID/Password Authentication
Line Authentication
Bandwidth
Prone to bottlenecks at the NTE
High-speed via VNE's high-bandwidth GW
IP Address
Primarily IPv4
Primarily IPv6
Configuration
Requires ID/password setup on HGW or router
Generally, no connection setup required on compatible routers (automatic)
3 | Basic IPoE Configuration and the Changing Role of ISPs
3-1 | Business Model and ISP's Position Change
The introduction of IPoE connections has significantly changed the role of Internet Service Providers (ISPs).
ISPs in the Traditional PPPoE Model
ISPs connected their own equipment to NTT's NTE and directly handled everything from user authentication to IP address assignment.
In the IPoE method, large-scale gateway equipment directly connected to NTT's NGN is required to bypass the NTE. VNE (Virtual Network Enabler) emerged as a specialized operator to handle this role.
Many ISPs chose a business model of reselling the connection services provided by VNEs instead of making large investments themselves.
Core functions such as IP address management and IPv4 over IPv6 implementation are now handled by VNEs, and the role of ISPs has shifted to packaging, selling, supporting, and billing for VNE services.
Therefore, the user experience (communication speed and stability) depends more on the VNE operator used by the contracting ISP than on the ISP itself.
3-2 | Differences in IPv4 and IPv6 Address Assignment Models
To understand IPoE, it is important to grasp the fundamental differences in address assignment methods between IPv4 (PPPoE) and IPv6 (IPoE).
Traditional IPv4 (PPPoE) Model: Assignment by "Quantity"
Dynamic IP: One available global IPv4 address is dynamically assigned upon each connection.
Fixed IP: Through an optional contract, a specific global IPv4 address is fixedly assigned in units such as 1, 8 (/29), or 16 (/28) addresses.
New IPv6 (IPoE) Model: Assignment by "Block"
Prefix Delegation (PD): In IPv6, instead of a single address, a block of IP addresses called a "prefix" is assigned to the router.
This mechanism is realized by the DHCPv6-PD protocol, and ISPs typically assign prefixes of size /48 or /56.
This allows all devices under the router to have a unique global IPv6 address and communicate directly without going through NAPT.
4 | IPv4 over IPv6 Technology
In an IPoE connection, IPv6 communication is native. However, many websites and services on the current internet still operate on IPv4.
Therefore, to access the vast IPv4 internet assets using the IPv6 communication network, a tunneling technology that wraps IPv4 packets in IPv6 packets (IPv4 over IPv6) is virtually essential.
4-1 | MAP-E (Mapping of Address and Port - Encapsulation)
Mechanism
A shared IPv4 address and a range of available port numbers are assigned from the VNE, and the user's router performs NAPT and IPv6 encapsulation.
Features
There are restrictions on the usable port numbers, but it excels in scalability as the VNE's gateway operates statelessly.
A technology that performs two-stage address and protocol translation on the terminal side (CLAT) and the mobile carrier network side (PLAT). It enables seamless access from an IPv6-only mobile network to the IPv4 internet.
5 | Differences in Configuration Concepts on Major Network Devices
Here, we explain the differences in the IPv4 over IPv6 configuration approach using FortiGate and YAMAHA RTX routers as examples.
FortiGate highly abstracts the IPv4 over IPv6 tunnel as a virtual transparent interface. This allows administrators to apply traffic control and UTM functions by creating familiar firewall policies without being aware of the complex encapsulation process.
Configuration Flow Outline (for MAP-E)
Enable DHCPv6-PD on the physical WAN interface to obtain an IPv6 prefix.
Specify the VNE operator (e.g., v6 plus) in the MAP-E settings.
A vne-virtual-wire-pair interface is automatically generated within the system.
Create a firewall policy from the LAN side to this virtual interface and apply UTM functions.
Key Concept: Direct configuration with `tunnel` command
On an RTX router, you define a virtual tunnel interface with the tunnel select command and explicitly specify the protocol, such as tunnel encapsulation map-e. A strength unique to a domestic manufacturer is the availability of convenient shortcut commands, like tunnel map-e name v6plus, which call up settings for major VNEs, greatly simplifying configuration.
Configuration Flow Outline (for MAP-E)
Configure to obtain an IPv6 prefix from the provider using the ipv6 prefix command.
Prepare a tunnel interface with tunnel select.
Define the method and service with tunnel encapsulation map-e and tunnel map-e name v6plus.
Enable NAPT on this tunnel with the ip tunnel nat descriptor command.
Enable the tunnel with tunnel enable.
5-3 | Comparison of Approaches
Aspect
FortiGate (UTM)
YAMAHA RTX (Router)
Configuration Approach
GUI-based, abstraction via virtual interface
CUI-based, direct definition via commands
Ease of Management
Visually intuitive and can be unified with policy management
Requires command knowledge, but behavior is clear
Flexibility
Fine-tuning is limited due to abstraction
Highly flexible with detailed configuration at the command level
Primary Goal
Implementation focused on applying security features
Implementation focused on reliable routing and connectivity
Target User
Environments where security administrators also manage infrastructure
Environments with dedicated network engineers
6 | Key Points Summary
Understand the Scope: The IPoE (VNE model) is a technology to bypass PPPoE congestion on the NTT FLET'S network. It is irrelevant for independent line networks like au Hikari.
Understand the Operator Structure: Communication quality largely depends on the VNE operator adopted by the ISP, rather than the ISP itself.
Understand the Protocols: Native communication is IPv6. IPv4 communication is achieved through tunneling such as MAP-E or DS-Lite.
Understand the Addressing System: IPv4 is assigned by "quantity," while IPv6 is assigned by "block (prefix)."
Understand Port Control: Port usage is restricted with MAP-E/DS-Lite. A fixed IP (e.g., IPIP) is essential for server hosting.
Understand Device Implementation: Configuration concepts differ significantly between router products (FortiGate's abstraction vs. YAMAHA's direct definition).