XS4ALL Fiber optic link configuration



I have various Debian GNU Linux PCs hooked up to a gigabit Ethernet network.
In my setup, everything is static. There is no DHCP (at least not for NIC IP address configuration purposes) or routing daemon. Everything is configured by means of static config files; The resolvconf package is not installed. I run my own nameserver.
I get my IPv4 address and IPv6 /48 prefix from the XS4ALL website, which I then cut and paste to the various config files (convert upper case hex digits to lower case first).
I don't have systemd; I use a classic SysV boot (actually insserv).
The Ethernet interface for my LAN is 'eth0'. The link to my NTU uses 'eth1'. Both are gigabit Ethernet;

                        ┌─────┐           eth1 │ Linux  │ eth0
  FttH >────────────────┤ NTU ├────────────────┤ Server ├──────────────────> LAN
         Gbit           └─────┘ Gbit           │        │ Gbit
         Fiber Optic            Ethernet       └────────┘ Ethernet

I do not use the 'Fritz!Box'!
The NTU is directly connected to the Linux server.


For fiber optic- and VDSL(2) links, XS4ALL uses PPPoE in VLAN 6. Baby jumbo is supported. So you can use an IP MTU of 1500, provided your NIC supports a MTU > 1500;

   │    VLAN  MTU 1512     │
   │ ┌───────────────────┐ │
   │ │  PPPoE MTU 1508   │ │
   │ │ ┌───────────────┐ │ │
   │ │ │ IP   MTU 1500 │ │ │
   │ │ └───────────────┘ │ │
   │ └───────────────────┘ │

Otherwise you need to reduce your IP MTU;

   │    VLAN  MTU 1500     │
   │ ┌───────────────────┐ │
   │ │  PPPoE MTU 1496   │ │
   │ │ ┌───────────────┐ │ │
   │ │ │ IP   MTU 1488 │ │ │
   │ │ └───────────────┘ │ │
   │ └───────────────────┘ │

To get XS4ALL to route the IPv6 /48 to you, you need to do a DHCPv6 Prefix Delegation request. To this end the Debian package 'Wide-DHCPv6-Client' is installed.

Required packages


PPPD and IPv6

  1. For IPv6 the PPPD uses IPv6 link-local addresses for the PPP link ends. Which actually makes sense, but may seem a bit odd at first.
  2. These addresses may be different each time the PPP link comes up.
  3. It does not necessarily set an IPv6 route the the remote end.
  4. It does not necessarily set an IPv6 default route, even if the config file says it should!


  1. dhcp6c won't start if the PPP link isn't up.
  2. dhcp6c is hard to kill.
  3. You need to remove the DUID file before a (re)start.
  4. dhcp6c doesn't necessarily know where to send config requests to. You need an IPv6 route to the outside world (IPv6 default route) for dhcp6c to work. Without this it will complain: 'client6_send: transmit failed: Network is unreachable'.

The DUID (DHCP Unique Identifier) contains the media type, a mac address and a timestamp in seconds since 00:00:00 jan 1st 2000 UTC.


The config below is still a bit experimental.



# Fiber optic link
auto eth1
iface eth1 inet manual
	mtu 1512

# VLAN 6
# VLAN number is derived from interface name
auto eth1.6
iface eth1.6 inet manual
	pre-down ( poff provider ) &
	up ip link set eth1.6 up
	mtu 1508
	down ifconfig eth1.6 down
	post-up ( pon provider ) &

If you stick to the 'ethx.y' naming scheme, where 'x' and 'y' are decimal numbers, you don't need a 'vlan-raw-device ethx' statement.
'manual' means that it doesn't get configured (IP address assigned to it) right now (or ever).
You need the 'up ip link set eth1.6 up' statement to actually make the interface go up. Otherwise it just gets configured without going up. If you want to check this: 'ifconfig -a' shows all interfaces, 'ifconfig' just the ones that are actually up.
'post-up ( pon provider ) &' actually starts the PPPD.



ifname wan
+ipv6 ipv6cp-use-ipaddr
connect /bin/true
lcp-echo-interval 10
maxfail 0
holdoff 10
mtu 1500
mru 1500
plugin rp-pppoe.so eth1.6
user "Some_User@xs4all.nl"

'ifname wan' provides the PPP interface with an unique name.
You need the appropriate entries in /etc/ppp/pap-secrets as well.



# Defaults for dhcpv6 client initscript
# Used by /etc/init.d/wide-dhcpv6-client

# Interfaces on which the client should send DHCPv6 requests and listen to
# answers. If empty, the client is deactivated.


profile default
  script "/etc/wide-dhcpv6/dhcp6c-script";

interface wan {
    send ia-pd 0;

id-assoc pd 0 {
   prefix-interface eth1 {
       sla-len 16;
       sla-id 0;
       ifid 1;

You can replace 'dhcp6c-script' with a script which doesn't do anything at all;

exit 0

'sla' means 'Site-Level Aggregation identifier'. In a prefix '2001:0db8:1234::/48' it's the '1234' bit. These are four hex digits, so it's 16 bits long (sla-len).
It insists a assigning an IP address to an interface. I have no idea how to get rid of this!




# Sets route to remote IPv6 address of PPP link
if ! ( ip -6 route | grep -q "${PPP_REMOTE}" )
	ip -6 route add "${PPP_REMOTE}" dev "${PPP_IFACE}"

You don't actually need this, but it looks good in a route overview.

Called from /etc/ppp/ip-up

I don't use the regular scripts in '/etc/ppp/ip-up.d/' and '/etc/ppp/ip-down.d/'. You may need to modify the stuff below to suit your needs.

# Take care of the (default) route(s)
case $PPP_LOCAL in
	# Xs iface
	# Restart NTPD
	/etc/init.d/ntp restart 2>&1 | mail -s "NTPD restarted" root@Your_Domain
	# IPv6 stuff
	# Make sure link works
	ping -c5 $PPP_REMOTE
	# Default route
	if ! ( ip -6 route | grep -q default )
                ip -6 route add default dev wan
	# Restart DHCPv6
	/etc/init.d/wide-dhcpv6-client stop
	sleep 2
	killall dhcp6c
	sleep 2
	killall -9 dhcp6c
	sleep 2
	rm /var/lib/dhcpv6/dhcp6c_duid
	sleep 2
	/etc/init.d/wide-dhcpv6-client start



IPv6 uses IPv6 link-local (fe80::/10) - and IPv6 multicast addresses (ff02::/16) for internal housekeeping and configuration. If you firewall these to heavy, some things will not work.
It can be handy to enable debugging. In '/etc/wide-dhcpv6/etc/init.d/wide-dhcpv6-client' add '-D' (shown red);

case "$1" in
		log_daemon_msg "Starting $DESC" "$NAME"
		start-stop-daemon --start --quiet --pidfile $DHCP6CPID \
			--oknodo --exec $DHCP6CBIN -- -D -Pdefault $INTERFACES
		sleep 2

If things don't work, have a look at '/var/log/syslog'.



sput:~$ ping www.xs4all.nl
PING www.xs4all.nl ( 56(84) bytes of data.
64 bytes from www.xs4all.nl ( icmp_seq=1 ttl=62 time=2.91 ms
64 bytes from www.xs4all.nl ( icmp_seq=2 ttl=62 time=2.90 ms
64 bytes from www.xs4all.nl ( icmp_seq=3 ttl=62 time=2.86 ms
64 bytes from www.xs4all.nl ( icmp_seq=4 ttl=62 time=2.84 ms
64 bytes from www.xs4all.nl ( icmp_seq=5 ttl=62 time=2.92 ms

sput:~$ ping6 www.xs4all.nl
PING www.xs4all.nl(www.xs4all.nl) 56 data bytes
64 bytes from www.xs4all.nl: icmp_seq=1 ttl=62 time=2.86 ms
64 bytes from www.xs4all.nl: icmp_seq=2 ttl=62 time=2.90 ms
64 bytes from www.xs4all.nl: icmp_seq=3 ttl=62 time=2.86 ms
64 bytes from www.xs4all.nl: icmp_seq=4 ttl=62 time=2.89 ms
64 bytes from www.xs4all.nl: icmp_seq=5 ttl=62 time=2.86 ms

Speed test

I found that the most reliable way of testing things, is file up- and download with shell.xs4all.nl. A 'wget --no-proxy URL' will get you the speed in bytes per second. Multiply by eight to get bits per second.

Additional notes on booting

A boot might 'hang' with considerable timeouts on the following;

  1. All interfaces need to be up.
  2. All NFS volumes need to be mounted.

The 1st I fixed by calling the PPP-link from /etc/network/interfaces instead of putting the PPP interface directly in /etc/network/interfaces. If the PPP-link doesn't come up, all the services are still started (This is based on experiences from the 1990-ies. Things might be different now).
The 2nd I fixed by using IP addresses instead of hostnames for NFS mounts in /etc/fstab: If the nameserver is down, the remote discs are still mounted. I also mount in the background (bg option in /etc/fstab). This way if a remote disc can't be mounted, the boot still proceeds.