2,252 瀏覽數

ISC DHCPv6


這一篇主要使用 ISC DHCPv6 的方式:並參考了 RHEL6 官方網頁說明 如何在 RHEL 6 下建立 ISC DHCPv6 的方式

IPv6 的位址自動指派 (address auto-configuration) 主要可以區分為下列幾種

預設閘道 位址指配 DNS
人工配置位址 手動 手動 手動
SLAAC RDNSS RA RA RA
Stateless DHCPv6 RA RA DHCP
Stateful DHCPv6 RA DHCP DHCP

除了 人工配置位址 外,其他都是透過下面兩種 Auto-configuration.

  1. Advertisement(RA) Daemon (radvd)
    設定請參考 http://benjr.tw/94906
  2. DHCPv6
    後面接著說明.

透過 Auto-configuration 的種類可以區分下面幾種,主要是透過 Router Advertisement Option 裡面的 M bit 與 O bit。

  • M bit (Managed Address Configuration)
    M bit 如果是 1,表示 Clients 要另外再去跟 DHCPv6 要 IPv6 Prefix
  • O bit (Other Configuration)
    O bit 如果是 1,表示 Clients 要去跟 DHCPv6 要 DNS 等等資訊.

雖然組合應該有四種,但是 M bit=1, O bit= 0 不太可能使用就不列在下面來討論.

  1. SLAAC (Stateless Address Autoconfiguration) + RDNSS (Recursive DNS Server)
    M bit =0, O bit =0: clients 將得到 RA 給的 Prefix,以及 DNS 等資訊.RA (Router Advertisement) ,這功能通常是由 Router 來提供,但如果你的環境沒有就可以透過 Linux 下的 radvd (Router Advertisement Daemon) 服務.
  2. Stateless DHCPv6 configuration
    M bit =0, O bit=1: ,和 Stateless auto-configuration 不同的是,除了使用 RA 裡面的 Prefix,其他如 DNS 等等資訊會由 DHCPv6 取得.
  3. Stateful DHCPv6 configuration
    M bit=1, O bit= 1: 所有資訊都是透過 DHCPv6 取得(包括 Prefix, DNS 等資訊).

Stateless 與 Stateful 的分別.

  • Stateless configuration
    當核發 Prefix ,DNS 之後即不再管理這個位址的使用狀況,所以稱為 stateless.
  • Stateful configuration
    IPv6 位址的配置包括 Prefix, Host ID 以及 DNS 伺服器位址的狀態維護都還需要透過 DHCPv6 來負責.即是 stateful.

DHCPv6 設定方式如下:

  1. 首先透過 NetworkManager 設定好你網路裝置的 Global IPv6 address (inet6 addr: 3ffe:501:ffff:100::1/64) 這跟你後面要設定的 DHCPv6 有關.
    [root@benjr Desktop]# ifconfig eth1
    eth1      Link encap:Ethernet  HWaddr 90:FB:A6:76:2B:81
              inet addr:172.16.0.2  Bcast:172.16.0.255  Mask:255.255.255.0
              inet6 addr: 3ffe:501:ffff:100::1/64 Scope:Global
              inet6 addr: fe80::92fb:a6ff:fe76:2b81/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:62674 errors:0 dropped:0 overruns:0 frame:0
              TX packets:82872 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1000
              RX bytes:18070420 (17.2 MiB)  TX bytes:84763055 (80.8 MiB)
              Memory:fbb40000-fbb60000
    

    inet6 addr: 3ffe:501:ffff:100::1/64
    IPv6 的位址長度為 128 位元,所以可以簡寫而規則如下:
    每 32Bit 如開頭之4bit表示為0,即可省略,若32Bit全為0,則可簡寫為0
    若連續完整之32Bit段落皆為 0000, 則可全省略,簡寫為::,但以一次為限.

    沒有正確設定好 IPv6 位址,在啟動 DHCPv6 時 /var/log/messages 會出現以下的錯誤訊息.

    dhcpd: No subnet6 declaration for eth1 (fe80::92fb:a6ff:fe76:2b81).
    dhcpd: ** Ignoring requests on eth1.  If this is not what
    dhcpd:    you want, please write a subnet6 declaration
    dhcpd:    in your dhcpd.conf file for the network segment
    dhcpd:    to which interface eth1 is attached. **
    dhcpd:
    dhcpd:
    dhcpd: Not configured to listen on any interfaces!
    
  2. 在 RHEL6 下 DHCPv6 server 預設設定檔位置位於 /etc/dhcp/dhcpd6.conf 不過預設是沒這個檔案的.我們可以從 /usr/share/doc/dhcp-<version>/dhcpd6.conf.sample 找到這一個 sample 檔案,不過檔案內容也頗多.
    [root@benjr Desktop]# vi /etc/dhcp/dhcpd6.conf
    # Server configuration file example for DHCPv6
    # From the file used for TAHI tests.
    
    # IPv6 address valid lifetime
    #  (at the end the address is no longer usable by the client)
    #  (set to 30 days, the usual IPv6 default)
    default-lease-time 2592000;
    
    # IPv6 address preferred lifetime
    #  (at the end the address is deprecated, i.e., the client should use
    #   other addresses for new connections)
    #  (set to 7 days, the  usual IPv6 default)
    preferred-lifetime 604800;
    
    # T1, the delay before Renew
    #  (default is 1/2 preferred lifetime)
    #  (set to 1 hour)
    option dhcp-renewal-time 3600;
    
    # T2, the delay before Rebind (if Renews failed)
    #  (default is 3/4 preferred lifetime)
    #  (set to 2 hours)
    option dhcp-rebinding-time 7200;
    
    # Enable RFC 5007 support (same than for DHCPv4)
    allow leasequery;
    
    # Global definitions for name server address(es) and domain search list
    option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
    option dhcp6.domain-search "test.example.com","example.com";
    
    # Set preference to 255 (maximum) in order to avoid waiting for
    # additional servers when there is only one
    ##option dhcp6.preference 255;
    
    # Server side command to enable rapid-commit (2 packet exchange)
    ##option dhcp6.rapid-commit;
    
    # The delay before information-request refresh
    #  (minimum is 10 minutes, maximum one day, default is to not refresh)
    #  (set to 6 hours)
    option dhcp6.info-refresh-time 21600;
    
    # The path of the lease file
    dhcpv6-lease-file-name "/var/lib/dhcpd/dhcpd6.leases";
    
    # The subnet where the server is attached
    #  (i.e., the server has an address in this subnet)
    subnet6 3ffe:501:ffff:100::/64 {
            range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::250;
            range6 3ffe:501:ffff:100:: temporary;
            prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
    }
    
    • dhcpv6-lease-file-name “/usr/local/var/db/dhcpd6.leases";
      /usr/share/doc/dhcp-/dhcpd6.conf.sample 預設 dhcpv6 客戶端釋放出去的 IP 位置檔案儲存在 “/usr/local/var/db/dhcpd6.leases" 但 Redhat 的相對位置不再這裡,需要手動更改.
      使用預設位置 /var/log/messages 會出現以下的錯誤訊息.

      dhcpd: Can't open lease database /usr/local/var/db/dhcpd6.leases: No such file or directory --
      
    • subnet6 3ffe:501:ffff:100::/64 {
      range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;

      預設只有兩個 IPV6 的位址可以給,需要手動更改一下.

      range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::250;

      如果 Clients 只需要暫時 IP 位址 (temporary addresses) 可以給 /64 prefix # (應用參考 RFC 4941)

      range6 3ffe:501:ffff:100:: temporary;

      prefix
      IPv6 的位址長度為 128 位元,是由兩部分的位址組成, 網路位址(Network Prefix) + 主機位址(Host ID),而這 Prefix 就類似於 IPv4 的 Netmask.以 Prefix 64 為例 (寫法為 /64 ) 就代表128位元的位址中,前 64 位元為網路位址(Network Prefix) 並且是由 DHCP 給的.

      一樣只給 /64 prefixes (應用參考 RFC 3633)

      prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
  3. 系統預設啟動 DHCP 服務是使用 eth0,如果你想使用其他的網路裝置時,你就需要在 /etc/sysconfig/dhcpd6 這裡特別來指定

    [root@benjr ~]# vi /etc/sysconfig/dhcpd6
    # Command line options here
    DHCPDARGS=eth1
    
  4. 立即啟動 DHCPv6 服務, 使用指令 /sbin/service dhcpd6 start.並讓 DHCPv6 可以在開機時啟動.
    [root@benjr ~]# serive dhcpd6 start
    [root@benjr ~]# chkconfig dhcpd6 on
    

    不過很可惜的是,不管我是透過 NetworkManager 或是 #dhclient 指令來獲取 IPv6 其結果都是失敗的.

    [root@benjr Desktop]# tcpdump ip6
    01:28:43.281554 IP6 fe80::221:5eff:fe67:175e.dhcpv6-client > ff02::1:2.dhcpv6-server dhcp6 solicit
    

    我同事試過需要關閉 ip6tabels , 預設會擋到 port 546 與 547 (客戶端主要使用 UDP port 546 而服務器端使用 UDP port 547)

    [root@benjr Desktop]# service ip6tables stop
    [root@benjr Desktop]# ip6tables -L
    

找一台 Ubuntu 14.04 Desktop 來試試 DHCP IPv6 功能是否正常.在 Ubuntu Netmanager 要選擇 Automatic, DHCP only.
NetworkManager 不使用 RA 的方式,須透過 DHCPv6 來得到 IPv6 位址 (stateful configuration).

正確就會看到 IPV6 位址

[root@benjr Desktop]# ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:1a:64:22:04:83  
          inet addr:172.16.0.82  Bcast:172.16.0.255  Mask:255.255.255.0
          inet6 addr: fe80::21a:64ff:fe22:483/64 Scope:Link
          inet6 addr: 3ffe:501:ffff:100::11/128 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:209258 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5647 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:14871863 (14.8 MB)  TX bytes:537702 (537.7 KB)
          Interrupt:17 
  1. IPV4
    inet addr:172.16.0.82 Bcast:172.16.0.255 Mask:255.255.255.0
  2. Link Local IPv6
    inet6 addr: fe80::21a:64ff:fe22:483/64 Scope:Link
  3. Global IPv6
    inet6 addr: 3ffe:501:ffff:100::11/128 Scope:Global

那 Client 端是如何透過 DHCPv6 來獲得 IPv6 以及其他相關資訊呢!!

類似於 IPv4 的 DHCP ,客戶端主要使用 UDP port 546 而服務器端使用 UDP port 547 .雖類似於 DHCPv4 但不同的是 IPv6 已經不使用 Brocast 的方式.

假如 Server 的 link-local address 是 fe80::0011:22ff:fe33:5566/64
以及 client 的 link-local address 是 fe80::aabb:ccff:fedd:eeff/64

主要會透過下面的步驟讓 Client 得到 IP (v6).
過程中會使用 IPv6 multicast addresses
ff02::1:2 – All DHCP servers and relay agents on the local network segment (defined in RFC 3315)

  1. DHCPv6 client sends a Solicit from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547.
  2. DHCPv6 server replies with an Advertise from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546.
  3. DHCPv6 client replies with a Request from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547.
  4. DHCPv6 server finishes with an Reply from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546.

dhcpv602
這些資料都可以在 RFC 3315 / Dynamic Host Configuration Protocol for IPv6 (DHCPv6) 找到.

5 個網友的想法 “ISC DHCPv6

  1. 自動參照通知: IPV6 PXE boot – Benjr.tw

  2. 自動參照通知: RA (Router Advertisement) – Benjr.tw

  3. 自動參照通知: IPv6 位址自動指派 (address auto-configuration) – Benjr.tw

  4. 關於DHCP ipv6
    你有試過ip6tables -F嗎??
    我按照你上面的設定是可以發ipv6的ip給其他的機器的.

發表迴響