這一篇主要使用 ISC DHCPv6 的方式:並參考了 RHEL6 官方網頁說明 http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-dhcp_for_ipv6_dhcpv6.html 如何在 RHEL 6 下建立 ISC DHCPv6 的方式
測試環境為 CentOS 6 x86_64
IPv6 的位址指派 (address auto-configuration) 主要可以區分為下列幾種
| 預設閘道 | 位址指配 | DNS | |
| 人工配置位址 | 手動 | 手動 | 手動 |
| SLAAC RDNSS | RA | RA | RA |
| Stateless DHCPv6 | RA | RA | DHCP |
| Stateful DHCPv6 | RA | DHCP | DHCP |
除了 人工配置位址 外,其他都是透過下面兩種 Auto-configuration.
- Advertisement(RA) Daemon (radvd)
設定請參考 https://benjr.tw/94906 - DHCPv6
後面接著說明.
透過 Auto-configuration 的種類可以區分下面幾種,主要是透過 Router Advertisement Option 裡面的 M bit 與 O bit。
- M bit (Managed Address Configuration)
M bit 如果是 1,表示 Clients 要另外再去跟 DHCPv6 要 IPv6 Prefix - O bit (Other Configuration)
O bit 如果是 1,表示 Clients 要去跟 DHCPv6 要 DNS 等等資訊.
雖然組合應該有四種,但是 M bit=1, O bit= 0 不太可能使用就不列在下面來討論.
- SLAAC (Stateless Address Autoconfiguration) + RDNSS (Recursive DNS Server)
M bit =0, O bit =0: clients 將得到 RA 給的 Prefix,以及 DNS 等資訊.RA (Router Advertisement) ,這功能通常是由 Router 來提供,但如果你的環境沒有就可以透過 Linux 下的 radvd (Router Advertisement Daemon) 服務. - Stateless DHCPv6 configuration
M bit =0, O bit=1: ,和 Stateless auto-configuration 不同的是,除了使用 RA 裡面的 Prefix,其他如 DNS 等等資訊會由 DHCPv6 取得. - Stateful DHCPv6 configuration
M bit=1, O bit= 1: 所有資訊都是透過 DHCPv6 取得(包括 Prefix, DNS 等資訊).
Stateless 與 Stateful 的分別.
- Stateless configuration
當核發 Prefix ,DNS 之後即不再管理這個位址的使用狀況,所以稱為 stateless. - Stateful configuration
IPv6 位址的配置包括 Prefix, Host ID 以及 DNS 伺服器位址的狀態維護都還需要透過 DHCPv6 來負責.即是 stateful.
DHCPv6 設定方式如下:
- 首先透過 NetworkManager 設定好你網路裝置的 Global IPv6 address (inet6 addr: 3ffe:501:ffff:100::1/64) 這跟你後面要設定的 DHCPv6 有關.
[root@benjr Desktop]# ifconfig eth1 eth1 Link encap:Ethernet HWaddr 90:FB:A6:76:2B:81 inet addr:172.16.0.2 Bcast:172.16.0.255 Mask:255.255.255.0 inet6 addr: 3ffe:501:ffff:100::1/64 Scope:Global inet6 addr: fe80::92fb:a6ff:fe76:2b81/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:62674 errors:0 dropped:0 overruns:0 frame:0 TX packets:82872 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:18070420 (17.2 MiB) TX bytes:84763055 (80.8 MiB) Memory:fbb40000-fbb60000inet6 addr: 3ffe:501:ffff:100::1/64
IPv6 的位址長度為 128 位元,所以可以簡寫而規則如下:
每 32Bit 如開頭之4bit表示為0,即可省略,若32Bit全為0,則可簡寫為0
若連續完整之32Bit段落皆為 0000, 則可全省略,簡寫為::,但以一次為限.沒有正確設定好 IPv6 位址,在啟動 DHCPv6 時 /var/log/messages 會出現以下的錯誤訊息.
dhcpd: No subnet6 declaration for eth1 (fe80::92fb:a6ff:fe76:2b81). dhcpd: ** Ignoring requests on eth1. If this is not what dhcpd: you want, please write a subnet6 declaration dhcpd: in your dhcpd.conf file for the network segment dhcpd: to which interface eth1 is attached. ** dhcpd: dhcpd: dhcpd: Not configured to listen on any interfaces!
- 在 RHEL6 下 DHCPv6 server 預設設定檔位置位於 /etc/dhcp/dhcpd6.conf 不過預設是沒這個檔案的.我們可以從 /usr/share/doc/dhcp-<version>/dhcpd6.conf.sample 找到這一個 sample 檔案,不過檔案內容也頗多.
[root@benjr Desktop]# vi /etc/dhcp/dhcpd6.conf # Server configuration file example for DHCPv6 # From the file used for TAHI tests. # IPv6 address valid lifetime # (at the end the address is no longer usable by the client) # (set to 30 days, the usual IPv6 default) default-lease-time 2592000; # IPv6 address preferred lifetime # (at the end the address is deprecated, i.e., the client should use # other addresses for new connections) # (set to 7 days, the usual IPv6 default) preferred-lifetime 604800; # T1, the delay before Renew # (default is 1/2 preferred lifetime) # (set to 1 hour) option dhcp-renewal-time 3600; # T2, the delay before Rebind (if Renews failed) # (default is 3/4 preferred lifetime) # (set to 2 hours) option dhcp-rebinding-time 7200; # Enable RFC 5007 support (same than for DHCPv4) allow leasequery; # Global definitions for name server address(es) and domain search list option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e; option dhcp6.domain-search "test.example.com","example.com"; # Set preference to 255 (maximum) in order to avoid waiting for # additional servers when there is only one ##option dhcp6.preference 255; # Server side command to enable rapid-commit (2 packet exchange) ##option dhcp6.rapid-commit; # The delay before information-request refresh # (minimum is 10 minutes, maximum one day, default is to not refresh) # (set to 6 hours) option dhcp6.info-refresh-time 21600; # The path of the lease file dhcpv6-lease-file-name "/var/lib/dhcpd/dhcpd6.leases"; # The subnet where the server is attached # (i.e., the server has an address in this subnet) subnet6 3ffe:501:ffff:100::/64 { range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::250; range6 3ffe:501:ffff:100:: temporary; prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64; }- dhcpv6-lease-file-name “/var/lib/dhcpd/dhcpd6.leases”;
預設 dhcpv6 客戶端釋放出去的 IP 位置檔案儲存在 /var/lib/dhcpd/dhcpd6.leases. - subnet6 3ffe:501:ffff:100::/64 {
range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::11;
預設只有兩個 IPV6 的位址可以給,需要手動更改一下.
range6 3ffe:501:ffff:100::10 3ffe:501:ffff:100::250;
如果 Clients 只需要暫時 IP 位址 (temporary addresses) 可以給 /64 prefix # (應用參考 RFC 4941)
range6 3ffe:501:ffff:100:: temporary;
prefix
IPv6 的位址長度為 128 位元,是由兩部分的位址組成, 網路位址(Network Prefix) + 主機位址(Host ID),而這 Prefix 就類似於 IPv4 的 Netmask.以 Prefix 64 為例 (寫法為 /64 ) 就代表128位元的位址中,前 64 位元為網路位址(Network Prefix) .一樣只給 /64 prefixes (應用參考 RFC 3633)
prefix6 3ffe:501:ffff:100:: 3ffe:501:ffff:111:: /64;
- dhcpv6-lease-file-name “/var/lib/dhcpd/dhcpd6.leases”;
-
系統預設啟動 DHCP 服務是使用 eth0,如果你想使用其他的網路裝置時,你就需要在 /etc/sysconfig/dhcpd6 這裡特別來指定
[root@benjr ~]# vi /etc/sysconfig/dhcpd6 # Command line options here DHCPDARGS=eth1
- 立即啟動 DHCPv6 服務, 使用指令 /sbin/service dhcpd6 start.並讓 DHCPv6 可以在開機時啟動.
[root@benjr ~]# serive dhcpd6 start [root@benjr ~]# chkconfig dhcpd6 on
使用者就可以透過 NetworkManager 或是 #dhclient 指令來獲取 IPv6 .
[root@benjr Desktop]# tcpdump ip6 01:28:43.281554 IP6 fe80::221:5eff:fe67:175e.dhcpv6-client > ff02::1:2.dhcpv6-server dhcp6 solicit
我同事試過需要關閉 ip6tabels , 預設會擋到 port 546 與 547 (客戶端主要使用 UDP port 546 而服務器端使用 UDP port 547)
[root@benjr Desktop]# service ip6tables stop [root@benjr Desktop]# ip6tables -L
找一台 Ubuntu 14.04 Desktop 來試試 DHCP IPv6 功能是否正常.在 Ubuntu Netmanager 要選擇 Automatic, DHCP only.
NetworkManager 不使用 RA 的方式,須透過 DHCPv6 來得到 IPv6 位址 (stateful configuration).
正確就會看到 IPV6 位址
[root@benjr Desktop]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1a:64:22:04:83
inet addr:172.16.0.82 Bcast:172.16.0.255 Mask:255.255.255.0
inet6 addr: fe80::21a:64ff:fe22:483/64 Scope:Link
inet6 addr: 3ffe:501:ffff:100::11/128 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:209258 errors:0 dropped:0 overruns:0 frame:0
TX packets:5647 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14871863 (14.8 MB) TX bytes:537702 (537.7 KB)
Interrupt:17
- IPV4
inet addr:172.16.0.82 Bcast:172.16.0.255 Mask:255.255.255.0 - Link Local IPv6
inet6 addr: fe80::21a:64ff:fe22:483/64 Scope:Link - Global IPv6
inet6 addr: 3ffe:501:ffff:100::11/128 Scope:Global
那 Client 端是如何透過 DHCPv6 來獲得 IPv6 以及其他相關資訊呢!!
類似於 IPv4 的 DHCP ,客戶端主要使用 UDP port 546 而服務器端使用 UDP port 547 .雖類似於 DHCPv4 但不同的是 IPv6 已經不使用 Broadcast 的方式.
假如 Server 的 link-local address 是 fe80::0011:22ff:fe33:5566/64
以及 client 的 link-local address 是 fe80::aabb:ccff:fedd:eeff/64
主要會透過下面的步驟讓 Client 得到 IP (v6).
過程中會使用 IPv6 multicast addresses
ff02::1:2 – All DHCP servers and relay agents on the local network segment (defined in RFC 3315)
|
這些資料都可以在 RFC 3315 / Dynamic Host Configuration Protocol for IPv6 (DHCPv6) 找到.
關於DHCP ipv6
你有試過ip6tables -F嗎??
我按照你上面的設定是可以發ipv6的ip給其他的機器的.
感恩!!
我同事試過關閉 ip6tabels 就可以了, 預設會擋到 port 546 547