IPV6 的設定有幾種方式.
- Link Local (預設值,不須設定)
IPv6 中每個網卡都會有屬於自己的 link-local address,這位址跟網卡的 MAC Address 是相關的.可以參考 https://benjr.tw/17341 - 透過 Dynamic Host Configuration Protocol v6 (DHCPv6)
不使用 RA 的方式,須透過 DHCPv6 來得到 IPv6 位址.可以參考 https://benjr.tw/10651 - 透過 Router Advertisement (RA) Daemon (radvd)
下面接著說明
測試環境在 RHEL6
在 IPv6 的環境下,並不一定需要像是 IPV4 使用 DHCP 來讓電腦取得 IPv4 位址,IPv6 取得 IP 的另外一種方式是 RA (Router Advertisement) ,這功能通常是由 Router 來提供,但如果你的環境沒有就可以透過 Linux 下的 radvd (Router Advertisement Daemon) 服務來做.先來看看 radvd.conf 的設定檔 (設定檔儲存在 /etc/radvd.conf)
[root@benjr ~]# vi /etc/radvd.conf
# NOTE: there is no such thing as a working "by-default" configuration file.
# At least the prefix needs to be specified. Please consult the radvd.conf(5)
# man page and/or /usr/share/doc/radvd-*/radvd.conf.example for help.
#
#
interface eth1
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:db8:1:0::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};
打開 /etc/radvd.conf 設定全部都以 * 設為註記,只需把星號移除即可.來看看設定檔的內容說了什麼.
- interface eth1
設定 RA 在哪個網路卡介面啟動 - AdvSendAdvert on
啟動 RA 功能 - MinRtrAdvInterval 30
- MaxRtrAdvInterval 100
每隔 30-100 秒送出公告訊息,IPv4 是透過 broadcast 方式,IPv6 是透過 ICMPv6 的方式,透過 FF02::1 (連結本機領域所有節點位址) 來傳送.關於 多點傳送 IPv6 位址 請參考 https://msdn.microsoft.com/zh-tw/library/cc781068(v=ws.10).aspx
我們可以透過 tcpdump 觀察 ICMPv6 封包 FF02::1 的傳送.[root@benjr ~]# ifconfig eth1 eth1 Link encap:Ethernet HWaddr 90:FB:A6:76:2B:81 inet addr:172.16.0.2 Bcast:172.16.0.255 Mask:255.255.255.0 inet6 addr: fe80::92fb:a6ff:fe76:2b81/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5375131 errors:0 dropped:0 overruns:0 frame:0 TX packets:4806337 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3447675661 (3.2 GiB) TX bytes:3585639519 (3.3 GiB) Memory:fbb40000-fbb60000 [root@benjr ~]# tcpdump -i eth1 icmp6 tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 18:48:49.407039 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::92fb:a6ff:fe76:2b81 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56 18:49:50.779651 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::92fb:a6ff:fe76:2b81 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56 - prefix 2001:db8:1:0::/64
設定用戶會取得的 prefix ,什麼是 prefix , 2001:db8:1:0:: 是正常寫法嗎?- prefix
IPv6 的位址長度為 128 位元,是由兩部分的位址組成, 網路位址(Network Prefix) + 主機位址(Host ID),而這 Prefix 就類似於 IPv4 的 Netmask.以 Prefix 64 為例 (寫法為 /64 ) 就代表128位元的位址中,前 64 位元為網路位址(Network Prefix) 並且是由 RA 給的. - 2001:db8:1:0::
IPv6 的位址長度為 128 位元,所以可以簡寫而規則如下:
每 32Bit 如開頭之4bit表示為0,即可省略,若32Bit全為0,則可簡寫為0
若連續完整之32Bit段落皆為 0000, 則可全省略,簡寫為::,但以一次為限
- prefix
- AdvOnLink on
AdvOnLink on|off (Default: on)
When set, indicates that this prefix can be used for on-link determination. When not set the advertisement makes no statement about on-link or off-link properties of the prefix. For instance, the prefix might be used for address configuration with some of the addresses belonging to the prefix being on-link and others being off-link.IPv4 是利用子網路遮罩 subnet mask 來決定封包是本地端或是遠端,但 IPv6 沒有這樣的機制,所以要如何決定封包的傳送,是透過 router 傳送到遠端還是本地端網路呢?這個機制叫做 IPv6 on-link determination ,當 IPv6 hosts 透過 Router Advertisement 取得 prefix 時,如果 Prefix Information Option (PIO) 欄位裡面的 L-bit (on-link) 設為 1,那該 prefix 就是本地網路.
- AdvAutonomous on
AdvAutonomous on|off (Default: on)
When set, indicates that this prefix can be used for autonomous address configuration as specified in RFC 4862. - AdvRouterAddr off
AdvRouterAddr on|off (Default: off)
When set, indicates that the address of interface is sent instead of network prefix, as is required by Mobile IPv6. When set, minimum limits specified by Mobile IPv6 are used for MinRtrAdvInterval and MaxRtrAdvInterval.
下面這幾項都是跟 Prefix Specific Options 相關,有興趣可以參考 man page http://linux.die.net/man/5/radvd.conf
ipv6 一樣有 firewall 你可以先把他關閉,之後再來設定 ip6tables
[root@benjr ~]# chkconfig ip6tables off [root@benjr ~]# service ip6tables stop ip6tables: Flushing firewall rules: [ OK ] ip6tables: Setting chains to policy ACCEPT: filter [ OK ] ip6tables: Unloading modules: [ OK ]
啟動 radvd ,但是發現需要先把 ipv6 fordward 打開.
[root@benjr ~]# service radvd restart
Stopping radvd: [FAILED]
Starting radvd: [Jun 23 19:48:42] radvd: IPv6 forwarding seems to be disabled, exiting
[FAILED]
ipv6 fordward 跟 ipv4 的設定檔一樣儲存在 /etc/sysctl.conf
[root@benjr ~]# vi /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
[root@benjr ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
net.ipv6.conf.all.forwarding = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
啟動 radvd ,接下來試試看 radvd 的功能是不是正常.
[root@benjr ~]# service radvd restart Stopping radvd: [FAILED] Starting radvd: [ OK ]
隨便找一台 Linux Desktop 來試試,我這邊使用的是 Ubuntu 14.04 Desktop
在 Ubuntu Netmanager 下關於 IPv6 的選項如下:
- Ignore
連線不使用 IPv6 格式. - Automatic
NetworkManager 使用 router advertisement (RA) 來獲取 IPv6 位址,這個方式必須搭配 Router 來指派,或是 raddvd 來使用. - Automatic, addresses only
一樣 NetworkManager 使用 RA 來得到 automatic, stateless configuration, 但 DNS servers 以及 search domains 是會被忽略的不被指派的. - Automatic, DHCP only
NetworkManager 不使用 RA 的方式,須透過 DHCPv6 來得到 IPv6 位址 (stateful configuration). - Manual
手動設定 IPv6 位址. - Link-Local Only
link-local address 是由 fe80::/10 prefix + Mac Address 所組合成的,預設就會產生,不須額外設定.
什麼是 Stateful Configuration 與 Stateless Configuration?
- Stateless Configuration
當 RA 核發 Prefix ,DNS 之後即不再管理這個位址的使用狀況,所以稱為 stateless. - Stateful Configuration
與 Stateless 相反的是 stateful configuration,IPv6 位址的配置包括 Prefix, Host ID 以及 DNS 伺服器位址的狀態維護都還需要透過 DHCPv6 來負責.即是 stateful.
現在不管是透過 Automatic 或是 Automatic, addresses only 成功的話你會看到 IPv6 的位址.
root@ben-SIT:~# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:1a:64:22:04:83
inet addr:172.16.0.82 Bcast:172.16.0.255 Mask:255.255.255.0
inet6 addr: fe80::21a:64ff:fe22:483/64 Scope:Link
inet6 addr: 2001:db8:1:0:ad34:470b:cf97:5865/64 Scope:Global
inet6 addr: 2001:db8:1:0:21a:64ff:fe22:483/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6248 errors:0 dropped:0 overruns:0 frame:0
TX packets:2061 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:513184 (513.1 KB) TX bytes:228669 (228.6 KB)
Interrupt:17
- inet6 addr: fe80::21a:64ff:fe22:483/64 Scope:Link
Link local - inet6 addr: 2001:db8:1:0:ad34:470b:cf97:5865/64 Scope:Global
RA ?? - inet6 addr: 2001:db8:1:0:21a:64ff:fe22:483/64 Scope:Global
RA Profix + Mac address
root@ben:~# cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
但以剛剛 radvd.con 的設定,都只會被指派 IPv6 的位址,至於 DNS 還需要額外設定 RDNSS (Recursive DNS Server), RDNSS 相關設定.
[root@benjr ~]# vi /etc/radvd.conf
# NOTE: there is no such thing as a working "by-default" configuration file.
# At least the prefix needs to be specified. Please consult the radvd.conf(5)
# man page and/or /usr/share/doc/radvd-*/radvd.conf.example for help.
#
#
interface eth1
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:db8:1:0::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
};
};
RDNSS ip [ip] [ip]
{
list of rdnss specific options
};
沒有解決問題,試試搜尋本站其他內容
3 thoughts on “Linux – RA (Router Advertisement)”