物理口
client端设置:
1、sysctl 修改内核参数,使能接口ipv6,是能全局ipv6转发,使能接口 accept_ra。
# 是能接口ipv6,默认 disable
net.ipv6.conf.eth2.disable_ipv6 = 0
# 允许接口接受ra报文,Obtain IPv6 address on wan interface by Stateless autoconfiguration (SLAAC)
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.eth2.accept_ra = 2
net.ipv6.conf.eth2.autoconf = 1
# 测试需要,不使用临时地址
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0
2、修改/etc/sysconfig/network
NETWORKING_IPV6=yes
3、修改 /etc/sysconfig/network-scripts/ifcfg-eth2(可以不做持久化)
DEVICE=eth2
ONBOOT=yes
NETBOOT=yes
NM_CONTROLLED=no
PEERDNS=yes
#BOOTPROTO=dhcp # 打开这个可以同时获取ipv4和ipv6地址
BOOTPROTO=dhcp6 # 打开这个只会获取ipv6的地址
DHCPV6C=yes
IPV6INIT=yes
IPV6_AUTOCONFIG=yes
4、dhclient 的使用.
需要使用dhcp分配地址或域名等配置是需要使用dhclient,否者不需要,如slaac方式获取地址又静态配置dns等other infomation的情况,不需要任何dhcp的协商,只需要打开RA接受开关即可。
PPPoE的情况下,dhclient 作用在ppp口上即可,其他类似。
| 编码 | 测试 | |
|---|---|---|
| 接受地址和other infomation | dhclient -6 eth2 --no-pid -nw | dhclient -6 eth2 --no-pid -v |
| 不接受地址,只接受other infomation。如静态配置ipv6地址,只需要dns地址等时候 | dhclient -6 -S eth2 --no-pid -nw | dhclient -6 -S eth2 --no-pid -v |
server端 dnsmasq配置
1、配置/etc/sysconfig/network
NETWORKING_IPV6=yes
2、内核参数,使能接口ipv6
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.eth2.disable_ipv6 = 0
3、dnsmasq配置
无论是Autoconf、dhcp stateless、dhcpstateful都需要用到RA消息,告诉client能过提供的能力,RA报文由dnsmasq根据配置文件构造。RA消息报文可以包含的一些flag,这些flag会反应在dnsmasq的配置上,决定client端地址分配的方式:
IPv6 Router Advertisement (RA) messages can contain the following flags:
* M (“Managed address configuration”) – indicates that IPv6 addresses are available via DHCPv6. This is also referred to as Stateful DHCP.
* O (“Other configuration”) – no IPv6 address, but other configuration information like DNS etc. are available via DHCPv6. This is also referred to as Stateless DHCP.
* A (“Autonomous Address Configuration”) – indicates that the prefix present with the flag can be used for SLAAC (StateLess Auto Address Configuration).
M flag表示Server能过分配ipv6地址和其他配置(如dns等),O标记表示只分配其他配置, 所以M和O同时设置O实际上没啥用。A表示让Client通过发过去的Prefix自己生成地址。A和M同时设置时,Client会生成两个地址。
dnsmasq的flag标记设置在 dhcp-range配置项中。
i) dhcp-range 无ra配置(dhcpv6 statefull)
默认情况下,enable-ra之后的默认行为解释如下:
# Do router advertisements for all subnets where we're doing DHCPv6
# Unless overridden by ra-stateless, ra-names, et al, the router
# advertisements will have the M and O bits set, so that the clients
# get addresses and configuration from DHCPv6, and the A bit reset, so the
# clients don't use SLAAC addresses.
理解为 RA设置了M 和 O flag,未设置A flag,ipv6地址和参数都是由dhcp从地址池中分配。
测试效果:
可以看到client从地址池中分到了一个ipv6地址。
注: M和O标记出发的dhcp协商需要client端触发dhcp SOLICIT申请地址,如通过 dhclient -6 -v eth2。
# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114
# set M O flag,reset A flag
dhcp-range=fd00::22, fd00::44, 64, 1h
enable-ra
ra-param=eth2,10 // ra 发送间隔
# client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ff
inet6 fd00::23/64 scope global dynamic
valid_lft 3596sec preferred_lft 3596sec
inet6 fe80::a00:27ff:fef4:6b67/64 scope link
valid_lft forever preferred_lft forever
ii) ra-only (slaac)
Do Router Advertisements, BUT NOT DHCP for this subnet.
可以理解为,RA设置了A flag,没有M和O flag,效果应该是一个纯粹的 SLAAC地址分配方式。
测试效果:
可以看到client端自动获取到一个前缀 是fd00:: 的SLAAC地址(前缀+EUI-64)。
# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114
# no M or O flags; only A flag
dhcp-range=fd00::, ra-only
enable-ra
client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ff
inet6 fd00::a00:27ff:fef4:6b67/64 scope global mngtmpaddr dynamic
valid_lft 3440sec preferred_lft 3440sec
inet6 fe80::a00:27ff:fef4:6b67/64 scope link
valid_lft forever preferred_lft forever
iii) ra-stateless (dhcpv6 stateless)
解释如下
# Do Router Advertisements and stateless DHCP for this subnet. Clients will
# not get addresses from DHCP, but they will get other configuration information.
# They will use SLAAC for addresses.
理解为设置了 O、A flag,未设置M flag。
`
测试效果:
通过slaac设置ipv6地址,通过dhcp设置了dns。
# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114
# ipv6
# n only O and A flags; no M flag
dhcp-range=fd00::, ra-stateless
enable-ra
# 支持分配 dns-server
dhcp-option=option6:dns-server,[240c::6666],[240c::6644]
client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ff
inet6 fd00::a00:27ff:fef4:6b67/64 scope global mngtmpaddr dynamic
valid_lft 3440sec preferred_lft 3440sec
inet6 fe80::a00:27ff:fef4:6b67/64 scope link
valid_lft forever preferred_lft forever
# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 240c::6666
nameserver 240c::6644
iv) slaac
理解为设置了M、A flag,未设置O flag。
也就是说接口会得到两个ipv6地址,其中一个slaac地址,一个dhcp地址。
测试效果:
通过slaac设置ipv6地址,通过dhcp设置了dns。
# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114
# ipv6
# n only O and A flags; no M flag
dhcp-range=fd00::22, fd00::44, slaac
enable-ra
# 支持分配 dns-server
dhcp-option=option6:dns-server,[240c::6666],[240c::6644]
client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ff
inet6 fd00::23/64 scope global dynamic
valid_lft 3595sec preferred_lft 3595sec
inet6 fd00::a00:27ff:fef4:6b67/64 scope global mngtmpaddr dynamic
valid_lft 3588sec preferred_lft 3588sec
inet6 fe80::a00:27ff:fef4:6b67/64 scope link
valid_lft forever preferred_lft forever
# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 240c::6666
nameserver 240c::6644
总结:
| 配置 | flag |
|---|---|
| default | set O and M flag, reset A flag |
| ra-only | set A, reset M and O |
| slaac | if a DHCPv6 range is specified then M and A flags; else only A flag |
| ra-stateless | set O and A, reset M |
| ra-names | set A, reset M and O |
pppoe ipv6
client
使用eth3拨入pppoe server。
配置ppp0接收ra配置。
net.ipv6.conf.ppp0.accept_ra = 2
配置支持ipv6cp协商
# cat /etc/ppp/options
lock
+ipv6 ipv6cp-use-ipaddr
配置认证用户名密码
# cd /etc/ppp
# cat pap-secrets
# Secrets for authentication using PAP
# client server secret IP addresses
"sheng" * "sheng"
# cat chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
"sheng" * "sheng"
测试:
i) pppoe-setup命令设置好pppoe基本信息,之后会生成ppp0接口配置文件:
# cat /etc/sysconfig/network-scripts/ifcfg-ppp0
USERCTL=yes
BOOTPROTO=dialup
NAME=DSLppp0
DEVICE=ppp0
TYPE=xDSL
ONBOOT=no
PIDFILE=/var/run/pppoe-adsl.pid
FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=80
LCP_FAILURE=3
LCP_INTERVAL=20
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
DEFROUTE=yes
SYNCHRONOUS=no
ETH=eth3
PROVIDER=DSLppp0
USER=sheng
PEERDNS=yes
DEMAND=no
ii) pppoe-stop ; pppoe-start 命令完成拨号和下线。
默认会得到一个link local地址和一个slaac地址。
流程简单描述为,ppp完成ipv6cp协商后两边得到不重复的interface id,用来生成两边的link local地址,然后client然后发起RS请求,pppoe-server端回RA,client端根据RA的prefix等信息生成slaac地址。
结果如下:
# ip addr
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:c2:27:6c brd ff:ff:ff:ff:ff:ff
31: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 192.168.5.219 peer 192.168.5.100/32 scope global ppp0
valid_lft forever preferred_lft forever
inet6 2020:db8:2:0:e52f:7cf9:b3b3:2184/64 scope global mngtmpaddr dynamic
valid_lft 86395sec preferred_lft 14395sec
inet6 fe80::e52f:7cf9:b3b3:2184/10 scope link
valid_lft forever preferred_lft forever
如果需要想dhcp申请ipv6地址。
测试: dhclient -6 -v ppp0
# ip addr
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:c2:27:6c brd ff:ff:ff:ff:ff:ff
inet6 fe80::9526:8dca:25b8:a2c8/64 scope link
valid_lft forever preferred_lft forever
31: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 192.168.5.219 peer 192.168.5.100/32 scope global ppp0
valid_lft forever preferred_lft forever
inet6 2020:db8:2::12/64 scope global dynamic
valid_lft 3749sec preferred_lft 2749sec
inet6 2020:db8:2:0:e52f:7cf9:b3b3:2184/64 scope global mngtmpaddr dynamic
valid_lft 86396sec preferred_lft 14396sec
inet6 fe80::e52f:7cf9:b3b3:2184/10 scope link
valid_lft forever preferred_lft forever
# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 2001:db8:2::dead:beef
nameserver 2001:db8:2::cafe:babe
附pppoe-server配置:
太多了,参考 https://www.dazhuanlan.com/an__he/topics/1005802 吧。
完全按照上面的做有问题,有几个地方在调试过程中改了一下,最终ok。
i) /etc/ppp/options 不能增加 " ipv6 ,"配置,否则申请不到地址。删掉就ok了。
[root@localhost ~]# cat /etc/ppp/options
#lock
local
#ipv6 ,
ii) radvd监听的接口我改成了ppp0
# cat /etc/radvd.conf
interface ppp0 #接你拨号上网的网卡名称
{
AdvSendAdvert on; #启用路由器公告(RA)功能
MinRtrAdvInterval 5; #每隔30-100秒间隔发送公告消息
MaxRtrAdvInterval 10;
AdvManagedFlag on; # M值
AdvOtherConfigFlag on; # O值
prefix 2020:db8:2::/64 #发送的前缀信息
{
AdvOnLink on;
AdvAutonomous on; #公告的前缀可用来自动位置配置
AdvRouterAddr on;
};
};
f
iii) kea的配置文件,interface配置也改成了ppp0。
"Dhcp6": {
// Add names of your network interfaces to listen on.
"interfaces-config": {
// You typically want to put specific interface names here, e.g. eth0
// but you can also specify unicast addresses (e.g. eth0/2001:db8::1) if
// you want your server to handle unicast traffic in addition to
// multicast. (DHCPv6 is a multicast based protocol).
"interfaces": ["enp0s10", "ppp0", "*" ]
},
......
"subnet6": [
{
"subnet": "2020:db8:2::/64",
......
"interface":"ppp0"
......
网友评论