物理口
client端設(shè)置:
1、sysctl 修改內(nèi)核參數(shù),使能接口ipv6泌辫,是能全局ipv6轉(zhuǎn)發(fā),使能接口 accept_ra九默。
# 是能接口ipv6震放,默認(rèn) disable
net.ipv6.conf.eth2.disable_ipv6 = 0
# 允許接口接受ra報文,Obtain IPv6 address on wan interface by Stateless autoconfiguration (SLAAC)
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.eth2.accept_ra = 2
net.ipv6.conf.eth2.autoconf = 1
# 測試需要驼修,不使用臨時地址
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0
2殿遂、修改/etc/sysconfig/network
NETWORKING_IPV6=yes
3、修改 /etc/sysconfig/network-scripts/ifcfg-eth2(可以不做持久化)
DEVICE=eth2
ONBOOT=yes
NETBOOT=yes
NM_CONTROLLED=no
PEERDNS=yes
#BOOTPROTO=dhcp # 打開這個可以同時獲取ipv4和ipv6地址
BOOTPROTO=dhcp6 # 打開這個只會獲取ipv6的地址
DHCPV6C=yes
IPV6INIT=yes
IPV6_AUTOCONFIG=yes
4乙各、dhclient 的使用.
需要使用dhcp分配地址或域名等配置是需要使用dhclient墨礁,否者不需要,如slaac方式獲取地址又靜態(tài)配置dns等other infomation的情況耳峦,不需要任何dhcp的協(xié)商恩静,只需要打開RA接受開關(guān)即可。
PPPoE的情況下妇萄,dhclient 作用在ppp口上即可蜕企,其他類似。
| 編碼 | 測試 | |
|---|---|---|
| 接受地址和other infomation | dhclient -6 eth2 --no-pid -nw | dhclient -6 eth2 --no-pid -v |
| 不接受地址冠句,只接受other infomation轻掩。如靜態(tài)配置ipv6地址,只需要dns地址等時候 | dhclient -6 -S eth2 --no-pid -nw | dhclient -6 -S eth2 --no-pid -v |
server端 dnsmasq配置
1懦底、配置/etc/sysconfig/network
NETWORKING_IPV6=yes
2唇牧、內(nèi)核參數(shù)罕扎,使能接口ipv6
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.eth2.disable_ipv6 = 0
3、dnsmasq配置
無論是Autoconf丐重、dhcp stateless腔召、dhcpstateful都需要用到RA消息,告訴client能過提供的能力扮惦,RA報文由dnsmasq根據(jù)配置文件構(gòu)造臀蛛。RA消息報文可以包含的一些flag,這些flag會反應(yīng)在dnsmasq的配置上崖蜜,決定client端地址分配的方式:
IPv6 Router Advertisement (RA) messages can contain the following flags:
* M (“Managed address configuration”) – indicates that IPv6 addresses are available via DHCPv6. This is also referred to as Stateful DHCP.
* O (“Other configuration”) – no IPv6 address, but other configuration information like DNS etc. are available via DHCPv6. This is also referred to as Stateless DHCP.
* A (“Autonomous Address Configuration”) – indicates that the prefix present with the flag can be used for SLAAC (StateLess Auto Address Configuration).
M flag表示Server能過分配ipv6地址和其他配置(如dns等)浊仆,O標(biāo)記表示只分配其他配置, 所以M和O同時設(shè)置O實際上沒啥用豫领。A表示讓Client通過發(fā)過去的Prefix自己生成地址抡柿。A和M同時設(shè)置時,Client會生成兩個地址等恐。
dnsmasq的flag標(biāo)記設(shè)置在 dhcp-range配置項中洲劣。
i) dhcp-range 無ra配置(dhcpv6 statefull)
默認(rèn)情況下,enable-ra之后的默認(rèn)行為解釋如下:
# Do router advertisements for all subnets where we're doing DHCPv6
# Unless overridden by ra-stateless, ra-names, et al, the router
# advertisements will have the M and O bits set, so that the clients
# get addresses and configuration from DHCPv6, and the A bit reset, so the
# clients don't use SLAAC addresses.
理解為 RA設(shè)置了M 和 O flag课蔬,未設(shè)置A flag囱稽,ipv6地址和參數(shù)都是由dhcp從地址池中分配。
測試效果:
可以看到client從地址池中分到了一個ipv6地址购笆。
注: M和O標(biāo)記出發(fā)的dhcp協(xié)商需要client端觸發(fā)dhcp SOLICIT申請地址粗悯,如通過 dhclient -6 -v eth2虚循。
# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114
# set M O flag同欠,reset A flag
dhcp-range=fd00::22, fd00::44, 64, 1h
enable-ra
ra-param=eth2,10 // ra 發(fā)送間隔
# client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ff
inet6 fd00::23/64 scope global dynamic
valid_lft 3596sec preferred_lft 3596sec
inet6 fe80::a00:27ff:fef4:6b67/64 scope link
valid_lft forever preferred_lft forever
ii) ra-only (slaac)
Do Router Advertisements, BUT NOT DHCP for this subnet.
可以理解為,RA設(shè)置了A flag横缔,沒有M和O flag襟锐,效果應(yīng)該是一個純粹的 SLAAC地址分配方式。
測試效果:
可以看到client端自動獲取到一個前綴 是fd00:: 的SLAAC地址(前綴+EUI-64)膛锭。
# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114
# no M or O flags; only A flag
dhcp-range=fd00::, ra-only
enable-ra
client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ff
inet6 fd00::a00:27ff:fef4:6b67/64 scope global mngtmpaddr dynamic
valid_lft 3440sec preferred_lft 3440sec
inet6 fe80::a00:27ff:fef4:6b67/64 scope link
valid_lft forever preferred_lft forever
iii) ra-stateless (dhcpv6 stateless)
解釋如下
# Do Router Advertisements and stateless DHCP for this subnet. Clients will
# not get addresses from DHCP, but they will get other configuration information.
# They will use SLAAC for addresses.
理解為設(shè)置了 O、A flag初狰,未設(shè)置M flag莫杈。
`
測試效果:
通過slaac設(shè)置ipv6地址,通過dhcp設(shè)置了dns。
# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114
# ipv6
# n only O and A flags; no M flag
dhcp-range=fd00::, ra-stateless
enable-ra
# 支持分配 dns-server
dhcp-option=option6:dns-server,[240c::6666],[240c::6644]
client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ff
inet6 fd00::a00:27ff:fef4:6b67/64 scope global mngtmpaddr dynamic
valid_lft 3440sec preferred_lft 3440sec
inet6 fe80::a00:27ff:fef4:6b67/64 scope link
valid_lft forever preferred_lft forever
# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 240c::6666
nameserver 240c::6644
iv) slaac
理解為設(shè)置了M、A flag,未設(shè)置O flag。
也就是說接口會得到兩個ipv6地址,其中一個slaac地址,一個dhcp地址嘹履。
測試效果:
通過slaac設(shè)置ipv6地址,通過dhcp設(shè)置了dns配并。
# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114
# ipv6
# n only O and A flags; no M flag
dhcp-range=fd00::22, fd00::44, slaac
enable-ra
# 支持分配 dns-server
dhcp-option=option6:dns-server,[240c::6666],[240c::6644]
client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ff
inet6 fd00::23/64 scope global dynamic
valid_lft 3595sec preferred_lft 3595sec
inet6 fd00::a00:27ff:fef4:6b67/64 scope global mngtmpaddr dynamic
valid_lft 3588sec preferred_lft 3588sec
inet6 fe80::a00:27ff:fef4:6b67/64 scope link
valid_lft forever preferred_lft forever
# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 240c::6666
nameserver 240c::6644
總結(jié):
| 配置 | flag |
|---|---|
| default | set O and M flag, reset A flag |
| ra-only | set A, reset M and O |
| slaac | if a DHCPv6 range is specified then M and A flags; else only A flag |
| ra-stateless | set O and A, reset M |
| ra-names | set A, reset M and O |
pppoe ipv6
client
使用eth3撥入pppoe server观腊。
配置ppp0接收ra配置鲸阔。
net.ipv6.conf.ppp0.accept_ra = 2
配置支持ipv6cp協(xié)商
# cat /etc/ppp/options
lock
+ipv6 ipv6cp-use-ipaddr
配置認(rèn)證用戶名密碼
# cd /etc/ppp
# cat pap-secrets
# Secrets for authentication using PAP
# client server secret IP addresses
"sheng" * "sheng"
# cat chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
"sheng" * "sheng"
測試:
i) pppoe-setup命令設(shè)置好pppoe基本信息硫狞,之后會生成ppp0接口配置文件:
# cat /etc/sysconfig/network-scripts/ifcfg-ppp0
USERCTL=yes
BOOTPROTO=dialup
NAME=DSLppp0
DEVICE=ppp0
TYPE=xDSL
ONBOOT=no
PIDFILE=/var/run/pppoe-adsl.pid
FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=80
LCP_FAILURE=3
LCP_INTERVAL=20
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
DEFROUTE=yes
SYNCHRONOUS=no
ETH=eth3
PROVIDER=DSLppp0
USER=sheng
PEERDNS=yes
DEMAND=no
ii) pppoe-stop ; pppoe-start 命令完成撥號和下線。
默認(rèn)會得到一個link local地址和一個slaac地址。
流程簡單描述為绰疤,ppp完成ipv6cp協(xié)商后兩邊得到不重復(fù)的interface id煎谍,用來生成兩邊的link local地址,然后client然后發(fā)起RS請求,pppoe-server端回RA,client端根據(jù)RA的prefix等信息生成slaac地址。
結(jié)果如下:
# ip addr
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:c2:27:6c brd ff:ff:ff:ff:ff:ff
31: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 192.168.5.219 peer 192.168.5.100/32 scope global ppp0
valid_lft forever preferred_lft forever
inet6 2020:db8:2:0:e52f:7cf9:b3b3:2184/64 scope global mngtmpaddr dynamic
valid_lft 86395sec preferred_lft 14395sec
inet6 fe80::e52f:7cf9:b3b3:2184/10 scope link
valid_lft forever preferred_lft forever
如果需要想dhcp申請ipv6地址。
測試: dhclient -6 -v ppp0
# ip addr
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:c2:27:6c brd ff:ff:ff:ff:ff:ff
inet6 fe80::9526:8dca:25b8:a2c8/64 scope link
valid_lft forever preferred_lft forever
31: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 192.168.5.219 peer 192.168.5.100/32 scope global ppp0
valid_lft forever preferred_lft forever
inet6 2020:db8:2::12/64 scope global dynamic
valid_lft 3749sec preferred_lft 2749sec
inet6 2020:db8:2:0:e52f:7cf9:b3b3:2184/64 scope global mngtmpaddr dynamic
valid_lft 86396sec preferred_lft 14396sec
inet6 fe80::e52f:7cf9:b3b3:2184/10 scope link
valid_lft forever preferred_lft forever
# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 2001:db8:2::dead:beef
nameserver 2001:db8:2::cafe:babe
附pppoe-server配置:
太多了,參考 https://www.dazhuanlan.com/an__he/topics/1005802 吧休傍。
完全按照上面的做有問題寝衫,有幾個地方在調(diào)試過程中改了一下,最終ok着饥。
i) /etc/ppp/options 不能增加 " ipv6 ,"配置轨奄,否則申請不到地址谎柄。刪掉就ok了吨凑。
[root@localhost ~]# cat /etc/ppp/options
#lock
local
#ipv6 ,
ii) radvd監(jiān)聽的接口我改成了ppp0
# cat /etc/radvd.conf
interface ppp0 #接你撥號上網(wǎng)的網(wǎng)卡名稱
{
AdvSendAdvert on; #啟用路由器公告(RA)功能
MinRtrAdvInterval 5; #每隔30-100秒間隔發(fā)送公告消息
MaxRtrAdvInterval 10;
AdvManagedFlag on; # M值
AdvOtherConfigFlag on; # O值
prefix 2020:db8:2::/64 #發(fā)送的前綴信息
{
AdvOnLink on;
AdvAutonomous on; #公告的前綴可用來自動位置配置
AdvRouterAddr on;
};
};
f
iii) kea的配置文件,interface配置也改成了ppp0。
"Dhcp6": {
// Add names of your network interfaces to listen on.
"interfaces-config": {
// You typically want to put specific interface names here, e.g. eth0
// but you can also specify unicast addresses (e.g. eth0/2001:db8::1) if
// you want your server to handle unicast traffic in addition to
// multicast. (DHCPv6 is a multicast based protocol).
"interfaces": ["enp0s10", "ppp0", "*" ]
},
......
"subnet6": [
{
"subnet": "2020:db8:2::/64",
......
"interface":"ppp0"
......
