在RHEL 7和8中配置IPv6地址

最新推荐文章于 2024-05-16 05:55:15 发布

HHFQ

最新推荐文章于 2024-05-16 05:55:15 发布

阅读量1.8k

点赞数 1

文章标签： ipv6 rhel

原文链接：https://www.redhat.com/sysadmin/configuring-ipv6-rhel-7-8

版权

正如我在“您需要了解的IPv6”中提到的，在计算机上配置IPv6地址存在不同的方法。我们将主要关注在RHEL 7和8系统上配置IPv6地址，并简要解释不同的分配方法。

在RHEL 7和8中配置IPv6

Red Hat Enterprise Linux系统配置为自动获取IPv6地址。以下是配置文件中神奇发生的几行（我为每行添加了一些解释）：

[root@rhel8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0
………  
………
IPV6INIT="yes"  ←  在接口上启用初始化
IPV6_AUTOCONF="yes" ← 接受路由器通告（RA）
IPV6_DEFROUTE="yes" ← 为接口分配缺省IPv6路由
IPV6_FAILURE_FATAL="no" ← may-fail的反义词
IPV6_ADDR_GEN_MODE="stable-privacy" ← IPv6稳定隐私寻址（RFC7217）
NAME="enp1s0"
………
………

有关这些连接设置的详细信息，请运行：

man nm-settings-ifcfg-rh

Table ipv6 设置

属性	Ifcfg-rh 变量	默认值	描述
method	IPV6INIT, IPV6FORWARDING, IPV6_AUTOCONF, DHCPV6C, IPV6_DISABLED	IPV6INIT=yes; IPV6FORWARDING=no; IPV6_AUTOCONF=!IPV6FORWARDING, DHCPV6C=no	用于IPv6协议配置的方法。 ignore ~ IPV6INIT=no; auto ~ IPV6_AUTOCONF=yes; dhcp ~ IPV6_AUTOCONF=no 且DHCPV6C=yes; disabled ~ IPV6_DISABLED=yes
dns	DNS1, DNS2, …		DNS服务器列表。NetworkManager同时使用IPv4和IPv6的变量。
dns-search	IPV6_DOMAIN(+)		DNS搜索域列表。
addresses	IPV6ADDR, IPV6ADDR_SECONDARIES		List of static IP addresses. Example: IPV6ADDR=ab12:9876::1 IPV6ADDR_SECONDARIES=“ab12:9876::2 ab12:9876::3”
gateway	IPV6_DEFAULTGW		Gateway IP address. Example: IPV6_DEFAULTGW=abbe::1
routes	(none)		List of static routes. They are not stored in ifcfg-* file, but in route6-* file instead in the form of command line for ‘ip route add’.
ignore-auto-routes	IPV6_PEERROUTES(+)	yes	IPV6_PEERROUTES has the opposite meaning as ‘ignore-auto-routes’ property.
ignore-auto-dns	IPV6_PEERDNS(+)	yes	IPV6_PEERDNS has the opposite meaning as ‘ignore-auto-dns’ property.
dhcp-hostname	DHCPV6_HOSTNAME		Hostname to send the DHCP server.
dhcp-timeout	IPV6_DHCP_TIMEOUT(+)		A timeout after which the DHCP transaction fails in case of no response. Example: IPV6_DHCP_TIMEOUT=10
never-default	IPV6_DEFROUTE(+), (and IPV6_DEFAULTGW, IPV6_DEFAULTDEV in /etc/sysconfig/network)	IPV6_DEFROUTE=yes (when no variable specified)	IPV6_DEFROUTE=no tells NetworkManager that this connection should not be assigned the default IPv6 route. IPV6_DEFROUTE has the opposite meaning as ‘never-default’ property. Example: DHCPV6_HOSTNAME_FLAGS=5 */
may-fail	IPV6_FAILURE_FATAL(+)	no	IPV6_FAILURE_FATAL has the opposite meaning as ‘may-fail’ property.
route-metric	IPV6_ROUTE_METRIC(+)	-1	IPV6_ROUTE_METRIC is the default IPv6 metric for routes on this connection. If set to -1, a default metric based on the device type is used.
route-table	IPV6_ROUTE_TABLE(+)	0	IPV6_ROUTE_TABLE enables policy-routing and sets the default routing table.
dns-priority	IPV6_DNS_PRIORITY(+)	0	The priority for DNS servers of this connection. Lower values have higher priority. If zero, the default value will be used (50 for VPNs, 100 for other connections). A negative value prevents DNS from other connections with greater values to be used. Example: IPV6_DNS_PRIORITY=20
dns-options	IPV6_RES_OPTIONS(+)		List of DNS options to be added to /etc/resolv.conf Example: IPV6_RES_OPTIONS=ndots:2 timeout:3
ip6-privacy	IPV6_PRIVACY, IPV6_PRIVACY_PREFER_PUBLIC_IP(+)	no	Configure IPv6 Privacy Extensions for SLAAC (RFC4941). Example: IPV6_PRIVACY=rfc3041 IPV6_PRIVACY_PREFER_PUBLIC_IP=yes Allowed values: IPV6_PRIVACY: no, yes (rfc3041 or rfc4941); IPV6_PRIVACY_PREFER_PUBLIC_IP: yes, no
addr-gen-mode	IPV6_ADDR_GEN_MODE	eui64	Configure IPv6 Stable Privacy addressing for SLAAC (RFC7217). Example: IPV6_ADDR_GEN_MODE=stable-privacy Allowed values: IPV6_ADDR_GEN_MODE: eui64, stable-privacy
token	IPV6_TOKEN		The IPv6 tokenized interface identifier token Example: IPV6_TOKEN=::53
dhcp-timeout	IPV6_RA_TIMEOUT(+)		A timeout for waiting Router Advertisements in seconds. Example: IPV6_RA_TIMEOUT=10
dhcp-duid	DHCPV6_DUID(+)		A string sent to the DHCPv6 server to identify the local machine. Apart from the special values “lease”, “stable-llt”, “stable-ll”, “stable-uuid”, “llt” and “ll” a binary value in hex format is expected. An hex string where each octet is separated by a colon is also accepted. Example: DHCPV6_DUID=LL; DHCPV6_DUID=0301deadbeef0001; DHCPV6_DUID=03:01🇩🇪ad:be:ef:00:01

无状态地址自动配置（SLAAC）

如果IPV6_AUTOCONF变量设置为yes，则使用SLAAC方法通过使用邻居发现协议（NDP）配置主机的IPV6地址。这里应用的技术是在上一篇文章的多播部分中解释的技术，其中交换了客户端请求和路由器通告ICMPv6消息。

我们使用术语无状态，因为没有服务来跟踪分配给客户端的IPv6地址。相反，IPv6地址是由一种称为扩展唯一标识符(EUI-64)的技术组成的，其中16位被添加到媒体访问控制(MAC)地址(它有48位)，从而创建一个全局唯一的IPv6地址。

DHCPv6

要使用DHCPv6，配置文件中应显示以下内容：

IPV6_AUTOCONF="no"
DHCPV6C=”yes”

如果DHCPV6C变量设置为yes，则客户端从DHCPv6池获取IP地址。然后，DHCPv6服务跟踪分配给哪些客户端的IPv6地址。在IP地址中，其他信息（如DNS服务器、租用时间、主机名和其他属性）被推送到客户端。管理员必须配置IPv6地址池才能为客户端提供服务。

手动

也可以（但不建议）手动配置IPv6地址。手动配置需要大量工作，容易出错，而且很难跟踪分配给哪些客户端的IPv6地址。在大型网络上，DHCPv6服务器更适合执行此任务。

要在Red Hat Enterprise Linux 7和8上手动配置IPv6，需要将以下版本添加到配置文件中：

[root@rhel8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0
………  
………
IPV6ADDR=2a01:1b0:5389:4::22f2
IPV6_DEFAULTGW=2a01:1b0:5389:4::22f0
………  
………

或者，您可以通过NetworkManager手动配置:

# nmcli con mod enp1s0 ipv6.addresses "2a22:1d0:5222:4::22f2/64" gw6 "2a22:1d0:5222:4::22f0/64"
# nmcli con mod enp1s0 ipv6.method manual

测试IPv6连通性

要测试IPv6连通性，我们可以在www.redhat.com上运行ping6：

# ping6 -c2  www.redhat.com

PING www.redhat.com(g2a02-26f0-b200-018f-0000-0000-0000-0d44.deploy.static.akamaitechnologies.com (2a02:26f0:b200:18f::d44)) 56 data bytes
64 bytes from g2a02-26f0-b200-018f-0000-0000-0000-0d44.deploy.static.akamaitechnologies.com (2a02:26f0:b200:18f::d44): icmp_seq=1 ttl=58 time=8.43 ms

--- www.redhat.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 8.425/8.425/8.425/0.000 ms

当ping正在运行时，我在后台运行Wireshark，看看在底层发生了什么。这是ICMPv6请求包(由我发送)和我收到的ICMPv6回复包。

ICMPv6请求

No.  Time  Source  Destination  Protocol Length Info
18 3.471783469  2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d 2a02:26f0:7b:28a::d44 ICMPv6  118  Echo (ping) request id=0x68d7, seq=1, hop limit=64 (reply in 24)

Frame 18: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee), Dst: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
   Destination: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
      Address: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
      .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
   Source: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
      Address: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
      .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
   Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d, Dst: 2a02:26f0:7b:28a::d44
   0110 .... = Version: 6
   .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
      .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
      .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
   .... .... .... 1010 0010 1001 1110 0100 = Flow Label: 0xa29e4
   Payload Length: 64
   Next Header: ICMPv6 (58)
   Hop Limit: 64
   Source: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d
   Destination: 2a02:26f0:7b:28a::d44
   [Source GeoIP: NL]
   [Destination GeoIP: ]
Internet Control Message Protocol v6
   Type: Echo (ping) request (128)
   Code: 0
   Checksum: 0xdff6 [correct]
   [Checksum Status: Good]
   Identifier: 0x68d7
   Sequence: 1
   [Response In: 24]
   Data (56 bytes)

ICMPv6回复

No.  Time  Source  Destination  Protocol Length Info
24 3.607831042  2a02:26f0:7b:28a::d44 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d ICMPv6  118  Echo (ping) reply id=0x68d7, seq=1, hop limit=59 (request in 18)

Frame 24: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff), Dst: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
   Destination: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
      Address: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
      .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
   Source: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
      Address: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
      .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
   Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2a02:26f0:7b:28a::d44, Dst: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d
   0110 .... = Version: 6
   .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
      .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
      .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
   .... .... .... 1000 0110 0011 0011 0111 = Flow Label: 0x86337
   Payload Length: 64
   Next Header: ICMPv6 (58)
   Hop Limit: 59
   Source: 2a02:26f0:7b:28a::d44
   Destination: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d
   [Source GeoIP: ]
   [Destination GeoIP: NL]
Internet Control Message Protocol v6
   Type: Echo (ping) reply (129)
   Code: 0
   Checksum: 0xdef6 [correct]
   [Checksum Status: Good]
   Identifier: 0x68d7
   Sequence: 1
   [Response To: 18]
   [Response Time: 136.048 ms]
   Data (56 bytes)

请注意，许多组织出于安全原因选择阻止ping请求，因此在测试连接时尝试ping几个站点通常是一个好主意。

HHFQ

关注

1
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
在RHEL 7和8中配置IPv6地址

正如我在“您需要了解的IPv6”中提到的，在计算机上配置IPv6地址存在不同的方法。我们将主要关注在RHEL 7和8系统上配置IPv6地址，并简要解释不同的分配方法。Red Hat Enterprise Linux系统配置为自动获取IPv6地址。以下是配置文件中神奇发生的几行（我为每行添加了一些解释）：有关这些连接设置的详细信息，请运行：Table ipv6 设置如果变量设置为，则使用SLAAC方法通过使用邻居发现协议（NDP）配置主机的IPV6地址。这里应用的技术是在上一篇文章的多播部分中解释的技术，
复制链接

扫一扫