正如我在“您需要了解的IPv6”中提到的,在计算机上配置IPv6地址存在不同的方法。我们将主要关注在RHEL 7和8系统上配置IPv6地址,并简要解释不同的分配方法。
在RHEL 7和8中配置IPv6
Red Hat Enterprise Linux系统配置为自动获取IPv6地址。以下是配置文件中神奇发生的几行(我为每行添加了一些解释):
[root@rhel8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0
………
………
IPV6INIT="yes" ← 在接口上启用初始化
IPV6_AUTOCONF="yes" ← 接受路由器通告(RA)
IPV6_DEFROUTE="yes" ← 为接口分配缺省IPv6路由
IPV6_FAILURE_FATAL="no" ← may-fail的反义词
IPV6_ADDR_GEN_MODE="stable-privacy" ← IPv6稳定隐私寻址(RFC7217)
NAME="enp1s0"
………
………
有关这些连接设置的详细信息,请运行:
man nm-settings-ifcfg-rh
Table ipv6 设置
| 属性 | Ifcfg-rh 变量 | 默认值 | 描述 |
|---|---|---|---|
| method | IPV6INIT, IPV6FORWARDING, IPV6_AUTOCONF, DHCPV6C, IPV6_DISABLED | IPV6INIT=yes; IPV6FORWARDING=no; IPV6_AUTOCONF=!IPV6FORWARDING, DHCPV6C=no | 用于IPv6协议配置的方法。 ignore ~ IPV6INIT=no; auto ~ IPV6_AUTOCONF=yes; dhcp ~ IPV6_AUTOCONF=no 且DHCPV6C=yes; disabled ~ IPV6_DISABLED=yes |
| dns | DNS1, DNS2, … | DNS服务器列表。NetworkManager同时使用IPv4和IPv6的变量。 | |
| dns-search | IPV6_DOMAIN*(+)* | DNS搜索域列表。 | |
| addresses | IPV6ADDR, IPV6ADDR_SECONDARIES | List of static IP addresses. Example: IPV6ADDR=ab12:9876::1 IPV6ADDR_SECONDARIES=“ab12:9876::2 ab12:9876::3” | |
| gateway | IPV6_DEFAULTGW | Gateway IP address. Example: IPV6_DEFAULTGW=abbe::1 | |
| routes | (none) | List of static routes. They are not stored in ifcfg-* file, but in route6-* file instead in the form of command line for ‘ip route add’. | |
| ignore-auto-routes | IPV6_PEERROUTES*(+)* | yes | IPV6_PEERROUTES has the opposite meaning as ‘ignore-auto-routes’ property. |
| ignore-auto-dns | IPV6_PEERDNS*(+)* | yes | IPV6_PEERDNS has the opposite meaning as ‘ignore-auto-dns’ property. |
| dhcp-hostname | DHCPV6_HOSTNAME | Hostname to send the DHCP server. | |
| dhcp-timeout | IPV6_DHCP_TIMEOUT*(+)* | A timeout after which the DHCP transaction fails in case of no response. Example: IPV6_DHCP_TIMEOUT=10 | |
| never-default | IPV6_DEFROUTE*(+)*, (and IPV6_DEFAULTGW, IPV6_DEFAULTDEV in /etc/sysconfig/network) | IPV6_DEFROUTE=yes (when no variable specified) | IPV6_DEFROUTE=no tells NetworkManager that this connection should not be assigned the default IPv6 route. IPV6_DEFROUTE has the opposite meaning as ‘never-default’ property. Example: DHCPV6_HOSTNAME_FLAGS=5 */ |
| may-fail | IPV6_FAILURE_FATAL*(+)* | no | IPV6_FAILURE_FATAL has the opposite meaning as ‘may-fail’ property. |
| route-metric | IPV6_ROUTE_METRIC*(+)* | -1 | IPV6_ROUTE_METRIC is the default IPv6 metric for routes on this connection. If set to -1, a default metric based on the device type is used. |
| route-table | IPV6_ROUTE_TABLE*(+)* | 0 | IPV6_ROUTE_TABLE enables policy-routing and sets the default routing table. |
| dns-priority | IPV6_DNS_PRIORITY*(+)* | 0 | The priority for DNS servers of this connection. Lower values have higher priority. If zero, the default value will be used (50 for VPNs, 100 for other connections). A negative value prevents DNS from other connections with greater values to be used. Example: IPV6_DNS_PRIORITY=20 |
| dns-options | IPV6_RES_OPTIONS*(+)* | List of DNS options to be added to /etc/resolv.conf Example: IPV6_RES_OPTIONS=ndots:2 timeout:3 | |
| ip6-privacy | IPV6_PRIVACY, IPV6_PRIVACY_PREFER_PUBLIC_IP*(+)* | no | Configure IPv6 Privacy Extensions for SLAAC (RFC4941). Example: IPV6_PRIVACY=rfc3041 IPV6_PRIVACY_PREFER_PUBLIC_IP=yes Allowed values: IPV6_PRIVACY: no, yes (rfc3041 or rfc4941); IPV6_PRIVACY_PREFER_PUBLIC_IP: yes, no |
| addr-gen-mode | IPV6_ADDR_GEN_MODE | eui64 | Configure IPv6 Stable Privacy addressing for SLAAC (RFC7217). Example: IPV6_ADDR_GEN_MODE=stable-privacy Allowed values: IPV6_ADDR_GEN_MODE: eui64, stable-privacy |
| token | IPV6_TOKEN | The IPv6 tokenized interface identifier token Example: IPV6_TOKEN=::53 | |
| dhcp-timeout | IPV6_RA_TIMEOUT*(+)* | A timeout for waiting Router Advertisements in seconds. Example: IPV6_RA_TIMEOUT=10 | |
| dhcp-duid | DHCPV6_DUID*(+)* | A string sent to the DHCPv6 server to identify the local machine. Apart from the special values “lease”, “stable-llt”, “stable-ll”, “stable-uuid”, “llt” and “ll” a binary value in hex format is expected. An hex string where each octet is separated by a colon is also accepted. Example: DHCPV6_DUID=LL; DHCPV6_DUID=0301deadbeef0001; DHCPV6_DUID=03:01🇩🇪ad:be:ef:00:01 |
无状态地址自动配置(SLAAC)
如果IPV6_AUTOCONF变量设置为yes,则使用SLAAC方法通过使用邻居发现协议(NDP)配置主机的IPV6地址。这里应用的技术是在上一篇文章的多播部分中解释的技术,其中交换了客户端请求和路由器通告ICMPv6消息。
我们使用术语无状态,因为没有服务来跟踪分配给客户端的IPv6地址。相反,IPv6地址是由一种称为扩展唯一标识符(EUI-64)的技术组成的,其中16位被添加到媒体访问控制(MAC)地址(它有48位),从而创建一个全局唯一的IPv6地址。
DHCPv6
要使用DHCPv6,配置文件中应显示以下内容:
IPV6_AUTOCONF="no"
DHCPV6C=”yes”
如果DHCPV6C变量设置为yes,则客户端从DHCPv6池获取IP地址。然后,DHCPv6服务跟踪分配给哪些客户端的IPv6地址。在IP地址中,其他信息(如DNS服务器、租用时间、主机名和其他属性)被推送到客户端。管理员必须配置IPv6地址池才能为客户端提供服务。
手动
也可以(但不建议)手动配置IPv6地址。手动配置需要大量工作,容易出错,而且很难跟踪分配给哪些客户端的IPv6地址。在大型网络上,DHCPv6服务器更适合执行此任务。
要在Red Hat Enterprise Linux 7和8上手动配置IPv6,需要将以下版本添加到配置文件中:
[root@rhel8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-enp1s0
………
………
IPV6ADDR=2a01:1b0:5389:4::22f2
IPV6_DEFAULTGW=2a01:1b0:5389:4::22f0
………
………
或者,您可以通过NetworkManager手动配置:
# nmcli con mod enp1s0 ipv6.addresses "2a22:1d0:5222:4::22f2/64" gw6 "2a22:1d0:5222:4::22f0/64"
# nmcli con mod enp1s0 ipv6.method manual
测试IPv6连通性
要测试IPv6连通性,我们可以在www.redhat.com上运行ping6:
# ping6 -c2 www.redhat.com
PING www.redhat.com(g2a02-26f0-b200-018f-0000-0000-0000-0d44.deploy.static.akamaitechnologies.com (2a02:26f0:b200:18f::d44)) 56 data bytes
64 bytes from g2a02-26f0-b200-018f-0000-0000-0000-0d44.deploy.static.akamaitechnologies.com (2a02:26f0:b200:18f::d44): icmp_seq=1 ttl=58 time=8.43 ms
--- www.redhat.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 8.425/8.425/8.425/0.000 ms
当ping正在运行时,我在后台运行Wireshark,看看在底层发生了什么。这是ICMPv6请求包(由我发送)和我收到的ICMPv6回复包。
ICMPv6请求
No. Time Source Destination Protocol Length Info
18 3.471783469 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d 2a02:26f0:7b:28a::d44 ICMPv6 118 Echo (ping) request id=0x68d7, seq=1, hop limit=64 (reply in 24)
Frame 18: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee), Dst: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
Destination: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
Address: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
Address: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d, Dst: 2a02:26f0:7b:28a::d44
0110 .... = Version: 6
.... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
.... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
.... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
.... .... .... 1010 0010 1001 1110 0100 = Flow Label: 0xa29e4
Payload Length: 64
Next Header: ICMPv6 (58)
Hop Limit: 64
Source: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d
Destination: 2a02:26f0:7b:28a::d44
[Source GeoIP: NL]
[Destination GeoIP: ]
Internet Control Message Protocol v6
Type: Echo (ping) request (128)
Code: 0
Checksum: 0xdff6 [correct]
[Checksum Status: Good]
Identifier: 0x68d7
Sequence: 1
[Response In: 24]
Data (56 bytes)
ICMPv6回复
No. Time Source Destination Protocol Length Info
24 3.607831042 2a02:26f0:7b:28a::d44 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d ICMPv6 118 Echo (ping) reply id=0x68d7, seq=1, hop limit=59 (request in 18)
Frame 24: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface 0
Ethernet II, Src: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff), Dst: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
Destination: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
Address: HonHaiPr_74:2a:27 (ad:bc:dd:fa:da:ee)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
Address: Ubiquiti_77:dd:a5 (aa:bb:cc:dd:ee:ff)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv6 (0x86dd)
Internet Protocol Version 6, Src: 2a02:26f0:7b:28a::d44, Dst: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d
0110 .... = Version: 6
.... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
.... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0)
.... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0)
.... .... .... 1000 0110 0011 0011 0111 = Flow Label: 0x86337
Payload Length: 64
Next Header: ICMPv6 (58)
Hop Limit: 59
Source: 2a02:26f0:7b:28a::d44
Destination: 2a01:1b0:5389:2:ccff:cdcd:6ccd:dc0d
[Source GeoIP: ]
[Destination GeoIP: NL]
Internet Control Message Protocol v6
Type: Echo (ping) reply (129)
Code: 0
Checksum: 0xdef6 [correct]
[Checksum Status: Good]
Identifier: 0x68d7
Sequence: 1
[Response To: 18]
[Response Time: 136.048 ms]
Data (56 bytes)
请注意,许多组织出于安全原因选择阻止ping请求,因此在测试连接时尝试ping几个站点通常是一个好主意。
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
