- 论坛徽章:
- 0
|
最近需要搞一些ipv6的东东,找了些入门的资料。
IPv4 forwarding
For using IP forwarding (routing from one interface to another), you
have to switch on this option in the kernel
- Append for IPv4 routing: echo 1 >
/proc/sys/net/ipv4/ip_forward (/proc/sys/net/ipv4/ip_forwarding
in older kernel versions)- E.g. at /etc/sysconfig/network-scripts/ifup-routes
- On newer RedHat systems: edit /etc/sysctl.conf
/etc/protocols
Append new lines with IPv6 protocol numbers , if not exist:
- ipv6 41
IPv6 # IPv6 - ipv6-route 43 IPv6-Route # Routing Header for IPv6
- ipv6-frag 44 IPv6-Frag # Fragment Header for
IPv6 - ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6
- ipv6-auth 51 IPv6-Auth # Authentication Header
for IPv6 - ipv6-icmp 58 IPv6-ICMP icmpv6 icmp6
# ICMP for IPv6 - ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6
- ipv6-opts 60 IPv6-Opts # Destination Options
for IPv6
/etc/hosts
Append new lines with special IPv6 addresses, if not exist:
- ::1 ip6-localhost ip6-loopback
- fe00::0 ip6-localnet
- ff00::0 ip6-mcastprefix
- ff02::1 ip6-allnodes
- ff02::2 ip6-allrouters
Testing & network Troubleshooting
- Make a reboot
- Look for correct interface configuration:
- ifconfig
- Here you should see IPv6 addresses, too.
- If not, perhaps you compiled IPv6 as module, so do
not
forget to- Test: lsmod | grep -i ipvg
- edit your /etc/conf.modules (or /etc/modules.conf)
- Add a line: alias net-pf-10 ipv6
- Load module immediately: modprobe ipv6
- If module is loaded and no IPv6 addresses are displayed (the
link local address must be shown without any configuration!):- Perhaps your used set of net-tools is not the one you've
compiled for using with IPv6 (perhaps you forgot a "make install"...)
- Look for correct IPv6 routing tables:
- route -A inet6
- If you get an error, you're using the old only IPv4 ready
net-tools set, see ifconfig section for details
- Test primitive socket operation (if ping6 has SUID bit
not set, you can only use it as root):- Loopback address:
- Link local address:
- e.g.: ping6 fe80::2e0:18ff:fe90:9205
- On 2.4.x kernels, you will mostly get an error message like "connect:
Invalid argument". In this case you have to specify the
interface, too, like:- ping6 -I eth0 fe80::2e0:18ff:fe90:9205
- Other addresses:
- If you have problems, look at your interfaces:
- tcpdump -i {interface} -t -e
Now you can see the link-layer addresses, packet types {ipv6|ip|arp}and
{host addresses | resolved hostnames}
If tcpdump won't work and you compiled Paket Socket
as module, do not forget to
- Edit your /etc/conf.modules
Add a line: alias net-pf-17 af_packet
- Load module immediately: modprobe af_packet
- For decoding all of the IPv6 information contained in an IPv6
packet (e.g. autoconfiguration packets), you can also use- tcpdump [-i interface] -vv -s 512
- If you have created IPv6 DNS files you can query the information
with: nslookup>set querytype=ANY
>hostname - Using BIND9 (client utilities), you can also use
- host -n IPv6-address for ip6.int.
reverse lookup tests
- If name resolution works (by DNS or /etc/hosts)
you can test this for IPv4: - And now for IPv6:
- Start the Router ADVertisement Daemon on one host and
look at the others with radvdump for incoming router
advertisements - Try now some external addresses:
Questions & answers
See first Linux+IPv6-HOWTO
[LDP] | Linux+IPv6-HOWTO
[DS6]
Basic commands - how they are used?
What command to use to
- assign a static IPv6 address to an interface:
- Abstract: ifconfig ipv6 add $device $ipv6address/$prefixlength
- Example: ifconfig ipv6 add eth0 fec0::1/64
- assign a default gateway for IPv6 traffic
- default routes are not really supported by vanilla kernels, so
use the Aggregatable Global Unicast prefix as default - Abstract: route -A inet6 add 2000::/3 gw $addressgw
dev $devicegw - Example: route -A inet6 add 2000::/3 gw
3ffe:ffff:1234:5678::1 dev eth0
For others, manual pages or digging in the scripts are your friend....
Cannot ping
If you got the error "ping: icmp6: unknown protocol", look in
/etc/protocols
for
specific changes
Because of some definition changes (old inet6-apps, new net-tools),
the ping utility included in inet6-apps uses an old one which is not
contained in newer /etc/protocol files. Solution: add alias
name like shown on this page.
"connect: Invalid argument": kernel 2.4.x in use, you have to
specify also the interface, see upper shown hints
"ping: icmp open socket: Operation not permitted": you are
not
root and ping6 has SUID bit not set. ICMP sockets are only allowed to
root
for opening.
Cannot connect to services using
link local addresses
If you have successfully tested ping6 using scoped link-local
addresses, it's possible that you want to use this addresses also for
connections
to TCP services.
Unfortunately this mostly won't work because you cannot set the scope
for this address using client programs.
Solution: add site-local addresses to your interfaces and use them
instead of link-local ones.
I want to setup an IPv6-only host
Using current Linux kernels it's not possible to build IPv4 as module.
Therefore IPv4 is always present. But you can switch it off if you
setup a special address on the device, e.g.
ifconfig eth0 0.0.0.0.
IPv4 connections are no longer possible afterwards, so be carefully,
especially for DNS configuration.
Where can I get a
IPv6 address?
How do they look or more specifically what do the colons mean?
I've got the programs compiled and setup but I'm not sure where to
start next.
- On startup each interface is assigned a so called link-local
address, which is automatic generated from the interface identifier
(i.e. Ethernet MAC) and the prefix is fe80- Example: fe80::2c0:6cff:fe00:f043
- With this addresses, you can send packets from each interface
to another on the link. But not through routers, because it is link-local.
- At IPv6 you can assign more than one address to each interface.
so if you want to test/use routing, feel free to take site-local
addresses. They are starting with fec0.- Example: fec0:0:0:1:2c0:6cff:fe00:f043
- Now you have an interface identifier (64 bits) and a network
specifier (i.e. 16 bits). So you can route packets with address prefix fec0:0:0:1::/64
to a specific interface
- Both types of addresses mentioned above won't be routable into
the IPv6-Internet (called
6bone
).
In this case you need a aggregatable-global-unicast address and
also a connection to the 6bone.- If your ISP provides you already an IPv6 uplink
- You will get a prefix from it
- If not, you need a so called IPv6-in-IPv4-tunnel
- See also
IPv6-HOWTO-1.html#joinIPv6backbone
- Therefore you need two tunnelpoints, one at your site and
one connected to the 6bone. - To request for a tunnel, it's a good way to look at the
6bone-hookup-Page
or send an e-mail to the
6bone-maillist
with a short description of your location on earth and your IPv4
Internet
connection- It's better to create a tunnel to a point with a good
connection, than to a point locally close to you with a worse
connection.
- Normally, someone will create a tunnel to you
- From this one, you will get your prefix
Additional information: draft-ietf-ipngwg-addr-arch-v2-xx.txt (xx
= latest version), will be found at
ftp://ds.internic.net/internet-drafts/
How much time will I need to set up one IPv6
host?
Depends on your CPU power, because much code to compile In your network experience Downloading time
Here are some values:
What
Estimated Time [hour]
Linux distribution
~ 1 to 2
Decompressing, compiling & installation of all the
necessary code
~ 3 to 4
Setup scripts and configuration files
~ 1
Testing of link-local
~ 0.5
Testing of site-local
~ 0.5
Creating and testing of a tunnel
~ 1
Set up configuration and testing DNS
~ 1- 2
Set up configuration and testing RAdvD
~ 1
If you have to set up several hosts, which are nearly equal in hard
disk space, you can install the complete system at one host and copy
this complete (all directories) afterwards by NFS to all
the other ones or directly direct disk-to-disk. Don't forget to install
the bootloader in the right way...
How to get the version number of used libc?
Several possibilities:
- If using a Linux distribution based on RedHat packages:
- If using a Linux distribution based on tar.gz packages:
- find /lib -name libc.* -type l -ls
What are the minimal hardware
specifications for an IPv6 host?
Depends on your time and money budget :-)
I'm controlling four hosts at the moment:
An always connected tunnel endpoint
P-100 / 64 MByte / 1 GByte
My primary host at home
PII-350 / 64 MByte / 6 GByte
My dial on demand router
P-133 / 64 MByte / 1 GByte
My small client
486 DX-66 / 16 MByte / 500 MByte
On all hosts I get no problems running IPv6, only the 486's need much
time compiling a new kernel version.
Original link is http://mirrors.deepspace6.net/Linux+IPv6-HOWTO/
3.1. Addresses without a special prefix3.1.1. Localhost address
This
is a special address for the loopback interface, similiar to IPv4 with
its "127.0.0.1". With IPv6, the localhost address is:
[color="#000000"]0000:0000:0000:0000:0000:0000:0000:0001
or compressed:
[color="#000000"]::1
Packets with this address as source or destination should never leave the sending host.
3.1.2. Unspecified address
This is a special address like "any" or "0.0.0.0" in IPv4 . For IPv6 it's:
[color="#000000"]0000:0000:0000:0000:0000:0000:0000:0000
or:
[color="#000000"]::
These addresses are mostly used/seen in socket binding (to any IPv6 address) or routing tables.
Note: the unspecified address cannot be used as destination address.
3.1.3. IPv6 address with embedded IPv4 address
There are two addresses which contain an IPv4 address.
3.1.3.1. IPv4-mapped IPv6 address
IPv4-only
IPv6-compatible addresses are sometimes used/shown for sockets created
by an IPv6-enabled daemon, but only binding to an IPv4 address.
These addresses are defined with a special prefix of length 96 (a.b.c.d is the IPv4 address):
[color="#000000"]0:0:0:0:0:ffff:a.b.c.d/96
or in compressed format
[color="#000000"]::ffff:a.b.c.d/96
For example, the IPv4 address 1.2.3.4 looks like this:
[color="#000000"]::ffff:1.2.3.43.1.3.2. IPv4-compatible IPv6 address
Used for automatic tunneling (
RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers
), which is being replaced by
6to4 tunneling
.
[color="#000000"]0:0:0:0:0:0:a.b.c.d/96
or in compressed format
[color="#000000"]::a.b.c.d/96
3.2. Network part, also known as prefix
Designers defined some address types and left a lot of scope for future definitions as currently unknown requirements arise.
RFC 4291 / IP Version 6 Addressing Architecture
defines the current addressing scheme.
Now lets take a look at the different types of prefixes (and therefore address types):
3.2.1. Link local address type
These
are special addresses which will only be valid on a link of an
interface. Using this address as destination the packet would never
pass through a router. It's used for link communications such as:
anyone else here on this link?
anyone here with a special address (e.g. looking for a router)?
They begin with ( where "x" is any hex character, normally "0")
[color="#000000"]fe8x:
fe9x:
feax:
febx:
An
address with this prefix is found on each IPv6-enabled interface after
stateless auto-configuration (which is normally always the case).
3.2.2. Site local address type
These are addresses similar to the
RFC 1918 / Address Allocation for Private Internets
in IPv4 today, with the added advantage that everyone who use this
address type has the capability to use the given 16 bits for a maximum
number of 65536 subnets. Comparable with the 10.0.0.0/8 in IPv4 today.
Another
advantage: because it's possible to assign more than one address to an
interface with IPv6, you can also assign such a site local address in
addition to a global one.
It begins with:
[color="#000000"]fecx:
fedx:
feex:
fefx:
(where "x" is any hex character, normally "0")
This address type is now deprecated
RFC 3879 / Deprecating Site Local Addresses
, but for a test in a lab, such addresses are still a good choice in my humble opinion.
3.2.3. Unique Local IPv6 Unicast Addresses
Because
the original defined site local addresses are not unique, this can lead
to major problems, if two former independend networks would be
connected later (overlapping of subnets). This and other issues lead to
a new address type named
RFC 4193 / Unique Local IPv6 Unicast Addresses
.
It begins with:
[color="#000000"]fdxx:
fcxx:
A
part of the prefix (40 bits) are generated using a pseudo-random
algorithm and it's improbable, that two generated ones are equal.
Example for a prefix (generated using a web-based tool:
Goebel Consult / createLULA
):
[color="#000000"]fd0f:8b72:ac90::/48
3.2.4. Global address type "(Aggregatable) global unicast"
Today, there is one global address type defined (the first design, called "provider based," was thrown away some years ago
RFC 1884 / IP Version 6 Addressing Architecture [obsolete]
, you will find some remains in older Linux kernel sources).
It begins with (x are hex characters)
[color="#000000"]2xxx:
3xxx:
Note: the prefix "aggregatable" is thrown away in current drafts.
There are some further subtypes defined, see below:
3.2.4.1. 6bone test addresses
These were the first global addresses which were defined and in use. They all start with
[color="#000000"]3ffe:
Example:
[color="#000000"]3ffe:ffff:100:f102::1
A special 6bone test address which will never be globally unique begins with
[color="#000000"]3ffe:ffff:
and
is mostly shown in older examples. The reason for this is, if real
addresses are are shown, it's possible for someone to do a copy &
paste to their configuration files, thus inadvertently causing
duplicates on a globally unique address. This would cause serious
problems for the original host (e.g. getting answer packets for request
that were never sent).
Because IPv6 is now in production, this prefix is no longer be
delegated and is removed from routing after 6.6.2006 (see
RFC 3701 / 6bone Phaseout
for more).
3.2.4.2. 6to4 addresses
These addresses, designed for a special tunneling mechanism [
RFC 3056 / Connection of IPv6 Domains via IPv4 Clouds
and
RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers
], encode a given IPv4 address and a possible subnet and begin with
[color="#000000"]2002:
For example, representing 192.168.1.1/5:
[color="#000000"]2002:c0a8:0101:5::1
A small shell command line can help you generating such address out of a given IPv4 one:
[color="#000000"]ipv4="1.2.3.4"; sla="5"; printf "2002:%02x%02x:%02x%02x:%04x::1" `echo $ipv4
¬ | tr "." " "` $sla
See also
tunneling using 6to4
and
information about 6to4 relay routers
.
3.2.4.3. Assigned by provider for hierarchical routing
These addresses are delegated to Internet service providers (ISP) and begin currently with
[color="#000000"]2001:
Prefixes to major (backbone owning) ISPs (also known as LIRs) are delegated by
local registries
and currently have a prefix with length 32 assigned.
Any ISP customer can get a prefix with length 48.
3.2.4.4. Addresses reserved for examples and documentation
Currently, two address ranges are reserved for examples and documentation
RFC 3849 / IPv6 Address Prefix Reserved for Documentation
:
[color="#000000"]3fff:ffff::/32
2001:0DB8::/32 EXAMPLENET-WF
These
address ranges should be filtered based on source addresses and should
NOT be routed on border routers to the internet, if possible.
3.2.5. Multicast addresses
Multicast addresses are used for related services.
They alway start with (xx is the scope value)
[color="#000000"]ffxy:
They are split into scopes and types:
3.2.5.1. Multicast scopes
Multicast scope is a parameter to specify the maximum distance a multicast packet can travel from the sending entity.
Currently, the following regions (scopes) are defined:
ffx1: node-local, packets never leave the node.
ffx2: link-local, packets are never forwarded by routers, so they never leave the specified link.
ffx5: site-local, packets never leave the site.
ffx8: organization-local, packets never leave the organization (not so easy to implement, must be covered by routing protocol).
ffxe: global scope.
others are reserved
3.2.5.2. Multicast types
There are many types already defined/reserved (see
RFC 4291 / IP Version 6 Addressing Architecture
for details). Some examples are:
All
Nodes Address: ID = 1h, addresses all hosts on the local node
(ff01:0:0:0:0:0:0:1) or the connected link (ff02:0:0:0:0:0:0:1).
All
Routers Address: ID = 2h, addresses all routers on the local node
(ff01:0:0:0:0:0:0:2), on the connected link (ff02:0:0:0:0:0:0:2), or on
the local site (ff05:0:0:0:0:0:0:2)
3.2.5.3. Solicited node link-local multicast address
Special
multicast address used as destination address in neighborhood
discovery, because unlike in IPv4, ARP no longer exists in IPv6.
An example of this address looks like
[color="#000000"]ff02::1:ff00:1234
Used
prefix shows that this is a link-local multicast address. The suffix is
generated from the destination address. In this example, a packet
should be sent to address "fe80::1234", but the network stack doesn't
know the current layer 2 MAC address. It replaces the upper 104 bits
with "ff02:0:0:0:0:1:ff00::/104" and leaves the lower 24 bits
untouched. This address is now used `on-link' to find the corresponding
node which has to send a reply containing its layer 2 MAC address.
3.2.6. Anycast addresses
Anycast
addresses are special addresses and are used to cover things like
nearest DNS server, nearest DHCP server, or similar dynamic groups.
Addresses are taken out of the unicast address space (aggregatable
global or site-local at the moment). The anycast mechanism (client
view) will be handled by dynamic routing protocols.
Note: Anycast addresses cannot be used as source addresses, they are only used as destination addresses.
3.2.6.1. Subnet-router anycast address
A
simple example for an anycast address is the subnet-router anycast
address. Assuming that a node has the following global assigned IPv6
address:
[color="#000000"]2001:db8:100:f101:210:a4ff:fee3:9566/64
The subnet-router anycast address will be created blanking the suffix (least significant 64 bits) completely:
[color="#000000"]2001:db8:100:f101::/64
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u/16030/showart_1535594.html |
|