[CentOS] centos 6.3 ipv6 default gateway
Michael H. Warfield
mhw at WittsEnd.com
Fri Apr 12 02:32:51 UTC 2013
On Fri, 2013-04-12 at 09:28 +0800, Jaze Lee wrote:
> 2013/4/12 Michael H. Warfield <mhw at wittsend.com>
>
> > Hello,
> >
> > I may be totally off base here but...
> >
> > On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote:
> > > hello,
> > > i met a problem in configuratiion of ipv6 gw in my box
> > > i install centos 6.3 (64 bit) on my boxs, which have four netcard.
> > > i use a straight-through cable to connect centosv0:netcard-2 and
> > > centosv1:netcard2
> > > the topology is this:
> > > client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2 <--->
> > > centosv1:netcard-2 <---->centosv1:netcard-2 <---> client d (backtrack r2
> > > 32)
> > > 1:2:3:4::2/64 1:2:3:4::1/64 1:2:3::4/64
> > > 1:2:3::5/64 1:2:3:5::1/64
> > > 1:2:3:5::2/64
> >
> > Surely, I hope you jest with those numbers. You are not allowed to pick
> > numbers out of the air and just use them, even if it's for private use.
> > There are specific blocks of addresses for specific uses and assigned
> > "scopes" and all the "private use" addresses are in blocks very high up
> > in the address space beginning with fc or fd. If those are literally
> > the addresses you used, they will not work and I would expect them to
> > give you all sorts of grief at some point or another.
> >
> > > what i want to do is set default gw on centosv0 to centosv1
> >
> > I take it "centosv0" and "centosv1" are configured for ipv6 forwarding?
> > You didn't provide the information on that. There are some gotcha's in
> > there with default routing on a router (basically there is no such
> > thing) and the router needs to be set up properly for both routing and
> > its routes. But I don't think that's your problem you're describing
> > down below.
> >
> > > i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0) as
> > this
> > > DEVICE="eth2"
> > > BOOTPROTO=static
> > > HWADDR="60:A4:4C:23:2F:6F"
> > > NM_CONTROLLED="yes"
> > > ONBOOT="yes"
> > > TYPE="Ethernet"
> > > #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
> > > IPV6INIT=yes
> > > IPV6ADDR=1:2:3::4
> > ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128).
> >
> > > IPV6_DEFAULTGW=1:2:3::5
> > ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network
> > (/128)
> >
> > > and i also configure /etc/sysconfig/network to this:
> > > NETWORKING=yes
> > > HOSTNAME=centosv0
> > > NETWORKING_IPV6=yes
> > > IPV6_AUTOCONF=no
> >
> > For forwarding...
> >
> > In that file you're also going to need:
> >
> > IPV6FORWARDING=yes
> >
> > You may also need to add lines to /etc/sysctl.conf (I've needed in the
> > past on Fedora):
> >
> > net.ipv6.conf.all.forwarding = 1
> > net.ipv6.conf.default.forwarding = 1
> >
> > But those aren't your problem with this...
> >
> > > but i met an error:
> > > Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error
> >
> > I'm not totally sure if this is because you didn't specify a prefix
> > length on your IPV6ADDR line or the fact that it then conflicted with
> > your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it
> > was because you choose and illegal IPv6 prefix or if it was a
> > combination of all of them. The "WARN: [ipv6_add_route] Unknown error"
> > makes me suspicious because your default gatway conflicts with your
> > interface network definition (because you didn't specify the prefix size
> > and it defaulted to /128) and the kernel has no way to route it out any
> > interface. IAC... You won't be able to use a default route on a router
> > anyways (more below).
> >
> > > i do not know how why,and can some one gives me some suggestion?
> > > thanks a lot.
> >
> > If those were literally the addresses you used, It may be an address
> > that's in an illegal scope.
>
> i test those ipv6 address on ubuntu 12.04, and it is ok. But now, we
> should change system to Centos 6.3.
> And i add all the stuff that i miss. One machine is configured like this:
>
> [root at centosv0 sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
> DEVICE="eth2"
> BOOTPROTO=static
> HWADDR="60:A4:4C:23:2F:6F"
> NM_CONTROLLED="yes"
> ONBOOT="yes"
> TYPE="Ethernet"
> #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
> IPV6INIT=yes
> IPV6ADDR=1:2:3::4/64
> IPV6_DEFAULTGW=1:2:3::5/64
^^^^^^^^^^^^^^^^^^^^^^^^^^^ You do NOT need the /64 on this line.
> and add the below to /etc/sysctl.conf
> net.ipv6.conf.all.forwarding = 1
> net.ipv6.conf.default.forwarding = 1
> and through /proc i can see this
>
> [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/default/forwarding
> 1
> [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/all/forwarding
> 1
> and through command ifconfig i can see this
> eth1 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6E
> inet6 addr: 1:2:3:4::1/64 Scope:Global --->
> subnet
> inet6 addr: fe80::62a4:4cff:fe23:2f6e/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 b) TX bytes:2028 (1.9 KiB)
> Interrupt:17 Memory:dc300000-dc320000
> eth2 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6F
> inet6 addr: 1:2:3::4/64 Scope:Global
> ----> connected by straight-through cable
> inet6 addr: fe80::62a4:4cff:fe23:2f6f/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:3 errors:0 dropped:0 overruns:0 frame:0
> TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:210 (210.0 b) TX bytes:2028 (1.9 KiB)
> Interrupt:18 Memory:dc200000-dc220000
> eth3 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:70
> inet addr:192.168.5.211 Bcast:192.168.5.255 Mask:255.255.255.0
> ----> used by my ssh
> inet6 addr: fe80::62a4:4cff:fe23:2f70/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:3008 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:291006 (284.1 KiB) TX bytes:154231 (150.6 KiB)
> Interrupt:19 Memory:dc100000-dc120000
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
> but when restart the network, i also get this error
> Shutting down interface eth1: [ OK ]
> Shutting down interface eth2: [ OK ]
> Shutting down interface eth3: [ OK ]
> Shutting down loopback interface: [ OK ]
> Bringing up loopback interface: [ OK ]
> Bringing up interface eth1: [ OK ]
> Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error
This time, it would be my guess that it's because you added the /64 to
your gateway address, but the default gateway is not going to work on a
router anyways.
> [ OK ]
> Bringing up interface eth3: [ OK ]
>
> As you said that the ipv6 address is in illegal scope and can not goto
> global net,
> I use those ipv6 address for a private use, and i test them ok on ubuntu
> 12.04.
You are, none the less, not suppose to use addresses in that block for
ANYTHING. The fc00::/7 block is intended for what you want to do. Even
if they happen to work, they are not guaranteed to work and may cause
other problems (like reverse DNS lookup traffic).
> Must i change ipv6 address to some thing like 2000::/3, even i just want to
> use ipv6 for private?
No, you should change them to FC00:/7 for private use. That's what that
block was allocated for. Use it. Don't just dream up stuff.
You will need static routes on each of your two routers for your two client routes.
For example. If your networks are allocated as follows...
fd00:1:1:1::/64 <-> Router 1 <-> fd00:1:1:2::/64 <-> Router 2 <-> fd00:1:1:3::/64
Then, on router 1 you need a static route:
fd00:1:1:3::/64 via fd00:1:1:2::{Router 2 address}
And on router 2 you need a static route:
fd00:1:1:1::/64 via fd00:1:1:2::{Router 1 Address}
I generally stuff static routes either
in /etc/sysconfig/static-routes-ipv6 but I'm not sure how well that
works with NetworkManager since the FIRST thing I do is disable
NetworkManager on a router.
> IPv6 does not behave quite like IPv4 does
> > and you need to know what some of these blocks of addresses do and what
> > their scope is.
> >
> > "Local" IPv6 unicast addresses begin with the prefix fc00::/7 and there
> > are recommended procedures for assigning subnets out of them and
> > choosing network prefixes...
> >
> > http://www.ietf.org/rfc/rfc4193.txt
> >
> > Those may be routed between your machines but may not be routed on the
> > global net either as a source or destination address. Your machines
> > should also be given "link local" addresses which are valid only on that
> > network segment. They're in the fe80::/64 prefix.
> >
> > Global addresses are in the 2000::/3 block. If you are using a Linux
> > system as an IPv6 router, the kernel is going to disable the default
> > route (::/0), preventing non-global addresses from routing. You'll have
> > to add appropriate routes for all your "local" (fc00::/7) subnets and
> > also provide a global unicast default route using 2000::/3 on the
> > routers.
> >
> > Don't try to do your setup above with the two routers pointing default
> > routes at each other. Point specific static routes for each subnet
> > behind each respective opposite router.
> But the specific static routes are not connect directly, the peers are
> connected by straight-through cable in eth2
> client c <--> cetnosv0 eth1 <--> centosv0 eth2 <=====> centosv1 eth2 <-->
> centosv1 eth1 <--> client d
|
|___
> here are connected by straight-through cable
You'll still need static routes on the routers on each side of that
"straight-through cable" to point across the cable for the routing of
the network on the other side of the cable and opposite router.
Don't try and cross default routes pointing at each other router.
That's highly unreliable and prone to routing loops in IPv4 and flat out
will not work in IPv6 due to default routing being disabled in Linux for
IPv6 when IPv6 forwarding is enabled.
> > Wikipedia has a rundown on the various address blocks and formats:
> >
> > http://en.wikipedia.org/wiki/IPv6_address
> >
> > Local addresses in particular are described here:
> >
> > http://en.wikipedia.org/wiki/Unique_local_address
> >
> > Anything in 1::/16 (if that's what you're doing) is going to be illegal
> > afaik as it's not in an assigned block and scope. It should reject it
> > as being unroutable or having a non-valid scope.
> >
> > Certain addresses below 2000::/3 are used for compatibility purposes.
> >
> > ::a.b.c.d use to be an IPv4 compatibility address but is largely
> > deprecated.
> >
> > ::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications
> > running in a dual stack environment where they see IPv4 addresses as
> > IPv6 addresses in the ::ffff:0:0/112 block. All those addresses are for
> > internal use and are seriously hands off.
> >
> > You can not treat IPv6 arbitrarily as if it were IPv4 with fat
> > addresses. If you need to learn more about IPv6 and how it works, you
> > probably might want to start looking at Hurricane Electric aka
> > Tunnelbroker.net, http://www.tunnelbroker.net . They have some very
> > good IPv6 interactive tutorials there for free and are very quick for
> > the basic stuff. The first few exercise could be very helpful to you.
> > If you follow it all the way through, you will find yourself learning
> > how to set up DNS properly for IPv6 and registering your own IPv6 glue
> > records with your registrars.
> >
> > Now, if I'm off base here and you were merely obfuscating your real
> > addresses, I would recommend obfuscating them with fc00: instead of 1:
> > and those would be valid example addresses. You could use
> > fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and
> > fc00:1:1:3::/64 for yet another. Read that RFC for recommendations on
> > what you really should chose (generally a random number for
> > fdxx:xxxx:xxxx::/48 before your SLA). Since you've got 2 routers,
> > you'll need three network prefixes, which I see you have. Generally,
> > you'll want to manipulate that fourth field as your SLA (Site Local
> > Address) which is IPv6 lingo for your subnet address.
> >
> > Replace the leading "1:" in each of those nets with "fdxx:", add your
> > appropriate subnets, add your appropriate prefix lengths to those static
> > address, and add appropriate static routes, and you might get further
> > along the road.
> >
> > Regards,
> > Mike
> Best Regards,
> jaze
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL: <http://lists.centos.org/pipermail/centos/attachments/20130411/d64f6d1e/attachment.sig>
More information about the CentOS
mailing list