2013/4/12 Michael H. Warfield <mhw at wittsend.com> > Hello, > > I may be totally off base here but... > > On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote: > > hello, > > i met a problem in configuratiion of ipv6 gw in my box > > i install centos 6.3 (64 bit) on my boxs, which have four netcard. > > i use a straight-through cable to connect centosv0:netcard-2 and > > centosv1:netcard2 > > the topology is this: > > client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2 <---> > > centosv1:netcard-2 <---->centosv1:netcard-2 <---> client d (backtrack r2 > > 32) > > 1:2:3:4::2/64 1:2:3:4::1/64 1:2:3::4/64 > > 1:2:3::5/64 1:2:3:5::1/64 > > 1:2:3:5::2/64 > > Surely, I hope you jest with those numbers. You are not allowed to pick > numbers out of the air and just use them, even if it's for private use. > There are specific blocks of addresses for specific uses and assigned > "scopes" and all the "private use" addresses are in blocks very high up > in the address space beginning with fc or fd. If those are literally > the addresses you used, they will not work and I would expect them to > give you all sorts of grief at some point or another. > > > what i want to do is set default gw on centosv0 to centosv1 > > I take it "centosv0" and "centosv1" are configured for ipv6 forwarding? > You didn't provide the information on that. There are some gotcha's in > there with default routing on a router (basically there is no such > thing) and the router needs to be set up properly for both routing and > its routes. But I don't think that's your problem you're describing > down below. > > > i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0) as > this > > DEVICE="eth2" > > BOOTPROTO=static > > HWADDR="60:A4:4C:23:2F:6F" > > NM_CONTROLLED="yes" > > ONBOOT="yes" > > TYPE="Ethernet" > > #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf" > > IPV6INIT=yes > > IPV6ADDR=1:2:3::4 > ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128). > > > IPV6_DEFAULTGW=1:2:3::5 > ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network > (/128) > > > and i also configure /etc/sysconfig/network to this: > > NETWORKING=yes > > HOSTNAME=centosv0 > > NETWORKING_IPV6=yes > > IPV6_AUTOCONF=no > > For forwarding... > > In that file you're also going to need: > > IPV6FORWARDING=yes > > You may also need to add lines to /etc/sysctl.conf (I've needed in the > past on Fedora): > > net.ipv6.conf.all.forwarding = 1 > net.ipv6.conf.default.forwarding = 1 > > But those aren't your problem with this... > > > but i met an error: > > Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error > > I'm not totally sure if this is because you didn't specify a prefix > length on your IPV6ADDR line or the fact that it then conflicted with > your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it > was because you choose and illegal IPv6 prefix or if it was a > combination of all of them. The "WARN: [ipv6_add_route] Unknown error" > makes me suspicious because your default gatway conflicts with your > interface network definition (because you didn't specify the prefix size > and it defaulted to /128) and the kernel has no way to route it out any > interface. IAC... You won't be able to use a default route on a router > anyways (more below). > > > i do not know how why,and can some one gives me some suggestion? > > thanks a lot. > > If those were literally the addresses you used, It may be an address > that's in an illegal scope. i test those ipv6 address on ubuntu 12.04, and it is ok. But now, we should change system to Centos 6.3. And i add all the stuff that i miss. One machine is configured like this: [root at centosv0 sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth2 DEVICE="eth2" BOOTPROTO=static HWADDR="60:A4:4C:23:2F:6F" NM_CONTROLLED="yes" ONBOOT="yes" TYPE="Ethernet" #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf" IPV6INIT=yes IPV6ADDR=1:2:3::4/64 IPV6_DEFAULTGW=1:2:3::5/64 and add the below to /etc/sysctl.conf net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.default.forwarding = 1 and through /proc i can see this [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/default/forwarding 1 [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/all/forwarding 1 and through command ifconfig i can see this eth1 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6E inet6 addr: 1:2:3:4::1/64 Scope:Global ---> subnet inet6 addr: fe80::62a4:4cff:fe23:2f6e/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:22 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:2028 (1.9 KiB) Interrupt:17 Memory:dc300000-dc320000 eth2 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6F inet6 addr: 1:2:3::4/64 Scope:Global ----> connected by straight-through cable inet6 addr: fe80::62a4:4cff:fe23:2f6f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:22 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:210 (210.0 b) TX bytes:2028 (1.9 KiB) Interrupt:18 Memory:dc200000-dc220000 eth3 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:70 inet addr:192.168.5.211 Bcast:192.168.5.255 Mask:255.255.255.0 ----> used by my ssh inet6 addr: fe80::62a4:4cff:fe23:2f70/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:3008 errors:0 dropped:0 overruns:0 frame:0 TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:291006 (284.1 KiB) TX bytes:154231 (150.6 KiB) Interrupt:19 Memory:dc100000-dc120000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) but when restart the network, i also get this error Shutting down interface eth1: [ OK ] Shutting down interface eth2: [ OK ] Shutting down interface eth3: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth1: [ OK ] Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error [ OK ] Bringing up interface eth3: [ OK ] As you said that the ipv6 address is in illegal scope and can not goto global net, I use those ipv6 address for a private use, and i test them ok on ubuntu 12.04. Must i change ipv6 address to some thing like 2000::/3, even i just want to use ipv6 for private? IPv6 does not behave quite like IPv4 does > and you need to know what some of these blocks of addresses do and what > their scope is. > > "Local" IPv6 unicast addresses begin with the prefix fc00::/7 and there > are recommended procedures for assigning subnets out of them and > choosing network prefixes... > > http://www.ietf.org/rfc/rfc4193.txt > > Those may be routed between your machines but may not be routed on the > global net either as a source or destination address. Your machines > should also be given "link local" addresses which are valid only on that > network segment. They're in the fe80::/64 prefix. > > Global addresses are in the 2000::/3 block. If you are using a Linux > system as an IPv6 router, the kernel is going to disable the default > route (::/0), preventing non-global addresses from routing. You'll have > to add appropriate routes for all your "local" (fc00::/7) subnets and > also provide a global unicast default route using 2000::/3 on the > routers. > > Don't try to do your setup above with the two routers pointing default > routes at each other. Point specific static routes for each subnet > behind each respective opposite router. > But the specific static routes are not connect directly, the peers are connected by straight-through cable in eth2 client c <--> cetnosv0 eth1 <--> centosv0 eth2 <=====> centosv1 eth2 <--> centosv1 eth1 <--> client d | |___ here are connected by straight-through cable > > Wikipedia has a rundown on the various address blocks and formats: > > http://en.wikipedia.org/wiki/IPv6_address > > Local addresses in particular are described here: > > http://en.wikipedia.org/wiki/Unique_local_address > > Anything in 1::/16 (if that's what you're doing) is going to be illegal > afaik as it's not in an assigned block and scope. It should reject it > as being unroutable or having a non-valid scope. > > Certain addresses below 2000::/3 are used for compatibility purposes. > > ::a.b.c.d use to be an IPv4 compatibility address but is largely > deprecated. > > ::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications > running in a dual stack environment where they see IPv4 addresses as > IPv6 addresses in the ::ffff:0:0/112 block. All those addresses are for > internal use and are seriously hands off. > > You can not treat IPv6 arbitrarily as if it were IPv4 with fat > addresses. If you need to learn more about IPv6 and how it works, you > probably might want to start looking at Hurricane Electric aka > Tunnelbroker.net, http://www.tunnelbroker.net . They have some very > good IPv6 interactive tutorials there for free and are very quick for > the basic stuff. The first few exercise could be very helpful to you. > If you follow it all the way through, you will find yourself learning > how to set up DNS properly for IPv6 and registering your own IPv6 glue > records with your registrars. > > Now, if I'm off base here and you were merely obfuscating your real > addresses, I would recommend obfuscating them with fc00: instead of 1: > and those would be valid example addresses. You could use > fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and > fc00:1:1:3::/64 for yet another. Read that RFC for recommendations on > what you really should chose (generally a random number for > fdxx:xxxx:xxxx::/48 before your SLA). Since you've got 2 routers, > you'll need three network prefixes, which I see you have. Generally, > you'll want to manipulate that fourth field as your SLA (Site Local > Address) which is IPv6 lingo for your subnet address. > > Replace the leading "1:" in each of those nets with "fdxx:", add your > appropriate subnets, add your appropriate prefix lengths to those static > address, and add appropriate static routes, and you might get further > along the road. > > Regards, > Mike > -- > Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com > /\/\|=mhw=|\/\/ | (678) 463-0932 | > http://www.wittsend.com/mhw/ > NIC whois: MHW9 | An optimist believes we live in the best of > all > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > Best Regards, jaze