[CentOS] centos 6.3 ipv6 default gateway

Fri Apr 12 01:28:47 UTC 2013
Jaze Lee <jazeltq at gmail.com>

2013/4/12 Michael H. Warfield <mhw at wittsend.com>

> Hello,
>
> I may be totally off base here but...
>
> On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote:
> > hello,
> >    i met a problem in configuratiion of ipv6 gw in my box
> > i install centos 6.3 (64 bit) on my boxs, which have four netcard.
> > i use a straight-through cable to connect centosv0:netcard-2 and
> > centosv1:netcard2
> > the topology is this:
> > client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2 <--->
> > centosv1:netcard-2 <---->centosv1:netcard-2  <---> client d (backtrack r2
> > 32)
> > 1:2:3:4::2/64          1:2:3:4::1/64                       1:2:3::4/64
> >                   1:2:3::5/64             1:2:3:5::1/64
> >  1:2:3:5::2/64
>
> Surely, I hope you jest with those numbers.  You are not allowed to pick
> numbers out of the air and just use them, even if it's for private use.
> There are specific blocks of addresses for specific uses and assigned
> "scopes" and all the "private use" addresses are in blocks very high up
> in the address space beginning with fc or fd.  If those are literally
> the addresses you used, they will not work and I would expect them to
> give you all sorts of grief at some point or another.
>
> > what i want to do is set default gw on centosv0 to centosv1
>
> I take it "centosv0"  and "centosv1" are configured for ipv6 forwarding?
> You didn't provide the information on that.  There are some gotcha's in
> there with default routing on a router (basically there is no such
> thing) and the router needs to be set up properly for both routing and
> its routes.  But I don't think that's your problem you're describing
> down below.
>
> > i configure /etc/sysconfig/network-scripts/ifconfig-eth2  (centosv0) as
> this
> > DEVICE="eth2"
> > BOOTPROTO=static
> > HWADDR="60:A4:4C:23:2F:6F"
> > NM_CONTROLLED="yes"
> > ONBOOT="yes"
> > TYPE="Ethernet"
> > #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
> > IPV6INIT=yes
> > IPV6ADDR=1:2:3::4
>  ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128).
>
> > IPV6_DEFAULTGW=1:2:3::5
>  ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network
> (/128)
>
> > and i also configure /etc/sysconfig/network to this:
> > NETWORKING=yes
> > HOSTNAME=centosv0
> > NETWORKING_IPV6=yes
> > IPV6_AUTOCONF=no
>
> For forwarding...
>
> In that file you're also going to need:
>
> IPV6FORWARDING=yes
>
> You may also need to add lines to /etc/sysctl.conf (I've needed in the
> past on Fedora):
>
> net.ipv6.conf.all.forwarding = 1
> net.ipv6.conf.default.forwarding = 1
>
> But those aren't your problem with this...
>
> > but i met an error:
> > Bringing up interface eth2:  WARN     : [ipv6_add_route] Unknown error
>
> I'm not totally sure if this is because you didn't specify a prefix
> length on your IPV6ADDR line or the fact that it then conflicted with
> your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it
> was because you choose and illegal IPv6 prefix or if it was a
> combination of all of them.  The "WARN: [ipv6_add_route] Unknown error"
> makes me suspicious because your default gatway conflicts with your
> interface network definition (because you didn't specify the prefix size
> and it defaulted to /128) and the kernel has no way to route it out any
> interface.  IAC...  You won't be able to use a default route on a router
> anyways (more below).
>
> > i do not know how why,and can some one gives me some suggestion?
> > thanks a lot.
>
> If those were literally the addresses you used, It may be an address
> that's in an illegal scope.

  i test those ipv6 address on ubuntu 12.04, and it is ok. But now, we
should change system to Centos 6.3.
  And i add all the stuff that i miss. One machine is configured like this:

 [root at centosv0 sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE="eth2"
BOOTPROTO=static
HWADDR="60:A4:4C:23:2F:6F"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
#UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
IPV6INIT=yes
IPV6ADDR=1:2:3::4/64
IPV6_DEFAULTGW=1:2:3::5/64

and add the below to /etc/sysctl.conf

  net.ipv6.conf.all.forwarding = 1
  net.ipv6.conf.default.forwarding = 1

and through /proc i can see this

  [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/default/forwarding
  1
   [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/all/forwarding
   1

and through command ifconfig i can see this

eth1      Link encap:Ethernet  HWaddr 60:A4:4C:23:2F:6E
          inet6 addr: 1:2:3:4::1/64 Scope:Global                      --->
subnet
          inet6 addr: fe80::62a4:4cff:fe23:2f6e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:2028 (1.9 KiB)
          Interrupt:17 Memory:dc300000-dc320000

eth2      Link encap:Ethernet  HWaddr 60:A4:4C:23:2F:6F
          inet6 addr: 1:2:3::4/64 Scope:Global
  ----> connected by straight-through cable
          inet6 addr: fe80::62a4:4cff:fe23:2f6f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:210 (210.0 b)  TX bytes:2028 (1.9 KiB)
          Interrupt:18 Memory:dc200000-dc220000

eth3      Link encap:Ethernet  HWaddr 60:A4:4C:23:2F:70
          inet addr:192.168.5.211  Bcast:192.168.5.255  Mask:255.255.255.0
 ----> used by my ssh
          inet6 addr: fe80::62a4:4cff:fe23:2f70/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3008 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:291006 (284.1 KiB)  TX bytes:154231 (150.6 KiB)
          Interrupt:19 Memory:dc100000-dc120000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

but when restart the network, i also get this error

Shutting down interface eth1:                              [  OK  ]
Shutting down interface eth2:                              [  OK  ]
Shutting down interface eth3:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth1:                                [  OK  ]
Bringing up interface eth2:  WARN     : [ipv6_add_route] Unknown error
                                                           [  OK  ]
Bringing up interface eth3:                                [  OK  ]

As you said that the ipv6 address is in illegal scope and can not goto
global net,
I use those ipv6 address for a private use, and i test them ok on ubuntu
12.04.

Must i change ipv6 address to some thing like 2000::/3, even i just want to
use ipv6 for private?




 IPv6 does not behave quite like IPv4 does
> and you need to know what some of these blocks of addresses do and what
> their scope is.
>
> "Local" IPv6 unicast addresses begin with the prefix fc00::/7 and there
> are recommended procedures for assigning subnets out of them and
> choosing network prefixes...
>
> http://www.ietf.org/rfc/rfc4193.txt
>
> Those may be routed between your machines but may not be routed on the
> global net either as a source or destination address.  Your machines
> should also be given "link local" addresses which are valid only on that
> network segment.  They're in the fe80::/64 prefix.
>
> Global addresses are in the 2000::/3 block.  If you are using a Linux
> system as an IPv6 router, the kernel is going to disable the default
> route (::/0), preventing non-global addresses from routing.  You'll have
> to add appropriate routes for all your "local" (fc00::/7) subnets and
> also provide a global unicast default route using 2000::/3 on the
> routers.
>
> Don't try to do your setup above with the two routers pointing default
> routes at each other.  Point specific static routes for each subnet
> behind each respective opposite router.
>

But the specific static routes are not connect directly, the peers are
connected by straight-through cable in eth2
client c <--> cetnosv0 eth1 <--> centosv0 eth2 <=====> centosv1 eth2 <-->
centosv1 eth1 <--> client d
                                                                       |
                                                                       |___
here  are connected by straight-through cable


>
> Wikipedia has a rundown on the various address blocks and formats:
>
> http://en.wikipedia.org/wiki/IPv6_address
>
> Local addresses in particular are described here:
>
> http://en.wikipedia.org/wiki/Unique_local_address
>
> Anything in 1::/16 (if that's what you're doing) is going to be illegal
> afaik as it's not in an assigned block and scope.  It should reject it
> as being unroutable or having a non-valid scope.
>
> Certain addresses below 2000::/3 are used for compatibility purposes.
>
> ::a.b.c.d use to be an IPv4 compatibility address but is largely
> deprecated.
>
> ::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications
> running in a dual stack environment where they see IPv4 addresses as
> IPv6 addresses in the ::ffff:0:0/112 block.  All those addresses are for
> internal use and are seriously hands off.
>
> You can not treat IPv6 arbitrarily as if it were IPv4 with fat
> addresses.  If you need to learn more about IPv6 and how it works, you
> probably might want to start looking at Hurricane Electric aka
> Tunnelbroker.net, http://www.tunnelbroker.net .  They have some very
> good IPv6 interactive tutorials there for free and are very quick for
> the basic stuff.  The first few exercise could be very helpful to you.
> If you follow it all the way through, you will find yourself learning
> how to set up DNS properly for IPv6 and registering your own IPv6 glue
> records with your registrars.
>
> Now, if I'm off base here and you were merely obfuscating your real
> addresses, I would recommend obfuscating them with fc00: instead of 1:
> and those would be valid example addresses.  You could use
> fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and
> fc00:1:1:3::/64 for yet another.  Read that RFC for recommendations on
> what you really should chose (generally a random number for
> fdxx:xxxx:xxxx::/48 before your SLA).  Since you've got 2 routers,
> you'll need three network prefixes, which I see you have.  Generally,
> you'll want to manipulate that fourth field as your SLA (Site Local
> Address) which is IPv6 lingo for your subnet address.
>
> Replace the leading "1:" in each of those nets with "fdxx:", add your
> appropriate subnets, add your appropriate prefix lengths to those static
> address, and add appropriate static routes, and you might get further
> along the road.
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |
> http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of
> all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
Best Regards,
jaze