2013/4/12 Michael H. Warfield <mhw at wittsend.com> > On Fri, 2013-04-12 at 09:28 +0800, Jaze Lee wrote: > > 2013/4/12 Michael H. Warfield <mhw at wittsend.com> > > > > > Hello, > > > > > > I may be totally off base here but... > > > > > > On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote: > > > > hello, > > > > i met a problem in configuratiion of ipv6 gw in my box > > > > i install centos 6.3 (64 bit) on my boxs, which have four netcard. > > > > i use a straight-through cable to connect centosv0:netcard-2 and > > > > centosv1:netcard2 > > > > the topology is this: > > > > client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2 > <---> > > > > centosv1:netcard-2 <---->centosv1:netcard-2 <---> client d > (backtrack r2 > > > > 32) > > > > 1:2:3:4::2/64 1:2:3:4::1/64 > 1:2:3::4/64 > > > > 1:2:3::5/64 1:2:3:5::1/64 > > > > 1:2:3:5::2/64 > > > > > > Surely, I hope you jest with those numbers. You are not allowed to > pick > > > numbers out of the air and just use them, even if it's for private use. > > > There are specific blocks of addresses for specific uses and assigned > > > "scopes" and all the "private use" addresses are in blocks very high up > > > in the address space beginning with fc or fd. If those are literally > > > the addresses you used, they will not work and I would expect them to > > > give you all sorts of grief at some point or another. > > > > > > > what i want to do is set default gw on centosv0 to centosv1 > > > > > > I take it "centosv0" and "centosv1" are configured for ipv6 > forwarding? > > > You didn't provide the information on that. There are some gotcha's in > > > there with default routing on a router (basically there is no such > > > thing) and the router needs to be set up properly for both routing and > > > its routes. But I don't think that's your problem you're describing > > > down below. > > > > > > > i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0) > as > > > this > > > > DEVICE="eth2" > > > > BOOTPROTO=static > > > > HWADDR="60:A4:4C:23:2F:6F" > > > > NM_CONTROLLED="yes" > > > > ONBOOT="yes" > > > > TYPE="Ethernet" > > > > #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf" > > > > IPV6INIT=yes > > > > IPV6ADDR=1:2:3::4 > > > ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128). > > > > > > > IPV6_DEFAULTGW=1:2:3::5 > > > ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network > > > (/128) > > > > > > > and i also configure /etc/sysconfig/network to this: > > > > NETWORKING=yes > > > > HOSTNAME=centosv0 > > > > NETWORKING_IPV6=yes > > > > IPV6_AUTOCONF=no > > > > > > For forwarding... > > > > > > In that file you're also going to need: > > > > > > IPV6FORWARDING=yes > > > > > > You may also need to add lines to /etc/sysctl.conf (I've needed in the > > > past on Fedora): > > > > > > net.ipv6.conf.all.forwarding = 1 > > > net.ipv6.conf.default.forwarding = 1 > > > > > > But those aren't your problem with this... > > > > > > > but i met an error: > > > > Bringing up interface eth2: WARN : [ipv6_add_route] Unknown > error > > > > > > I'm not totally sure if this is because you didn't specify a prefix > > > length on your IPV6ADDR line or the fact that it then conflicted with > > > your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it > > > was because you choose and illegal IPv6 prefix or if it was a > > > combination of all of them. The "WARN: [ipv6_add_route] Unknown error" > > > makes me suspicious because your default gatway conflicts with your > > > interface network definition (because you didn't specify the prefix > size > > > and it defaulted to /128) and the kernel has no way to route it out any > > > interface. IAC... You won't be able to use a default route on a > router > > > anyways (more below). > > > > > > > i do not know how why,and can some one gives me some suggestion? > > > > thanks a lot. > > > > > > If those were literally the addresses you used, It may be an address > > > that's in an illegal scope. > > > > i test those ipv6 address on ubuntu 12.04, and it is ok. But now, we > > should change system to Centos 6.3. > > And i add all the stuff that i miss. One machine is configured like > this: > > > > [root at centosv0 sysconfig]# cat > /etc/sysconfig/network-scripts/ifcfg-eth2 > > DEVICE="eth2" > > BOOTPROTO=static > > HWADDR="60:A4:4C:23:2F:6F" > > NM_CONTROLLED="yes" > > ONBOOT="yes" > > TYPE="Ethernet" > > #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf" > > IPV6INIT=yes > > IPV6ADDR=1:2:3::4/64 > > IPV6_DEFAULTGW=1:2:3::5/64 > ^^^^^^^^^^^^^^^^^^^^^^^^^^^ You do NOT need the /64 on this line. > > > and add the below to /etc/sysctl.conf > > > net.ipv6.conf.all.forwarding = 1 > > net.ipv6.conf.default.forwarding = 1 > > > and through /proc i can see this > > > > [root at centosv0 sysconfig]# cat > /proc/sys/net/ipv6/conf/default/forwarding > > 1 > > [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/all/forwarding > > 1 > > > and through command ifconfig i can see this > > > eth1 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6E > > inet6 addr: 1:2:3:4::1/64 Scope:Global > ---> > > subnet > > inet6 addr: fe80::62a4:4cff:fe23:2f6e/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:22 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:0 (0.0 b) TX bytes:2028 (1.9 KiB) > > Interrupt:17 Memory:dc300000-dc320000 > > > eth2 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6F > > inet6 addr: 1:2:3::4/64 Scope:Global > > ----> connected by straight-through cable > > inet6 addr: fe80::62a4:4cff:fe23:2f6f/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:3 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:22 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:210 (210.0 b) TX bytes:2028 (1.9 KiB) > > Interrupt:18 Memory:dc200000-dc220000 > > > eth3 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:70 > > inet addr:192.168.5.211 Bcast:192.168.5.255 > Mask:255.255.255.0 > > ----> used by my ssh > > inet6 addr: fe80::62a4:4cff:fe23:2f70/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:3008 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:291006 (284.1 KiB) TX bytes:154231 (150.6 KiB) > > Interrupt:19 Memory:dc100000-dc120000 > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) > > > but when restart the network, i also get this error > > > Shutting down interface eth1: [ OK ] > > Shutting down interface eth2: [ OK ] > > Shutting down interface eth3: [ OK ] > > Shutting down loopback interface: [ OK ] > > Bringing up loopback interface: [ OK ] > > Bringing up interface eth1: [ OK ] > > Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error > > This time, it would be my guess that it's because you added the /64 to > your gateway address, but the default gateway is not going to work on a > router anyways. > > > > [ OK ] > > Bringing up interface eth3: [ OK ] > > > > As you said that the ipv6 address is in illegal scope and can not goto > > global net, > > I use those ipv6 address for a private use, and i test them ok on ubuntu > > 12.04. > > You are, none the less, not suppose to use addresses in that block for > ANYTHING. The fc00::/7 block is intended for what you want to do. Even > if they happen to work, they are not guaranteed to work and may cause > other problems (like reverse DNS lookup traffic). > Currently, i just use those ipv6 address to set up my testing environment. One day they will be replaced by global ipv6 address. And i do not have any global ipv6 address right now, i have to use some thing like 1:2:3::4. They truely work on ubuntu 12.04, so i think they should work on centos. But now, i realize i am wrong, what about i change the 1:2:3:4/64 to fc:2:3::4/64 ? Is that ok? > > > Must i change ipv6 address to some thing like 2000::/3, even i just want > to > > use ipv6 for private? > > No, you should change them to FC00:/7 for private use. That's what that > block was allocated for. Use it. Don't just dream up stuff. > > You will need static routes on each of your two routers for your two > client routes. > I change ipv6 address to this: DEVICE="eth2" ---------------------------------> in centosv0 BOOTPROTO="static" HWADDR="60:A4:4C:23:2F:4F" NM_CONTROLLED="yes" ONBOOT="yes" TYPE="Ethernet" #UUID="97d250ea-74db-47ae-bd8c-6682f57f9add" IPV6INIT=yes IPV6ADDR=fc00:2:3::5/64 IPV6_DEFAULTGW=fc00:2:3::4 DEVICE="eth1" -------------------------------------> in centosv0 BOOTPROTO="static" HWADDR="60:A4:4C:23:2F:4E" NM_CONTROLLED="yes" ONBOOT="yes" TYPE="Ethernet" #UUID="f7f020e9-36a4-4f55-9ed2-81acc2dbd92f" IPV6INIT=yes IPV6ADDR=fc00:2:3:5::1/64 DEVICE="eth1" -----------------------------------> in centosv1 BOOTPROTO="static" HWADDR="60:A4:4C:23:2F:6E" NM_CONTROLLED="yes" ONBOOT="yes" TYPE="Ethernet" #UUID="3597af05-199b-4eef-9a24-610c2872f313" IPV6INIT=yes IPV6ADDR=fc00:2:3:4::1/64 DEVICE="eth2" -----------------------------------> in centosv1 BOOTPROTO=static HWADDR="60:A4:4C:23:2F:6F" NM_CONTROLLED="yes" ONBOOT="yes" TYPE="Ethernet" #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf" IPV6INIT=yes IPV6ADDR=fc00:2:3::4/64 IPV6_DEFAULTGW=fc00:2:3::5 and restart the network: [root at centosv0 network-scripts]# /etc/init.d/network restart Shutting down interface eth1: [ OK ] Shutting down interface eth2: [ OK ] Shutting down interface eth3: [ OK ] Shutting down loopback interface: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth1: [ OK ] Bringing up interface eth2: [ OK ] Bringing up interface eth3: [ OK ] It work now, thanks a lot, lot, lot.... Now, why ubuntu 12.04 and centos 6.3 are so different? Is that because ubunutu 12.04 uses 3.5 kernel, and centos uses 2.6.32 ? All in all, this problem is settled. Thanks, you are a greate man :) > For example. If your networks are allocated as follows... > > fd00:1:1:1::/64 <-> Router 1 <-> fd00:1:1:2::/64 <-> Router 2 <-> > fd00:1:1:3::/64 > > Then, on router 1 you need a static route: > > fd00:1:1:3::/64 via fd00:1:1:2::{Router 2 address} > > And on router 2 you need a static route: > > fd00:1:1:1::/64 via fd00:1:1:2::{Router 1 Address} > > I generally stuff static routes either > in /etc/sysconfig/static-routes-ipv6 but I'm not sure how well that > works with NetworkManager since the FIRST thing I do is disable > NetworkManager on a router. > > > IPv6 does not behave quite like IPv4 does > > > and you need to know what some of these blocks of addresses do and what > > > their scope is. > > > > > > "Local" IPv6 unicast addresses begin with the prefix fc00::/7 and there > > > are recommended procedures for assigning subnets out of them and > > > choosing network prefixes... > > > > > > http://www.ietf.org/rfc/rfc4193.txt > > > > > > Those may be routed between your machines but may not be routed on the > > > global net either as a source or destination address. Your machines > > > should also be given "link local" addresses which are valid only on > that > > > network segment. They're in the fe80::/64 prefix. > > > > > > Global addresses are in the 2000::/3 block. If you are using a Linux > > > system as an IPv6 router, the kernel is going to disable the default > > > route (::/0), preventing non-global addresses from routing. You'll > have > > > to add appropriate routes for all your "local" (fc00::/7) subnets and > > > also provide a global unicast default route using 2000::/3 on the > > > routers. > > > > > > Don't try to do your setup above with the two routers pointing default > > > routes at each other. Point specific static routes for each subnet > > > behind each respective opposite router. > > > But the specific static routes are not connect directly, the peers are > > connected by straight-through cable in eth2 > > client c <--> cetnosv0 eth1 <--> centosv0 eth2 <=====> centosv1 eth2 <--> > > centosv1 eth1 <--> client d > | > |___ > > here are connected by straight-through cable > > You'll still need static routes on the routers on each side of that > "straight-through cable" to point across the cable for the routing of > the network on the other side of the cable and opposite router. > > Don't try and cross default routes pointing at each other router. > That's highly unreliable and prone to routing loops in IPv4 and flat out > will not work in IPv6 due to default routing being disabled in Linux for > IPv6 when IPv6 forwarding is enabled. > > > > Wikipedia has a rundown on the various address blocks and formats: > > > > > > http://en.wikipedia.org/wiki/IPv6_address > > > > > > Local addresses in particular are described here: > > > > > > http://en.wikipedia.org/wiki/Unique_local_address > > > > > > Anything in 1::/16 (if that's what you're doing) is going to be illegal > > > afaik as it's not in an assigned block and scope. It should reject it > > > as being unroutable or having a non-valid scope. > > > > > > Certain addresses below 2000::/3 are used for compatibility purposes. > > > > > > ::a.b.c.d use to be an IPv4 compatibility address but is largely > > > deprecated. > > > > > > ::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications > > > running in a dual stack environment where they see IPv4 addresses as > > > IPv6 addresses in the ::ffff:0:0/112 block. All those addresses are > for > > > internal use and are seriously hands off. > > > > > > You can not treat IPv6 arbitrarily as if it were IPv4 with fat > > > addresses. If you need to learn more about IPv6 and how it works, you > > > probably might want to start looking at Hurricane Electric aka > > > Tunnelbroker.net, http://www.tunnelbroker.net . They have some very > > > good IPv6 interactive tutorials there for free and are very quick for > > > the basic stuff. The first few exercise could be very helpful to you. > > > If you follow it all the way through, you will find yourself learning > > > how to set up DNS properly for IPv6 and registering your own IPv6 glue > > > records with your registrars. > > > > > > Now, if I'm off base here and you were merely obfuscating your real > > > addresses, I would recommend obfuscating them with fc00: instead of 1: > > > and those would be valid example addresses. You could use > > > fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and > > > fc00:1:1:3::/64 for yet another. Read that RFC for recommendations on > > > what you really should chose (generally a random number for > > > fdxx:xxxx:xxxx::/48 before your SLA). Since you've got 2 routers, > > > you'll need three network prefixes, which I see you have. Generally, > > > you'll want to manipulate that fourth field as your SLA (Site Local > > > Address) which is IPv6 lingo for your subnet address. > > > > > > Replace the leading "1:" in each of those nets with "fdxx:", add your > > > appropriate subnets, add your appropriate prefix lengths to those > static > > > address, and add appropriate static routes, and you might get further > > > along the road. > > > > > > Regards, > > > Mike > > > Best Regards, > > jaze > > Regards, > Mike > -- > Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com > /\/\|=mhw=|\/\/ | (678) 463-0932 | > http://www.wittsend.com/mhw/ > NIC whois: MHW9 | An optimist believes we live in the best of > all > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > > Best Regards