[CentOS] centos 6.3 ipv6 default gateway

Fri Apr 12 03:38:05 UTC 2013
Jaze Lee <jazeltq at gmail.com>

2013/4/12 Michael H. Warfield <mhw at wittsend.com>

> On Fri, 2013-04-12 at 09:28 +0800, Jaze Lee wrote:
> > 2013/4/12 Michael H. Warfield <mhw at wittsend.com>
> >
> > > Hello,
> > >
> > > I may be totally off base here but...
> > >
> > > On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote:
> > > > hello,
> > > >    i met a problem in configuratiion of ipv6 gw in my box
> > > > i install centos 6.3 (64 bit) on my boxs, which have four netcard.
> > > > i use a straight-through cable to connect centosv0:netcard-2 and
> > > > centosv1:netcard2
> > > > the topology is this:
> > > > client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2
> <--->
> > > > centosv1:netcard-2 <---->centosv1:netcard-2  <---> client d
> (backtrack r2
> > > > 32)
> > > > 1:2:3:4::2/64          1:2:3:4::1/64
> 1:2:3::4/64
> > > >                   1:2:3::5/64             1:2:3:5::1/64
> > > >  1:2:3:5::2/64
> > >
> > > Surely, I hope you jest with those numbers.  You are not allowed to
> pick
> > > numbers out of the air and just use them, even if it's for private use.
> > > There are specific blocks of addresses for specific uses and assigned
> > > "scopes" and all the "private use" addresses are in blocks very high up
> > > in the address space beginning with fc or fd.  If those are literally
> > > the addresses you used, they will not work and I would expect them to
> > > give you all sorts of grief at some point or another.
> > >
> > > > what i want to do is set default gw on centosv0 to centosv1
> > >
> > > I take it "centosv0"  and "centosv1" are configured for ipv6
> forwarding?
> > > You didn't provide the information on that.  There are some gotcha's in
> > > there with default routing on a router (basically there is no such
> > > thing) and the router needs to be set up properly for both routing and
> > > its routes.  But I don't think that's your problem you're describing
> > > down below.
> > >
> > > > i configure /etc/sysconfig/network-scripts/ifconfig-eth2  (centosv0)
> as
> > > this
> > > > DEVICE="eth2"
> > > > BOOTPROTO=static
> > > > HWADDR="60:A4:4C:23:2F:6F"
> > > > NM_CONTROLLED="yes"
> > > > ONBOOT="yes"
> > > > TYPE="Ethernet"
> > > > #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
> > > > IPV6INIT=yes
> > > > IPV6ADDR=1:2:3::4
> > >  ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128).
> > >
> > > > IPV6_DEFAULTGW=1:2:3::5
> > >  ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network
> > > (/128)
> > >
> > > > and i also configure /etc/sysconfig/network to this:
> > > > NETWORKING=yes
> > > > HOSTNAME=centosv0
> > > > NETWORKING_IPV6=yes
> > > > IPV6_AUTOCONF=no
> > >
> > > For forwarding...
> > >
> > > In that file you're also going to need:
> > >
> > > IPV6FORWARDING=yes
> > >
> > > You may also need to add lines to /etc/sysctl.conf (I've needed in the
> > > past on Fedora):
> > >
> > > net.ipv6.conf.all.forwarding = 1
> > > net.ipv6.conf.default.forwarding = 1
> > >
> > > But those aren't your problem with this...
> > >
> > > > but i met an error:
> > > > Bringing up interface eth2:  WARN     : [ipv6_add_route] Unknown
> error
> > >
> > > I'm not totally sure if this is because you didn't specify a prefix
> > > length on your IPV6ADDR line or the fact that it then conflicted with
> > > your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it
> > > was because you choose and illegal IPv6 prefix or if it was a
> > > combination of all of them.  The "WARN: [ipv6_add_route] Unknown error"
> > > makes me suspicious because your default gatway conflicts with your
> > > interface network definition (because you didn't specify the prefix
> size
> > > and it defaulted to /128) and the kernel has no way to route it out any
> > > interface.  IAC...  You won't be able to use a default route on a
> router
> > > anyways (more below).
> > >
> > > > i do not know how why,and can some one gives me some suggestion?
> > > > thanks a lot.
> > >
> > > If those were literally the addresses you used, It may be an address
> > > that's in an illegal scope.
> >
> >   i test those ipv6 address on ubuntu 12.04, and it is ok. But now, we
> > should change system to Centos 6.3.
> >   And i add all the stuff that i miss. One machine is configured like
> this:
> >
> >  [root at centosv0 sysconfig]# cat
> /etc/sysconfig/network-scripts/ifcfg-eth2
> > DEVICE="eth2"
> > BOOTPROTO=static
> > HWADDR="60:A4:4C:23:2F:6F"
> > NM_CONTROLLED="yes"
> > ONBOOT="yes"
> > TYPE="Ethernet"
> > #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
> > IPV6INIT=yes
> > IPV6ADDR=1:2:3::4/64
> > IPV6_DEFAULTGW=1:2:3::5/64
>  ^^^^^^^^^^^^^^^^^^^^^^^^^^^  You do NOT need the /64 on this line.
>
> > and add the below to /etc/sysctl.conf
>
> >   net.ipv6.conf.all.forwarding = 1
> >   net.ipv6.conf.default.forwarding = 1
>
> > and through /proc i can see this
> >
> >   [root at centosv0 sysconfig]# cat
> /proc/sys/net/ipv6/conf/default/forwarding
> >   1
> >    [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/all/forwarding
> >    1
>
> > and through command ifconfig i can see this
>
> > eth1      Link encap:Ethernet  HWaddr 60:A4:4C:23:2F:6E
> >           inet6 addr: 1:2:3:4::1/64 Scope:Global
>  --->
> > subnet
> >           inet6 addr: fe80::62a4:4cff:fe23:2f6e/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:1000
> >           RX bytes:0 (0.0 b)  TX bytes:2028 (1.9 KiB)
> >           Interrupt:17 Memory:dc300000-dc320000
>
> > eth2      Link encap:Ethernet  HWaddr 60:A4:4C:23:2F:6F
> >           inet6 addr: 1:2:3::4/64 Scope:Global
> >   ----> connected by straight-through cable
> >           inet6 addr: fe80::62a4:4cff:fe23:2f6f/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:3 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:1000
> >           RX bytes:210 (210.0 b)  TX bytes:2028 (1.9 KiB)
> >           Interrupt:18 Memory:dc200000-dc220000
>
> > eth3      Link encap:Ethernet  HWaddr 60:A4:4C:23:2F:70
> >           inet addr:192.168.5.211  Bcast:192.168.5.255
>  Mask:255.255.255.0
> >  ----> used by my ssh
> >           inet6 addr: fe80::62a4:4cff:fe23:2f70/64 Scope:Link
> >           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >           RX packets:3008 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:1000
> >           RX bytes:291006 (284.1 KiB)  TX bytes:154231 (150.6 KiB)
> >           Interrupt:19 Memory:dc100000-dc120000
>
> > lo        Link encap:Local Loopback
> >           inet addr:127.0.0.1  Mask:255.0.0.0
> >           inet6 addr: ::1/128 Scope:Host
> >           UP LOOPBACK RUNNING  MTU:16436  Metric:1
> >           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> >           collisions:0 txqueuelen:0
> >           RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
>
> > but when restart the network, i also get this error
>
> > Shutting down interface eth1:                              [  OK  ]
> > Shutting down interface eth2:                              [  OK  ]
> > Shutting down interface eth3:                              [  OK  ]
> > Shutting down loopback interface:                          [  OK  ]
> > Bringing up loopback interface:                            [  OK  ]
> > Bringing up interface eth1:                                [  OK  ]
> > Bringing up interface eth2:  WARN     : [ipv6_add_route] Unknown error
>
> This time, it would be my guess that it's because you added the /64 to
> your gateway address, but the default gateway is not going to work on a
> router anyways.
>



>
> >                                                            [  OK  ]
> > Bringing up interface eth3:                                [  OK  ]
> >
> > As you said that the ipv6 address is in illegal scope and can not goto
> > global net,
> > I use those ipv6 address for a private use, and i test them ok on ubuntu
> > 12.04.
>
> You are, none the less, not suppose to use addresses in that block for
> ANYTHING.  The fc00::/7 block is intended for what you want to do.  Even
> if they happen to work, they are not guaranteed to work and may cause
> other problems (like reverse DNS lookup traffic).
>

   Currently, i just use those ipv6 address to set up my testing
environment. One day
   they will be replaced by global ipv6 address. And i do not have any
global ipv6 address right now,
   i have to use some thing like 1:2:3::4. They truely work on ubuntu
12.04, so i think they should work on
   centos. But now, i realize i am wrong, what about i change the
1:2:3:4/64 to fc:2:3::4/64 ?
   Is that ok?



>
> > Must i change ipv6 address to some thing like 2000::/3, even i just want
> to
> > use ipv6 for private?
>
> No, you should change them to FC00:/7 for private use.  That's what that
> block was allocated for.  Use it.  Don't just dream up stuff.
>
> You will need static routes on each of your two routers for your two
> client routes.
>

  I change ipv6 address to this:

DEVICE="eth2"   ---------------------------------> in centosv0
BOOTPROTO="static"
HWADDR="60:A4:4C:23:2F:4F"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
#UUID="97d250ea-74db-47ae-bd8c-6682f57f9add"
IPV6INIT=yes
IPV6ADDR=fc00:2:3::5/64
IPV6_DEFAULTGW=fc00:2:3::4

DEVICE="eth1" -------------------------------------> in centosv0
BOOTPROTO="static"
HWADDR="60:A4:4C:23:2F:4E"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
#UUID="f7f020e9-36a4-4f55-9ed2-81acc2dbd92f"
IPV6INIT=yes
IPV6ADDR=fc00:2:3:5::1/64

DEVICE="eth1"  -----------------------------------> in centosv1
BOOTPROTO="static"
HWADDR="60:A4:4C:23:2F:6E"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
#UUID="3597af05-199b-4eef-9a24-610c2872f313"
IPV6INIT=yes
IPV6ADDR=fc00:2:3:4::1/64

DEVICE="eth2" -----------------------------------> in centosv1
BOOTPROTO=static
HWADDR="60:A4:4C:23:2F:6F"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
#UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
IPV6INIT=yes
IPV6ADDR=fc00:2:3::4/64
IPV6_DEFAULTGW=fc00:2:3::5

and restart the network:
[root at centosv0 network-scripts]# /etc/init.d/network restart
Shutting down interface eth1:                              [  OK  ]
Shutting down interface eth2:                              [  OK  ]
Shutting down interface eth3:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth1:                                [  OK  ]
Bringing up interface eth2:                                [  OK  ]
Bringing up interface eth3:                                [  OK  ]

It work now, thanks a lot, lot, lot....

Now, why ubuntu 12.04 and centos 6.3 are so different?
Is that because ubunutu 12.04 uses 3.5 kernel, and centos uses 2.6.32 ?

All in all, this problem is settled.
Thanks, you are a greate man :)




> For example.  If your networks are allocated as follows...
>
> fd00:1:1:1::/64 <-> Router 1 <-> fd00:1:1:2::/64 <-> Router 2 <->
> fd00:1:1:3::/64
>
> Then, on router 1 you need a static route:
>
> fd00:1:1:3::/64 via fd00:1:1:2::{Router 2 address}
>
> And on router 2 you need a static route:
>
> fd00:1:1:1::/64 via fd00:1:1:2::{Router 1 Address}
>
> I generally stuff static routes either
> in /etc/sysconfig/static-routes-ipv6 but I'm not sure how well that
> works with NetworkManager since the FIRST thing I do is disable
> NetworkManager on a router.
>
> >  IPv6 does not behave quite like IPv4 does
> > > and you need to know what some of these blocks of addresses do and what
> > > their scope is.
> > >
> > > "Local" IPv6 unicast addresses begin with the prefix fc00::/7 and there
> > > are recommended procedures for assigning subnets out of them and
> > > choosing network prefixes...
> > >
> > > http://www.ietf.org/rfc/rfc4193.txt
> > >
> > > Those may be routed between your machines but may not be routed on the
> > > global net either as a source or destination address.  Your machines
> > > should also be given "link local" addresses which are valid only on
> that
> > > network segment.  They're in the fe80::/64 prefix.
> > >
> > > Global addresses are in the 2000::/3 block.  If you are using a Linux
> > > system as an IPv6 router, the kernel is going to disable the default
> > > route (::/0), preventing non-global addresses from routing.  You'll
> have
> > > to add appropriate routes for all your "local" (fc00::/7) subnets and
> > > also provide a global unicast default route using 2000::/3 on the
> > > routers.
> > >
> > > Don't try to do your setup above with the two routers pointing default
> > > routes at each other.  Point specific static routes for each subnet
> > > behind each respective opposite router.
>
> > But the specific static routes are not connect directly, the peers are
> > connected by straight-through cable in eth2
> > client c <--> cetnosv0 eth1 <--> centosv0 eth2 <=====> centosv1 eth2 <-->
> > centosv1 eth1 <--> client d
>                                                                        |
>                                                                        |___
> > here  are connected by straight-through cable
>
> You'll still need static routes on the routers on each side of that
> "straight-through cable" to point across the cable for the routing of
> the network on the other side of the cable and opposite router.
>
> Don't try and cross default routes pointing at each other router.
> That's highly unreliable and prone to routing loops in IPv4 and flat out
> will not work in IPv6 due to default routing being disabled in Linux for
> IPv6 when IPv6 forwarding is enabled.
>
> > > Wikipedia has a rundown on the various address blocks and formats:
> > >
> > > http://en.wikipedia.org/wiki/IPv6_address
> > >
> > > Local addresses in particular are described here:
> > >
> > > http://en.wikipedia.org/wiki/Unique_local_address
> > >
> > > Anything in 1::/16 (if that's what you're doing) is going to be illegal
> > > afaik as it's not in an assigned block and scope.  It should reject it
> > > as being unroutable or having a non-valid scope.
> > >
> > > Certain addresses below 2000::/3 are used for compatibility purposes.
> > >
> > > ::a.b.c.d use to be an IPv4 compatibility address but is largely
> > > deprecated.
> > >
> > > ::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications
> > > running in a dual stack environment where they see IPv4 addresses as
> > > IPv6 addresses in the ::ffff:0:0/112 block.  All those addresses are
> for
> > > internal use and are seriously hands off.
> > >
> > > You can not treat IPv6 arbitrarily as if it were IPv4 with fat
> > > addresses.  If you need to learn more about IPv6 and how it works, you
> > > probably might want to start looking at Hurricane Electric aka
> > > Tunnelbroker.net, http://www.tunnelbroker.net .  They have some very
> > > good IPv6 interactive tutorials there for free and are very quick for
> > > the basic stuff.  The first few exercise could be very helpful to you.
> > > If you follow it all the way through, you will find yourself learning
> > > how to set up DNS properly for IPv6 and registering your own IPv6 glue
> > > records with your registrars.
> > >
> > > Now, if I'm off base here and you were merely obfuscating your real
> > > addresses, I would recommend obfuscating them with fc00: instead of 1:
> > > and those would be valid example addresses.  You could use
> > > fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and
> > > fc00:1:1:3::/64 for yet another.  Read that RFC for recommendations on
> > > what you really should chose (generally a random number for
> > > fdxx:xxxx:xxxx::/48 before your SLA).  Since you've got 2 routers,
> > > you'll need three network prefixes, which I see you have.  Generally,
> > > you'll want to manipulate that fourth field as your SLA (Site Local
> > > Address) which is IPv6 lingo for your subnet address.
> > >
> > > Replace the leading "1:" in each of those nets with "fdxx:", add your
> > > appropriate subnets, add your appropriate prefix lengths to those
> static
> > > address, and add appropriate static routes, and you might get further
> > > along the road.
> > >
> > > Regards,
> > > Mike
>
> > Best Regards,
> > jaze
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |
> http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of
> all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
Best Regards