Monday, February 09, 2015

Use Linux be an IPv6 Router

簡單筆記一下如何使用Linux當IPv6的Router,以利將來備查。順便此次的實作是使用CentOS7.0,所以啟動daemon的方式跟以往SysV的方式不太一樣。

Step1. Enable IPv6 forwarding for Kernel via /etc/sysctl.conf:
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.br0.forwarding = 1
net.ipv6.conf.br1.forwarding = 1
net.ipv6.conf.br2.forwarding = 1

Step2. Use radvd be a DHCPv6 Server:
Step2.1 Open then edit /etc/radvd.conf:interface br0
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 3001:688::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
interface br1
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 3001:588::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
interface br2
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 3001:288::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};

Step2.2: Launch radvd immediately as well as start running it when system boots up:[root@rhel7 network-scripts]# systemctl start radvd
[root@rhel7 network-scripts]# systemctl enable radvd
[root@rhel7 network-scripts]# systemctl status radvd
radvd.service - Router advertisement daemon for IPv6
   Loaded: loaded (/usr/lib/systemd/system/radvd.service; enabled)
   Active: active (running) since 五 2015-02-06 16:22:51 CST; 1h 41min ago
 Main PID: 9884 (radvd)
   CGroup: /system.slice/radvd.service
           ├─9882 /usr/sbin/radvd -u radvd
           └─9884 /usr/sbin/radvd -u radvd
 2月 06 16:49:43 rhel7 radvd[9884]: resuming normal operation
 2月 06 16:49:44 rhel7 radvd[9884]: attempting to reread config file
 2月 06 16:49:44 rhel7 radvd[9884]: resuming normal operation
 2月 06 16:49:51 rhel7 radvd[9884]: attempting to reread config file
 2月 06 16:49:51 rhel7 radvd[9884]: resuming normal operation
 2月 06 16:49:53 rhel7 radvd[9884]: attempting to reread config file
 2月 06 16:49:53 rhel7 radvd[9884]: resuming normal operation
 2月 06 16:49:53 rhel7 radvd[9884]: attempting to reread config file
 2月 06 16:49:53 rhel7 radvd[9884]: resuming normal operation
 2月 06 18:03:32 rhel7 systemd[1]: Started Router advertisement daemon for IPv6.
Verify:
HostA(300:288::253):

eth1      Link encap:Ethernet  HWaddr 08:00:27:45:E9:40
          inet addr:10.10.2.253  Bcast:10.10.2.255  Mask:255.255.255.0
          inet6 addr: 3001:288::253/64 Scope:Global
          inet6 addr: fe80::a00:27ff:fe45:e940/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6439011 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6261045 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2632403693 (2.4 GiB)  TX bytes:244180721 (232.8 MiB)
[root@server1 ~]# ip -6 route show
3001:588::/64 via 3001:288::1 dev eth1  metric 1024  expires 4293343sec mtu 1500 advmss 1440 hoplimit 4294967295
3001:688::/64 via 3001:288::1 dev eth1  metric 1024  expires 4293666sec mtu 1500 advmss 1440 hoplimit 4294967295

[root@server1 ~]# ping6 3001:588::100 -c 3
PING 3001:588::100(3001:588::100) 56 data bytes
64 bytes from 3001:588::100: icmp_seq=0 ttl=63 time=31.9 ms
64 bytes from 3001:588::100: icmp_seq=1 ttl=63 time=24.3 ms
64 bytes from 3001:588::100: icmp_seq=2 ttl=63 time=5.61 ms
--- 3001:588::100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2015ms
rtt min/avg/max/mdev = 5.615/20.607/31.904/11.046 ms, pipe 2

HostB(3001:588::100):

Wireless LAN adapter Wireless Network Connection:
   Connection-specific DNS Suffix  . : example.com   IPv6 Address. . . . . . . . . . . : 3001:588::100
   IPv6 Address. . . . . . . . . . . : 3001:588::2677:3ff:fe77:f29c
   Link-local IPv6 Address . . . . . : fe80::2677:3ff:fe77:f29c%31
   IPv4 Address. . . . . . . . . . . : 10.10.5.188
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::6a05:caff:fe22:2b8b%31
                                       3001:588::1
                                       10.10.5.254

D:\Tools\wbox-3>ping -6 3001:288::253
Pinging 3001:288::253 with 32 bytes of data:
Reply from 3001:288::253: time=29ms
Reply from 3001:288::253: time=64ms
Reply from 3001:288::253: time=158ms
Reply from 3001:288::253: time=24ms
Ping statistics for 3001:288::253:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 24ms, Maximum = 158ms, Average = 68ms