IPv6的主要特色,就是地址多到不行...所以之前的IPv4的NAT,就不需要了,且之前的NAT對於雙向對等溝通(主動,從外部連到內部)不太方便,雖然有很多的解決辦法(STUN.或使用者透過設定NAT,允許某些應用程式的溝通),不過這些動作都代表需要多些運算能力來處理...如果使用IPv6就可以讓Router的工作減輕(地址太多了,每個人,甚至是裝置,都是真實的IP),也不用再實做STUN到應用程式裡...當然NAT對於安全性還是有幫助的...
IPv6的裝置,一般透過和Router的溝通(NDP),可以得到一個Prefix,再加上裝置的MAC位址,就可以得到一個連上Internet的網路位址
目前radvd,是linux這方面的實作
如果用戶端有一個Router,想要得到一個Prefix來分配給用戶端的裝置,可以透過DHCPv6來得到Prefix,然後分配給底下的裝置使用
我們選用Dibbler來練習
環境:
vmware-1.0.9
centos 4.8
設一張網卡接到Host-only
實做DHCPv6 Server:
首先實做DHCPv6 Server,下載dibbler-0.7.3-src.tar.gz, 解壓縮, make server client relay, make install
修改設定檔:
在/etc/dibbler底下有許多server或client的設定檔範例,我們拿server-prefix-delegation.conf來修改,並把檔名修改成server.conf
#
# Example server configuration file: Prefix Delegation
#
# Server is able to grant prefixes for clients, who ask for it.
# Prefixes can be assigned besides of or instead of addresses.
# It depends what client asks for.
# Logging level range: 1(Emergency)-8(Debug)
log-level 8
# Don't log full date
log-mode short
iface "eth0" {
# clients should renew every half an hour
T1 1800
# In case of troubles, after 45 minutes, ask any server
T2 2700
# Addresses should be prefered for an hour
prefered-lifetime 3600
# and should be valid for 2 hours
valid-lifetime 7200
class {
pool 5000::/48
}
# the following lines instruct server to grant each client
# 1 or 2 prefixes (if you have uncommented second line with pd-pool or not).
# For example, client might get
# 2222:2222:2222:222:2222:993f:6485:0/112 and
# 1111:1111:1111:1111:1111::993f:6485:0/112
pd-class {
pd-pool 2001:1234:5678::/48
// uncomment following line to assign 2 prefixes for 2 different pools
// Note: each client will receive 1 prefix from each pool.
// pd-pool 1111:1111:1111:1111:1111::/80
pd-length 64
T1 11111
T2 22222
}
}
PS : prefix 2001:1234:5678::/48這是隨便給的,主要是為了測試用
啟動dibbler-server:
dibbler-server start
觀察dibbler-server:
dibbler-server status
停止dibbler-server:
dibbler-server stop
實做DHCPv6 Client:
vmware-1.0.9
centos 4.8
設一張網卡接到Host-only
再設另一張網卡接到NAT
修改設定檔:
參考client-prefix-delegation.conf,並修改,然後將檔名修改成client.conf(完全沒改)
#
# Example client configuration file: Prefix Delegation
#
# This is an example configuration file with prefix delegation
# enabled. To ask for prefixes, use 'pd' (or 'prefix-delegation') keyword.
log-mode short
# 7 = omit debug messages
log-level 7
iface "eth0" {
ia
pd
# it is also possible to define parameters for prefix delegation
# pd {
# t1 1000
# t2 2000
#}
}
啟動dibbler-client
dibbler-client start
觀察dibbler-client
dibbler-client status
停止dibbler-client
dibbler-client stop
radvd的設定:
從client啟動dibbler-client,有一個檔案會更新,/etc/dibbler/radvd.conf,這個檔案是radvd的設定檔,讓這個檔案,可以對其它的介面或接收prefix的介面來發出router advertisement
PS : 若有打開IPv6 routing, echo “1” > /proc/sys/net/ipv6/conf/all/forwarding,則會在其它的介面上(不包括接收prefix的介面)發出router advertisement,若沒有打開IPv6 routing,則會在同樣接收prefix的介面發出router advertisement
不過dibbler只是產生一個設定檔,啟動停止radvd還是要靠radvd daemon且若radvd.conf的設定檔有變動,好像也不會讓radvd重新reload設定檔
我有測試radvd-1.6.tar.gz,發現一個問題,就是dibbler產生的radvd.conf會有語法不合的情形...所以需要修改dibbler的source code
修改./Port-linux/lowlevel-options-linux.c,找到fprintf(f, " AdvAutonomous false;\n");這一行
改成fprintf(f, " AdvAutonomous on;\n");...然後重新編譯,安裝
PS: 我用win xp 做client,AdvAutonomous 一定要on,才能得到IPv6的位址,至於其他radvd.conf的參數,看情況加入
還有radvd source code安裝時, 解壓縮, ./configure --sysconfdir=/etc/dibbler, make, make install,configure下的參數,可以讓radvd去/etc/dibbler/radvd.conf找設定檔
結論:
dibbler + radvd,目前還不算是完整的解決方案,不過至少有雛形了...也許過陣子再來關心,看看有沒有高手來解決!!!
相關連結:
http://en.wikipedia.org/wiki/Radvd
http://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
NDP : RFC1970 -> RFC2461 -> RFC4861 . RFC5006 (RDNSS)
http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
http://en.wikipedia.org/wiki/DHCPv6
DHCPv6 : RFC3315 . RFC3319 . RFC3633 . RFC3646 . RFC3736 . RFC4242 . RFC5007
IPv6的裝置,一般透過和Router的溝通(NDP),可以得到一個Prefix,再加上裝置的MAC位址,就可以得到一個連上Internet的網路位址
目前radvd,是linux這方面的實作
如果用戶端有一個Router,想要得到一個Prefix來分配給用戶端的裝置,可以透過DHCPv6來得到Prefix,然後分配給底下的裝置使用
我們選用Dibbler來練習
環境:
vmware-1.0.9
centos 4.8
設一張網卡接到Host-only
實做DHCPv6 Server:
首先實做DHCPv6 Server,下載dibbler-0.7.3-src.tar.gz, 解壓縮, make server client relay, make install
修改設定檔:
在/etc/dibbler底下有許多server或client的設定檔範例,我們拿server-prefix-delegation.conf來修改,並把檔名修改成server.conf
#
# Example server configuration file: Prefix Delegation
#
# Server is able to grant prefixes for clients, who ask for it.
# Prefixes can be assigned besides of or instead of addresses.
# It depends what client asks for.
# Logging level range: 1(Emergency)-8(Debug)
log-level 8
# Don't log full date
log-mode short
iface "eth0" {
# clients should renew every half an hour
T1 1800
# In case of troubles, after 45 minutes, ask any server
T2 2700
# Addresses should be prefered for an hour
prefered-lifetime 3600
# and should be valid for 2 hours
valid-lifetime 7200
class {
pool 5000::/48
}
# the following lines instruct server to grant each client
# 1 or 2 prefixes (if you have uncommented second line with pd-pool or not).
# For example, client might get
# 2222:2222:2222:222:2222:993f:6485:0/112 and
# 1111:1111:1111:1111:1111::993f:6485:0/112
pd-class {
pd-pool 2001:1234:5678::/48
// uncomment following line to assign 2 prefixes for 2 different pools
// Note: each client will receive 1 prefix from each pool.
// pd-pool 1111:1111:1111:1111:1111::/80
pd-length 64
T1 11111
T2 22222
}
}
PS : prefix 2001:1234:5678::/48這是隨便給的,主要是為了測試用
啟動dibbler-server:
dibbler-server start
觀察dibbler-server:
dibbler-server status
停止dibbler-server:
dibbler-server stop
實做DHCPv6 Client:
vmware-1.0.9
centos 4.8
設一張網卡接到Host-only
再設另一張網卡接到NAT
修改設定檔:
參考client-prefix-delegation.conf,並修改,然後將檔名修改成client.conf(完全沒改)
#
# Example client configuration file: Prefix Delegation
#
# This is an example configuration file with prefix delegation
# enabled. To ask for prefixes, use 'pd' (or 'prefix-delegation') keyword.
log-mode short
# 7 = omit debug messages
log-level 7
iface "eth0" {
ia
pd
# it is also possible to define parameters for prefix delegation
# pd {
# t1 1000
# t2 2000
#}
}
啟動dibbler-client
dibbler-client start
觀察dibbler-client
dibbler-client status
停止dibbler-client
dibbler-client stop
radvd的設定:
從client啟動dibbler-client,有一個檔案會更新,/etc/dibbler/radvd.conf,這個檔案是radvd的設定檔,讓這個檔案,可以對其它的介面或接收prefix的介面來發出router advertisement
PS : 若有打開IPv6 routing, echo “1” > /proc/sys/net/ipv6/conf/all/forwarding,則會在其它的介面上(不包括接收prefix的介面)發出router advertisement,若沒有打開IPv6 routing,則會在同樣接收prefix的介面發出router advertisement
不過dibbler只是產生一個設定檔,啟動停止radvd還是要靠radvd daemon且若radvd.conf的設定檔有變動,好像也不會讓radvd重新reload設定檔
我有測試radvd-1.6.tar.gz,發現一個問題,就是dibbler產生的radvd.conf會有語法不合的情形...所以需要修改dibbler的source code
修改./Port-linux/lowlevel-options-linux.c,找到fprintf(f, " AdvAutonomous false;\n");這一行
改成fprintf(f, " AdvAutonomous on;\n");...然後重新編譯,安裝
PS: 我用win xp 做client,AdvAutonomous 一定要on,才能得到IPv6的位址,至於其他radvd.conf的參數,看情況加入
還有radvd source code安裝時, 解壓縮, ./configure --sysconfdir=/etc/dibbler, make, make install,configure下的參數,可以讓radvd去/etc/dibbler/radvd.conf找設定檔
結論:
dibbler + radvd,目前還不算是完整的解決方案,不過至少有雛形了...也許過陣子再來關心,看看有沒有高手來解決!!!
相關連結:
http://en.wikipedia.org/wiki/Radvd
http://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol
NDP : RFC1970 -> RFC2461 -> RFC4861 . RFC5006 (RDNSS)
http://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
http://en.wikipedia.org/wiki/DHCPv6
DHCPv6 : RFC3315 . RFC3319 . RFC3633 . RFC3646 . RFC3736 . RFC4242 . RFC5007
沒有留言:
張貼留言