IPV6之ECS初尝试

  • 内容
  • 评论
  • 相关
背景信息:
 自从苹果审核要求app支持ipv6的通讯以来,有很多工单咨询ipv6如何设置,今天基于Centos 6.8 64位系统搭建一下ipv6的演示环境,欢迎斧正 
确认ipv6是否安装:

1.使用ifconfig命令查看网络信息是否有ipv6的信息

eth0 Link encap:Ethernet HWaddr 00:16:3E:32:A2:3E inet addr:172.30.191.179 Bcast:172.30.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:249646 errors:0 dropped:0 overruns:0 frame:0 TX packets:21882 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:371880410 (354.6 MiB) TX bytes:1402076 (1.3 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:98 errors:0 dropped:0 overruns:0 frame:0 TX packets:98 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:10363 (10.1 KiB) TX bytes:10363 (10.1 KiB)

2.也可以根据监听信息判断是否存在ipv6(:::123 )的监听

# netstat -tuln Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0      0 127.0.0.1:32000 0.0.0.0:* LISTEN tcp 0      0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0      0 127.0.0.1:25 0.0.0.0:* LISTEN udp 0      0 0.0.0.0:68 0.0.0.0:* udp 0      0 0.0.0.0:68 0.0.0.0:* udp 0      0 172.30.191.179:123 0.0.0.0:* udp 0      0 127.0.0.1:123 0.0.0.0:* udp 0      0 0.0.0.0:123 0.0.0.0:*
开始搭建IPV6的工作环境

1.修改系统模块支持ipv6

# cat /etc/modprobe.d/disable_ipv6.conf alias net-pf-10 off options ipv6 disable=0

2.修改网络支持ipv6

# cat /etc/sysconfig/network NETWORKING=yes HOSTNAME=iZ2ze24ws6xq5ug1cm4x9bZ NETWORKING_IPV6=yes PEERNTP=no 

3.系统参数设置ipv6

# vi /etc/sysctl.conf  net.ipv6.conf.all.disable_ipv6 = 0 net.ipv6.conf.default.disable_ipv6 = 0 net.ipv6.conf.lo.disable_ipv6 = 0

注:如果不重启直接sysctl -p的话会提示下面的报错,因为ipv6当前在系统内是不支持的

error: "net.ipv6.conf.all.disable_ipv6" is an unknown key error: "net.ipv6.conf.default.disable_ipv6" is an unknown key error: "net.ipv6.conf.lo.disable_ipv6" is an unknown key

4.重启后查看ipv6的配置已经ok了

# ifconfig eth0 Link encap:Ethernet  HWaddr 00:16:3E:32:A2:3E  
          inet addr:172.30.191.179 Bcast:172.30.255.255 Mask:255.255.0.0 inet6 addr: fe80::216:3eff:fe32:a23e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500 Metric:1 RX packets:670 errors:0 dropped:0 overruns:0 frame:0 TX packets:753 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:76703 (74.9 KiB)  TX bytes:139326 (136.0 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536 Metric:1 RX packets:44 errors:0 dropped:0 overruns:0 frame:0 TX packets:44 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:7015 (6.8 KiB)  TX bytes:7015 (6.8 KiB)
HE 注册&配置&测试

1.登陆https://www.tunnelbroker.net/ 官方网站,进行账号注册,2018-04-14测试QQ邮箱可以收到注册成功的邮件了

2.登陆后点击 “Create Regular Tunnel” ,输入ECS的公网ip,出现绿底的“IP is a potential tunnel endpoint.”说明你得公网ip支持ipv6隧道,测试默认给我的节点延迟173ms,可以接受,点击页面最下方的“Create Tunnel”

3.创建ipv6隧道及路由,centos的系统选择linux-route2,返回的命令去ecs上执行

modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 66.220.18.42 local 172.30.191.179 ttl 255 ip link set he-ipv6 up
ip addr add 2001:470:c:13ac::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr # ip -f inet6 addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 inet6 fe80::216:3eff:fe32:a23e/64 scope link 
       valid_lft forever preferred_lft forever 4: he-ipv6: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 inet6 2001:470:c:13ac::2/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::276a:b88b/128 scope link 
       valid_lft forever preferred_lft forever # netstat -an |grep ::: tcp 0 0 ::1:25 :::* LISTEN      
udp 0 0 fe80::ac1e:bfb3:123 :::* udp 0 0 2001:470:c:13ac::2:123 :::* udp 0 0 fe80::216:3eff:fe32:a23e:123 :::* udp 0 0 ::1:123 :::* udp 0 0 :::123 :::* 

注意:如果使用了vpc的网络环境,HE上生成的命令,需要把ECS的公网ip修改成ecs内部可以看到的ip,即内网ip,可见示例配置里面note部分的提示

# ping6 ipv6.google.com PING ipv6.google.com(tsa03s01-in-x0e.1e100.net) 56 data bytes 64 bytes from tsa03s01-in-x0e.1e100.net: icmp_seq=1 ttl=53 time=325 ms 64 bytes from tsa03s01-in-x0e.1e100.net: icmp_seq=2 ttl=53 time=325 ms # ping6 2001:470:0:76::2 PING 2001:470:0:76::2(2001:470:0:76::2) 56 data bytes 64 bytes from 2001:470:0:76::2: icmp_seq=1 ttl=60 time=182 ms 64 bytes from 2001:470:0:76::2: icmp_seq=2 ttl=60 time=182 ms

测试通过!


来源链接:
本文标签:这篇文章木有标签
版权声明:若无特殊注明,本文皆《、国栋》原创,转载请保留文章出处。
本文链接:IPV6之ECS初尝试 - http://www.guodong.kim/post-10.html
IPV6之ECS初尝试

发表评论

电子邮件地址不会被公开。 必填项已用*标注