IPv6路由问题

tag-icon tag-icon routing ipv6
IPv6路由问题

我正在为家庭网络设置 IPv6,遇到了一个奇怪的问题。

我的“路由器”(Debian Linux 盒)连接到 HE.net 6in4 并且可以正常 ping 和访问 ipv6 站点(ipv6.google.com)。

我已经在路由器上安装了 radvd(配置如下),其他计算机(我的 Mac Book Pro 和另一个 Debian 盒子)接收具有正确前缀的地址,并将默认路由报告到我的路由器的链接地址。

问题是,除非其他计算机专门 ping 路由器的非链接地址,否则它们无法通过 ipv6 访问互联网。我在使用 traceroute6 进行故障排除时偶然发现了这一点。

radvd配置文件


andrew@route:~$ cat /etc/radvd.conf
interface eth0
{
    AdvSendAdvert on;
    MinRtrAdvInterval 30;
    MaxRtrAdvInterval 100;
    AdvHomeAgentFlag off;
    AdvSourceLLAddress on;
    AdvCurHopLimit 255;
    prefix 2001:470:XXXX:XXXX::/64 
    {
        AdvOnLink on;
        AdvAutonomous on;
    };

};

路由器上的 ifconfig


andrew@route:~$ /sbin/ifconfig
6in4      Link encap:IPv6-in-IPv4  
          inet6 addr: 2001:470:XXXX:XXXX::2/64 Scope:Global
          inet6 addr: fe80::411f:489c/128 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:19128 errors:0 dropped:0 overruns:0 frame:0
          TX packets:19421 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:1871880 (1.7 MiB)  TX bytes:1919865 (1.8 MiB)

eth0      Link encap:Ethernet  HWaddr 00:1d:60:3a:1e:45  
          inet addr:192.168.1.12  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:470:XXXX:XXXX::2/64 Scope:Global
          inet6 addr: fe80::21d:60ff:fe3a:1e45/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:495833790 errors:0 dropped:0 overruns:0 frame:0
          TX packets:515479141 errors:0 dropped:0 overruns:0 carrier:2
          collisions:0 txqueuelen:1000 
          RX bytes:279615773745 (260.4 GiB)  TX bytes:324665798547 (302.3 GiB)

eth1      Link encap:Ethernet  HWaddr 00:02:b3:d7:98:71  
          inet addr:65.31.XXX.XXX  Bcast:255.255.255.255  Mask:255.255.255.192
          inet6 addr: fe80::202:b3ff:fed7:9871/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:545171946 errors:0 dropped:0 overruns:0 frame:0
          TX packets:335869422 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:676743254883 (630.2 GiB)  TX bytes:75919367259 (70.7 GiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:10087609 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10087609 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:60879852161 (56.6 GiB)  TX bytes:60879852161 (56.6 GiB)

路由器上的 ip -6 路由


andrew@route:~$ ip -6 route
2001:470:XXXX:XXXX::1 dev 6in4  metric 1024  mtu 1480 advmss 1420 hoplimit 0
2001:470:XXXX:XXXX::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
2001:470:XXXX:XXXX::/64 via :: dev 6in4  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0
fe80::/64 dev tap0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 via :: dev 6in4  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0
default via 2001:470:XXXX:XXXX::1 dev 6in4  metric 1024  mtu 1480 advmss 1420 hoplimit 0

另一台计算机上的 ifconfig

andrew@other:~$ /sbin/ifconfig
eth0 链路封装:以太网 HWaddr 00:1d:60:85:eb:93  
          inet 地址:192.168.1.20 Bcast:192.168.1.255 掩码:255.255.255.0
          inet6 地址:2001:470:XXXX:XXXX:21d:60ff:fe85:eb93/64 范围:全球
          inet6 地址:fe80::21d:60ff:fe85:eb93/64 范围:链接
          上行广播运行多播 MTU:1500 度量:1
          RX 数据包:13959115 错误:0 丢弃:0 超限:0 帧:0
          TX 数据包:6027537 错误:0 丢弃:0 超限:0 载波:2
          碰撞:0 txqueuelen:1000
          RX 字节数:16009877909(14.9 GiB)TX 字节数:1306977604(1.2 GiB)

lo 链路封装:本地环回  
          inet 地址:127.0.0.1 掩码:255.0.0.0
          inet6 地址:::1/128 范围:主机
          上行环回运行 MTU:16436 度量:1
          RX 数据包:118933 错误:0 丢弃:0 超限:0 帧:0
          TX 数据包:118933 错误:0 丢弃:0 超限:0 载波:0
          碰撞:0 txqueuelen:0
          RX 字节:62855037 (59.9 MiB) TX 字节:62855037 (59.9 MiB)

其他计算机上的 ip -6 路由


andrew@other:~$ ip -6 route
2001:470:XXXX:XXXX::/64 dev eth0  proto kernel  metric 256  expires 86382sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
default via fe80::21d:60ff:fe3a:1e45 dev eth0  proto kernel  metric 1024  expires 277sec mtu 1500 advmss 1440 hoplimit 255

问题


andrew@other:~$ ping6 ipv6.google.com
PING ipv6.google.com(iad04s01-in-x93.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
24 packets transmitted, 0 received, 100% packet loss, time 23145ms

andrew@other:~$ ping6 2001:470:XXXX:XXXX::2
PING 2001:470:XXXX:XXXX::2(2001:470:XXXX:XXXX::2) 56 data bytes
64 bytes from 2001:470:XXXX:XXXX::2: icmp_seq=1 ttl=255 time=3.03 ms
64 bytes from 2001:470:XXXX:XXXX::2: icmp_seq=2 ttl=255 time=0.242 ms
64 bytes from 2001:470:XXXX:XXXX::2: icmp_seq=3 ttl=255 time=0.243 ms
64 bytes from 2001:470:XXXX:XXXX::2: icmp_seq=4 ttl=255 time=0.247 ms
64 bytes from 2001:470:XXXX:XXXX::2: icmp_seq=5 ttl=255 time=0.241 ms
64 bytes from 2001:470:XXXX:XXXX::2: icmp_seq=6 ttl=255 time=0.235 ms
^C
--- 2001:470:XXXX:XXXX::2 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5000ms
rtt min/avg/max/mdev = 0.235/0.707/3.039/1.043 ms

andrew@other:~$ ping6 ipv6.google.com
PING ipv6.google.com(iad04s01-in-x93.1e100.net) 56 data bytes
64 bytes from iad04s01-in-x93.1e100.net: icmp_seq=1 ttl=56 time=78.6 ms
64 bytes from iad04s01-in-x93.1e100.net: icmp_seq=2 ttl=56 time=79.1 ms
64 bytes from iad04s01-in-x93.1e100.net: icmp_seq=3 ttl=56 time=77.7 ms
64 bytes from iad04s01-in-x93.1e100.net: icmp_seq=4 ttl=56 time=82.3 ms
^C
--- ipv6.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 77.726/79.452/82.324/1.732 ms

在我专门 ping 路由器全局 IP 之前和之后的唯一区别是,之后,在“其他”计算机上,在 ip -6 neigh show 中,列出了路由器的全局 IP。当然,几分钟后它就失效了,另一台计算机无法再次 ping 互联网。

抱歉,这篇文章太长了,但这个问题真的让我抓狂了。

答案1

说实话,我不知道为什么或者如何解决这个问题......

我的新路线表


andrew@route:~$ ip -6 route
2001:470:XXXX:XXXX::1 dev 6in4  metric 1024  mtu 1480 advmss 1420 hoplimit 0
2001:470:XXXX:XXXX::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev tap0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 via :: dev 6in4  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0
default via 2001:470:XXXX:XXXX::1 dev 6in4  metric 1024  mtu 1480 advmss 1420 hoplimit 0

我最终删除的规则是:


2001:470:XXXX:XXXX::/64 via :: dev 6in4  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0

删除该规则后(当然是随机的),“其他计算机”便可以毫无问题地 ping 出去。

我已通过从 /etc/network/interfaces 中的 6in4 接口中删除该地址来阻止路由器将来生成该规则。

无论如何,感谢那些花时间阅读我的帖子的人。

答案2

这些 XXXX:XXXX 不应该相同,您为隧道分配了一个 /64 前缀,为您的 LAN 分配了一个 /64 前缀。

还要确保您没有意外使用 ip6tables 阻止 ICMP。

相关内容