如何创建 IPv6 覆盖网络?

tag-icon tag-icon linux networking ip ping ipv6
如何创建 IPv6 覆盖网络?

我想在两台主机上创建仅主机 IPv6 网络,然后在它们之间进行路由。在每个主机上,都会有一个虚拟接口,位于 ipv6_prefix::9。我希望能够从以下位置 ping 该接口 其他主持人。

是否有成熟的最佳实践?用 6 英寸 4 的隧道就能做到这一点似乎是合理的。

下面,我将完成我最近在 EC2 中尝试的设置,使用 6in4 进行隧道。两个主机是10.239.143.3510.238.249.113。首先,让我们设置虚拟接口。我们将使用这些 Bash 函数:

function dummy {
  local name="$1" ipv6="$2"
  ip link add "$name" type dummy
  ip -6 addr add "$ipv6" dev "$name"
  ip link set "$name" up
}

function calc6to4 {
  printf '2002:%02x%02x:%02x%02x::\n' $(tr '.' ' ' <<<"$@")
}

function eth0ipv4 {
  ip addr list dev eth0 | egrep -o 'inet [^/]+' | head -n1 | cut -d' ' -f2
}

(您可以将它们直接粘贴到您的 shell 会话中。)

在第一台主机上,我们运行:

:;  ipv4="$(eth0ipv4)"
:;  ipv6="$(calc6to4 "$ipv4")"
:;  echo "ipv4 = $ipv4" "ipv6 = $ipv6"
ipv4 = 10.239.143.35 ipv6 = 2002:0aef:8f23::
:;  dummy dummy9 "$ipv6"9
:;  ip addr show dev dummy9
69: dummy9: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
    link/ether e2:69:75:10:04:2c brd ff:ff:ff:ff:ff:ff
    inet6 2002:aef:8f23::9/128 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::e069:75ff:fe10:42c/64 scope link 
       valid_lft forever preferred_lft forever

Ping 似乎工作正常:

:;  ping6 -q -c1 "$ipv6"9
PING 2002:0aef:8f23::9(2002:aef:8f23::9) 56 data bytes

--- 2002:0aef:8f23::9 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.040/0.040/0.040/0.000 ms

现在它连接到第二个主机:

:;  ipv4="$(eth0ipv4)"
:;  ipv6="$(calc6to4 "$ipv4")"
:;  echo "ipv4 = $ipv4" "ipv6 = $ipv6"
ipv4 = 10.238.249.113 ipv6 = 2002:0aee:f971::
:;  dummy dummy9 "$ipv6"9

Ping 检查结果:

:;  ping6 -q -c1 "$ipv6"9
PING 2002:0aee:f971::9(2002:aee:f971::9) 56 data bytes

--- 2002:0aee:f971::9 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.037/0.037/0.037/0.000 ms

现在是令人兴奋的时刻了:用 6in4 隧道连接主机。我们在两台主机上使用以下 Bash 函数:

function tunnel {
  local name="$1" self_ipv4="$2" ipv4="$3" ipv6="$4"
  ip tunnel add "$name" mode sit ttl 64 remote "$ipv4" local "$self_ipv4"
  ip -6 addr add "$ipv6"1 dev "$name"
  ip -6 route add "$ipv6"/64 dev "$name" metric 1
  ip link set "$name" up
}

在第一台主机上:

################################### IPv4 and IPv6 from host 2 ##
:;  tunnel tun6in4 10.239.143.35 10.238.249.113 2002:0aee:f971::

关于第二个:

################################### IPv4 and IPv6 from host 1 ##
:;  tunnel tun6in4 10.238.249.113 10.239.143.35 2002:0aef:8f23::

当我们尝试找到从第一个主机到绑定到第二个虚拟设备的路由时2002:aee:f971::9,我们得到了结果:

:;  ip -6 route get 2002:aee:f971::9
2002:aee:f971::9 from :: dev tun6in4  src 2002:aee:f971::1  metric 0 
    cache

但 ping 不起作用:

:;  ping6 -q -c1 2002:aee:f971::9
PING 2002:aee:f971::9(2002:aee:f971::9) 56 data bytes

--- 2002:aee:f971::9 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

也许我需要添加一个地址eth0

答案1

事实证明,隧道应该在源主机上有一个 IPv6 地址,而不是在目标主机(对等方)上,这样简单的 ping 测试才能起作用。

function tunnel {
  local name="$1" self_ipv4="$2" self_ipv6="$3" ipv4="$4" ipv6="$5"
  ip tunnel add "$name" mode sit ttl 64 remote "$ipv4" local "$self_ipv4"
  ip -6 addr add "$self_ipv6"1 dev "$name"
  ip -6 route add "$ipv6"/64 dev "$name" metric 1
  ip link set "$name" up
}

隧道设置命令将是:

:;  tunnel tun6in4 10.239.143.35 2002:0aef:8f23:: 10.238.249.113 2002:0aee:f971::
:;  tunnel tun6in4 10.238.249.113 2002:0aee:f971:: 10.239.143.35 2002:0aef:8f23::

相关内容