如何将公共 ipv6 地址路由到私有 lxc 容器地址?

tag-icon tag-icon networking routing ipv6 lxc
如何将公共 ipv6 地址路由到私有 lxc 容器地址?

我有一个公共 ipv6 地址池,我想用它来公开 lxc 容器。

在主机上,我创建了一个macvlan接口eth0-macvlan并绑定了一个公共地址2600:3c01:e000:83::1/64。然后我将容器绑定eth1到同一子网中的地址2600:3c01:e000:83::11/64。我可以从主机 ping 容器地址,但不能 ping 互联网。我需要添加路由吗?我可能完全做错了。

eth0      Link encap:Ethernet  HWaddr f2:3c:91:6e:25:63
          inet addr:173.230.156.218  Bcast:173.230.156.255  Mask:255.255.255.0
          inet6 addr: fe80::f03c:91ff:fe6e:2563/64 Scope:Link
          inet6 addr: 2600:3c01::f03c:91ff:fe6e:2563/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:955129 errors:0 dropped:0 overruns:0 frame:0
          TX packets:547825 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1369203060 (1.3 GB)  TX bytes:59723654 (59.7 MB)

eth0-macvlan Link encap:Ethernet  HWaddr 1e:dd:2e:bf:86:3a
          inet6 addr: fe80::1cdd:2eff:febf:863a/64 Scope:Link
          inet6 addr: 2600:3c01:e000:83::1/64 Scope:Global
          inet6 addr: 2600:3c01::1cdd:2eff:febf:863a/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3061 errors:0 dropped:0 overruns:0 frame:0
          TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:360888 (360.8 KB)  TX bytes:7069 (7.0 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:196 errors:0 dropped:0 overruns:0 frame:0
          TX packets:196 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:24808 (24.8 KB)  TX bytes:24808 (24.8 KB)

lxcbr0    Link encap:Ethernet  HWaddr 06:9d:8f:ec:b6:e1
          inet addr:10.0.3.1  Bcast:10.0.3.255  Mask:255.255.255.0
          inet6 addr: fe80::49d:8fff:feec:b6e1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:648 (648.0 B)

vethDqo9GU Link encap:Ethernet  HWaddr 4e:e4:a8:3d:cf:f5
          inet6 addr: fe80::4ce4:a8ff:fe3d:cff5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:648 (648.0 B)  TX bytes:648 (648.0 B)

LXC容器:

eth0      Link encap:Ethernet  HWaddr da:e0:6a:b5:8b:b0
          inet addr:172.17.0.2  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::d8e0:6aff:feb5:8bb0/64 Scope:Link
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:648 (648.0 B)  TX bytes:648 (648.0 B)

eth1      Link encap:Ethernet  HWaddr 8e:29:ed:5d:0a:6d
          inet6 addr: 2600:3c01::8c29:edff:fe5d:a6d/64 Scope:Global
          inet6 addr: fe80::8c29:edff:fe5d:a6d/64 Scope:Link
          inet6 addr: 2600:3c01:e000:83::11/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:68 errors:0 dropped:0 overruns:0 frame:0
          TX packets:38 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7047 (7.0 KB)  TX bytes:4034 (4.0 KB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

更新 自从最初发布以来,我已经设置了radvd一个桥接接口,br0这是我的radvd.conf

interface eth0 {
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvSendAdvert on;
AdvLinkMTU 1480;
# Prefix of what i'm advertising
    prefix 2600:3c01:e000:0083::/64 {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr on;
    };
};

interface br0 {
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvSendAdvert on;
AdvLinkMTU 1480;
# Prefix of what i'm advertising
    prefix 2600:3c01:e000:0083::/64 {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr on;
    };
};

ip -6 r

HOST:
    2600:3c01::/64 dev eth0  proto kernel  metric 256  expires 2545193sec
    fe80::/64 dev eth0  proto kernel  metric 256
    fe80::/64 dev br0  proto kernel  metric 256
    fe80::/64 dev veth334e  proto kernel  metric 256

CONTAINER:
    2600:3c01:e000:83::/64 dev eth0  proto kernel  metric 256  expires 86395sec
    fe80::/64 dev eth0  proto kernel  metric 256
    default via fe80::f83b:3bff:fef6:3759 dev eth0  proto ra  metric 1024  expires 25sec

答案1

我希望您在服务器的两侧使用不同的 /64。您需要配置桥接接口以使路由正常工作。

通常情况下,您的提供商会为您提供一个 /64 网络块供您使用。然后您可以在内部网络上配置这些网络,正常路由将使这些地址可供外部使用。您可以运行一个radvd进程以允许主机自动配置或手动配置地址。

警告:这些 IPv6 地址可全局路由。需要考虑访问控制。

答案2

如果您拥有一个将 IPv6 计算机直接连接到网络的网络,那么使用虚拟机的最简单方法是忽略它macvlan并使用网桥。您的输出虽然不是很有用,但可能已经包含了一个网桥。您只需将以太网和 veth 设备都连接到网桥并正确配置它,以便主机也可以连接。

请使用ip address而不是ifconfig,尤其是在需要进行高级联网时。 的输出ifconfig缺少重要信息。

相关内容