我已经在 Digital Ocean droplet 上配置了 NDP 代理,以允许容器获取公共 IPv6 地址。它似乎可以工作,但偶尔我会收到目标无法访问(地址无法访问)错误。似乎当这种情况发生时,容器主机上的邻居表会将路由器可达性显示为INCOMPLETE(显示为x:x:x:x::1)。然后,它会随机地再次开始工作。为什么会发生这种情况,我可以做些什么来解决这个问题?
主机配置:
# ip -6 address show
<...>
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 x:x:x:x::x:5000/64 scope global
valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
<...>
# ip -6 route show | grep -v fe80::/64
x:x:x:x::x:5000/124 dev br0 metric 128 pref medium
x:x:x:x::/64 dev eth0 proto kernel metric 256 pref medium
default via x:x:x:x::1 dev eth0 metric 1024 pref medium
# ip -6 neigh show proxy
x:x:x:x::x:5000 dev br0 proxy
x:x:x:x::x:5001 dev eth0 proxy
# sysctl net.ipv6.conf.{all,br0,eth0}.{forwarding,proxy_ndp}
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.proxy_ndp = 0
net.ipv6.conf.br0.forwarding = 1
net.ipv6.conf.br0.proxy_ndp = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.eth0.proxy_ndp = 1
来宾配置:
# ip -6 address show
<...>
2: host0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 x:x:x:x::x:5001/124 scope global
<...>
# ip -6 route show | grep -v fe80::/64
x:x:x:x::x:5000/124 dev host0 proto kernel metric 256
default via x:x:x:x::x:5000 dev host0 metric 1024