在 CentOS 7 上的 KVM 主机上启用 IPV6FORWARDING

tag-icon tag-icon centos7 kvm-virtualization ipv6
在 CentOS 7 上的 KVM 主机上启用 IPV6FORWARDING

我这里有一个运行 CentOS 7 的 KVM 主机。如果我的主机/etc/sysconfig/network看起来像

HOSTNAME=myname
NETWORKING_IPV6=yes
NETWORKING=yes

IPv6 已启用并且我获得了一个全局 IPv6 地址:

# ifconfig
br0-enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 192.168.1.3  netmask 255.255.255.0  broadcast 192.168.1.255
    inet6 2a02:aaa:bbbb:cccc:82ee:73ff:fe9d:5909  prefixlen 64  scopeid 0x0<global>
    inet6 fe80::82ee:73ff:fe9d:5909  prefixlen 64  scopeid 0x20<link>
    ether 80:ee:73:9d:59:09  txqueuelen 1000  (Ethernet)
    RX packets 5798  bytes 614164 (599.7 KiB)
    RX errors 0  dropped 1842  overruns 0  frame 0
    TX packets 3037  bytes 3130986 (2.9 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet6 fe80::82ee:73ff:fe9d:5909  prefixlen 64  scopeid 0x20<link>
    ether 80:ee:73:9d:59:09  txqueuelen 1000  (Ethernet)
    RX packets 7595  bytes 915426 (893.9 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 5790  bytes 3458964 (3.2 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    loop  txqueuelen 1000  (Lokale Schleife)
    RX packets 2874  bytes 2846558 (2.7 MiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 2874  bytes 2846558 (2.7 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
    inet 192.169.1.1  netmask 255.255.255.0  broadcast 192.169.1.255
    ether 52:54:00:88:24:d4  txqueuelen 1000  (Ethernet)
    RX packets 0  bytes 0 (0.0 B)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 0  bytes 0 (0.0 B)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet6 fe80::fc54:ff:fe08:24af  prefixlen 64  scopeid 0x20<link>
    ether fe:54:00:08:24:af  txqueuelen 1000  (Ethernet)
    RX packets 733  bytes 206871 (202.0 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 4312  bytes 400237 (390.8 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

但是如果我在以下位置启用 IPV6FORWARDING /etc/sysconfig/network

HOSTNAME=myname
NETWORKING_IPV6=yes
NETWORKING=yes
IPV6FORWARDING=yes

我没有获得全局 IPv6 地址:

# ifconfig
br0-enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 192.168.1.3  netmask 255.255.255.0  broadcast 192.168.1.255
    inet6 fe80::82ee:73ff:fe9d:5909  prefixlen 64  scopeid 0x20<link>
    ether 80:ee:73:9d:59:09  txqueuelen 1000  (Ethernet)
    RX packets 8727  bytes 995519 (972.1 KiB)
    RX errors 0  dropped 2446  overruns 0  frame 0
    TX packets 4970  bytes 6890188 (6.5 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet6 fe80::82ee:73ff:fe9d:5909  prefixlen 64  scopeid 0x20<link>
    ether 80:ee:73:9d:59:09  txqueuelen 1000  (Ethernet)
    RX packets 11014  bytes 1383620 (1.3 MiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 10205  bytes 7423351 (7.0 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    loop  txqueuelen 1000  (Lokale Schleife)
    RX packets 6159  bytes 6792034 (6.4 MiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 6159  bytes 6792034 (6.4 MiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
    inet 192.169.1.1  netmask 255.255.255.0  broadcast 192.169.1.255
    ether 52:54:00:88:24:d4  txqueuelen 1000  (Ethernet)
    RX packets 0  bytes 0 (0.0 B)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 0  bytes 0 (0.0 B)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet6 fe80::fc54:ff:fe08:24af  prefixlen 64  scopeid 0x20<link>
    ether fe:54:00:08:24:af  txqueuelen 1000  (Ethernet)
    RX packets 885  bytes 262087 (255.9 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 5626  bytes 512476 (500.4 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

'/etc/sysctl.conf' 的内容目前(已经包含了“AB”答案的 'net.ipv6.conf.all.accept_ra' 配置)为:

# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).

#
# openvpn routing
#
net.ipv4.ip_forward=1

net.ipv6.conf.all.accept_ra=2

在其他未安装 KVM 主机的 CentOS 7 机器上,它可以运行。有人知道为什么吗?

编辑 19.12.09

添加“/etc/sysctl.conf”的内容并添加“ifconfig”的完整输出

答案1

考虑到您没有提供太多信息(包括主机操作系统分布),这是一个大胆的猜测:

您的系统可能有这个默认的 sysctl 设置:

# sysctl net.ipv6.conf.all.accept_ra
net.ipv6.conf.all.accept_ra = 1

这是描述

accept_ra - INTEGER
  Accept Router Advertisements; autoconfigure using them.

  It also determines whether or not to transmit Router
  Solicitations. If and only if the functional setting is to
  accept Router Advertisements, Router Solicitations will be
  transmitted.

  Possible values are:
      0 Do not accept Router Advertisements.
      1 Accept Router Advertisements if forwarding is disabled.
      2 Overrule forwarding behaviour. Accept Router Advertisements
        even if forwarding is enabled.

  Functional default: enabled if local forwarding is disabled.
              disabled if local forwarding is enabled.

因此,当您的主机不是路由器时,它会由网络上发送 RA(包括响应来自您主机的 RS)的 IPv6 路由器自动配置。当它本身成为路由器时,默认情况下它不会监听这些 RA。

尝试这个:

sysctl -w net.ipv6.conf.br0-enp3s0.accept_ra=2

请注意,由于您使用网桥的隐式自端口进行路由,因此您无法区分这些 RA 的来源:您可能会收到来自不受信任的虚拟机的 RA:这是您的决定。您还应该检查是否需要其他接口上的 RA。

例如,如果您配置了 DHCPv6,那么所有这些都可能不适用。

相关内容