我目前正在评估 Server 2012 是否可用作 Linux 和 Windows 工作站和服务器组成的小型异构网络中的域控制器,所有这些工作站和服务器最终都将加入域。这是一个 100% 双栈网络;每个设备都具有 IPv4 和 IPv6 连接。路由器是运行 radvd 1.9.1 和其他各种必需品的 Linux 服务器。
我刚刚安装了第一个域控制器;它的域名是ad.businessname.com(businessname.com由外部 DNS 服务器处理;该域还具有公共网站、电子邮件等,这些目前不会加入域)。它是安装了 AD DS 和 DNS 角色的服务器核心。一切似乎都很好,我已准备好设置第二个 DC 并开始加入计算机,但是...
现在我的网络上有额外的 IPv6 路由器广告,广告唯一本地地址。 它是还宣传实际路由器正在宣传的本机 IPv6 前缀。起初我以为这些 RA 源自域控制器,因为当我关闭它时它们就消失了,但在运行 Wireshark 后,我发现它们来自我的实际 IPv6 路由器。Wireshark 显示,此版本的 RA 紧随来自 DC 的 fd4a:e7ab:34a5::1 邻居请求之后。
奇怪的是,路由器还发送原始路由通告,通常在域控制器不在网络上时发送。此版本的 RA 匹配/etc/radvd.conf(副本如下)。与 Wireshark 的快速会话确认了两个版本的路由器通告均来自运行 的 Linux 路由器的 MAC 地址radvd。
到目前为止,这些似乎无害,因为我的 IPv6 连接尚未因额外 RA 的存在而中断。但由于我已经拥有全球 IPv6 连接,因此 ULA 似乎是不必要的,也是不受欢迎的。
我昨晚和今天花了很多时间在网上搜索,试图弄清楚到底发生了什么,但除了暗示它可能与 IP Helper 服务有关(并含糊地警告不要关闭它)。但据我所知,当原生 IPv6 可用时,禁用此服务应该是安全的。
我的问题是:
- 为什么 Windows 会为 ULA 网络发送邻居请求?
- 为什么发送这些 RA,似乎是为了回应?
- 为什么他们除了宣传我的本地地址外,还宣传 ULA?
- 这是否会导致以后的 IPv6 路由出现问题?
- 我是否必须忍受这种情况,或者我怎样才能让 Windows 和 radvd 正常运行?
各项配置信息如下:
这是已发送的捕获的 RA(如图所示,在radvdump我看来,它比 wireshark 的输出更容易阅读)。您可以看到它同时通告了 ULA 和公共前缀(此处被遮挡)。当我关闭域控制器时,此版本的 RA 不再出现在网络上。
#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#
interface eth0
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag off;
AdvOtherConfigFlag on;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 0;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
AdvLinkMTU 1500;
prefix fd4a:e7ab:34a5::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
prefix 2001:db8:16:bf::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
RDNSS fd4a:e7ab:34a5::1
{
AdvRDNSSLifetime 86400;
}; # End of RDNSS definition
DNSSL businessname.com
{
AdvDNSSLLifetime 1800;
}; # End of DNSSL definition
}; # End of interface definition
这是原始的路由器广告,它与路由器的广告相匹配/etc/radvd.conf,并且仍然被发送到网络上,与上面的广告交替:
#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#
interface eth0
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag off;
AdvOtherConfigFlag off;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
prefix 2001:db8:16:bf::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
RDNSS 2001:4860:4860::8888 2001:4860:4860::8844
{
AdvRDNSSLifetime 600;
}; # End of RDNSS definition
}; # End of interface definition
域控制器上安装的角色/功能列表:
[dc1]: PS C:\Users\Administrator\Documents> Get-WindowsFeature | where {$_.InstallState -eq "Installed"}
Display Name Name Install State
------------ ---- -------------
[X] Active Directory Domain Services AD-Domain-Services Installed
[X] DNS Server DNS Installed
[X] File And Storage Services FileAndStorage-Services Installed
[X] File and iSCSI Services File-Services Installed
[X] File Server FS-FileServer Installed
[X] Storage Services Storage-Services Installed
[X] .NET Framework 4.5 Features NET-Framework-45-Fea... Installed
[X] .NET Framework 4.5 NET-Framework-45-Core Installed
[X] WCF Services NET-WCF-Services45 Installed
[X] TCP Port Sharing NET-WCF-TCP-PortShar... Installed
[X] Group Policy Management GPMC Installed
[X] Remote Server Administration Tools RSAT Installed
[X] Role Administration Tools RSAT-Role-Tools Installed
[X] AD DS and AD LDS Tools RSAT-AD-Tools Installed
[X] Active Directory module for Windows ... RSAT-AD-PowerShell Installed
[X] Windows PowerShell PowerShellRoot Installed
[X] Windows PowerShell 3.0 PowerShell Installed
[X] WoW64 Support WoW64-Support Installed
以太网接口的 IPv6 配置,如聊天中所要求的:
[dc1]: PS C:\Users\Administrator\Documents> netsh interface ipv6 show interface interface=Ethernet
Interface Ethernet Parameters
----------------------------------------------
IfLuid : ethernet_7
IfIndex : 12
State : connected
Metric : 10
Link MTU : 1500 bytes
Reachable Time : 33500 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : enabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 64
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
ECN capability : application
答案1
虽然我仍然不知道为什么会发生这种情况(并希望得到解释!)但现在似乎已经解决了。
我仔细检查了网络配置,懊恼地发现默认网关有一个拼写错误!
[dc1]: PS C:\Users\Administrator\Documents> Get-NetRoute -PolicyStore PersistentStore -AddressFamily IPv6
ifIndex DestinationPrefix NextHop RouteMetric PolicyStore
------- ----------------- ------- ----------- -----------
12 ::/0 2001:db8:116:bf::1 256 Persiste...
嗯,哎呀!116:bf应该是16:bf。
所以我修复了这个拼写错误,并且从以太网接口中删除了 ULA 地址,瞧,不再有多余的 RA,我的网络又恢复正常了。
[dc1]: PS C:\Users\Administrator\Documents> Remove-NetRoute -NextHop 2001:db8:116:bf::1
Confirm
Are you sure you want to perform this action?
Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Active"
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
Confirm
Are you sure you want to perform this action?
Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Persistent"
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
[dc1]: PS C:\Users\Administrator\Documents> New-NetRoute -NextHop 2001:db8:16:bf::1 -DestinationPrefix ::/0 -InterfaceIndex 12
ifIndex DestinationPrefix NextHop RouteMetric PolicyStore
------- ----------------- ------- ----------- -----------
12 ::/0 2001:db8:16:bf::1 256 ActiveStore
12 ::/0 2001:db8:16:bf::1 256 Persiste...
[dc1]: PS C:\Users\Administrator\Documents> Remove-NetIPAddress -AddressFamily IPv6 -IPAddress fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -PrefixLength 64
Confirm
Are you sure you want to perform this action?
Performing operation "Remove" on Target "NetIPAddress -IPv6Address fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -InterfaceIndex 12 -Store Active"
[Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
Wireshark 表示,在邻居请求、路由器广告或其他任何地方都没有发现 ULA 的迹象。
答案2
我无法完全解释为什么你的 DC 会发送路由广告,但你至少可以尝试针对相关接口禁用它们
netsh interface ipv6 set interface interface="Local Area Connection" advertise=disabled
根据 netsh 帮助,这应该是默认设置,但似乎没有多大意义,因为您的 DC 可能不打算用作路由器。