我有以下实验室:
DHCP 服务器 [Centos 6]
/etc/dhcp/dhcpd6.conf
default-lease-time 2592000;
preferred-lifetime 604800;
option dhcp-renewal-time 3600;
option dhcp-rebinding-time 7200;
allow leasequery;
option dhcp6.info-refresh-time 21600;
dhcpv6-lease-file-name "/var/lib/dhcpd/dhcpd6.leases";
subnet6 3ffe:501:ffff:100::/64 {
}
host ipv6host {
hardware ethernet 53:54:00:70:1d:ed;
fixed-address6 3ffe:501:ffff:100::222;
if packet(0,1) = 1 { log(debug,"Request match!"); }
}
# ip -6 addr show
5: eth1.30@if3: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500
inet6 3ffe:501:ffff:100::4/64 scope global
valid_lft forever preferred_lft forever
在客户端中没有特殊配置。然后,运行 dhcp 服务器,我得到以下输出:
Internet Systems Consortium DHCP Server 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Wrote 0 deleted host decls to leases file.
Wrote 0 new dynamic host decls to leases file.
Wrote 0 leases to leases file.
Bound to *:547
Listening on Socket/5/eth1.30/3ffe:501:ffff:100::/64
Sending on Socket/5/eth1.30/3ffe:501:ffff:100::/64
Solicit message from fe80::5054:ff:fe70:1ded port 546, transaction ID 0xDF54D000
Request match!
Request match!
Sending Advertise to fe80::5054:ff:fe70:1ded port 546
Solicit message from fe80::5054:ff:fe70:1ded port 546, transaction ID 0xDF54D000
Request match!
Request match!
Sending Advertise to fe80::5054:ff:fe70:1ded port 546
... and more
在客户端上,我运行客户端时得到以下结果:
dhclient -6 -d eth1
Internet Systems Consortium DHCP Client 4.1.1-P1
Copyright 2004-2010 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Bound to *:546
Listening on Socket/eth1
Sending on Socket/eth1
PRC: Soliciting for leases (INIT).
XMT: Forming Solicit, 0 ms elapsed.
XMT: X-- IA_NA 00:70:1d:ed
XMT: | X-- Request renew in +3600
XMT: | X-- Request rebind in +5400
XMT: Solicit on eth1, interval 1010ms.
XMT: Forming Solicit, 1010 ms elapsed.
XMT: X-- IA_NA 00:70:1d:ed
XMT: | X-- Request renew in +3600
XMT: | X-- Request rebind in +5400
XMT: Solicit on eth1, interval 2070ms.
如您所见,服务器似乎从客户端获取请求并匹配主机条目。我不知道为什么客户端没有获取IP。
注意:客户端是虚拟机,在虚拟机管理程序中,vnic 连接到带有 eth1.30 的网桥。节点之间的流量正常。
答案1
解决了!
问题出在 ip6tables 上。默认规则会阻止来自 DHCP 服务器的通告。
service ip6tables stop
可以解决这个问题。看看其他答案的评论,因为我使用的范围似乎不合适。
重要的. 至少使用 2 个 Centos 6 盒子(服务器和客户端)使用 MAC 地址分配 ip 可以正常工作。
来源: http://www.redhat.com/archives/anaconda-devel-list/2010-November/msg00172.html
答案2
在 DHCPv6 中,客户端不再通过其 MAC 地址进行标识,而是通过 DUID(对于客户端的所有接口都是相同的,因此理论上更容易识别客户端)。因此,您还应该将主机定义放在子网块内。系统可能根据接口和 DUID 组合具有不同的地址。这是来自Linux IPv6 指南:
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet6 2001:db8:0:1::/64 {
# Range for clients
range6 2001:db8:0:1::129 2001:db8:0:1::254;
# Range for clients requesting a temporary address
range6 2001:db8:0:1::/64 temporary;
# Additional options
option dhcp6.name-servers 2001:4860:4860::8888;
option dhcp6.domain-search "domain.example";
# Prefix range for delegation to sub-routers
prefix6 2001:db8:0:100:: 2001:db8:0:f00:: /56;
# Example for a fixed host address
host specialclient {
host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
fixed-address6 2001:db8:0:1::127;
}
}
dhcp6c
您可以从服务器日志中获取客户端的 DUID,也可以从客户端中提取它。这是解析创建用于存储生成的 DUID的文件的示例:
hexdump -e '"%07.7_ax " 1/2 "%04x" " " 14/1 "%02x:" "\n"' /var/lib/dhcpv6/dhcp6c_duid
所有示例均基于如何操作。
答案3
Ubuntu 20.04 LTS
禁用 ip6tables 不是一个好主意,相反我为 DHCPv6 添加了一条旁路。
ipif=$(ip link show | awk -F':' ' $2 ~ /^[ ]+e.+[0-9]/ { sub(/^[ \t]+/, "",$2); print $2; }')
sudo ip6tables -I INPUT -i ${ipif} -p udp --dport 546 -s fe80::/64 -m conntrack --ctstate NEW -m udp -j ACCEPT -m comment --comment dhcp6
如果它不适用于 docker,您可能需要删除或修改-s fe80::/64
。
手动获取 IPv6 地址dhclient -v -6
。
检查日志journalctl -u systemd-networkd -n 10 -f
,它可能看起来像这样。
Feb 18 01:46:29 instance-20210522-2329 systemd-networkd[618]: ens3: IPv6 successfully enabled
Feb 18 01:46:29 instance-20210522-2329 systemd-networkd[618]: ens3: DHCPv4 address 10.0.0.186/24 via 10.0.0.1
May 04 17:45:17 instance-20210522-2329 systemd-networkd[618]: ens3: DHCPv6 address 2603:xxxx:3:xxxx:9d18:xxxx:xxxx:56ee/128 timeout preferred 7200 valid 7500
May 04 19:49:40 instance-20210522-2329 systemd-networkd[618]: ens3: DHCPv6 lease lost
May 06 08:41:40 instance-20210810-1242 systemd-networkd[618]: ens3: DHCPv6 address 2603:xxxx:3:xxxx:9d18:xxxx:xxxx:56ee/128 timeout preferred 7200 valid 7500