IPV6之ECS初尝试

2021-12-20 03:52:12

背景信息:

自从苹果审核要求app支持ipv6的通讯以来,有很多工单咨询ipv6如何设置,今天基于Centos 6.8 64位系统搭建一下ipv6的演示环境,欢迎斧正
确认ipv6是否安装:

1.使用ifconfig命令查看网络信息是否有ipv6的信息

eth0      Link encap:Ethernet  HWaddr 00:16:3E:32:A2:3E  
          inet addr:172.30.191.179  Bcast:172.30.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:249646 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21882 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:371880410 (354.6 MiB)  TX bytes:1402076 (1.3 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:98 errors:0 dropped:0 overruns:0 frame:0
          TX packets:98 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:10363 (10.1 KiB)  TX bytes:10363 (10.1 KiB)

2.也可以根据监听信息判断是否存在ipv6(:::123 )的监听

# netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 127.0.0.1:32000             0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               
udp        0      0 172.30.191.179:123          0.0.0.0:*                               
udp        0      0 127.0.0.1:123               0.0.0.0:*                               
udp        0      0 0.0.0.0:123                 0.0.0.0:*
开始搭建IPV6的工作环境

1.修改系统模块支持ipv6

# cat /etc/modprobe.d/disable_ipv6.conf
alias net-pf-10 off
options ipv6 disable=0

2.修改网络支持ipv6

# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=iZ2ze24ws6xq5ug1cm4x9bZ
NETWORKING_IPV6=yes
PEERNTP=no

3.系统参数设置ipv6

# vi /etc/sysctl.conf 
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0

注:如果不重启直接sysctl -p的话会提示下面的报错,因为ipv6当前在系统内是不支持的

error: "net.ipv6.conf.all.disable_ipv6" is an unknown key
error: "net.ipv6.conf.default.disable_ipv6" is an unknown key
error: "net.ipv6.conf.lo.disable_ipv6" is an unknown key

4.重启后查看ipv6的配置已经ok了

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:3E:32:A2:3E  
          inet addr:172.30.191.179  Bcast:172.30.255.255  Mask:255.255.0.0
          inet6 addr: fe80::216:3eff:fe32:a23e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:670 errors:0 dropped:0 overruns:0 frame:0
          TX packets:753 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:76703 (74.9 KiB)  TX bytes:139326 (136.0 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:44 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:7015 (6.8 KiB)  TX bytes:7015 (6.8 KiB)
HE 注册&配置&测试

1.登陆https://www.tunnelbroker.net/ 官方网站,进行账号注册,2018-04-14测试QQ邮箱可以收到注册成功的邮件了

2.登陆后点击 “Create Regular Tunnel” ,输入ECS的公网ip,出现绿底的“IP is a potential tunnel endpoint.”说明你得公网ip支持ipv6隧道,测试默认给我的节点延迟173ms,可以接受,点击页面最下方的“Create Tunnel”

3.创建ipv6隧道及路由,centos的系统选择linux-route2,返回的命令去ecs上执行

modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 66.220.18.42 local 172.30.191.179 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:c:13ac::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

# ip -f inet6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::216:3eff:fe32:a23e/64 scope link 
       valid_lft forever preferred_lft forever
4: he-ipv6: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 
    inet6 2001:470:c:13ac::2/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::276a:b88b/128 scope link 
       valid_lft forever preferred_lft forever

# netstat -an |grep :::
tcp        0      0 ::1:25                      :::*                        LISTEN      
udp        0      0 fe80::ac1e:bfb3:123         :::*                                    
udp        0      0 2001:470:c:13ac::2:123      :::*                                    
udp        0      0 fe80::216:3eff:fe32:a23e:123 :::*                                    
udp        0      0 ::1:123                     :::*                                    
udp        0      0 :::123                      :::*

IPV6之ECS初尝试

注意:如果使用了vpc的网络环境,HE上生成的命令,需要把ECS的公网ip修改成ecs内部可以看到的ip,即内网ip,可见示例配置里面note部分的提示

# ping6 ipv6.google.com
PING ipv6.google.com(tsa03s01-in-x0e.1e100.net) 56 data bytes
64 bytes from tsa03s01-in-x0e.1e100.net: icmp_seq=1 ttl=53 time=325 ms
64 bytes from tsa03s01-in-x0e.1e100.net: icmp_seq=2 ttl=53 time=325 ms
# ping6 2001:470:0:76::2
PING 2001:470:0:76::2(2001:470:0:76::2) 56 data bytes
64 bytes from 2001:470:0:76::2: icmp_seq=1 ttl=60 time=182 ms
64 bytes from 2001:470:0:76::2: icmp_seq=2 ttl=60 time=182 ms

测试通过!

上一篇:Centos7 更换内核到4.16的尝试


下一篇:Freebsd for ECS 系统盘扩容示例