Informations
Dates
- Publication : Mercredi 13 juillet 2016
- Modification : Dimanche 17 juillet 2016
Cette page est en cours de rédaction...
Bonjour, je vais expliquer comment configurer la pile réseau IPv6 d'un serveur dedié d'Online.net d'une install Proxmox v4.
Je vais faire quelques tests avec différentes configurations (à faire). En voici une.
Configuration
Pour informations je n'ai qu'une IPv4 publique.
J'ai configuré un autre bridge pour les VMs et CTs
Sur l'hôte
Il faut configurer le client DHClient6 et lui envoyer notre DUID de notre sous-réseau.
vi /etc/dhcp/dhclient6.conf
interface "vmbr0" {
send dhcp6.client-id "VOTRE_DUID";
request;
}
A partir de ce moment on peut envoyer la requête dhclient -1 -cf /etc/dhcp/dhclient6.conf -v -6 -P vmbr0
Cà devrait vous retourner quelque chose come cela :
# dhclient -cf /etc/dhcp/dhclient6.conf -6 -P -v vmbr0 Internet Systems Consortium DHCP Client 4.2.4 Copyright 2004-2012 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Bound to *:546 Listening on Socket/vmbr0 Sending on Socket/vmbr0 PRC: Soliciting for leases (INIT). XMT: Forming Solicit, 0 ms elapsed. XMT: X-- IA_PD 06:c7:93:f5 XMT: | X-- Request renew in +3600 XMT: | X-- Request rebind in +5400 XMT: Solicit on vmbr0, interval 1070ms. RCV: Advertise message on vmbr0 from fe80::4501:b8ee:fe20:85bf. RCV: X-- Preference 255. RCV: X-- IA_PD 06:c7:93:f5 RCV: | X-- starts 1468732865 RCV: | X-- t1 - renew +43200 RCV: | X-- t2 - rebind +172800 RCV: | X-- [Options] RCV: | | X-- IAPREFIX 2001:bc8:COMPTE:SOUS-BLOC::/56 RCV: | | | X-- Preferred lifetime 27000. RCV: | | | X-- Max lifetime 43200. RCV: X-- Server ID: 00:01:00:01:1b:ac:bc:2d:10:80:4b:9b:0a:f8 RCV: Advertisement immediately selected. PRC: Selecting best advertised lease. PRC: Considering best lease. PRC: X-- Initial candidate 00:01:00:01:1b:ac:bc:2d:10:80:4b:9b:0a:f8 (s: 151, p: 255). XMT: Forming Request, 0 ms elapsed. XMT: X-- IA_PD 06:c7:93:f5 XMT: | X-- Requested renew +3600 XMT: | X-- Requested rebind +5400 XMT: | | X-- IAPREFIX 2001:bc8:COMPTE:SOUS-BLOC::/56 XMT: | | | X-- Preferred lifetime +7200 XMT: | | | X-- Max lifetime +7500 XMT: V IA_PD appended. XMT: Request on eth0, interval 1030ms. RCV: Reply message on eth0 from fe80::4501:b8ee:fe20:85bf. RCV: X-- Preference 255. RCV: X-- IA_PD 06:c7:93:f5 RCV: | X-- starts 1468732865 RCV: | X-- t1 - renew +43200 RCV: | X-- t2 - rebind +172800 RCV: | X-- [Options] RCV: | | X-- IAPREFIX 2001:bc8:COMPTE:SOUS-BLOC::/56 RCV: | | | X-- Preferred lifetime 7200. RCV: | | | X-- Max lifetime 43200. RCV: X-- Server ID: 00:01:00:01:1b:ac:bc:2d:10:80:4b:9b:0a:f8 PRC: Bound to lease 00:01:00:01:1b:ac:bc:2d:10:80:4b:9b:0a:f8.
Le fichier interfaces
Logiquement on pourait mettre :
vi /etc/network/interfaces
iface vmbr0 inet6 static
address 2001:bc8:COMPTE:SOUS-BLOC::
netmask 56
pre-up dhclient -1 -cf /etc/dhcp/dhclient6.conf -pf /run/dhclient6.eth0.pid -v -nw -6 -P vmbr0
Sur un serveur Linux Promox 4.4.13-1-pve chez Online.net, il faut mettre en auto l'interface inet6 (todo faire un script en RC.99).
vi /etc/network/interfaces
iface vmbr0 inet6 auto #iface vmbr0 inet6 static # address 2001:bc8:COMPTE:SOUS-BLOC:: # netmask 56 # pre-up dhclient -cf /etc/dhcp/dhclient6.conf -pf /run/dhclient6.eth0.pid -v -nw -6 -P vmbr0
Puis envoyer à la main :/ le DHClient et le ifconfig
dhclient -1 -cf /etc/dhcp/dhclient6.conf -pf /run/dhclient6.eth0.pid -v -nw -6 -P vmbr0 ip -6 addr add 2001:bc8:COMPTE:SOUS-BLOC::/56 dev vmbr0
Puis on doit pouvoir pinguer : ping6 -nc2 www.zw3b.fr
Le fichier SYSControl
vi /etc/sysctl.conf
# IPv6 #net.ipv6.conf.default.forwarding=1 net.ipv6.conf.all.forwarding=1 #net.ipv6.conf.default.proxy_ndp=1 #net.ipv6.conf.all.proxy_ndp=1 # ONLINE IPv6 net.ipv6.conf.all.accept_ra = 1 net.ipv6.conf.all.accept_ra_defrtr = 1 net.ipv6.conf.all.accept_ra_from_local = 0 net.ipv6.conf.all.accept_ra_min_hop_limit = 1 net.ipv6.conf.all.accept_ra_mtu = 1 net.ipv6.conf.all.accept_ra_pinfo = 1 net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0 net.ipv6.conf.all.accept_ra_rtr_pref = 1
Les VMs et Conteneurs
Ici j'ai ajouté un bridge pour les VMs
iface vmbr1 inet6 static
address 2001:bc8:25bb:ff00:3b:1ab3::
netmask 64
up ip -6 route add 2001:bc8:25bb:ff00::/56 dev vmbr0
up ip -6 route add default via 2001:bc8:25bb:ff00::
# post-up ip -6 address add 2001:bc8:25bb:ff00:3b:1ab3::1 dev vmbr1
down ip -6 route del default via 2001:bc8:25bb:ff00::
down ip -6 route del 2001:bc8:25bb:ff00::/56 dev vmbr0
On active le forwarding au système (si ce n'est pas déjà fait) sysctl -w net.ipv6.conf.all.forwarding=1 pour transférer les requêtes entre les interfaces :
A mon goût on peut faire mieux.. Là c'est optimal (on pourait séparer (les) d'autres VLAN).
On peut s'occuper des VMs et des conteners.
Sur une VM (Virtual Machine) ou dans un container (CT)
vi /etc/network/interfaces
iface eth0 inet6 static
address 2001:bc8:25bb:ff00:3b:1ab3:0:10
netmask 64
gateway 2001:bc8:25bb:ff00::
up ip -6 route add 2001:bc8:25bb:ff00::/56 dev eth0
up ip -6 route add default via 2001:bc8:25bb:ff00::
Et hop on : ping6 -nc2 www.zw3b.fr
Commandes utiles
On recherche les voisins
$ ip -6 neigh 2001:bc8:25bb:ff00:3b:1ab3:0:10 dev vmbr1 lladdr 62:38:34:63:31:65 STALE fe80::6038:34ff:fe63:3165 dev vmbr1 lladdr 62:38:34:63:31:65 STALE fe80::4603:a7ff:fe30:35bf dev vmbr0 lladdr 44:03:a7:30:35:bf router REACHABLE
On check les routes : route -6
$ route -nA inet6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If ::/0 :: !n -1 1 364 lo ::1/128 :: U 256 0 0 lo 2001:bc8:25bb:ff00::/64 :: U 256 1 2 vmbr1 2001:bc8:25bb:ff00::/56 :: U 256 0 0 vmbr0 2001:bc8:25bb:ff00::/56 :: U 1024 0 0 vmbr0 fe80::/64 :: U 256 0 0 vmbr0 fe80::/64 :: U 256 0 0 vmbr1 fe80::/64 :: U 256 0 0 tap101i0 fe80::/64 :: U 256 0 0 veth102i0 fe80::/64 :: U 256 0 0 veth100i0 ::/0 fe80::4603:a7ff:fe30:35bf UGDAe 1024 4 183 vmbr0 ::/0 :: !n -1 1 364 lo ::1/128 :: Un 0 5 61 lo 2001:bc8:25bb:ff00::/128 :: Un 0 1 0 lo 2001:bc8:25bb:ff00::/128 :: Un 0 1 0 lo 2001:bc8:25bb:ff00:3b:1ab3::/128 :: Un 0 2 3 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::/128 :: Un 0 1 0 lo fe80::54e7:a4ff:fe4e:4727/128 :: Un 0 5 12 lo fe80::d6ae:52ff:fec7:93f2/128 :: Un 0 5 67 lo fe80::e499:1cff:fe45:52d6/128 :: Un 0 1 0 lo fe80::fc3d:8cff:fefc:d82a/128 :: Un 0 1 0 lo fe80::fcf9:3fff:fe1e:a41f/128 :: Un 0 1 0 lo ff00::/8 :: U 256 4 5189 vmbr0 ff00::/8 :: U 256 4 63 vmbr1 ff00::/8 :: U 256 0 0 tap101i0 ff00::/8 :: U 256 0 0 veth102i0 ff00::/8 :: U 256 0 0 veth100i0 ::/0 :: !n -1 1 364 lo
D'autres commandes IPv6
ip6tables: Firewall (Netfilter)ping6 www.zw3b.fr: Temps de réponse de www.zw3b.frtraceroute6 www.zw3b.fr: Chemin pour accèder à www.zw3b.fr
NSLookup IPv6 :
$ nslookup -q=AAAA lab3w.fr Server: 62.210.16.6 Address: 62.210.16.6#53 Non-authoritative answer: lab3w.fr has AAAA address 2a02:8428:21b:4e00:3b:1ab3:111:0 Authoritative answers can be found from: lab3w.fr nameserver = c.dns.gandi.net. lab3w.fr nameserver = a.dns.gandi.net. lab3w.fr nameserver = b.dns.gandi.net.
$ nslookup -q=AAAA www.lab3w.fr Server: 62.210.16.6 Address: 62.210.16.6#53 Non-authoritative answer: www.lab3w.fr canonical name = web.lab3w.fr. web.lab3w.fr canonical name = pow.lab3w.fr. pow.lab3w.fr has AAAA address 2a02:8428:21b:4e00:3b:1ab3:111:254 Authoritative answers can be found from:
$ nslookup -q=AAAA zwb.lab3w.fr Server: 62.210.16.6 Address: 62.210.16.6#53 Non-authoritative answer: zwb.lab3w.fr has AAAA address 2001:bc8:25bb:ff00:3b:1ab3:: Authoritative answers can be found from: lab3w.fr nameserver = c.dns.gandi.net. lab3w.fr nameserver = a.dns.gandi.net. lab3w.fr nameserver = b.dns.gandi.net.
$ nslookup -q=AAAA web.zwb.lab3w.fr Server: 62.210.16.6 Address: 62.210.16.6#53 Non-authoritative answer: web.zwb.lab3w.fr has AAAA address 2001:bc8:25bb:ff00:3b:1ab3:0:10 Authoritative answers can be found from: lab3w.fr nameserver = c.dns.gandi.net. lab3w.fr nameserver = a.dns.gandi.net. lab3w.fr nameserver = b.dns.gandi.net.
Remerciements
Merci pour le soutient... jour et nuit ^^ au support d'online.net ... Khalid, Julien, Yann, Christophe, Camille, Flavio et les autres .. ;)
