Linux环境下的IPv6使用与测试
1) Ipv6测试准备:在安装系统时候已经安装了iproute和iputils都是可以对ipv6进行测试的工具,另外部分linux版本默认是没有加载ipv6支持模块的,请通过如下命令加载:R1:~# modprobe ipv6 如果成功加载ipv6模块可以通过如下命令进行确认:lsmod |grep ipv6如能显示相应的ipv6模块信息,则Linux操作系统已经成功加载IPv6模块。
同时我们可以看到网卡中的IPv6链路本地地址:R1:~# ip -6 a s
1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
inet6 fe80::20c:29ff:feae:a159/64 scope link
2: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
inet6 fe80::20c:29ff:feae:a163/64 scope link
3: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
inet6 fe80::20c:29ff:feae:a16d/64 scope link
4: lo: <LOOPBACK,UP> mtu 16436
inet6 ::1/128 scope host2) 发现网络上其他ipv6设备:
ipv6协议将不再支持arp协议,因此在ipv6中发现网络上其他ipv6设备可以使用如下方式:R1:~# ping6 -I eth0 ff02::1
PING ff02::1(ff02::1) from fe80::20c:29ff:feae:a159 eth0: 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.200 ms
64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=1 ttl=64 time=6.22 ms (DUP!)
64 bytes from fe80::20c:29ff:fe94:1776: icmp_seq=2 ttl=64 time=1.56 ms (DUP!)这里采用ipv6中的本地连接多播地址(link-local multicast address)ff02::1来发现 同网络上的其他ipv6设备。这里发现的fe80::20c:29ff:fe07:1b34和fe80::20c:29ff:fe94:1776分别属于R2的eth0的ipv6地址和R3的eth0地址。(由于R4没有开启ipv6,将不能看到R4的相应ipv6地址)R1:~#ping6 -I eth0 fe80::20c:29ff:fe07:1b34
PING fe80::20c:29ff:fe07:1b34(fe80::20c:29ff:fe07:1b34) from
fe80::20c:29ff:feae:a159 eth0: 56 da bytes
64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=1 ttl=64 time=6.10 ms
64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=2 ttl=64 time=89.1 ms
--- fe80::20c:29ff:fe07:1b34 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.835/32.373/89.185/40.209 msipv6中的ping命令是iputil工具包中的ping6命令,必须注意的是 由于有多个网卡接口,必须使用 -I 指定使用哪个网卡接口。
3) 发现ipv6路由:
默认路由中ipv6路由表如下:R1:~# ip -6 r
fe80::/64 dev eth0metric 256mtu 1500 advmss 1440
fe80::/64 dev eth1metric 256mtu 1500 advmss 1440
fe80::/64 dev eth2metric 256mtu 1500 advmss 1440
ff00::/8 dev eth0metric 256mtu 1500 advmss 1440
ff00::/8 dev eth1metric 256mtu 1500 advmss 1440
ff00::/8 dev eth2metric 256mtu 1500 advmss 1440
default dev eth0proto kernelmetric 256mtu 1500 advmss 1440
default dev eth1proto kernelmetric 256mtu 1500 advmss 1440
default dev eth2proto kernelmetric 256mtu 1500 advmss 1440
unreachable default dev loproto nonemetric -1error -1014) 测试本地ipv6服务
linux系统目前支持ipv6的服务器软件已经非常多,常用的软件如opensshd/sshd,apache,bind,telnetd, iptables-ipv6,nmap等。这里以sshd作为一个测试。R1:~# ssh -6 ::1
Host key not found from database.
Key fingerprint:
xobit-pihuz-gypek-lokad-leliz-hupim-pavek-pyvem-canam-nefaf-laxax
You can get a public key's fingerprint by running
% ssh-keygen -F publickey.pub
on the keyfile.
Are you sure you want to continue connecting (yes/no)?5) ipv6-in-ipv4 tunnel测试
由于ipv4在网络中已经实现了多年,而且Internet的发展更加促使ipv4的发展,目前ipv6在网络中的实际情况是ipv6象一个孤岛被ipv4的海洋包围,各个ipv6网络的连接还需要通过ipv4网络,实际中比较常见的有ipv6-in-ipv4隧道等。这里利用本虚拟环境进行点对点的IPv6-in-IPv4 tunnel的实验(R1-R2)。
在R1机器上面:ip -6 addr add 3ffe:3200::1/24 dev eth0
#给eth0设定一个本地ipv6地址,以CERNET的测试ipv6地址为例
ip tunnel add 6to4 mode sit remote 192.168.8.12 local 192.168.8.11
#加入一个6to4通道
ip link set dev 6to4 up
#激活6to4通道
ip -6 addr add 3ffe:3200::1/24 dev 6to4
#给通道加入本地ipv6地址
ip -6 r add 3ffe:3200::2/24 dev 6to4
#加入使用通道设备的ipv6路由,由于使用的点对点的测试,
#目的网络是对端的ipv6地址
在R2机器上面:ip -6 addr add 3ffe:3200::2/24 dev eth0
ip tunnel add 6to4 mode sit remote 192.168.8.11 local 192.168.8.12
ip link set dev 6to4 up
ip -6 addr add 3ffe:3200::2/24 dev 6to4
ip -6 r add 3ffe:3200::1/24 dev 6to4
也可以加入R3,R4,R5的ipv6 tunnel,以供更加复杂的测试。
在R1和R2设备上面,使用ping6命令查看对端的ipv6地址可以到达;
在R1和R2设备上面,使用ssh -6 ipv6地址通过ipv6 tunnel登录点对点连接的其他ipv6设备;R1:~# ssh -6 3ffe:3200::2
Host key not found from database.
Key fingerprint:
xobit-pihuz-gypek-lokad-leliz-hupim-pavek-pyvem-canam-nefaf-laxax
You can get a public key's fingerprint by running
% ssh-keygen -F publickey.pub
on the keyfile.
Are you sure you want to continue connecting (yes/no)? yes
Host key saved to /root/.ssh2/hostkeys/key_22_3ffe:3200::1.pub
host key for 3ffe:3200::1, accepted by root Wed Mar 31 2004 19:12:51 +0800
root's password:
Authentication successful.
R2:~# w
08:16:21 up3:02,3 users,load average: 0.00, 0.01, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPUWHAT
root pts/7 3ffe:3200::11 08:16 0.00s0.13s0.04sw
R2:~#Ok,我们已经通过ipv6-in-ipv4的tunnel看到我们使用ipv6地址登录到另外的设备上面了!
此过程在R2上面的tcpdump结果:08:23:35.833428 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: S 2462930696:2462930696(0) win 5760
<mss 1440,sackOK,timestamp 19066103 0,nop,wscale 0>
08:23:35.835364 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
S 1730732585:1730732585(0) ack 2462930697 win 5632 <mss[|tcp]> (encap)
08:23:35.860756 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1 win 5760 <nop,nop,timestamp
19066109 11103448>
08:23:35.919035 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
P 1:50(49) ack 1 win 5632 <nop,nop,[|tcp]> (encap)
08:23:35.925164 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 50 win 5760 <nop,nop,
timestamp 19066127 11103532>
08:23:35.925193 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 1:50(49) ack 50 win 5760
<nop,nop,timestamp 19066135 11103532>
08:23:35.926647 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
. ack 50 win 5632 <nop,nop,[|tcp]> (encap)
08:23:35.936087 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
P 50:538(488) ack 50 win 5632 <nop,nop,[|tcp]> (encap)
08:23:35.954300 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 50:546(496) ack 538 win 6432
<nop,nop,timestamp 19066165 11103549>
08:23:35.994265 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
. ack 546 win 6432 <nop,nop,[|tcp]> (encap)
08:23:35.995267 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 546:706(160) ack 538 win
6432 <nop,nop,timestamp 19066204 11103607>
08:23:35.995479 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
. ack 706 win 6432 <nop,nop,[|tcp]> (encap)
08:23:36.117795 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
P 538:1578(1040) ack 706 win 6432 <nop,nop,[|tcp]> (encap)
08:23:36.127435 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1578 win 8320 <nop,
nop,timestamp 19066260 11103731>
08:23:36.127761 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
P 1578:1610(32) ack 706 win 6432 <nop,nop,[|tcp]> (encap)
08:23:36.137272 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1610 win 8320
<nop,nop,timestamp 19066311 11103740>
08:23:36.145247 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 706:738(32) ack 1610 win
8320 <nop,nop,timestamp 19066382 11103740>
08:23:36.147153 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
. ack 738 win 6432 <nop,nop,[|tcp]> (encap)
08:23:36.151282 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 738:826(88) ack 1610 win 8320
<nop,nop,timestamp 19066385 11103760>
08:23:36.156464 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
. ack 826 win 6432 <nop,nop,[|tcp]> (encap)
08:23:36.157473 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
P 1610:1698(88) ack 826 win 6432 <nop,nop,[|tcp]> (encap)
08:23:36.163413 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1698 win 8320 <nop,nop,
timestamp 19066396 11103770>
08:23:36.163446 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 826:1922(1096) ack 1698
win 8320 <nop,nop,timestamp 19066399 11103770>
08:23:36.178682 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
P 1698:2810(1112) ack 1922 win 8768 <nop,nop,[|tcp]> (encap)
08:23:36.182715 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 1922:3018(1096) ack 2810 win
11120 <nop,nop,timestamp 19066432 11103791>
08:23:36.188978 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
P 2810:3922(1112) ack 3018 win 10960 <nop,nop,[|tcp]> (encap)
08:23:36.234615 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 3922 win 13344 <nop,
nop,timestamp 19066491 11103802>
页:
[1]