Linux环境下的IPv6使用与测试

1)        Ipv6测试准备:

在安装系统时候已经安装了iproute和iputils都是可以对ipv6进行测试的工具,另外部分linux版本默认是没有加载ipv6支持模块的,请通过如下命令加载:

  1. R1:~# modprobe ipv6

复制代码 如果成功加载ipv6模块可以通过如下命令进行确认:

  1. lsmod |grep ipv6

复制代码 如能显示相应的ipv6模块信息,则Linux操作系统已经成功加载IPv6模块。

同时我们可以看到网卡中的IPv6链路本地地址:

  1. R1:~# ip -6 a s
  2. 1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
  3.     inet6 fe80::20c:29ff:feae:a159/64 scope link
  4. 2: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
  5.     inet6 fe80::20c:29ff:feae:a163/64 scope link
  6. 3: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
  7.     inet6 fe80::20c:29ff:feae:a16d/64 scope link
  8. 4: lo: <LOOPBACK,UP> mtu 16436
  9. inet6 ::1/128 scope host

复制代码 2)        发现网络上其他ipv6设备:

ipv6协议将不再支持arp协议,因此在ipv6中发现网络上其他ipv6设备可以使用如下方式:

  1. R1:~# ping6 -I eth0 ff02::1
  2. PING ff02::1(ff02::1) from fe80::20c:29ff:feae:a159 eth0: 56 data bytes
  3. 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.200 ms
  4. 64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=1 ttl=64 time=6.22 ms (DUP!)
  5. 64 bytes from fe80::20c:29ff:fe94:1776: icmp_seq=2 ttl=64 time=1.56 ms (DUP!)

复制代码 这里采用ipv6中的本地连接多播地址(link-local multicast address)ff02::1来发现 同网络上的其他ipv6设备。这里发现的fe80::20c:29ff:fe07:1b34和fe80::20c:29ff:fe94:1776分别属于R2的eth0的ipv6地址和R3的eth0地址。(由于R4没有开启ipv6,将不能看到R4的相应ipv6地址)

  1. R1:~#ping6 -I eth0 fe80::20c:29ff:fe07:1b34
  2. PING fe80::20c:29ff:fe07:1b34(fe80::20c:29ff:fe07:1b34) from
  3.          fe80::20c:29ff:feae:a159 eth0: 56 da bytes
  4. 64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=1 ttl=64 time=6.10 ms
  5. 64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=2 ttl=64 time=89.1 ms
  6. — fe80::20c:29ff:fe07:1b34 ping statistics —
  7. 3 packets transmitted, 3 received, 0% packet loss, time 2003ms
  8. rtt min/avg/max/mdev = 1.835/32.373/89.185/40.209 ms

复制代码 ipv6中的ping命令是iputil工具包中的ping6命令,必须注意的是 由于有多个网卡接口,必须使用 -I 指定使用哪个网卡接口。

3)        发现ipv6路由:

默认路由中ipv6路由表如下:

  1. R1:~# ip -6 r
  2. fe80::/64 dev eth0  metric 256  mtu 1500 advmss 1440
  3. fe80::/64 dev eth1  metric 256  mtu 1500 advmss 1440
  4. fe80::/64 dev eth2  metric 256  mtu 1500 advmss 1440
  5. ff00::/8 dev eth0  metric 256  mtu 1500 advmss 1440
  6. ff00::/8 dev eth1  metric 256  mtu 1500 advmss 1440
  7. ff00::/8 dev eth2  metric 256  mtu 1500 advmss 1440
  8. default dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440
  9. default dev eth1  proto kernel  metric 256  mtu 1500 advmss 1440
  10. default dev eth2  proto kernel  metric 256  mtu 1500 advmss 1440
  11. unreachable default dev lo  proto none  metric -1  error -101

复制代码 4)        测试本地ipv6服务

linux系统目前支持ipv6的服务器软件已经非常多,常用的软件如opensshd/sshd,apache,bind,telnetd, iptables-ipv6,nmap等。这里以sshd作为一个测试。

  1. R1:~# ssh -6 ::1
  2. Host key not found from database.
  3. Key fingerprint:
  4. xobit-pihuz-gypek-lokad-leliz-hupim-pavek-pyvem-canam-nefaf-laxax
  5. You can get a public key’s fingerprint by running
  6. % ssh-keygen -F publickey.pub
  7. on the keyfile.
  8. Are you sure you want to continue connecting (yes/no)?

复制代码 5)        ipv6-in-ipv4 tunnel测试

由于ipv4在网络中已经实现了多年,而且Internet的发展更加促使ipv4的发展,目前ipv6在网络中的实际情况是ipv6象一个孤岛被ipv4的海洋包围,各个ipv6网络的连接还需要通过ipv4网络,实际中比较常见的有ipv6-in-ipv4隧道等。这里利用本虚拟环境进行点对点的IPv6-in-IPv4 tunnel的实验(R1-R2)。

在R1机器上面:

  1. ip -6 addr add 3ffe:3200::1/24 dev eth0               
  2. #给eth0设定一个本地ipv6地址,以CERNET的测试ipv6地址为例
  3. ip tunnel add 6to4 mode sit remote 192.168.8.12 local 192.168.8.11
  4. #加入一个6to4通道
  5. ip link set dev 6to4 up
  6. #激活6to4通道
  7. ip -6 addr add 3ffe:3200::1/24 dev 6to4        
  8. #给通道加入本地ipv6地址
  9. ip -6 r add 3ffe:3200::2/24 dev 6to4       
  10. #加入使用通道设备的ipv6路由,由于使用的点对点的测试,
  11. #目的网络是对端的ipv6地址

复制代码 在R2机器上面:

  1. ip -6 addr add 3ffe:3200::2/24 dev eth0
  2. ip tunnel add 6to4 mode sit remote 192.168.8.11 local 192.168.8.12
  3. ip link set dev 6to4 up
  4. ip -6 addr add 3ffe:3200::2/24 dev 6to4
  5. ip -6 r add 3ffe:3200::1/24 dev 6to4

复制代码 也可以加入R3,R4,R5的ipv6 tunnel,以供更加复杂的测试。

在R1和R2设备上面,使用ping6命令查看对端的ipv6地址可以到达;

在R1和R2设备上面,使用ssh -6 ipv6地址通过ipv6 tunnel登录点对点连接的其他ipv6设备;

  1. R1:~# ssh -6 3ffe:3200::2
  2. Host key not found from database.
  3. Key fingerprint:
  4. xobit-pihuz-gypek-lokad-leliz-hupim-pavek-pyvem-canam-nefaf-laxax
  5. You can get a public key’s fingerprint by running
  6. % ssh-keygen -F publickey.pub
  7. on the keyfile.
  8. Are you sure you want to continue connecting (yes/no)? yes
  9. Host key saved to /root/.ssh2/hostkeys/key_22_3ffe:3200::1.pub
  10. host key for 3ffe:3200::1, accepted by root Wed Mar 31 2004 19:12:51 +0800
  11. root’s password:
  12. Authentication successful.
  13. R2:~# w
  14. 08:16:21 up  3:02,  3 users,  load average: 0.00, 0.01, 0.00
  15. USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU  WHAT
  16. root     pts/7    3ffe:3200::11    08:16    0.00s  0.13s  0.04s  w
  17. R2:~#

复制代码 Ok,我们已经通过ipv6-in-ipv4的tunnel看到我们使用ipv6地址登录到另外的设备上面了!

此过程在R2上面的tcpdump结果:

  1. 08:23:35.833428 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: S 2462930696:2462930696(0) win 5760
  2. <mss 1440,sackOK,timestamp 19066103 0,nop,wscale 0>
  3. 08:23:35.835364 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  4. S 1730732585:1730732585(0) ack 2462930697 win 5632 <mss[|tcp]> (encap)
  5. 08:23:35.860756 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1 win 5760 <nop,nop,timestamp
  6. 19066109 11103448>
  7. 08:23:35.919035 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  8. P 1:50(49) ack 1 win 5632 <nop,nop,[|tcp]> (encap)
  9. 08:23:35.925164 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 50 win 5760 <nop,nop,
  10. timestamp 19066127 11103532>
  11. 08:23:35.925193 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 1:50(49) ack 50 win 5760
  12. <nop,nop,timestamp 19066135 11103532>
  13. 08:23:35.926647 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  14. . ack 50 win 5632 <nop,nop,[|tcp]> (encap)
  15. 08:23:35.936087 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  16. P 50:538(488) ack 50 win 5632 <nop,nop,[|tcp]> (encap)
  17. 08:23:35.954300 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 50:546(496) ack 538 win 6432
  18. <nop,nop,timestamp 19066165 11103549>
  19. 08:23:35.994265 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  20. . ack 546 win 6432 <nop,nop,[|tcp]> (encap)
  21. 08:23:35.995267 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 546:706(160) ack 538 win
  22. 6432 <nop,nop,timestamp 19066204 11103607>
  23. 08:23:35.995479 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  24. . ack 706 win 6432 <nop,nop,[|tcp]> (encap)
  25. 08:23:36.117795 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  26. P 538:1578(1040) ack 706 win 6432 <nop,nop,[|tcp]> (encap)
  27. 08:23:36.127435 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1578 win 8320 <nop,
  28. nop,timestamp 19066260 11103731>
  29. 08:23:36.127761 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  30. P 1578:1610(32) ack 706 win 6432 <nop,nop,[|tcp]> (encap)
  31. 08:23:36.137272 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1610 win 8320
  32. <nop,nop,timestamp 19066311 11103740>
  33. 08:23:36.145247 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 706:738(32) ack 1610 win
  34. 8320 <nop,nop,timestamp 19066382 11103740>
  35. 08:23:36.147153 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  36. . ack 738 win 6432 <nop,nop,[|tcp]> (encap)
  37. 08:23:36.151282 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 738:826(88) ack 1610 win 8320
  38. <nop,nop,timestamp 19066385 11103760>
  39. 08:23:36.156464 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  40. . ack 826 win 6432 <nop,nop,[|tcp]> (encap)
  41. 08:23:36.157473 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  42. P 1610:1698(88) ack 826 win 6432 <nop,nop,[|tcp]> (encap)
  43. 08:23:36.163413 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1698 win 8320 <nop,nop,
  44. timestamp 19066396 11103770>
  45. 08:23:36.163446 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 826:1922(1096) ack 1698
  46. win 8320 <nop,nop,timestamp 19066399 11103770>
  47. 08:23:36.178682 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  48. P 1698:2810(1112) ack 1922 win 8768 <nop,nop,[|tcp]> (encap)
  49. 08:23:36.182715 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 1922:3018(1096) ack 2810 win
  50. 11120 <nop,nop,timestamp 19066432 11103791>
  51. 08:23:36.188978 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
  52. P 2810:3922(1112) ack 3018 win 10960 <nop,nop,[|tcp]> (encap)
  53. 08:23:36.234615 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 3922 win 13344 <nop,
  54. nop,timestamp 19066491 11103802>

复制代码

原创文章,作者:admin,如若转载,请注明出处:https://www.ipv6s.com/basis/application/20101024446.html

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注