1) Ipv6测试准备:
在安装系统时候已经安装了iproute和iputils都是可以对ipv6进行测试的工具,另外部分linux版本默认是没有加载ipv6支持模块的,请通过如下命令加载:
- R1:~# modprobe ipv6
复制代码 如果成功加载ipv6模块可以通过如下命令进行确认:
- lsmod |grep ipv6
复制代码 如能显示相应的ipv6模块信息,则Linux操作系统已经成功加载IPv6模块。
同时我们可以看到网卡中的IPv6链路本地地址:
- R1:~# ip -6 a s
- 1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
- inet6 fe80::20c:29ff:feae:a159/64 scope link
- 2: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
- inet6 fe80::20c:29ff:feae:a163/64 scope link
- 3: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
- inet6 fe80::20c:29ff:feae:a16d/64 scope link
- 4: lo: <LOOPBACK,UP> mtu 16436
- inet6 ::1/128 scope host
复制代码 2) 发现网络上其他ipv6设备:
ipv6协议将不再支持arp协议,因此在ipv6中发现网络上其他ipv6设备可以使用如下方式:
- R1:~# ping6 -I eth0 ff02::1
- PING ff02::1(ff02::1) from fe80::20c:29ff:feae:a159 eth0: 56 data bytes
- 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.200 ms
- 64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=1 ttl=64 time=6.22 ms (DUP!)
- 64 bytes from fe80::20c:29ff:fe94:1776: icmp_seq=2 ttl=64 time=1.56 ms (DUP!)
复制代码 这里采用ipv6中的本地连接多播地址(link-local multicast address)ff02::1来发现 同网络上的其他ipv6设备。这里发现的fe80::20c:29ff:fe07:1b34和fe80::20c:29ff:fe94:1776分别属于R2的eth0的ipv6地址和R3的eth0地址。(由于R4没有开启ipv6,将不能看到R4的相应ipv6地址)
- R1:~#ping6 -I eth0 fe80::20c:29ff:fe07:1b34
- PING fe80::20c:29ff:fe07:1b34(fe80::20c:29ff:fe07:1b34) from
- fe80::20c:29ff:feae:a159 eth0: 56 da bytes
- 64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=1 ttl=64 time=6.10 ms
- 64 bytes from fe80::20c:29ff:fe07:1b34: icmp_seq=2 ttl=64 time=89.1 ms
- — fe80::20c:29ff:fe07:1b34 ping statistics —
- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms
- rtt min/avg/max/mdev = 1.835/32.373/89.185/40.209 ms
复制代码 ipv6中的ping命令是iputil工具包中的ping6命令,必须注意的是 由于有多个网卡接口,必须使用 -I 指定使用哪个网卡接口。
3) 发现ipv6路由:
默认路由中ipv6路由表如下:
- R1:~# ip -6 r
- fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440
- fe80::/64 dev eth1 metric 256 mtu 1500 advmss 1440
- fe80::/64 dev eth2 metric 256 mtu 1500 advmss 1440
- ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440
- ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1440
- ff00::/8 dev eth2 metric 256 mtu 1500 advmss 1440
- default dev eth0 proto kernel metric 256 mtu 1500 advmss 1440
- default dev eth1 proto kernel metric 256 mtu 1500 advmss 1440
- default dev eth2 proto kernel metric 256 mtu 1500 advmss 1440
- unreachable default dev lo proto none metric -1 error -101
复制代码 4) 测试本地ipv6服务
linux系统目前支持ipv6的服务器软件已经非常多,常用的软件如opensshd/sshd,apache,bind,telnetd, iptables-ipv6,nmap等。这里以sshd作为一个测试。
- R1:~# ssh -6 ::1
- Host key not found from database.
- Key fingerprint:
- xobit-pihuz-gypek-lokad-leliz-hupim-pavek-pyvem-canam-nefaf-laxax
- You can get a public key’s fingerprint by running
- % ssh-keygen -F publickey.pub
- on the keyfile.
- Are you sure you want to continue connecting (yes/no)?
复制代码 5) ipv6-in-ipv4 tunnel测试
由于ipv4在网络中已经实现了多年,而且Internet的发展更加促使ipv4的发展,目前ipv6在网络中的实际情况是ipv6象一个孤岛被ipv4的海洋包围,各个ipv6网络的连接还需要通过ipv4网络,实际中比较常见的有ipv6-in-ipv4隧道等。这里利用本虚拟环境进行点对点的IPv6-in-IPv4 tunnel的实验(R1-R2)。
在R1机器上面:
- ip -6 addr add 3ffe:3200::1/24 dev eth0
- #给eth0设定一个本地ipv6地址,以CERNET的测试ipv6地址为例
- ip tunnel add 6to4 mode sit remote 192.168.8.12 local 192.168.8.11
- #加入一个6to4通道
- ip link set dev 6to4 up
- #激活6to4通道
- ip -6 addr add 3ffe:3200::1/24 dev 6to4
- #给通道加入本地ipv6地址
- ip -6 r add 3ffe:3200::2/24 dev 6to4
- #加入使用通道设备的ipv6路由,由于使用的点对点的测试,
- #目的网络是对端的ipv6地址
复制代码 在R2机器上面:
- ip -6 addr add 3ffe:3200::2/24 dev eth0
- ip tunnel add 6to4 mode sit remote 192.168.8.11 local 192.168.8.12
- ip link set dev 6to4 up
- ip -6 addr add 3ffe:3200::2/24 dev 6to4
- ip -6 r add 3ffe:3200::1/24 dev 6to4
复制代码 也可以加入R3,R4,R5的ipv6 tunnel,以供更加复杂的测试。
在R1和R2设备上面,使用ping6命令查看对端的ipv6地址可以到达;
在R1和R2设备上面,使用ssh -6 ipv6地址通过ipv6 tunnel登录点对点连接的其他ipv6设备;
- R1:~# ssh -6 3ffe:3200::2
- Host key not found from database.
- Key fingerprint:
- xobit-pihuz-gypek-lokad-leliz-hupim-pavek-pyvem-canam-nefaf-laxax
- You can get a public key’s fingerprint by running
- % ssh-keygen -F publickey.pub
- on the keyfile.
- Are you sure you want to continue connecting (yes/no)? yes
- Host key saved to /root/.ssh2/hostkeys/key_22_3ffe:3200::1.pub
- host key for 3ffe:3200::1, accepted by root Wed Mar 31 2004 19:12:51 +0800
- root’s password:
- Authentication successful.
- R2:~# w
- 08:16:21 up 3:02, 3 users, load average: 0.00, 0.01, 0.00
- USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
- root pts/7 3ffe:3200::11 08:16 0.00s 0.13s 0.04s w
- R2:~#
复制代码 Ok,我们已经通过ipv6-in-ipv4的tunnel看到我们使用ipv6地址登录到另外的设备上面了!
此过程在R2上面的tcpdump结果:
- 08:23:35.833428 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: S 2462930696:2462930696(0) win 5760
- <mss 1440,sackOK,timestamp 19066103 0,nop,wscale 0>
- 08:23:35.835364 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- S 1730732585:1730732585(0) ack 2462930697 win 5632 <mss[|tcp]> (encap)
- 08:23:35.860756 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1 win 5760 <nop,nop,timestamp
- 19066109 11103448>
- 08:23:35.919035 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- P 1:50(49) ack 1 win 5632 <nop,nop,[|tcp]> (encap)
- 08:23:35.925164 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 50 win 5760 <nop,nop,
- timestamp 19066127 11103532>
- 08:23:35.925193 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 1:50(49) ack 50 win 5760
- <nop,nop,timestamp 19066135 11103532>
- 08:23:35.926647 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- . ack 50 win 5632 <nop,nop,[|tcp]> (encap)
- 08:23:35.936087 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- P 50:538(488) ack 50 win 5632 <nop,nop,[|tcp]> (encap)
- 08:23:35.954300 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 50:546(496) ack 538 win 6432
- <nop,nop,timestamp 19066165 11103549>
- 08:23:35.994265 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- . ack 546 win 6432 <nop,nop,[|tcp]> (encap)
- 08:23:35.995267 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 546:706(160) ack 538 win
- 6432 <nop,nop,timestamp 19066204 11103607>
- 08:23:35.995479 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- . ack 706 win 6432 <nop,nop,[|tcp]> (encap)
- 08:23:36.117795 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- P 538:1578(1040) ack 706 win 6432 <nop,nop,[|tcp]> (encap)
- 08:23:36.127435 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1578 win 8320 <nop,
- nop,timestamp 19066260 11103731>
- 08:23:36.127761 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- P 1578:1610(32) ack 706 win 6432 <nop,nop,[|tcp]> (encap)
- 08:23:36.137272 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1610 win 8320
- <nop,nop,timestamp 19066311 11103740>
- 08:23:36.145247 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 706:738(32) ack 1610 win
- 8320 <nop,nop,timestamp 19066382 11103740>
- 08:23:36.147153 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- . ack 738 win 6432 <nop,nop,[|tcp]> (encap)
- 08:23:36.151282 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 738:826(88) ack 1610 win 8320
- <nop,nop,timestamp 19066385 11103760>
- 08:23:36.156464 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- . ack 826 win 6432 <nop,nop,[|tcp]> (encap)
- 08:23:36.157473 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- P 1610:1698(88) ack 826 win 6432 <nop,nop,[|tcp]> (encap)
- 08:23:36.163413 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 1698 win 8320 <nop,nop,
- timestamp 19066396 11103770>
- 08:23:36.163446 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 826:1922(1096) ack 1698
- win 8320 <nop,nop,timestamp 19066399 11103770>
- 08:23:36.178682 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- P 1698:2810(1112) ack 1922 win 8768 <nop,nop,[|tcp]> (encap)
- 08:23:36.182715 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: P 1922:3018(1096) ack 2810 win
- 11120 <nop,nop,timestamp 19066432 11103791>
- 08:23:36.188978 192.168.8.12 > 192.168.8.11: 3ffe:3200::1.ssh > 3ffe:3200::2.1047:
- P 2810:3922(1112) ack 3018 win 10960 <nop,nop,[|tcp]> (encap)
- 08:23:36.234615 3ffe:3200::2.1047 > 3ffe:3200::1.ssh: . ack 3922 win 13344 <nop,
- nop,timestamp 19066491 11103802>
复制代码
原创文章,作者:中国IPv6网,如若转载,请注明出处:https://www.ipv6s.com/basis/application/20101024446.html
微信扫一扫 
支付宝扫一扫 
