阿里云服务 关注
手机版

IPV6之ECS初尝试

  1. 云栖社区>
  2. 阿里云服务>
  3. 博客>
  4. 正文

IPV6之ECS初尝试

牧原 2018-04-15 00:21:24 浏览2413 评论5

摘要: VPC网络环境下的ECS如何配置IPV6

背景信息:

自从苹果审核要求app支持ipv6的通讯以来,有很多工单咨询ipv6如何设置,今天基于Centos 6.8 64位系统搭建一下ipv6的演示环境,欢迎斧正
确认ipv6是否安装:

1.使用ifconfig命令查看网络信息是否有ipv6的信息

eth0      Link encap:Ethernet  HWaddr 00:16:3E:32:A2:3E  
          inet addr:172.30.191.179  Bcast:172.30.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:249646 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21882 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:371880410 (354.6 MiB)  TX bytes:1402076 (1.3 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:98 errors:0 dropped:0 overruns:0 frame:0
          TX packets:98 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:10363 (10.1 KiB)  TX bytes:10363 (10.1 KiB)

2.也可以根据监听信息判断是否存在ipv6(:::123 )的监听

# netstat -tuln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 127.0.0.1:32000             0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               
udp        0      0 0.0.0.0:68                  0.0.0.0:*                               
udp        0      0 172.30.191.179:123          0.0.0.0:*                               
udp        0      0 127.0.0.1:123               0.0.0.0:*                               
udp        0      0 0.0.0.0:123                 0.0.0.0:*
开始搭建IPV6的工作环境

1.修改系统模块支持ipv6

# cat /etc/modprobe.d/disable_ipv6.conf
alias net-pf-10 off
options ipv6 disable=0

2.修改网络支持ipv6

# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=iZ2ze24ws6xq5ug1cm4x9bZ
NETWORKING_IPV6=yes
PEERNTP=no

3.系统参数设置ipv6

# vi /etc/sysctl.conf 
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0

注:如果不重启直接sysctl -p的话会提示下面的报错,因为ipv6当前在系统内是不支持的

error: "net.ipv6.conf.all.disable_ipv6" is an unknown key
error: "net.ipv6.conf.default.disable_ipv6" is an unknown key
error: "net.ipv6.conf.lo.disable_ipv6" is an unknown key

4.重启后查看ipv6的配置已经ok了

# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:16:3E:32:A2:3E  
          inet addr:172.30.191.179  Bcast:172.30.255.255  Mask:255.255.0.0
          inet6 addr: fe80::216:3eff:fe32:a23e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:670 errors:0 dropped:0 overruns:0 frame:0
          TX packets:753 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:76703 (74.9 KiB)  TX bytes:139326 (136.0 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:44 errors:0 dropped:0 overruns:0 frame:0
          TX packets:44 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:7015 (6.8 KiB)  TX bytes:7015 (6.8 KiB)
HE 注册&配置&测试

1.登陆https://www.tunnelbroker.net/ 官方网站,进行账号注册,2018-04-14测试QQ邮箱可以收到注册成功的邮件了

2.登陆后点击 “Create Regular Tunnel” ,输入ECS的公网ip,出现绿底的“IP is a potential tunnel endpoint.”说明你得公网ip支持ipv6隧道,测试默认给我的节点延迟173ms,可以接受,点击页面最下方的“Create Tunnel”

3.创建ipv6隧道及路由,centos的系统选择linux-route2,返回的命令去ecs上执行

modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 66.220.18.42 local 172.30.191.179 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:c:13ac::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

# ip -f inet6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::216:3eff:fe32:a23e/64 scope link 
       valid_lft forever preferred_lft forever
4: he-ipv6: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 
    inet6 2001:470:c:13ac::2/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::276a:b88b/128 scope link 
       valid_lft forever preferred_lft forever

# netstat -an |grep :::
tcp        0      0 ::1:25                      :::*                        LISTEN      
udp        0      0 fe80::ac1e:bfb3:123         :::*                                    
udp        0      0 2001:470:c:13ac::2:123      :::*                                    
udp        0      0 fe80::216:3eff:fe32:a23e:123 :::*                                    
udp        0      0 ::1:123                     :::*                                    
udp        0      0 :::123                      :::*         

image

注意:如果使用了vpc的网络环境,HE上生成的命令,需要把ECS的公网ip修改成ecs内部可以看到的ip,即内网ip,可见示例配置里面note部分的提示

# ping6 ipv6.google.com
PING ipv6.google.com(tsa03s01-in-x0e.1e100.net) 56 data bytes
64 bytes from tsa03s01-in-x0e.1e100.net: icmp_seq=1 ttl=53 time=325 ms
64 bytes from tsa03s01-in-x0e.1e100.net: icmp_seq=2 ttl=53 time=325 ms
# ping6 2001:470:0:76::2
PING 2001:470:0:76::2(2001:470:0:76::2) 56 data bytes
64 bytes from 2001:470:0:76::2: icmp_seq=1 ttl=60 time=182 ms
64 bytes from 2001:470:0:76::2: icmp_seq=2 ttl=60 time=182 ms

测试通过!

用云栖社区APP,舒服~

【云栖快讯】诚邀你用自己的技术能力来用心回答每一个问题,通过回答传承技术知识、经验、心得,问答专家期待你加入!  详情请点击

网友评论

1F
qilu

本文章由阿里云海陆两栖资深工程师牧原提供,值得信赖。shiningdouble

2F
秋光

赞!

3F
程序员tom

赞。收藏了。以后 ipv 6 的用途会越来越广的。有时间专门研究研究。

4F
1097214270636273

还希望告知一下,如何配置nginx 监听ipv6的80端口,二级域名绑定ipv6地址,然后从浏览器上直接访问绑定了二级域名的链接。

5F
1097214270636273

以及重启后,默认加载ipv6,不会丢失配置