dnsmasq-ipv6测试

##物理口
###client端设置：

######1、sysctl 修改内核参数，使能接口ipv6，是能全局ipv6转发，使能接口 accept_ra。

# 是能接口ipv6，默认 disable
net.ipv6.conf.eth2.disable_ipv6 = 0
# 允许接口接受ra报文，Obtain IPv6 address on wan interface by Stateless autoconfiguration (SLAAC)
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.eth2.accept_ra = 2
net.ipv6.conf.eth2.autoconf = 1
# 测试需要，不使用临时地址
net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0

######2、修改/etc/sysconfig/network

NETWORKING_IPV6=yes

######3、修改 /etc/sysconfig/network-scripts/ifcfg-eth2（可以不做持久化）

DEVICE=eth2
ONBOOT=yes
NETBOOT=yes
NM_CONTROLLED=no
PEERDNS=yes
#BOOTPROTO=dhcp # 打开这个可以同时获取ipv4和ipv6地址
BOOTPROTO=dhcp6  # 打开这个只会获取ipv6的地址
DHCPV6C=yes
IPV6INIT=yes
IPV6_AUTOCONFIG=yes

######4、dhclient 的使用.
需要使用dhcp分配地址或域名等配置是需要使用dhclient，否者不需要，如slaac方式获取地址又静态配置dns等other infomation的情况，不需要任何dhcp的协商，只需要打开RA接受开关即可。
PPPoE的情况下，dhclient 作用在ppp口上即可，其他类似。

	编码	测试
接受地址和other infomation	dhclient -6 eth2 --no-pid -nw	dhclient -6 eth2 --no-pid -v
不接受地址，只接受other infomation。如静态配置ipv6地址，只需要dns地址等时候	dhclient -6 -S eth2 --no-pid -nw	dhclient -6 -S eth2 --no-pid -v

server端 dnsmasq配置

######1、配置/etc/sysconfig/network

NETWORKING_IPV6=yes

######2、内核参数，使能接口ipv6

net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.eth2.disable_ipv6 = 0

######3、dnsmasq配置
无论是Autoconf、dhcp stateless、dhcpstateful都需要用到RA消息，告诉client能过提供的能力，RA报文由dnsmasq根据配置文件构造。RA消息报文可以包含的一些flag，这些flag会反应在dnsmasq的配置上，决定client端地址分配的方式：

IPv6 Router Advertisement (RA) messages can contain the following flags:* M (“Managed address configuration”) – indicates that IPv6 addresses are available via DHCPv6. This is also referred to as Stateful DHCP.
* O (“Other configuration”) – no IPv6 address, but other configuration information like DNS etc. are available via DHCPv6. This is also referred to as Stateless DHCP.
* A (“Autonomous Address Configuration”) – indicates that the prefix present with the flag can be used for SLAAC (StateLess Auto Address Configuration).

M flag表示Server能过分配ipv6地址和其他配置（如dns等），O标记表示只分配其他配置，所以M和O同时设置O实际上没啥用。A表示让Client通过发过去的Prefix自己生成地址。A和M同时设置时，Client会生成两个地址。

dnsmasq的flag标记设置在 dhcp-range配置项中。
i) dhcp-range 无ra配置（dhcpv6 statefull）
默认情况下，enable-ra之后的默认行为解释如下：

# Do router advertisements for all subnets where we're doing DHCPv6
# Unless overridden by ra-stateless, ra-names, et al, the router
# advertisements will have the M and O bits set, so that the clients
# get addresses and configuration from DHCPv6, and the A bit reset, so the
# clients don't use SLAAC addresses.

理解为 RA设置了M 和 O flag，未设置A flag，ipv6地址和参数都是由dhcp从地址池中分配。

测试效果：
可以看到client从地址池中分到了一个ipv6地址。
注： M和O标记出发的dhcp协商需要client端触发dhcp SOLICIT申请地址，如通过 dhclient -6 -v eth2。

# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114# set M O flag，reset A flag
dhcp-range=fd00::22, fd00::44, 64, 1h
enable-ra
ra-param=eth2,10                // ra 发送间隔

# client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ffinet6 fd00::23/64 scope global dynamicvalid_lft 3596sec preferred_lft 3596secinet6 fe80::a00:27ff:fef4:6b67/64 scope linkvalid_lft forever preferred_lft forever

ii) ra-only （slaac）
Do Router Advertisements, BUT NOT DHCP for this subnet.
可以理解为，RA设置了A flag，没有M和O flag，效果应该是一个纯粹的 SLAAC地址分配方式。

测试效果：
可以看到client端自动获取到一个前缀是fd00:: 的SLAAC地址（前缀+EUI-64）。

# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114# no M or O flags; only A flag
dhcp-range=fd00::, ra-only
enable-ra

client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ffinet6 fd00::a00:27ff:fef4:6b67/64 scope global mngtmpaddr dynamicvalid_lft 3440sec preferred_lft 3440secinet6 fe80::a00:27ff:fef4:6b67/64 scope linkvalid_lft forever preferred_lft forever

iii) ra-stateless （dhcpv6 stateless）
解释如下

# Do Router Advertisements and stateless DHCP for this subnet. Clients will
# not get addresses from DHCP, but they will get other configuration information.
# They will use SLAAC for addresses.

理解为设置了 O、A flag，未设置M flag。
`
测试效果：
通过slaac设置ipv6地址，通过dhcp设置了dns。

# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114# ipv6
# n only O and A flags; no M flag
dhcp-range=fd00::, ra-stateless
enable-ra
# 支持分配 dns-server
dhcp-option=option6:dns-server,[240c::6666],[240c::6644]

client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ffinet6 fd00::a00:27ff:fef4:6b67/64 scope global mngtmpaddr dynamicvalid_lft 3440sec preferred_lft 3440secinet6 fe80::a00:27ff:fef4:6b67/64 scope linkvalid_lft forever preferred_lft forever# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 240c::6666
nameserver 240c::6644

iv) slaac
理解为设置了M、A flag，未设置O flag。
也就是说接口会得到两个ipv6地址，其中一个slaac地址，一个dhcp地址。
测试效果：
通过slaac设置ipv6地址，通过dhcp设置了dns。

# dnsmasq.conf
interface=eth2
# ipv4
dhcp-range=eth2,20.3.3.100,20.3.3.200,86400
dhcp-option=eth2,3,20.3.3.1
dhcp-option=eth2,1,255.255.255.0
dhcp-option=eth2,6,114.114.114.114# ipv6
# n only O and A flags; no M flag
dhcp-range=fd00::22, fd00::44, slaac
enable-ra
# 支持分配 dns-server
dhcp-option=option6:dns-server,[240c::6666],[240c::6644]

client:
# ip addr ls dev eth2
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 08:00:27:f4:6b:67 brd ff:ff:ff:ff:ff:ffinet6 fd00::23/64 scope global dynamicvalid_lft 3595sec preferred_lft 3595secinet6 fd00::a00:27ff:fef4:6b67/64 scope global mngtmpaddr dynamicvalid_lft 3588sec preferred_lft 3588secinet6 fe80::a00:27ff:fef4:6b67/64 scope linkvalid_lft forever preferred_lft forever# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 240c::6666
nameserver 240c::6644

总结：

配置	flag
default	set O and M flag, reset A flag
ra-only	set A, reset M and O
slaac	if a DHCPv6 range is specified then M and A flags; else only A flag
ra-stateless	set O and A, reset M
ra-names	set A, reset M and O

pppoe ipv6

###client
使用eth3拨入pppoe server。
配置ppp0接收ra配置。

net.ipv6.conf.ppp0.accept_ra = 2

配置支持ipv6cp协商

# cat /etc/ppp/options
lock
+ipv6 ipv6cp-use-ipaddr

配置认证用户名密码

# cd /etc/ppp
# cat pap-secrets
# Secrets for authentication using PAP
# client    server  secret          IP addresses
"sheng"   *   "sheng"
# cat chap-secrets
# Secrets for authentication using CHAP
# client    server  secret          IP addresses
"sheng"   *   "sheng"

测试：
i) pppoe-setup命令设置好pppoe基本信息，之后会生成ppp0接口配置文件：

# cat  /etc/sysconfig/network-scripts/ifcfg-ppp0
USERCTL=yes
BOOTPROTO=dialup
NAME=DSLppp0
DEVICE=ppp0
TYPE=xDSL
ONBOOT=no
PIDFILE=/var/run/pppoe-adsl.pid
FIREWALL=NONE
PING=.
PPPOE_TIMEOUT=80
LCP_FAILURE=3
LCP_INTERVAL=20
CLAMPMSS=1412
CONNECT_POLL=6
CONNECT_TIMEOUT=60
DEFROUTE=yes
SYNCHRONOUS=no
ETH=eth3
PROVIDER=DSLppp0
USER=sheng
PEERDNS=yes
DEMAND=no

ii) pppoe-stop ; pppoe-start 命令完成拨号和下线。
默认会得到一个link local地址和一个slaac地址。
流程简单描述为，ppp完成ipv6cp协商后两边得到不重复的interface id，用来生成两边的link local地址，然后client然后发起RS请求，pppoe-server端回RA，client端根据RA的prefix等信息生成slaac地址。
结果如下：

# ip addr
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 08:00:27:c2:27:6c brd ff:ff:ff:ff:ff:ff
31: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3link/pppinet 192.168.5.219 peer 192.168.5.100/32 scope global ppp0valid_lft forever preferred_lft foreverinet6 2020:db8:2:0:e52f:7cf9:b3b3:2184/64 scope global mngtmpaddr dynamicvalid_lft 86395sec preferred_lft 14395secinet6 fe80::e52f:7cf9:b3b3:2184/10 scope linkvalid_lft forever preferred_lft forever

如果需要想dhcp申请ipv6地址。
测试： dhclient -6 -v ppp0

# ip addr
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000link/ether 08:00:27:c2:27:6c brd ff:ff:ff:ff:ff:ffinet6 fe80::9526:8dca:25b8:a2c8/64 scope linkvalid_lft forever preferred_lft forever
31: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast state UNKNOWN qlen 3link/pppinet 192.168.5.219 peer 192.168.5.100/32 scope global ppp0valid_lft forever preferred_lft foreverinet6 2020:db8:2::12/64 scope global dynamicvalid_lft 3749sec preferred_lft 2749secinet6 2020:db8:2:0:e52f:7cf9:b3b3:2184/64 scope global mngtmpaddr dynamicvalid_lft 86396sec preferred_lft 14396secinet6 fe80::e52f:7cf9:b3b3:2184/10 scope linkvalid_lft forever preferred_lft forever
# cat /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
nameserver 2001:db8:2::dead:beef
nameserver 2001:db8:2::cafe:babe

附pppoe-server配置：
太多了，参考 https://www.dazhuanlan.com/an__he/topics/1005802 吧。
完全按照上面的做有问题，有几个地方在调试过程中改了一下，最终ok。
i) /etc/ppp/options 不能增加 " ipv6 ,"配置，否则申请不到地址。删掉就ok了。

[root@localhost ~]# cat /etc/ppp/options
#lock
local
#ipv6 ,

ii) radvd监听的接口我改成了ppp0

# cat /etc/radvd.conf
interface ppp0                #接你拨号上网的网卡名称
{AdvSendAdvert on;           #启用路由器公告（RA）功能MinRtrAdvInterval 5;       #每隔30-100秒间隔发送公告消息MaxRtrAdvInterval 10;AdvManagedFlag on;         # M值AdvOtherConfigFlag on;      # O值prefix 2020:db8:2::/64      #发送的前缀信息{AdvOnLink on;AdvAutonomous on;       #公告的前缀可用来自动位置配置AdvRouterAddr on;};
};

f
iii) kea的配置文件，interface配置也改成了ppp0。

"Dhcp6": {// Add names of your network interfaces to listen on."interfaces-config": {// You typically want to put specific interface names here, e.g. eth0// but you can also specify unicast addresses (e.g. eth0/2001:db8::1) if// you want your server to handle unicast traffic in addition to// multicast. (DHCPv6 is a multicast based protocol)."interfaces": ["enp0s10", "ppp0", "*" ]},
......"subnet6": [{
"subnet": "2020:db8:2::/64",
......
"interface":"ppp0"......