====== TP IPv6 ======
* https://dept-info.labri.u-bordeaux.fr/~guermouc/AR/cours//cours3.pdf
* https://dept-info.labri.u-bordeaux.fr/~guermouc/AR/TP/feuille7.pdf
**Cheat Sheet**
* https://cdn.discordapp.com/attachments/691967319580344374/816337114643300422/IPv6-Cheat-Sheet.pdf
* https://access.redhat.com/sites/default/files/attachments/rh_ip_command_cheatsheet_1214_jcs_print.pdf
==== Configuration du réseau local atg, immortal et opeth en IPv6 ====
Afficher les adresses IP :
* Link local, préfixé par FE80::/10 =====> @ locale et privée... (calculée automatiquement à partir de @MAC)
* Global =====> @ publique sur Internet
opeth$ ip addr
Ou juste pour eth0 :
opeth$ ip addr ls dev eth0
eth0: mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether aa:aa:aa:aa:00:00 brd ff:ff:ff:ff:ff:ff
on active eth0 :
opeth$ ip link set eth0 up # =====> automatiquement le @ link local a été créé. à partir de @ MAC..
opeth$ ip addr ls dev eth0
eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether aa:aa:aa:aa:00:00 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a8aa:aaff:feaa:0/64 scope link
Premier test de ping avec l'adresse link local : opeth -> atg
atg$ ip link set eth0 up => fe80::a8aa:aaff:feaa:100 (@ link local)
opeth:~ #ping fe80::a8aa:aaff:feaa:100
PING fe80::a8aa:aaff:feaa:100(fe80::a8aa:aaff:feaa:100) 56 data bytes
64 bytes from fe80::a8aa:aaff:feaa:100%eth0: icmp_seq=1 ttl=64 time=1.04 ms
64 bytes from fe80::a8aa:aaff:feaa:100%eth0: icmp_seq=2 ttl=64 time=0.518 ms
64 bytes from fe80::a8aa:aaff:feaa:100%eth0: icmp_seq=3 ttl=64 time=0.616 ms
Configuration des adresses Global dans le résau opeth-atg-immortal
Adresse du réseau (ou prefix) = > 2001:db8:0:f101::0/64
prefixlen : 64
Par Exemple :
* opeth = 2001:db8:0:f101::1/64 (partie réseau sur 64 bits = 4 mots de 16 bits = 2001:0db8:0000:f101 )
* atg = 2001:db8:0:f101::2/64
* immortal = 2001:db8:0:f101::FFFF/64 (gateway)
opeth$ ip -6 addr add 2001:db8:0:f101::1/64 dev eth0
opeth$ ip link set eth0 up
atg$ ip -6 addr add 2001:db8:0:f101::2/64 dev eth0
atg$ ip link set eth0 up
immortal$ ip -6 addr add 2001:db8:0:f101::FFFF/64 dev eth0
immortal$ ip link set eth0 up
opeth$ ip addr
eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether aa:aa:aa:aa:02:00 brd ff:ff:ff:ff:ff:ff
inet6 2001:db8:0:f101::1/64 scope global
inet6 fe80::a8aa:aaff:feaa:200/64 scope link
Configurons le réseau avec le fichier /etc/network/interfaces sur la machine atg :
auto etho
iface eth0 inet6 static
address 2001:db8:0:f101::2/64 # ----> atg
Commencer par faire :
atg$ ip link set eth0 down
Puis :
atg$ service networking restart
On observe sur atg :
eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether aa:aa:aa:aa:01:00 brd ff:ff:ff:ff:ff:ff
inet6 2001:db8:0:f101::2/64 scope global
inet6 fe80::a8aa:aaff:feaa:100/64 scope link
==== A propos des noeuds voisins ====
Commencons par nettoyer la table NDP qui fait la correspondance entre IPv6 et MAC (similaire à ARP en IPv4) sur opeth, immortal et atg:
$ ip -6 neigh flush dev eth0
# ou bien
$ ip neigh del <@>
On affiche cette table, qui est vide :
opeth$ ip -6 neigh
Faisons un ping de atg vers opeth :
atg:~ #ping 2001:db8:0:f101::1
PING 2001:db8:0:f101::1(2001:db8:0:f101::1) 56 data bytes
64 bytes from 2001:db8:0:f101::1: icmp_seq=1 ttl=64 time=7.22 ms
atg:~ #ip -6 neigh
2001:db8:0:f101::1 dev eth0 lladdr aa:aa:aa:aa:00:00 STALE # ip global de opeth
fe80::a8aa:aaff:feaa:0 dev eth0 lladdr aa:aa:aa:aa:00:00 STALE # ip link local de opeth
Rappel atg
link/ether aa:aa:aa:aa:01:00 brd ff:ff:ff:ff:ff:ff
inet6 2001:db8:0:f101::2/64 scope global
inet6 fe80::a8aa:aaff:feaa:100/64 scope link local
Le préfixe MAC Ethernet en 33:33 => multicast Ethernet (rappel bcast Ethernet FF:FF:FF:FF:FF:FF)
Le préfixe IPv6 ff02: => multicast IPv6
Sur immortal, on voit avec tcpdump -e passer du ICMPv6 / NDP
ou : tcpdump -i eth0 'ip6 && icmp6'
aa:aa:aa:aa:01:00 (oui Unknown) > 33:33:ff:00:00:01 (oui Unknown), ethertype IPv6 (0x86dd), length 86: 2001:db8:0:f101::2 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:db8:02
Sur opeth maintenant...
15:45:23.770299 aa:aa:aa:aa:01:00 (oui Unknown) > 33:33:ff:00:00:01 (oui Unknown), ethertype IPv6 (0x86dd), length 86: 2001:db8:0:f101::2 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:db8:02...
15:45:23.770314 aa:aa:aa:aa:00:00 (oui Unknown) > aa:aa:aa:aa:01:00 (oui Unknown), ethertype IPv6 (0x86dd), length 86: 2001:db8:0:f101::1 > 2001:db8:0:f101::2: ICMP6, neighbor advertisement, tgt is 2001:d2...
15:45:23.770497 aa:aa:aa:aa:01:00 (oui Unknown) > aa:aa:aa:aa:00:00 (oui Unknown), ethertype IPv6 (0x86dd), length 118: 2001:db8:0:f101::2 > 2001:db8:0:f101::1: ICMP6, echo request, seq 1, length 64...
15:45:23.770506 aa:aa:aa:aa:00:00 (oui Unknown) > aa:aa:aa:aa:01:00 (oui Unknown), ethertype IPv6 (0x86dd), length 118: 2001:db8:0:f101::1 > 2001:db8:0:f101::2: ICMP6, echo reply, seq 1, length 64...
Pourquoi cette deuxième requête NDP avec l'adresse link local ?
15:45:28.924285 aa:aa:aa:aa:00:00 (oui Unknown) > aa:aa:aa:aa:01:00 (oui Unknown), ethertype IPv6 (0x86dd), length 86: fe80::a8aa:aaff:feaa:0 > 2001:db8:0:f101::2: ICMP6, neighbor solicitation, who has 202...
15:45:28.929632 aa:aa:aa:aa:01:00 (oui Unknown) > aa:aa:aa:aa:00:00 (oui Unknown), ethertype IPv6 (0x86dd), length 78: 2001:db8:0:f101::2 > fe80::a8aa:aaff:feaa:0: ICMP6, neighbor advertisement, tgt is 204...
==== Configuration AUTO du réseau syl-nile ====
1) Sur Syl, config statique dans /etc/network/interfaces
auto eth0
iface eth0 inet6 static
address 2001:db8:0:f103::1/64
auto eth1
iface eth1 inet6 static
address 2001:db8:0:f102::1/64
2) Sur syl (eth1), /etc/radvd.conf
interface eth1
{
AdvSendAdvert on;
prefix 2001:db8:0:f102::0/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
route ::/0 {};
};
3) démarrage su service sur syl
syl$ service netwoking restart
syl$ service radvd restart
4) configuration auto du client nile dans /etc/network/interfaces
auto eth0
iface eth0 inet6 auto
nile$ service netwoking restart
nile$ ip addr
eth0: mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether aa:aa:aa:aa:05:00 brd ff:ff:ff:ff:ff:ff
inet6 2001:db8:0:f102:a8aa:aaff:feaa:500/64 scope global tentative dynamic mngtmpaddr
inet6 fe80::a8aa:aaff:feaa:500/64 scope link
Refaire la capture plus proprement...
syl$ tcpdump -i eth1
IP6 fe80::a8aa:aaff:feaa:401 > ip6-allnodes: ICMP6, router advertisement, length 80
IP6 fe80::a8aa:aaff:feaa:401 > ip6-allnodes: ICMP6, router advertisement, length 80
IP6 :: > ff02::1:ffaa:500: ICMP6, neighbor solicitation, who has fe80::a8aa:aaff:feaa:500, length 32
IP6 fe80::a8aa:aaff:feaa:500 > ip6-allrouters: ICMP6, router solicitation, length 16
16:13:16.606713 IP6 fe80::a8aa:aaff:feaa:401 > fe80::a8aa:aaff:feaa:500: ICMP6, router advertisement, length 80
16:13:16.887765 IP6 fe80::a8aa:aaff:feaa:500 > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48
16:13:20.720271 IP6 fe80::a8aa:aaff:feaa:401 > ip6-allnodes: ICMP6, router advertisement, length 80
16:13:21.757677 IP6 fe80::a8aa:aaff:feaa:401 > fe80::a8aa:aaff:feaa:500: ICMP6, neighbor solicitation, who has fe80::a8aa:aaff:feaa:500, length 32
16:13:21.761157 IP6 fe80::a8aa:aaff:feaa:500 > fe80::a8aa:aaff:feaa:401: ICMP6, neighbor advertisement, tgt is fe80::a8aa:aaff:feaa:500, length 24