TP IPv6

TP IPv6

Cheat Sheet

Configuration du réseau local atg, immortal et opeth en IPv6

Afficher les adresses IP :

Link local, préfixé par FE80::/10 ====⇒ @ locale et privée… (calculée automatiquement à partir de @MAC)
Global ====⇒ @ publique sur Internet

opeth$ ip addr

Ou juste pour eth0 :

opeth$ ip addr ls dev eth0
eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether aa:aa:aa:aa:00:00 brd ff:ff:ff:ff:ff:ff

on active eth0 :

opeth$ ip link set eth0 up     # =====> automatiquement le @ link local a été créé. à partir de @ MAC.. 

opeth$ ip addr ls dev eth0
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether aa:aa:aa:aa:00:00 brd ff:ff:ff:ff:ff:ff
inet6 fe80::a8aa:aaff:feaa:0/64 scope link

Premier test de ping avec l'adresse link local : opeth → atg

atg$ ip link set eth0 up   => fe80::a8aa:aaff:feaa:100 (@ link local)

opeth:~ #ping fe80::a8aa:aaff:feaa:100
PING fe80::a8aa:aaff:feaa:100(fe80::a8aa:aaff:feaa:100) 56 data bytes
64 bytes from fe80::a8aa:aaff:feaa:100%eth0: icmp_seq=1 ttl=64 time=1.04 ms
64 bytes from fe80::a8aa:aaff:feaa:100%eth0: icmp_seq=2 ttl=64 time=0.518 ms
64 bytes from fe80::a8aa:aaff:feaa:100%eth0: icmp_seq=3 ttl=64 time=0.616 ms

Configuration des adresses Global dans le résau opeth-atg-immortal

Adresse du réseau (ou prefix) = > 2001:db8:0:f101::0/64 prefixlen : 64

Par Exemple :

opeth = 2001:db8:0:f101::1/64 (partie réseau sur 64 bits = 4 mots de 16 bits = 2001:0db8:0000:f101 )
atg = 2001:db8:0:f101::2/64
immortal = 2001:db8:0:f101::FFFF/64 (gateway)

opeth$ ip -6 addr add 2001:db8:0:f101::1/64 dev eth0
opeth$ ip link set eth0 up
atg$ ip -6 addr add 2001:db8:0:f101::2/64 dev eth0
atg$ ip link set eth0 up
immortal$ ip -6 addr add 2001:db8:0:f101::FFFF/64 dev eth0
immortal$ ip link set eth0 up

opeth$ ip addr
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether aa:aa:aa:aa:02:00 brd ff:ff:ff:ff:ff:ff
    inet6 2001:db8:0:f101::1/64 scope global 
    inet6 fe80::a8aa:aaff:feaa:200/64 scope link

Configurons le réseau avec le fichier /etc/network/interfaces sur la machine atg :

  
auto etho
iface eth0 inet6 static
address 2001:db8:0:f101::2/64     # ----> atg

Commencer par faire :

atg$ ip link set eth0 down

Puis :

atg$ service networking restart

On observe sur atg :

    
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether aa:aa:aa:aa:01:00 brd ff:ff:ff:ff:ff:ff
    inet6 2001:db8:0:f101::2/64 scope global 
    inet6 fe80::a8aa:aaff:feaa:100/64 scope link

A propos des noeuds voisins

Commencons par nettoyer la table NDP qui fait la correspondance entre IPv6 et MAC (similaire à ARP en IPv4) sur opeth, immortal et atg:

$ ip -6 neigh flush dev eth0
# ou bien
$ ip neigh del <@>

On affiche cette table, qui est vide :

    
opeth$ ip -6 neigh

Faisons un ping de atg vers opeth :

atg:~ #ping 2001:db8:0:f101::1
PING 2001:db8:0:f101::1(2001:db8:0:f101::1) 56 data bytes
64 bytes from 2001:db8:0:f101::1: icmp_seq=1 ttl=64 time=7.22 ms

atg:~ #ip -6 neigh
2001:db8:0:f101::1 dev eth0 lladdr aa:aa:aa:aa:00:00 STALE           # ip global de opeth
fe80::a8aa:aaff:feaa:0 dev eth0 lladdr aa:aa:aa:aa:00:00 STALE     # ip link local de opeth

Rappel atg

link/ether aa:aa:aa:aa:01:00 brd ff:ff:ff:ff:ff:ff
inet6 2001:db8:0:f101::2/64 scope global 
inet6 fe80::a8aa:aaff:feaa:100/64 scope link local

Le préfixe MAC Ethernet en 33:33 ⇒ multicast Ethernet (rappel bcast Ethernet FF:FF:FF:FF:FF:FF) Le préfixe IPv6 ff02: ⇒ multicast IPv6

Sur immortal, on voit avec tcpdump -e passer du ICMPv6 / NDP

ou : tcpdump -i eth0 'ip6 && icmp6'

aa:aa:aa:aa:01:00 (oui Unknown) > 33:33:ff:00:00:01 (oui Unknown), ethertype IPv6 (0x86dd), length 86: 2001:db8:0:f101::2 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:db8:02

Sur opeth maintenant…

15:45:23.770299 aa:aa:aa:aa:01:00 (oui Unknown) > 33:33:ff:00:00:01 (oui Unknown), ethertype IPv6 (0x86dd), length 86: 2001:db8:0:f101::2 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:db8:02...

15:45:23.770314 aa:aa:aa:aa:00:00 (oui Unknown) > aa:aa:aa:aa:01:00 (oui Unknown), ethertype IPv6 (0x86dd), length 86: 2001:db8:0:f101::1 > 2001:db8:0:f101::2: ICMP6, neighbor advertisement, tgt is 2001:d2...

15:45:23.770497 aa:aa:aa:aa:01:00 (oui Unknown) > aa:aa:aa:aa:00:00 (oui Unknown), ethertype IPv6 (0x86dd), length 118: 2001:db8:0:f101::2 > 2001:db8:0:f101::1: ICMP6, echo request, seq 1, length 64...

15:45:23.770506 aa:aa:aa:aa:00:00 (oui Unknown) > aa:aa:aa:aa:01:00 (oui Unknown), ethertype IPv6 (0x86dd), length 118: 2001:db8:0:f101::1 > 2001:db8:0:f101::2: ICMP6, echo reply, seq 1, length 64...

Pourquoi cette deuxième requête NDP avec l'adresse link local ?

15:45:28.924285 aa:aa:aa:aa:00:00 (oui Unknown) > aa:aa:aa:aa:01:00 (oui Unknown), ethertype IPv6 (0x86dd), length 86: fe80::a8aa:aaff:feaa:0 > 2001:db8:0:f101::2: ICMP6, neighbor solicitation, who has 202...

15:45:28.929632 aa:aa:aa:aa:01:00 (oui Unknown) > aa:aa:aa:aa:00:00 (oui Unknown), ethertype IPv6 (0x86dd), length 78: 2001:db8:0:f101::2 > fe80::a8aa:aaff:feaa:0: ICMP6, neighbor advertisement, tgt is 204...

Configuration AUTO du réseau syl-nile

1) Sur Syl, config statique dans /etc/network/interfaces

auto eth0
iface eth0 inet6 static
address 2001:db8:0:f103::1/64

auto eth1
iface eth1 inet6 static
address 2001:db8:0:f102::1/64

2) Sur syl (eth1), /etc/radvd.conf

interface eth1
{
        AdvSendAdvert on;
        prefix 2001:db8:0:f102::0/64
        {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
                };
        route ::/0 {};
};

3) démarrage su service sur syl

syl$ service netwoking restart
syl$ service radvd restart

4) configuration auto du client nile dans /etc/network/interfaces

auto eth0
iface eth0 inet6 auto

nile$ service netwoking restart

nile$ ip addr
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether aa:aa:aa:aa:05:00 brd ff:ff:ff:ff:ff:ff
    inet6 2001:db8:0:f102:a8aa:aaff:feaa:500/64 scope global tentative dynamic mngtmpaddr 
    inet6 fe80::a8aa:aaff:feaa:500/64 scope link

Refaire la capture plus proprement…

syl$ tcpdump -i eth1                                                                                                                                                              
IP6 fe80::a8aa:aaff:feaa:401 > ip6-allnodes: ICMP6, router advertisement, length 80
IP6 fe80::a8aa:aaff:feaa:401 > ip6-allnodes: ICMP6, router advertisement, length 80
IP6 :: > ff02::1:ffaa:500: ICMP6, neighbor solicitation, who has fe80::a8aa:aaff:feaa:500, length 32                                                                     
IP6 fe80::a8aa:aaff:feaa:500 > ip6-allrouters: ICMP6, router solicitation, length 16
16:13:16.606713 IP6 fe80::a8aa:aaff:feaa:401 > fe80::a8aa:aaff:feaa:500: ICMP6, router advertisement, length 80                                                                          
16:13:16.887765 IP6 fe80::a8aa:aaff:feaa:500 > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48                                                           
16:13:20.720271 IP6 fe80::a8aa:aaff:feaa:401 > ip6-allnodes: ICMP6, router advertisement, length 80                                                                                      
16:13:21.757677 IP6 fe80::a8aa:aaff:feaa:401 > fe80::a8aa:aaff:feaa:500: ICMP6, neighbor solicitation, who has fe80::a8aa:aaff:feaa:500, length 32                                       
16:13:21.761157 IP6 fe80::a8aa:aaff:feaa:500 > fe80::a8aa:aaff:feaa:401: ICMP6, neighbor advertisement, tgt is fe80::a8aa:aaff:feaa:500, length 24

Table of Contents

TP IPv6

Configuration du réseau local atg, immortal et opeth en IPv6

A propos des noeuds voisins

Configuration AUTO du réseau syl-nile