FAQ
hello,
i met a problem in configuratiion of ipv6 gw in my box
i install centos 6.3 (64 bit) on my boxs, which have four netcard.
i use a straight-through cable to connect centosv0:netcard-2 and
centosv1:netcard2
the topology is this:
client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2 <--->
centosv1:netcard-2 <---->centosv1:netcard-2 <---> client d (backtrack r2
32)
1:2:3:4::2/64 1:2:3:4::1/64 1:2:3::4/64
1:2:3::5/64 1:2:3:5::1/64
1:2:3:5::2/64


what i want to do is set default gw on centosv0 to centosv1


i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0) as this
DEVICE="eth2"
BOOTPROTO=static
HWADDR="60:A4:4C:23:2F:6F"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
#UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
IPV6INIT=yes
IPV6ADDR=1:2:3::4
IPV6_DEFAULTGW=1:2:3::5


and i also configure /etc/sysconfig/network to this:
NETWORKING=yes
HOSTNAME=centosv0
NETWORKING_IPV6=yes
IPV6_AUTOCONF=no


but i met an error:
Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error


i do not know how why,and can some one gives me some suggestion?
thanks a lot.

Search Discussions

  • Michael H. Warfield at Apr 11, 2013 at 7:38 pm
    Hello,


    I may be totally off base here but...

    On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote:
    hello,
    i met a problem in configuratiion of ipv6 gw in my box
    i install centos 6.3 (64 bit) on my boxs, which have four netcard.
    i use a straight-through cable to connect centosv0:netcard-2 and
    centosv1:netcard2
    the topology is this:
    client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2 <--->
    centosv1:netcard-2 <---->centosv1:netcard-2 <---> client d (backtrack r2
    32)
    1:2:3:4::2/64 1:2:3:4::1/64 1:2:3::4/64
    1:2:3::5/64 1:2:3:5::1/64
    1:2:3:5::2/64

    Surely, I hope you jest with those numbers. You are not allowed to pick
    numbers out of the air and just use them, even if it's for private use.
    There are specific blocks of addresses for specific uses and assigned
    "scopes" and all the "private use" addresses are in blocks very high up
    in the address space beginning with fc or fd. If those are literally
    the addresses you used, they will not work and I would expect them to
    give you all sorts of grief at some point or another.

    what i want to do is set default gw on centosv0 to centosv1

    I take it "centosv0" and "centosv1" are configured for ipv6 forwarding?
    You didn't provide the information on that. There are some gotcha's in
    there with default routing on a router (basically there is no such
    thing) and the router needs to be set up properly for both routing and
    its routes. But I don't think that's your problem you're describing
    down below.

    i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0) as this
    DEVICE="eth2"
    BOOTPROTO=static
    HWADDR="60:A4:4C:23:2F:6F"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
    IPV6INIT=yes
    IPV6ADDR=1:2:3::4
    ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128).

    IPV6_DEFAULTGW=1:2:3::5
    ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network (/128)

    and i also configure /etc/sysconfig/network to this:
    NETWORKING=yes
    HOSTNAME=centosv0
    NETWORKING_IPV6=yes
    IPV6_AUTOCONF=no

    For forwarding...


    In that file you're also going to need:


    IPV6FORWARDING=yes


    You may also need to add lines to /etc/sysctl.conf (I've needed in the
    past on Fedora):


    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.default.forwarding = 1


    But those aren't your problem with this...

    but i met an error:
    Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error

    I'm not totally sure if this is because you didn't specify a prefix
    length on your IPV6ADDR line or the fact that it then conflicted with
    your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it
    was because you choose and illegal IPv6 prefix or if it was a
    combination of all of them. The "WARN: [ipv6_add_route] Unknown error"
    makes me suspicious because your default gatway conflicts with your
    interface network definition (because you didn't specify the prefix size
    and it defaulted to /128) and the kernel has no way to route it out any
    interface. IAC... You won't be able to use a default route on a router
    anyways (more below).

    i do not know how why,and can some one gives me some suggestion?
    thanks a lot.

    If those were literally the addresses you used, It may be an address
    that's in an illegal scope. IPv6 does not behave quite like IPv4 does
    and you need to know what some of these blocks of addresses do and what
    their scope is.


    "Local" IPv6 unicast addresses begin with the prefix fc00::/7 and there
    are recommended procedures for assigning subnets out of them and
    choosing network prefixes...


    http://www.ietf.org/rfc/rfc4193.txt


    Those may be routed between your machines but may not be routed on the
    global net either as a source or destination address. Your machines
    should also be given "link local" addresses which are valid only on that
    network segment. They're in the fe80::/64 prefix.


    Global addresses are in the 2000::/3 block. If you are using a Linux
    system as an IPv6 router, the kernel is going to disable the default
    route (::/0), preventing non-global addresses from routing. You'll have
    to add appropriate routes for all your "local" (fc00::/7) subnets and
    also provide a global unicast default route using 2000::/3 on the
    routers.


    Don't try to do your setup above with the two routers pointing default
    routes at each other. Point specific static routes for each subnet
    behind each respective opposite router.


    Wikipedia has a rundown on the various address blocks and formats:


    http://en.wikipedia.org/wiki/IPv6_address


    Local addresses in particular are described here:


    http://en.wikipedia.org/wiki/Unique_local_address


    Anything in 1::/16 (if that's what you're doing) is going to be illegal
    afaik as it's not in an assigned block and scope. It should reject it
    as being unroutable or having a non-valid scope.


    Certain addresses below 2000::/3 are used for compatibility purposes.


    ::a.b.c.d use to be an IPv4 compatibility address but is largely
    deprecated.


    ::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications
    running in a dual stack environment where they see IPv4 addresses as
    IPv6 addresses in the ::ffff:0:0/112 block. All those addresses are for
    internal use and are seriously hands off.


    You can not treat IPv6 arbitrarily as if it were IPv4 with fat
    addresses. If you need to learn more about IPv6 and how it works, you
    probably might want to start looking at Hurricane Electric aka
    Tunnelbroker.net, http://www.tunnelbroker.net . They have some very
    good IPv6 interactive tutorials there for free and are very quick for
    the basic stuff. The first few exercise could be very helpful to you.
    If you follow it all the way through, you will find yourself learning
    how to set up DNS properly for IPv6 and registering your own IPv6 glue
    records with your registrars.


    Now, if I'm off base here and you were merely obfuscating your real
    addresses, I would recommend obfuscating them with fc00: instead of 1:
    and those would be valid example addresses. You could use
    fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and
    fc00:1:1:3::/64 for yet another. Read that RFC for recommendations on
    what you really should chose (generally a random number for
    fdxx:xxxx:xxxx::/48 before your SLA). Since you've got 2 routers,
    you'll need three network prefixes, which I see you have. Generally,
    you'll want to manipulate that fourth field as your SLA (Site Local
    Address) which is IPv6 lingo for your subnet address.


    Replace the leading "1:" in each of those nets with "fdxx:", add your
    appropriate subnets, add your appropriate prefix lengths to those static
    address, and add appropriate static routes, and you might get further
    along the road.


    Regards,
    Mike
    --
    Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
    /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
    NIC whois: MHW9 | An optimist believes we live in the best of all
    PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: not available
    Type: application/pgp-signature
    Size: 482 bytes
    Desc: This is a digitally signed message part
    Url : http://lists.centos.org/pipermail/centos/attachments/20130411/d394e961/attachment.bin
  • Michael H. Warfield at Apr 11, 2013 at 7:50 pm
    Slight Clarification on v6 addressing...


    On Thu, 2013-04-11 at 15:38 -0400, Michael H. Warfield wrote:

    Those may be routed between your machines but may not be routed on the
    global net either as a source or destination address. Your machines
    should also be given "link local" addresses which are valid only on that
    network segment. They're in the fe80::/64 prefix.

    That's "should" as in the kernel should already have assigned your
    link-local v6 addresses to your interfaces. You don't have to provide
    them and I didn't mean to imply you needed to add them.


    Generally, if I'm using static IPv6 addresses, I take that link local
    address and replace the "fe80::" with the network prefix I'm assigning
    and leave the lower bits the same. That way it has the same address as
    would be assigned by stateless autoconf generated from router
    advertisements from a router.


    On Linux routers, you would use either zebra from the quagga package or
    radvd to provide router advertisements out to your clients and you'll
    probably need to add that to get the end clients to self configure
    properly.


    Regards,
    Mike
    --
    Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
    /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
    NIC whois: MHW9 | An optimist believes we live in the best of all
    PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: not available
    Type: application/pgp-signature
    Size: 482 bytes
    Desc: This is a digitally signed message part
    Url : http://lists.centos.org/pipermail/centos/attachments/20130411/d92cd2eb/attachment.bin
  • Jaze Lee at Apr 12, 2013 at 1:28 am
    2013/4/12 Michael H. Warfield <mhw@wittsend.com>

    Hello,

    I may be totally off base here but...
    On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote:
    hello,
    i met a problem in configuratiion of ipv6 gw in my box
    i install centos 6.3 (64 bit) on my boxs, which have four netcard.
    i use a straight-through cable to connect centosv0:netcard-2 and
    centosv1:netcard2
    the topology is this:
    client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2 <--->
    centosv1:netcard-2 <---->centosv1:netcard-2 <---> client d (backtrack r2
    32)
    1:2:3:4::2/64 1:2:3:4::1/64 1:2:3::4/64
    1:2:3::5/64 1:2:3:5::1/64
    1:2:3:5::2/64
    Surely, I hope you jest with those numbers. You are not allowed to pick
    numbers out of the air and just use them, even if it's for private use.
    There are specific blocks of addresses for specific uses and assigned
    "scopes" and all the "private use" addresses are in blocks very high up
    in the address space beginning with fc or fd. If those are literally
    the addresses you used, they will not work and I would expect them to
    give you all sorts of grief at some point or another.
    what i want to do is set default gw on centosv0 to centosv1
    I take it "centosv0" and "centosv1" are configured for ipv6 forwarding?
    You didn't provide the information on that. There are some gotcha's in
    there with default routing on a router (basically there is no such
    thing) and the router needs to be set up properly for both routing and
    its routes. But I don't think that's your problem you're describing
    down below.
    i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0) as this
    DEVICE="eth2"
    BOOTPROTO=static
    HWADDR="60:A4:4C:23:2F:6F"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
    IPV6INIT=yes
    IPV6ADDR=1:2:3::4
    ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128).
    IPV6_DEFAULTGW=1:2:3::5
    ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network
    (/128)
    and i also configure /etc/sysconfig/network to this:
    NETWORKING=yes
    HOSTNAME=centosv0
    NETWORKING_IPV6=yes
    IPV6_AUTOCONF=no
    For forwarding...

    In that file you're also going to need:

    IPV6FORWARDING=yes

    You may also need to add lines to /etc/sysctl.conf (I've needed in the
    past on Fedora):

    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.default.forwarding = 1

    But those aren't your problem with this...
    but i met an error:
    Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error
    I'm not totally sure if this is because you didn't specify a prefix
    length on your IPV6ADDR line or the fact that it then conflicted with
    your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it
    was because you choose and illegal IPv6 prefix or if it was a
    combination of all of them. The "WARN: [ipv6_add_route] Unknown error"
    makes me suspicious because your default gatway conflicts with your
    interface network definition (because you didn't specify the prefix size
    and it defaulted to /128) and the kernel has no way to route it out any
    interface. IAC... You won't be able to use a default route on a router
    anyways (more below).
    i do not know how why,and can some one gives me some suggestion?
    thanks a lot.
    If those were literally the addresses you used, It may be an address
    that's in an illegal scope.

    i test those ipv6 address on ubuntu 12.04, and it is ok. But now, we
    should change system to Centos 6.3.
    And i add all the stuff that i miss. One machine is configured like this:


    [root at centosv0 sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
    DEVICE="eth2"
    BOOTPROTO=static
    HWADDR="60:A4:4C:23:2F:6F"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
    IPV6INIT=yes
    IPV6ADDR=1:2:3::4/64
    IPV6_DEFAULTGW=1:2:3::5/64


    and add the below to /etc/sysctl.conf


    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.default.forwarding = 1


    and through /proc i can see this


    [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/default/forwarding
    1
    [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/all/forwarding
    1


    and through command ifconfig i can see this


    eth1 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6E
    inet6 addr: 1:2:3:4::1/64 Scope:Global --->
    subnet
    inet6 addr: fe80::62a4:4cff:fe23:2f6e/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 b) TX bytes:2028 (1.9 KiB)
    Interrupt:17 Memory:dc300000-dc320000


    eth2 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6F
    inet6 addr: 1:2:3::4/64 Scope:Global
    ----> connected by straight-through cable
    inet6 addr: fe80::62a4:4cff:fe23:2f6f/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:3 errors:0 dropped:0 overruns:0 frame:0
    TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:210 (210.0 b) TX bytes:2028 (1.9 KiB)
    Interrupt:18 Memory:dc200000-dc220000


    eth3 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:70
    inet addr:192.168.5.211 Bcast:192.168.5.255 Mask:255.255.255.0
    ----> used by my ssh
    inet6 addr: fe80::62a4:4cff:fe23:2f70/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:3008 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:291006 (284.1 KiB) TX bytes:154231 (150.6 KiB)
    Interrupt:19 Memory:dc100000-dc120000


    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)


    but when restart the network, i also get this error


    Shutting down interface eth1: [ OK ]
    Shutting down interface eth2: [ OK ]
    Shutting down interface eth3: [ OK ]
    Shutting down loopback interface: [ OK ]
    Bringing up loopback interface: [ OK ]
    Bringing up interface eth1: [ OK ]
    Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error
    [ OK ]
    Bringing up interface eth3: [ OK ]


    As you said that the ipv6 address is in illegal scope and can not goto
    global net,
    I use those ipv6 address for a private use, and i test them ok on ubuntu
    12.04.


    Must i change ipv6 address to some thing like 2000::/3, even i just want to
    use ipv6 for private?








    IPv6 does not behave quite like IPv4 does
    and you need to know what some of these blocks of addresses do and what
    their scope is.

    "Local" IPv6 unicast addresses begin with the prefix fc00::/7 and there
    are recommended procedures for assigning subnets out of them and
    choosing network prefixes...

    http://www.ietf.org/rfc/rfc4193.txt

    Those may be routed between your machines but may not be routed on the
    global net either as a source or destination address. Your machines
    should also be given "link local" addresses which are valid only on that
    network segment. They're in the fe80::/64 prefix.

    Global addresses are in the 2000::/3 block. If you are using a Linux
    system as an IPv6 router, the kernel is going to disable the default
    route (::/0), preventing non-global addresses from routing. You'll have
    to add appropriate routes for all your "local" (fc00::/7) subnets and
    also provide a global unicast default route using 2000::/3 on the
    routers.

    Don't try to do your setup above with the two routers pointing default
    routes at each other. Point specific static routes for each subnet
    behind each respective opposite router.

    But the specific static routes are not connect directly, the peers are
    connected by straight-through cable in eth2
    client c <--> cetnosv0 eth1 <--> centosv0 eth2 <=====> centosv1 eth2 <-->
    centosv1 eth1 <--> client d
    ___
    here are connected by straight-through cable



    Wikipedia has a rundown on the various address blocks and formats:

    http://en.wikipedia.org/wiki/IPv6_address

    Local addresses in particular are described here:

    http://en.wikipedia.org/wiki/Unique_local_address

    Anything in 1::/16 (if that's what you're doing) is going to be illegal
    afaik as it's not in an assigned block and scope. It should reject it
    as being unroutable or having a non-valid scope.

    Certain addresses below 2000::/3 are used for compatibility purposes.

    ::a.b.c.d use to be an IPv4 compatibility address but is largely
    deprecated.

    ::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications
    running in a dual stack environment where they see IPv4 addresses as
    IPv6 addresses in the ::ffff:0:0/112 block. All those addresses are for
    internal use and are seriously hands off.

    You can not treat IPv6 arbitrarily as if it were IPv4 with fat
    addresses. If you need to learn more about IPv6 and how it works, you
    probably might want to start looking at Hurricane Electric aka
    Tunnelbroker.net, http://www.tunnelbroker.net . They have some very
    good IPv6 interactive tutorials there for free and are very quick for
    the basic stuff. The first few exercise could be very helpful to you.
    If you follow it all the way through, you will find yourself learning
    how to set up DNS properly for IPv6 and registering your own IPv6 glue
    records with your registrars.

    Now, if I'm off base here and you were merely obfuscating your real
    addresses, I would recommend obfuscating them with fc00: instead of 1:
    and those would be valid example addresses. You could use
    fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and
    fc00:1:1:3::/64 for yet another. Read that RFC for recommendations on
    what you really should chose (generally a random number for
    fdxx:xxxx:xxxx::/48 before your SLA). Since you've got 2 routers,
    you'll need three network prefixes, which I see you have. Generally,
    you'll want to manipulate that fourth field as your SLA (Site Local
    Address) which is IPv6 lingo for your subnet address.

    Replace the leading "1:" in each of those nets with "fdxx:", add your
    appropriate subnets, add your appropriate prefix lengths to those static
    address, and add appropriate static routes, and you might get further
    along the road.

    Regards,
    Mike
    --
    Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
    /\/\|=mhw=|\/\/ | (678) 463-0932 |
    http://www.wittsend.com/mhw/
    NIC whois: MHW9 | An optimist believes we live in the best of
    all
    PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!

    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
    Best Regards,
    jaze
  • Michael H. Warfield at Apr 12, 2013 at 2:32 am

    On Fri, 2013-04-12 at 09:28 +0800, Jaze Lee wrote:
    2013/4/12 Michael H. Warfield <mhw@wittsend.com>
    Hello,

    I may be totally off base here but...
    On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote:
    hello,
    i met a problem in configuratiion of ipv6 gw in my box
    i install centos 6.3 (64 bit) on my boxs, which have four netcard.
    i use a straight-through cable to connect centosv0:netcard-2 and
    centosv1:netcard2
    the topology is this:
    client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2 <--->
    centosv1:netcard-2 <---->centosv1:netcard-2 <---> client d (backtrack r2
    32)
    1:2:3:4::2/64 1:2:3:4::1/64 1:2:3::4/64
    1:2:3::5/64 1:2:3:5::1/64
    1:2:3:5::2/64
    Surely, I hope you jest with those numbers. You are not allowed to pick
    numbers out of the air and just use them, even if it's for private use.
    There are specific blocks of addresses for specific uses and assigned
    "scopes" and all the "private use" addresses are in blocks very high up
    in the address space beginning with fc or fd. If those are literally
    the addresses you used, they will not work and I would expect them to
    give you all sorts of grief at some point or another.
    what i want to do is set default gw on centosv0 to centosv1
    I take it "centosv0" and "centosv1" are configured for ipv6 forwarding?
    You didn't provide the information on that. There are some gotcha's in
    there with default routing on a router (basically there is no such
    thing) and the router needs to be set up properly for both routing and
    its routes. But I don't think that's your problem you're describing
    down below.
    i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0) as this
    DEVICE="eth2"
    BOOTPROTO=static
    HWADDR="60:A4:4C:23:2F:6F"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
    IPV6INIT=yes
    IPV6ADDR=1:2:3::4
    ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128).
    IPV6_DEFAULTGW=1:2:3::5
    ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network
    (/128)
    and i also configure /etc/sysconfig/network to this:
    NETWORKING=yes
    HOSTNAME=centosv0
    NETWORKING_IPV6=yes
    IPV6_AUTOCONF=no
    For forwarding...

    In that file you're also going to need:

    IPV6FORWARDING=yes

    You may also need to add lines to /etc/sysctl.conf (I've needed in the
    past on Fedora):

    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.default.forwarding = 1

    But those aren't your problem with this...
    but i met an error:
    Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error
    I'm not totally sure if this is because you didn't specify a prefix
    length on your IPV6ADDR line or the fact that it then conflicted with
    your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it
    was because you choose and illegal IPv6 prefix or if it was a
    combination of all of them. The "WARN: [ipv6_add_route] Unknown error"
    makes me suspicious because your default gatway conflicts with your
    interface network definition (because you didn't specify the prefix size
    and it defaulted to /128) and the kernel has no way to route it out any
    interface. IAC... You won't be able to use a default route on a router
    anyways (more below).
    i do not know how why,and can some one gives me some suggestion?
    thanks a lot.
    If those were literally the addresses you used, It may be an address
    that's in an illegal scope.
    i test those ipv6 address on ubuntu 12.04, and it is ok. But now, we
    should change system to Centos 6.3.
    And i add all the stuff that i miss. One machine is configured like this:

    [root at centosv0 sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
    DEVICE="eth2"
    BOOTPROTO=static
    HWADDR="60:A4:4C:23:2F:6F"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
    IPV6INIT=yes
    IPV6ADDR=1:2:3::4/64
    IPV6_DEFAULTGW=1:2:3::5/64
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^ You do NOT need the /64 on this line.

    and add the below to /etc/sysctl.conf
    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.default.forwarding = 1
    and through /proc i can see this

    [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/default/forwarding
    1
    [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/all/forwarding
    1
    and through command ifconfig i can see this
    eth1 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6E
    inet6 addr: 1:2:3:4::1/64 Scope:Global --->
    subnet
    inet6 addr: fe80::62a4:4cff:fe23:2f6e/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 b) TX bytes:2028 (1.9 KiB)
    Interrupt:17 Memory:dc300000-dc320000
    eth2 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6F
    inet6 addr: 1:2:3::4/64 Scope:Global
    ----> connected by straight-through cable
    inet6 addr: fe80::62a4:4cff:fe23:2f6f/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:3 errors:0 dropped:0 overruns:0 frame:0
    TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:210 (210.0 b) TX bytes:2028 (1.9 KiB)
    Interrupt:18 Memory:dc200000-dc220000
    eth3 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:70
    inet addr:192.168.5.211 Bcast:192.168.5.255 Mask:255.255.255.0
    ----> used by my ssh
    inet6 addr: fe80::62a4:4cff:fe23:2f70/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:3008 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:291006 (284.1 KiB) TX bytes:154231 (150.6 KiB)
    Interrupt:19 Memory:dc100000-dc120000
    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
    but when restart the network, i also get this error
    Shutting down interface eth1: [ OK ]
    Shutting down interface eth2: [ OK ]
    Shutting down interface eth3: [ OK ]
    Shutting down loopback interface: [ OK ]
    Bringing up loopback interface: [ OK ]
    Bringing up interface eth1: [ OK ]
    Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error

    This time, it would be my guess that it's because you added the /64 to
    your gateway address, but the default gateway is not going to work on a
    router anyways.

    [ OK ]
    Bringing up interface eth3: [ OK ]

    As you said that the ipv6 address is in illegal scope and can not goto
    global net,
    I use those ipv6 address for a private use, and i test them ok on ubuntu
    12.04.

    You are, none the less, not suppose to use addresses in that block for
    ANYTHING. The fc00::/7 block is intended for what you want to do. Even
    if they happen to work, they are not guaranteed to work and may cause
    other problems (like reverse DNS lookup traffic).

    Must i change ipv6 address to some thing like 2000::/3, even i just want to
    use ipv6 for private?

    No, you should change them to FC00:/7 for private use. That's what that
    block was allocated for. Use it. Don't just dream up stuff.


    You will need static routes on each of your two routers for your two client routes.


    For example. If your networks are allocated as follows...


    fd00:1:1:1::/64 <-> Router 1 <-> fd00:1:1:2::/64 <-> Router 2 <-> fd00:1:1:3::/64


    Then, on router 1 you need a static route:


    fd00:1:1:3::/64 via fd00:1:1:2::{Router 2 address}


    And on router 2 you need a static route:


    fd00:1:1:1::/64 via fd00:1:1:2::{Router 1 Address}


    I generally stuff static routes either
    in /etc/sysconfig/static-routes-ipv6 but I'm not sure how well that
    works with NetworkManager since the FIRST thing I do is disable
    NetworkManager on a router.

    IPv6 does not behave quite like IPv4 does
    and you need to know what some of these blocks of addresses do and what
    their scope is.

    "Local" IPv6 unicast addresses begin with the prefix fc00::/7 and there
    are recommended procedures for assigning subnets out of them and
    choosing network prefixes...

    http://www.ietf.org/rfc/rfc4193.txt

    Those may be routed between your machines but may not be routed on the
    global net either as a source or destination address. Your machines
    should also be given "link local" addresses which are valid only on that
    network segment. They're in the fe80::/64 prefix.

    Global addresses are in the 2000::/3 block. If you are using a Linux
    system as an IPv6 router, the kernel is going to disable the default
    route (::/0), preventing non-global addresses from routing. You'll have
    to add appropriate routes for all your "local" (fc00::/7) subnets and
    also provide a global unicast default route using 2000::/3 on the
    routers.

    Don't try to do your setup above with the two routers pointing default
    routes at each other. Point specific static routes for each subnet
    behind each respective opposite router.
    But the specific static routes are not connect directly, the peers are
    connected by straight-through cable in eth2
    client c <--> cetnosv0 eth1 <--> centosv0 eth2 <=====> centosv1 eth2 <-->
    centosv1 eth1 <--> client d

    ___
    here are connected by straight-through cable

    You'll still need static routes on the routers on each side of that
    "straight-through cable" to point across the cable for the routing of
    the network on the other side of the cable and opposite router.


    Don't try and cross default routes pointing at each other router.
    That's highly unreliable and prone to routing loops in IPv4 and flat out
    will not work in IPv6 due to default routing being disabled in Linux for
    IPv6 when IPv6 forwarding is enabled.

    Wikipedia has a rundown on the various address blocks and formats:

    http://en.wikipedia.org/wiki/IPv6_address

    Local addresses in particular are described here:

    http://en.wikipedia.org/wiki/Unique_local_address

    Anything in 1::/16 (if that's what you're doing) is going to be illegal
    afaik as it's not in an assigned block and scope. It should reject it
    as being unroutable or having a non-valid scope.

    Certain addresses below 2000::/3 are used for compatibility purposes.

    ::a.b.c.d use to be an IPv4 compatibility address but is largely
    deprecated.

    ::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications
    running in a dual stack environment where they see IPv4 addresses as
    IPv6 addresses in the ::ffff:0:0/112 block. All those addresses are for
    internal use and are seriously hands off.

    You can not treat IPv6 arbitrarily as if it were IPv4 with fat
    addresses. If you need to learn more about IPv6 and how it works, you
    probably might want to start looking at Hurricane Electric aka
    Tunnelbroker.net, http://www.tunnelbroker.net . They have some very
    good IPv6 interactive tutorials there for free and are very quick for
    the basic stuff. The first few exercise could be very helpful to you.
    If you follow it all the way through, you will find yourself learning
    how to set up DNS properly for IPv6 and registering your own IPv6 glue
    records with your registrars.

    Now, if I'm off base here and you were merely obfuscating your real
    addresses, I would recommend obfuscating them with fc00: instead of 1:
    and those would be valid example addresses. You could use
    fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and
    fc00:1:1:3::/64 for yet another. Read that RFC for recommendations on
    what you really should chose (generally a random number for
    fdxx:xxxx:xxxx::/48 before your SLA). Since you've got 2 routers,
    you'll need three network prefixes, which I see you have. Generally,
    you'll want to manipulate that fourth field as your SLA (Site Local
    Address) which is IPv6 lingo for your subnet address.

    Replace the leading "1:" in each of those nets with "fdxx:", add your
    appropriate subnets, add your appropriate prefix lengths to those static
    address, and add appropriate static routes, and you might get further
    along the road.

    Regards,
    Mike
    Best Regards,
    jaze

    Regards,
    Mike
    --
    Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
    /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
    NIC whois: MHW9 | An optimist believes we live in the best of all
    PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!


    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: not available
    Type: application/pgp-signature
    Size: 482 bytes
    Desc: This is a digitally signed message part
    Url : http://lists.centos.org/pipermail/centos/attachments/20130411/d64f6d1e/attachment.bin
  • Jaze Lee at Apr 12, 2013 at 3:38 am
    2013/4/12 Michael H. Warfield <mhw@wittsend.com>

    On Fri, 2013-04-12 at 09:28 +0800, Jaze Lee wrote:
    2013/4/12 Michael H. Warfield <mhw@wittsend.com>
    Hello,

    I may be totally off base here but...
    On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote:
    hello,
    i met a problem in configuratiion of ipv6 gw in my box
    i install centos 6.3 (64 bit) on my boxs, which have four netcard.
    i use a straight-through cable to connect centosv0:netcard-2 and
    centosv1:netcard2
    the topology is this:
    client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2
    <--->
    centosv1:netcard-2 <---->centosv1:netcard-2 <---> client d
    (backtrack r2
    32)
    1:2:3:4::2/64 1:2:3:4::1/64
    1:2:3::4/64
    1:2:3::5/64 1:2:3:5::1/64
    1:2:3:5::2/64
    Surely, I hope you jest with those numbers. You are not allowed to
    pick
    numbers out of the air and just use them, even if it's for private use.
    There are specific blocks of addresses for specific uses and assigned
    "scopes" and all the "private use" addresses are in blocks very high up
    in the address space beginning with fc or fd. If those are literally
    the addresses you used, they will not work and I would expect them to
    give you all sorts of grief at some point or another.
    what i want to do is set default gw on centosv0 to centosv1
    I take it "centosv0" and "centosv1" are configured for ipv6
    forwarding?
    You didn't provide the information on that. There are some gotcha's in
    there with default routing on a router (basically there is no such
    thing) and the router needs to be set up properly for both routing and
    its routes. But I don't think that's your problem you're describing
    down below.
    i configure /etc/sysconfig/network-scripts/ifconfig-eth2 (centosv0)
    as
    this
    DEVICE="eth2"
    BOOTPROTO=static
    HWADDR="60:A4:4C:23:2F:6F"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
    IPV6INIT=yes
    IPV6ADDR=1:2:3::4
    ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128).
    IPV6_DEFAULTGW=1:2:3::5
    ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network
    (/128)
    and i also configure /etc/sysconfig/network to this:
    NETWORKING=yes
    HOSTNAME=centosv0
    NETWORKING_IPV6=yes
    IPV6_AUTOCONF=no
    For forwarding...

    In that file you're also going to need:

    IPV6FORWARDING=yes

    You may also need to add lines to /etc/sysctl.conf (I've needed in the
    past on Fedora):

    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.default.forwarding = 1

    But those aren't your problem with this...
    but i met an error:
    Bringing up interface eth2: WARN : [ipv6_add_route] Unknown
    error
    I'm not totally sure if this is because you didn't specify a prefix
    length on your IPV6ADDR line or the fact that it then conflicted with
    your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it
    was because you choose and illegal IPv6 prefix or if it was a
    combination of all of them. The "WARN: [ipv6_add_route] Unknown error"
    makes me suspicious because your default gatway conflicts with your
    interface network definition (because you didn't specify the prefix
    size
    and it defaulted to /128) and the kernel has no way to route it out any
    interface. IAC... You won't be able to use a default route on a
    router
    anyways (more below).
    i do not know how why,and can some one gives me some suggestion?
    thanks a lot.
    If those were literally the addresses you used, It may be an address
    that's in an illegal scope.
    i test those ipv6 address on ubuntu 12.04, and it is ok. But now, we
    should change system to Centos 6.3.
    And i add all the stuff that i miss. One machine is configured like this:
    [root at centosv0 sysconfig]# cat
    /etc/sysconfig/network-scripts/ifcfg-eth2
    DEVICE="eth2"
    BOOTPROTO=static
    HWADDR="60:A4:4C:23:2F:6F"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
    IPV6INIT=yes
    IPV6ADDR=1:2:3::4/64
    IPV6_DEFAULTGW=1:2:3::5/64
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^ You do NOT need the /64 on this line.
    and add the below to /etc/sysctl.conf
    net.ipv6.conf.all.forwarding = 1
    net.ipv6.conf.default.forwarding = 1
    and through /proc i can see this

    [root at centosv0 sysconfig]# cat
    /proc/sys/net/ipv6/conf/default/forwarding
    1
    [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/all/forwarding
    1
    and through command ifconfig i can see this
    eth1 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6E
    inet6 addr: 1:2:3:4::1/64 Scope:Global --->
    subnet
    inet6 addr: fe80::62a4:4cff:fe23:2f6e/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 b) TX bytes:2028 (1.9 KiB)
    Interrupt:17 Memory:dc300000-dc320000
    eth2 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:6F
    inet6 addr: 1:2:3::4/64 Scope:Global
    ----> connected by straight-through cable
    inet6 addr: fe80::62a4:4cff:fe23:2f6f/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:3 errors:0 dropped:0 overruns:0 frame:0
    TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:210 (210.0 b) TX bytes:2028 (1.9 KiB)
    Interrupt:18 Memory:dc200000-dc220000
    eth3 Link encap:Ethernet HWaddr 60:A4:4C:23:2F:70
    inet addr:192.168.5.211 Bcast:192.168.5.255
    Mask:255.255.255.0
    ----> used by my ssh
    inet6 addr: fe80::62a4:4cff:fe23:2f70/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:3008 errors:0 dropped:0 overruns:0 frame:0
    TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:291006 (284.1 KiB) TX bytes:154231 (150.6 KiB)
    Interrupt:19 Memory:dc100000-dc120000
    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:16436 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
    but when restart the network, i also get this error
    Shutting down interface eth1: [ OK ]
    Shutting down interface eth2: [ OK ]
    Shutting down interface eth3: [ OK ]
    Shutting down loopback interface: [ OK ]
    Bringing up loopback interface: [ OK ]
    Bringing up interface eth1: [ OK ]
    Bringing up interface eth2: WARN : [ipv6_add_route] Unknown error
    This time, it would be my guess that it's because you added the /64 to
    your gateway address, but the default gateway is not going to work on a
    router anyways.




    [ OK ]
    Bringing up interface eth3: [ OK ]

    As you said that the ipv6 address is in illegal scope and can not goto
    global net,
    I use those ipv6 address for a private use, and i test them ok on ubuntu
    12.04.
    You are, none the less, not suppose to use addresses in that block for
    ANYTHING. The fc00::/7 block is intended for what you want to do. Even
    if they happen to work, they are not guaranteed to work and may cause
    other problems (like reverse DNS lookup traffic).

    Currently, i just use those ipv6 address to set up my testing
    environment. One day
    they will be replaced by global ipv6 address. And i do not have any
    global ipv6 address right now,
    i have to use some thing like 1:2:3::4. They truely work on ubuntu
    12.04, so i think they should work on
    centos. But now, i realize i am wrong, what about i change the
    1:2:3:4/64 to fc:2:3::4/64 ?
    Is that ok?





    Must i change ipv6 address to some thing like 2000::/3, even i just want to
    use ipv6 for private?
    No, you should change them to FC00:/7 for private use. That's what that
    block was allocated for. Use it. Don't just dream up stuff.

    You will need static routes on each of your two routers for your two
    client routes.

    I change ipv6 address to this:


    DEVICE="eth2" ---------------------------------> in centosv0
    BOOTPROTO="static"
    HWADDR="60:A4:4C:23:2F:4F"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="97d250ea-74db-47ae-bd8c-6682f57f9add"
    IPV6INIT=yes
    IPV6ADDR=fc00:2:3::5/64
    IPV6_DEFAULTGW=fc00:2:3::4


    DEVICE="eth1" -------------------------------------> in centosv0
    BOOTPROTO="static"
    HWADDR="60:A4:4C:23:2F:4E"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="f7f020e9-36a4-4f55-9ed2-81acc2dbd92f"
    IPV6INIT=yes
    IPV6ADDR=fc00:2:3:5::1/64


    DEVICE="eth1" -----------------------------------> in centosv1
    BOOTPROTO="static"
    HWADDR="60:A4:4C:23:2F:6E"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="3597af05-199b-4eef-9a24-610c2872f313"
    IPV6INIT=yes
    IPV6ADDR=fc00:2:3:4::1/64


    DEVICE="eth2" -----------------------------------> in centosv1
    BOOTPROTO=static
    HWADDR="60:A4:4C:23:2F:6F"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
    IPV6INIT=yes
    IPV6ADDR=fc00:2:3::4/64
    IPV6_DEFAULTGW=fc00:2:3::5


    and restart the network:
    [root at centosv0 network-scripts]# /etc/init.d/network restart
    Shutting down interface eth1: [ OK ]
    Shutting down interface eth2: [ OK ]
    Shutting down interface eth3: [ OK ]
    Shutting down loopback interface: [ OK ]
    Bringing up loopback interface: [ OK ]
    Bringing up interface eth1: [ OK ]
    Bringing up interface eth2: [ OK ]
    Bringing up interface eth3: [ OK ]


    It work now, thanks a lot, lot, lot....


    Now, why ubuntu 12.04 and centos 6.3 are so different?
    Is that because ubunutu 12.04 uses 3.5 kernel, and centos uses 2.6.32 ?


    All in all, this problem is settled.
    Thanks, you are a greate man :)







    For example. If your networks are allocated as follows...

    fd00:1:1:1::/64 <-> Router 1 <-> fd00:1:1:2::/64 <-> Router 2 <->
    fd00:1:1:3::/64

    Then, on router 1 you need a static route:

    fd00:1:1:3::/64 via fd00:1:1:2::{Router 2 address}

    And on router 2 you need a static route:

    fd00:1:1:1::/64 via fd00:1:1:2::{Router 1 Address}

    I generally stuff static routes either
    in /etc/sysconfig/static-routes-ipv6 but I'm not sure how well that
    works with NetworkManager since the FIRST thing I do is disable
    NetworkManager on a router.
    IPv6 does not behave quite like IPv4 does
    and you need to know what some of these blocks of addresses do and what
    their scope is.

    "Local" IPv6 unicast addresses begin with the prefix fc00::/7 and there
    are recommended procedures for assigning subnets out of them and
    choosing network prefixes...

    http://www.ietf.org/rfc/rfc4193.txt

    Those may be routed between your machines but may not be routed on the
    global net either as a source or destination address. Your machines
    should also be given "link local" addresses which are valid only on
    that
    network segment. They're in the fe80::/64 prefix.

    Global addresses are in the 2000::/3 block. If you are using a Linux
    system as an IPv6 router, the kernel is going to disable the default
    route (::/0), preventing non-global addresses from routing. You'll
    have
    to add appropriate routes for all your "local" (fc00::/7) subnets and
    also provide a global unicast default route using 2000::/3 on the
    routers.

    Don't try to do your setup above with the two routers pointing default
    routes at each other. Point specific static routes for each subnet
    behind each respective opposite router.
    But the specific static routes are not connect directly, the peers are
    connected by straight-through cable in eth2
    client c <--> cetnosv0 eth1 <--> centosv0 eth2 <=====> centosv1 eth2 <-->
    centosv1 eth1 <--> client d

    ___
    here are connected by straight-through cable
    You'll still need static routes on the routers on each side of that
    "straight-through cable" to point across the cable for the routing of
    the network on the other side of the cable and opposite router.

    Don't try and cross default routes pointing at each other router.
    That's highly unreliable and prone to routing loops in IPv4 and flat out
    will not work in IPv6 due to default routing being disabled in Linux for
    IPv6 when IPv6 forwarding is enabled.
    Wikipedia has a rundown on the various address blocks and formats:

    http://en.wikipedia.org/wiki/IPv6_address

    Local addresses in particular are described here:

    http://en.wikipedia.org/wiki/Unique_local_address

    Anything in 1::/16 (if that's what you're doing) is going to be illegal
    afaik as it's not in an assigned block and scope. It should reject it
    as being unroutable or having a non-valid scope.

    Certain addresses below 2000::/3 are used for compatibility purposes.

    ::a.b.c.d use to be an IPv4 compatibility address but is largely
    deprecated.

    ::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications
    running in a dual stack environment where they see IPv4 addresses as
    IPv6 addresses in the ::ffff:0:0/112 block. All those addresses are
    for
    internal use and are seriously hands off.

    You can not treat IPv6 arbitrarily as if it were IPv4 with fat
    addresses. If you need to learn more about IPv6 and how it works, you
    probably might want to start looking at Hurricane Electric aka
    Tunnelbroker.net, http://www.tunnelbroker.net . They have some very
    good IPv6 interactive tutorials there for free and are very quick for
    the basic stuff. The first few exercise could be very helpful to you.
    If you follow it all the way through, you will find yourself learning
    how to set up DNS properly for IPv6 and registering your own IPv6 glue
    records with your registrars.

    Now, if I'm off base here and you were merely obfuscating your real
    addresses, I would recommend obfuscating them with fc00: instead of 1:
    and those would be valid example addresses. You could use
    fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and
    fc00:1:1:3::/64 for yet another. Read that RFC for recommendations on
    what you really should chose (generally a random number for
    fdxx:xxxx:xxxx::/48 before your SLA). Since you've got 2 routers,
    you'll need three network prefixes, which I see you have. Generally,
    you'll want to manipulate that fourth field as your SLA (Site Local
    Address) which is IPv6 lingo for your subnet address.

    Replace the leading "1:" in each of those nets with "fdxx:", add your
    appropriate subnets, add your appropriate prefix lengths to those
    static
    address, and add appropriate static routes, and you might get further
    along the road.

    Regards,
    Mike
    Best Regards,
    jaze
    Regards,
    Mike
    --
    Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
    /\/\|=mhw=|\/\/ | (678) 463-0932 |
    http://www.wittsend.com/mhw/
    NIC whois: MHW9 | An optimist believes we live in the best of
    all
    PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!


    _______________________________________________
    CentOS mailing list
    CentOS at centos.org
    http://lists.centos.org/mailman/listinfo/centos
    Best Regards
  • Michael H. Warfield at Apr 13, 2013 at 5:24 pm

    On Fri, 2013-04-12 at 11:38 +0800, Jaze Lee wrote:
    2013/4/12 Michael H. Warfield <mhw@wittsend.com>

    Big snip...

    You are, none the less, not suppose to use addresses in that block for
    ANYTHING. The fc00::/7 block is intended for what you want to do. Even
    if they happen to work, they are not guaranteed to work and may cause
    other problems (like reverse DNS lookup traffic).
    Currently, i just use those ipv6 address to set up my testing
    environment. One day
    they will be replaced by global ipv6 address. And i do not have any
    global ipv6 address right now,
    i have to use some thing like 1:2:3::4. They truely work on ubuntu
    12.04, so i think they should work on
    centos.

    That last statement is incorrect. Just because they work on Ubuntu
    doesn't guarantee they will work on CentOS, Scientific Linux, Fedora, or
    Redhat Enterprise, if they do not adhere to the proper standards. You
    are in an area that should be considered "undefined behavior" where it
    might work or it might not but, if it doesn't, it's your fault not that
    of the system. Although, in this case, this seems to have been more of
    a configuration error/confusion issue between how the systems are
    configured.

    But now, i realize i am wrong, what about i change the
    1:2:3:4/64 to fc:2:3::4/64 ?
    Is that ok?

    No. Strictly speaking, it should be fc00:2:3::4/64. The prefix for
    local unicast is fc00:: or fd00::, not fc::. It's fc00 not fc.

    Must i change ipv6 address to some thing like 2000::/3, even i just want to
    use ipv6 for private?
    No, you should change them to FC00:/7 for private use. That's what that
    block was allocated for. Use it. Don't just dream up stuff.

    You will need static routes on each of your two routers for your two
    client routes.
    I change ipv6 address to this:
    DEVICE="eth2" ---------------------------------> in centosv0
    BOOTPROTO="static"
    HWADDR="60:A4:4C:23:2F:4F"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="97d250ea-74db-47ae-bd8c-6682f57f9add"
    IPV6INIT=yes
    IPV6ADDR=fc00:2:3::5/64
    IPV6_DEFAULTGW=fc00:2:3::4
    DEVICE="eth1" -------------------------------------> in centosv0
    BOOTPROTO="static"
    HWADDR="60:A4:4C:23:2F:4E"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="f7f020e9-36a4-4f55-9ed2-81acc2dbd92f"
    IPV6INIT=yes
    IPV6ADDR=fc00:2:3:5::1/64
    DEVICE="eth1" -----------------------------------> in centosv1
    BOOTPROTO="static"
    HWADDR="60:A4:4C:23:2F:6E"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="3597af05-199b-4eef-9a24-610c2872f313"
    IPV6INIT=yes
    IPV6ADDR=fc00:2:3:4::1/64
    DEVICE="eth2" -----------------------------------> in centosv1
    BOOTPROTO=static
    HWADDR="60:A4:4C:23:2F:6F"
    NM_CONTROLLED="yes"
    ONBOOT="yes"
    TYPE="Ethernet"
    #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
    IPV6INIT=yes
    IPV6ADDR=fc00:2:3::4/64
    IPV6_DEFAULTGW=fc00:2:3::5
    and restart the network:
    [root at centosv0 network-scripts]# /etc/init.d/network restart
    Shutting down interface eth1: [ OK ]
    Shutting down interface eth2: [ OK ]
    Shutting down interface eth3: [ OK ]
    Shutting down loopback interface: [ OK ]
    Bringing up loopback interface: [ OK ]
    Bringing up interface eth1: [ OK ]
    Bringing up interface eth2: [ OK ]
    Bringing up interface eth3: [ OK ]
    It work now, thanks a lot, lot, lot....

    Great! Good to see you've made progress!

    Now, why ubuntu 12.04 and centos 6.3 are so different?
    Is that because ubunutu 12.04 uses 3.5 kernel, and centos uses 2.6.32 ?

    No. Actually I suspect it's more in the supporting scripts and
    infrastructure. The RedHat base distros (RH, Fedora, CentOS, SL, NST,
    etc) and the Debian based distros (Ubuntu, Knoppix, Backtrack, etc) have
    based their network support on different paradigms (and is probably the
    PRIMARY reason why I dislike Debian, Knoppix and Ubuntu in their network
    code).


    Historically, the RH based system is (VERY) loosely based on some of the
    ideas that evolved out of the AT&T SYSV system with separate
    configuration files, the classical init scripts are still referred to as
    the sysv-init stuff, and what not. NetworkManager aka NetworkMangler
    and systemd are throwing all that for a loop lately with some
    improvements and some abject debacles.


    OTOH, Debian was more in-line with the BSD (Berkeley Software
    Distribution) philosophy and their network interfaces and a common init
    configuration file.


    The RH derivative scripts for IPv6 support are largely based on the work
    of Peter Bieringer in the ipv6init scripts (to which I had some minor
    input and contributions). I honestly don't know what Debian / Ubuntu is
    using but there are some very significant deviations in behavior and
    filtering in that arena. It's not at all just a kernel issue.


    I've done some "internal" distributions based on both paradigms (one
    based on Knoppix and one based on NST - Network Security ToolKit) plus
    contributions to several others. If you are in a well defined region
    (IOW - assigned addresses and network topology, etc) everything will
    (should) work consistently between the two paradigms (it's just that
    translating configurations between the two is a bugger), because the
    conditions are defined and have defined behaviors. When you are in a
    "gray area" or and undefined area where you are not adhering to the well
    established best common practices, standards and assignments - all bets
    are off - you pays your nickel and you takes your chance, and you get
    the blame for free. It may well work on one distribution (and I may
    argue that's that bug in that distribution in allowing it) and not in
    another. I would not be surprised at all by the behavior you have
    experienced there.

    All in all, this problem is settled.

    This, I'm very glad to hear it. Go through that Hurricane Electric
    stuff. You'll find it useful as you learn more about IPv6.

    Thanks, you are a greate man :)

    Thanks. I do try to help, even though I often come across as abrasive
    and dogmatic.


    Regards,
    Mike
    --
    Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
    /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
    NIC whois: MHW9 | An optimist believes we live in the best of all
    PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
    -------------- next part --------------
    A non-text attachment was scrubbed...
    Name: not available
    Type: application/pgp-signature
    Size: 482 bytes
    Desc: This is a digitally signed message part
    Url : http://lists.centos.org/pipermail/centos/attachments/20130413/da5bd1bc/attachment.bin

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupcentos @
categoriescentos
postedApr 11, '13 at 10:06a
activeApr 13, '13 at 5:24p
posts7
users2
websitecentos.org
irc#centos

2 users in discussion

Michael H. Warfield: 4 posts Jaze Lee: 3 posts

People

Translate

site design / logo © 2022 Grokbase