mirror of https://github.com/tLDP/LDP
extend address resolution chapter, add information about address selection
This commit is contained in:
parent
96d6e1b69b
commit
6613be5484
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Binary file not shown.
|
@ -14,7 +14,7 @@
|
||||||
<title>Linux IPv6 HOWTO (de)</title>
|
<title>Linux IPv6 HOWTO (de)</title>
|
||||||
<author><firstname>Peter</firstname><surname>Bieringer</surname><affiliation><address>pb at bieringer dot de</address></affiliation></author>
|
<author><firstname>Peter</firstname><surname>Bieringer</surname><affiliation><address>pb at bieringer dot de</address></affiliation></author>
|
||||||
<revhistory>
|
<revhistory>
|
||||||
<revision> <revnumber>0.66wip.de.1</revnumber> <date>2014-05-10</date> <authorinitials>PB</authorinitials></revision>
|
<revision> <revnumber>0.66wip.de.1</revnumber> <date>2014-05-13</date> <authorinitials>PB</authorinitials></revision>
|
||||||
<revision> <revnumber>0.65.de.1</revnumber> <date>2009-12-13</date> <authorinitials>PB</authorinitials></revision>
|
<revision> <revnumber>0.65.de.1</revnumber> <date>2009-12-13</date> <authorinitials>PB</authorinitials></revision>
|
||||||
<revision> <revnumber>0.64.de.1</revnumber> <date>2009-06-11</date> <authorinitials>PB</authorinitials></revision>
|
<revision> <revnumber>0.64.de.1</revnumber> <date>2009-06-11</date> <authorinitials>PB</authorinitials></revision>
|
||||||
<revision> <revnumber>0.61.de.1</revnumber> <date>2007-10-06</date> <authorinitials>PB</authorinitials></revision>
|
<revision> <revnumber>0.61.de.1</revnumber> <date>2007-10-06</date> <authorinitials>PB</authorinitials></revision>
|
||||||
|
@ -1384,11 +1384,107 @@ FRAG6: inuse 0 memory 0
|
||||||
<title><!-- anchor id="netlink" -->Netlink-Interface zum Kernel</title>
|
<title><!-- anchor id="netlink" -->Netlink-Interface zum Kernel</title>
|
||||||
<para>Mehr Infos hierzu in späteren Versionen... der Autor hat hiermit keine Erfahrung...</para></chapter><chapter id='resolver' >
|
<para>Mehr Infos hierzu in späteren Versionen... der Autor hat hiermit keine Erfahrung...</para></chapter><chapter id='resolver' >
|
||||||
<title><!-- anchor id="resolver" -->Adress-Auflösung</title>
|
<title><!-- anchor id="resolver" -->Adress-Auflösung</title>
|
||||||
<para>Die Auflösung von Namen zu einer IPv4- bzw. IPv6-Adresse wird üblicherweise durch die Benutzung einer libc resolver Bibliothek durchgeführt. Es sind einige Seltsamkeiten bekannt bei der Nutzung der Funktion <emphasis>getaddrinfo</emphasis>.</para>
|
|
||||||
<para>Mehr Information kann dazu aktuell gefunden werden unter <ulink url="http://www.bieringer.de/linux/IPv6/getaddrinfo/">Linux & IPv6: getaddrinfo and search domains - Research</ulink> and <ulink url="http://people.redhat.com/drepper/linux-rfc3484.html">RFC 3484 on Linux</ulink>.</para>
|
|
||||||
<para>
|
<para>
|
||||||
</para>
|
</para>
|
||||||
<para>Mehr Infos hierzu in späteren Versionen...</para></chapter><chapter id='network-debugging' >
|
<para>Zusätzliche Informationen sind hier zu finden</para><itemizedlist>
|
||||||
|
<listitem><para><ulink url="http://www.bieringer.de/linux/IPv6/getaddrinfo/">Linux & IPv6: getaddrinfo and search domains - Research</ulink></para></listitem><listitem><para><ulink url="http://people.redhat.com/drepper/linux-rfc3484.html">RFC 3484 on Linux</ulink> </para></listitem><listitem><para>Karl Auer's Blog: <ulink url="http://biplane.com.au/blog/?p=30">Controlling IPv6 source address selection</ulink> , <ulink url="http://biplane.com.au/blog/?p=22">IPv6 Source Address Selection - what, why, how</ulink></para></listitem><listitem><para>Into6: <ulink url="http://into6.com.au/?p=288">/etc/gai.conf - it ain't what you think it is</ulink></para></listitem></itemizedlist><bridgehead renderas="sect1">Address-Auflösung & Ziel-Adressen-Auswahl</bridgehead>
|
||||||
|
<para>Die Auflösung von Namen zu einer IPv4- bzw. IPv6-Adresse wird üblicherweise durch die Benutzung einer libc resolver Bibliothek durchgeführt. Dazu wird normalerweise die Funktion <emphasis>getaddrinfo</emphasis> benutzt. Im Fall, dass mehr als eine IPv6-Adresse zurückgegeben wird, soll nach <ulink url="http://www.faqs.org/rfcs/rfc3484.html">RFC 3484 / Default Address Selection for Internet Protocol version 6</ulink> eine Sortierung angewandt werden, die optional auch konfiguriert werden kann.</para>
|
||||||
|
<para>Die “Magie” ist durch die Datei /etc/gai.conf konfigurierbar (welche fehlt oder leer ist, solange Standardwerte gelten sollen). Die vorgegebene Sortierung ist üblicherweise in der Dokumentation (z.B. /usr/share/doc/glibc-common/gai.conf) oder im Manual “man gai.conf” zu sehen.</para>
|
||||||
|
<para>Für die Kontrolle der Sortierung via benutzerdefinierter Konfiguration ist für Tests folgendes notwendig:</para><itemizedlist>
|
||||||
|
<listitem><para>Ein Hostname im DNS, der mehr als eine IPv6-Adresse zurückgibt, z.B.</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[$ dig +short aaaa st1.bieringer.de
|
||||||
|
2001:4dd0:ff00:834::2
|
||||||
|
2a01:238:423d:8800:85b3:9e6b:3019:8909
|
||||||
|
]]></screen><itemizedlist>
|
||||||
|
<listitem><para>Lookup via DNS (mit /etc/hosts klappt es nicht)</para></listitem><listitem><para>/etc/gai.conf mit einer passenden Konfiguration, e.g.</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[precedence ::1/128 50 # default
|
||||||
|
precedence ::/0 40 # default
|
||||||
|
precedence 2002::/16 30 # default
|
||||||
|
precedence ::/96 20 # default
|
||||||
|
precedence ::ffff:0:0/96 10 # default
|
||||||
|
precedence 2001:4dd0:ff00:834::/64 80 # dst-A
|
||||||
|
precedence 2a01:238:423d:8800::/64 90 # dst-B
|
||||||
|
]]></screen><itemizedlist>
|
||||||
|
<listitem><para>Für Tests kann dann ein Telnet-Client benutzt werden:</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[$ telnet st1.bieringer.de
|
||||||
|
Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B)
|
||||||
|
...
|
||||||
|
Trying 2001:4dd0:ff00:834::2... (dst-A)
|
||||||
|
...
|
||||||
|
]]></screen><itemizedlist>
|
||||||
|
<listitem><para>Wenn nun die precedence geändert wird in der Konfiguration:</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[precedence 2001:4dd0:ff00:834::/64 90 # dst-A ex 80
|
||||||
|
precedence 2a01:238:423d:8800::/64 80 # dst-B ex 90
|
||||||
|
]]></screen><itemizedlist>
|
||||||
|
<listitem><para>Dann ändert sich die Reihenfolge entsprechend</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[$ telnet st1.bieringer.de
|
||||||
|
Trying 2001:4dd0:ff00:834::2... (dst-A)
|
||||||
|
...
|
||||||
|
Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B)
|
||||||
|
...
|
||||||
|
]]></screen><bridgehead renderas="sect1">Quell-Addressen-Auswahl</bridgehead>
|
||||||
|
<para>Source address selection in Linux wird automatisch vom Kernel vorgenommen, üblicherweise abhängig von den Routing-Tabellen und unter der Vorgabe, den Scope einer Adresse beizubehalten.</para>
|
||||||
|
<bridgehead renderas="sect2">Quell-Adressen-Auswahl mit “ip addrlabel”</bridgehead>
|
||||||
|
<para>Mit einer Erweiterung der internen “ip addrlabel” Tabelle kann eine Quell-Adresse zu einer Ziel-Adresse gebunden werden. Bindung wird hier durch die Angabe des gleichen Labels (einer Nummer) konfiguriert.</para><itemizedlist>
|
||||||
|
<listitem><para>Standard von “ip addrlabel” (hier von CentOS 6):</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[# ip addrlabel
|
||||||
|
prefix ::1/128 label 0
|
||||||
|
prefix ::/96 label 3
|
||||||
|
prefix ::ffff:0.0.0.0/96 label 4
|
||||||
|
prefix 2001::/32 label 6
|
||||||
|
prefix 2001:10::/28 label 7
|
||||||
|
prefix 2002::/16 label 2
|
||||||
|
prefix fc00::/7 label 5
|
||||||
|
prefix ::/0 label 1
|
||||||
|
]]></screen><itemizedlist>
|
||||||
|
<listitem><para>Das System ist multihomed (hier an einem Interface), der Router verteilt 2 Präfixe mit Hilfe von radvd:</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[# ip -6 addr show dev eth1 | grep -w inet6 |grep -w global
|
||||||
|
inet6 2001:6f8:12d8:2:5054:ff:fefb:6582/64 scope global dynamic (src-A)
|
||||||
|
inet6 2001:6f8:900:8cbc:5054:ff:fefb:6582/64 scope global dynamic (src-B)
|
||||||
|
]]></screen><itemizedlist>
|
||||||
|
<listitem><para>Eine Verbindung zum Server zeigt nun:</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[$ telnet st1.bieringer.de
|
||||||
|
Trying 2001:4dd0:ff00:834::2... (dst-A)
|
||||||
|
...
|
||||||
|
Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B)
|
||||||
|
...
|
||||||
|
]]></screen><itemizedlist>
|
||||||
|
<listitem><para>Ein tcpdump mit filter “tcp and dst port 23” zeigt nur die Benutzung der oberen lokalen Quell-IPv6-Adresse</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.37762 > 2001:4dd0:ff00:834::2.telnet: (src-A -> dst-A)
|
||||||
|
IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.45754 > 2a01:238:423d:8800:85b3:9e6b:3019:8909.telnet: (src-A -> dst-B)
|
||||||
|
]]></screen><itemizedlist>
|
||||||
|
<listitem><para>Wenn nun Quelle und Ziel mit Hilfe von “ip addrlabel” zusammengebunden werden:</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[# ip addrlabel add prefix 2001:6f8:12d8:2::/64 label 200
|
||||||
|
# ip addrlabel add prefix 2001:6f8:900:8cbc::/64 label 300
|
||||||
|
# ip addrlabel add prefix 2001:4dd0:ff00:834::/64 label 200
|
||||||
|
# ip addrlabel add prefix 2a01:238:423d:8800::/64 label 300
|
||||||
|
]]></screen><itemizedlist>
|
||||||
|
<listitem><para>Was in folgender “ip addrlabel”resultiert:</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[# ip addrlabel
|
||||||
|
prefix ::1/128 label 0
|
||||||
|
prefix ::/96 label 3
|
||||||
|
prefix ::ffff:0.0.0.0/96 label 4
|
||||||
|
prefix 2a01:238:423d:8800::/64 label 300 # dst-B
|
||||||
|
prefix 2001:4dd0:ff00:834::/64 label 200 # dst-A
|
||||||
|
prefix 2001:6f8:900:8cbc::/64 label 300 # src-B
|
||||||
|
prefix 2001:6f8:12d8:2::/64 label 200 # src-A
|
||||||
|
prefix 2001::/32 label 6
|
||||||
|
prefix 2001:10::/28 label 7
|
||||||
|
prefix 2002::/16 label 2
|
||||||
|
prefix fc00::/7 label 5
|
||||||
|
prefix ::/0 label 1
|
||||||
|
]]></screen><itemizedlist>
|
||||||
|
<listitem><para>Und dann nochmal eine Verbindung zum Server versucht wird</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[$ telnet st1.bieringer.de
|
||||||
|
Trying 2001:4dd0:ff00:834::2... (dst-A)
|
||||||
|
...
|
||||||
|
Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909... (dst-B)
|
||||||
|
...
|
||||||
|
]]></screen><itemizedlist>
|
||||||
|
<listitem><para>tcpdump mit filter “tcp and dst port 23” zeigt nun die Benutzung beider Quell-IPv6-Adressen wie konfiguriert</para></listitem></itemizedlist><screen>
|
||||||
|
<![CDATA[IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.37765 > 2001:4dd0:ff00:834::2.telnet: (src-A -> dst-A)
|
||||||
|
IP6 2001:6f8:900:8cbc:5054:ff:fefb:6582.39632 > 2a01:238:423d:8800:85b3:9e6b:3019:8909.telnet: (src-B -> dst-B)
|
||||||
|
]]></screen><para>Persistente Konfiguration von “ip addrtable” ist wahrscheinlich in aktuellen Linux-Distributionen nicht unterstützt, somit wäre eine Erweiterung der Netzwerk-Init-Scripts oder rc.local notwendig. Ein Skript, welches Informationen aus /etc/gai.conf in entsprechendes “ip addrtable” umwandelt, gibt es hier: <ulink url="http://into6.com.au/?p=288">/etc/gai.conf - it ain't what you think it is</ulink></para></chapter><chapter id='network-debugging' >
|
||||||
<title><!-- anchor id="network-debugging" -->Netzwerk-Fehlersuche</title>
|
<title><!-- anchor id="network-debugging" -->Netzwerk-Fehlersuche</title>
|
||||||
<sect1>
|
<sect1>
|
||||||
<title>Server Socket-Anbindung</title>
|
<title>Server Socket-Anbindung</title>
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -111,7 +111,7 @@ status open
|
||||||
|
|
||||||
\begin_layout Plain Layout
|
\begin_layout Plain Layout
|
||||||
|
|
||||||
<revision> <revnumber>0.66wip</revnumber> <date>2014-05-10</date> <authorinitials
|
<revision> <revnumber>0.66wip</revnumber> <date>2014-05-13</date> <authorinitials
|
||||||
>PB</authorinitials></revision>
|
>PB</authorinitials></revision>
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
|
@ -8636,21 +8636,14 @@ name "resolver"
|
||||||
|
|
||||||
\end_inset
|
\end_inset
|
||||||
|
|
||||||
Address Resolver
|
Address Resolver & Selection
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\begin_layout Standard
|
\begin_layout Standard
|
||||||
Name to IPv4 or IPv6 address resolving is usually done using a libc resolver
|
Additional info can be found at
|
||||||
library.
|
|
||||||
There are some issues known using the function
|
|
||||||
\emph on
|
|
||||||
getaddrinfo
|
|
||||||
\emph default
|
|
||||||
.
|
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\begin_layout Standard
|
\begin_layout Itemize
|
||||||
More info can be found at
|
|
||||||
\begin_inset CommandInset href
|
\begin_inset CommandInset href
|
||||||
LatexCommand href
|
LatexCommand href
|
||||||
name "Linux & IPv6: getaddrinfo and search domains - Research"
|
name "Linux & IPv6: getaddrinfo and search domains - Research"
|
||||||
|
@ -8658,7 +8651,10 @@ target "http://www.bieringer.de/linux/IPv6/getaddrinfo/"
|
||||||
|
|
||||||
\end_inset
|
\end_inset
|
||||||
|
|
||||||
and
|
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
\begin_inset CommandInset href
|
\begin_inset CommandInset href
|
||||||
LatexCommand href
|
LatexCommand href
|
||||||
name "RFC 3484 on Linux"
|
name "RFC 3484 on Linux"
|
||||||
|
@ -8666,14 +8662,534 @@ target "http://people.redhat.com/drepper/linux-rfc3484.html"
|
||||||
|
|
||||||
\end_inset
|
\end_inset
|
||||||
|
|
||||||
.
|
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
Karl Auer's Blog:
|
||||||
|
\begin_inset CommandInset href
|
||||||
|
LatexCommand href
|
||||||
|
name "Controlling IPv6 source address selection"
|
||||||
|
target "http://biplane.com.au/blog/?p=30"
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
,
|
||||||
|
\begin_inset CommandInset href
|
||||||
|
LatexCommand href
|
||||||
|
name "IPv6 Source Address Selection - what, why, how"
|
||||||
|
target "http://biplane.com.au/blog/?p=22"
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
Into6:
|
||||||
|
\begin_inset CommandInset href
|
||||||
|
LatexCommand href
|
||||||
|
name "/etc/gai.conf - it ain't what you think it is"
|
||||||
|
target "http://into6.com.au/?p=288"
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Section*
|
||||||
|
Address Resolver & Destination Address Selection
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\begin_layout Standard
|
\begin_layout Standard
|
||||||
\begin_inset VSpace defskip
|
Name to IPv4 or IPv6 address resolving is usually done using a libc resolver
|
||||||
|
library.
|
||||||
|
Usually the function
|
||||||
|
\emph on
|
||||||
|
getaddrinfo
|
||||||
|
\emph default
|
||||||
|
is used for that.
|
||||||
|
In case of more than one IPv6 address is returned, according to
|
||||||
|
\begin_inset CommandInset href
|
||||||
|
LatexCommand href
|
||||||
|
name "RFC 3484 / Default Address Selection for Internet Protocol version 6"
|
||||||
|
target "http://www.faqs.org/rfcs/rfc3484.html"
|
||||||
|
|
||||||
\end_inset
|
\end_inset
|
||||||
|
|
||||||
More to be filled later...
|
a sorting should be applied, which can be optionally configured.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Standard
|
||||||
|
The
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
magic
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
is controlled by a file named /etc/gai.conf (it can be that it is empty
|
||||||
|
or missing by default).
|
||||||
|
Default is usually somewhere stored in documentation, see
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
man gai.conf
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
or e.g.
|
||||||
|
/usr/share/doc/glibc-common/gai.conf.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Standard
|
||||||
|
For controlling sort order by configuration following are needed for testing:
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
A host in DNS returning more than one IPv6 address, e.g.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
$ dig +short aaaa st1.bieringer.de
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
2001:4dd0:ff00:834::2
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
2a01:238:423d:8800:85b3:9e6b:3019:8909
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
Lookup via DNS (/etc/hosts won't work)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
/etc/gai.conf with proper config, e.g.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
precedence ::1/128 50 # default
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
precedence ::/0 40 # default
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
precedence 2002::/16 30 # default
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
precedence ::/96 20 # default
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
precedence ::ffff:0:0/96 10 # default
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
precedence 2001:4dd0:ff00:834::/64 80 # dst-A
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
precedence 2a01:238:423d:8800::/64 90 # dst-B
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
For tests use e.g.
|
||||||
|
telnet client
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
$ telnet st1.bieringer.de
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909...
|
||||||
|
(dst-B)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
...
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
Trying 2001:4dd0:ff00:834::2...
|
||||||
|
(dst-A)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
...
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
If precedence is changed in configuration
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
precedence 2001:4dd0:ff00:834::/64 90 # dst-A ex 80
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
precedence 2a01:238:423d:8800::/64 80 # dst-B ex 90
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
The order is changed accordingly
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
$ telnet st1.bieringer.de
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
Trying 2001:4dd0:ff00:834::2...
|
||||||
|
(dst-A)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
...
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909...
|
||||||
|
(dst-B)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
...
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Section*
|
||||||
|
Source Address Selection
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Standard
|
||||||
|
Source address selection in Linux is done automatically by kernel and usually
|
||||||
|
only using information from routing tables and try to match the same scope
|
||||||
|
of address.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Subsection*
|
||||||
|
Source Address Selection with
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
ip addrlabel
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Standard
|
||||||
|
With extension of internal
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
ip addrlabel
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
a source address can be bound to a destination address (e.g.
|
||||||
|
selected via mechanisms above).
|
||||||
|
Binding means here:
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
same label
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
(label is a number).
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
Default of
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
ip addrlabel
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
(here on CentOS 6):
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
# ip addrlabel
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix ::1/128 label 0
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix ::/96 label 3
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix ::ffff:0.0.0.0/96 label 4
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix 2001::/32 label 6
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix 2001:10::/28 label 7
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix 2002::/16 label 2
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix fc00::/7 label 5
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix ::/0 label 1
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
System is multihomed (here on one interface), router provides 2 prefixes
|
||||||
|
via radvd:
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
# ip -6 addr show dev eth1 | grep -w inet6 |grep -w global
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
inet6 2001:6f8:12d8:2:5054:ff:fefb:6582/64 scope global dynamic
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
inet6 2001:6f8:900:8cbc:5054:ff:fefb:6582/64 scope global dynamic
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
Connect now to server (shown above)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
$ telnet st1.bieringer.de
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
Trying 2001:4dd0:ff00:834::2...
|
||||||
|
(dst-A)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
...
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909...
|
||||||
|
(dst-B)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
...
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
Related tcpdump with filter
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
tcp and dst port 23
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
shows only the use of the upper local source IPv6 address
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.37762 > 2001:4dd0:ff00:834::2.telnet:
|
||||||
|
(src-A -> dst-A)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.45754 > 2a01:238:423d:8800:85b3:9e6b:3019:8
|
||||||
|
909.telnet: (src-A -> dst-B)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
Binding now source and destination with
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
ip addrlabel
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
# ip addrlabel add prefix 2001:6f8:12d8:2::/64 label 200
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
# ip addrlabel add prefix 2001:6f8:900:8cbc::/64 label 300
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
# ip addrlabel add prefix 2001:4dd0:ff00:834::/64 label 200
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
# ip addrlabel add prefix 2a01:238:423d:8800::/64 label 300
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
Resulting
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
ip addrlabel
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
# ip addrlabel
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix ::1/128 label 0
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix ::/96 label 3
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix ::ffff:0.0.0.0/96 label 4
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix 2a01:238:423d:8800::/64 label 300 # dst-B
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix 2001:4dd0:ff00:834::/64 label 200 # dst-A
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix 2001:6f8:900:8cbc::/64 label 300 # src-B
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix 2001:6f8:12d8:2::/64 label 200 # src-A
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix 2001::/32 label 6
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix 2001:10::/28 label 7
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix 2002::/16 label 2
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix fc00::/7 label 5
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
prefix ::/0 label 1
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
Connect now to server again
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
$ telnet st1.bieringer.de
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
Trying 2001:4dd0:ff00:834::2...
|
||||||
|
(dst-A)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
...
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
Trying 2a01:238:423d:8800:85b3:9e6b:3019:8909...
|
||||||
|
(dst-B)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
...
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Itemize
|
||||||
|
Related tcpdump with filter
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
tcp and dst port 23
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
shows now the use of both local source IPv6 addresses according to the
|
||||||
|
configured pairs A and B
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
IP6 2001:6f8:12d8:2:5054:ff:fefb:6582.37765 > 2001:4dd0:ff00:834::2.telnet:
|
||||||
|
(src-A -> dst-A)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Code
|
||||||
|
IP6 2001:6f8:900:8cbc:5054:ff:fefb:6582.39632 > 2a01:238:423d:8800:85b3:9e6b:3019
|
||||||
|
:8909.telnet: (src-B -> dst-B)
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Standard
|
||||||
|
Setup of persistent
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
ip addrtable
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
is probably currently not supported by Linux distributions, so extension
|
||||||
|
of network init scripts or rc.local must be used for that.
|
||||||
|
A script which uses information from /etc/gai.conf and configure
|
||||||
|
\begin_inset Quotes sld
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
ip addrtable
|
||||||
|
\begin_inset Quotes srd
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
accordingly can be found here:
|
||||||
|
\begin_inset CommandInset href
|
||||||
|
LatexCommand href
|
||||||
|
name "/etc/gai.conf - it ain't what you think it is"
|
||||||
|
target "http://into6.com.au/?p=288"
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\begin_layout Chapter
|
\begin_layout Chapter
|
||||||
|
@ -29356,7 +29872,8 @@ Releases 0.x
|
||||||
\begin_layout Description
|
\begin_layout Description
|
||||||
0.66 2010-04-20/PB: extend QoS section with examples, 20130513/PB: add IPv6
|
0.66 2010-04-20/PB: extend QoS section with examples, 20130513/PB: add IPv6
|
||||||
NAT hints, 20130521/PB: review dhcpd, 20131019/bie: general review, 20140502/bi
|
NAT hints, 20130521/PB: review dhcpd, 20131019/bie: general review, 20140502/bi
|
||||||
e: add hints for nftables
|
e: add hints for nftables, 20140513/bie: extend section regarding address
|
||||||
|
resolution and add source/destination address selection information
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\begin_layout Description
|
\begin_layout Description
|
||||||
|
|
Binary file not shown.
File diff suppressed because one or more lines are too long
|
@ -5,7 +5,7 @@
|
||||||
list="Linux+IPv6-HOWTO.sgml Linux+IPv6-HOWTO.de.sgml"
|
list="Linux+IPv6-HOWTO.sgml Linux+IPv6-HOWTO.de.sgml"
|
||||||
|
|
||||||
for lyx in $list; do
|
for lyx in $list; do
|
||||||
./generate.sh $lyx $*
|
./generate.sh $lyx $* || exit 1
|
||||||
done
|
done
|
||||||
|
|
||||||
echo -en "\a"
|
echo -en "\a"
|
||||||
|
|
Loading…
Reference in New Issue