0
In my centos virtual machine, I created a 6to4 tunnel sit6to4 and a bridge cbr0, and I want all traffic on the bridge to be sent to the dual stack router through the 6to4 tunnel.
config for sit6to4:
DEVICE=sit6to4
TYPE=sit
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPV6INIT=yes
IPV6_MTU=8800
IPV6TUNNELIPV4=any
IPV6TUNNELIPV4LOCAL=172.18.176.95
IPV6ADDR=2002:ac12:b05f::1/48
config for cbr0:
TYPE=Bridge
ONBOOT=yes
DEVICE=cbr0
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=172.18.176.95
GATEWAY=172.18.176.1
NETMASK=255.255.255.0
MTU=8800
IPV6INIT=yes
IPV6_DEFAULTDEV="sit6to4"
IPV6ADDR=2002:ac12:b05f:1::21/48
IPV6ADDR_SECONDARIES="2002:ac12:b05f:1::2100/48"
IPV6_ROUTER=yes
IPV6_AUTOCONF=no
IPV6FORWARDING=yes
bind The physical adapter eht0 to cbr0:
TYPE=Ethernet
DEVICE=eth0
NAME=eth0
ONBOOT=yes
BRIDGE=cbr0
NM_CONTROLLED=no
MTU=8800
IPV6INIT=yes
then I created namespace:
# ip netns show
testns (id: 0)
create veth pair k8sveth0 k8sveth1,and add k8sveth0 to cbr0, add k8sveth1 to namespace testns.
ipv6 routes:
# ip -6 r
::/96 dev sit6to4 proto kernel metric 256 mtu 8800
2002:ac12:b05f::/48 dev sit6to4 proto kernel metric 256
2002:ac12:b05f::/48 dev cbr0 proto kernel metric 256 mtu 1500
2002:ac10::/28 dev sit6to4 metric 8
2002:c0a8::/32 dev sit6to4 metric 8
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev cbr0 proto kernel metric 256 mtu 1500
fe80::/64 dev k8sveth0 proto kernel metric 256
default dev sit6to4 metric 1
Below is command ip a output:
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 8800 qdisc pfifo_fast master cbr0 state UP qlen 1000
link/ether 52:82:00:4d:f5:42 brd ff:ff:ff:ff:ff:ff
inet6 fe80::5082:ff:fe4d:f542/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 52:82:00:5c:5d:31 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 52:82:00:58:6d:97 brd ff:ff:ff:ff:ff:ff
7: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
21: cbr0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 22:22:22:77:e7:c5 brd ff:ff:ff:ff:ff:ff
inet 172.18.176.95/24 brd 172.18.176.255 scope global cbr0
valid_lft forever preferred_lft forever
inet6 2002:ac12:b05f:1::2100/48 scope global
valid_lft forever preferred_lft forever
inet6 2002:ac12:b05f:1::21/48 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5082:ff:fe4d:f542/64 scope link
valid_lft forever preferred_lft forever
22: sit6to4@NONE: <NOARP,UP,LOWER_UP> mtu 8800 qdisc noqueue state UNKNOWN
link/sit 172.18.176.95 brd 0.0.0.0
inet6 2002:ac12:b05f::1/48 scope global
valid_lft forever preferred_lft forever
inet6 ::172.18.176.95/96 scope global
valid_lft forever preferred_lft forever
24: k8sveth0@if23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master cbr0 state UP qlen 1000
link/ether a2:93:80:1c:2f:d6 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::a093:80ff:fe1c:2fd6/64 scope link
valid_lft forever preferred_lft forever
below is namespace testns ip config:
# ip netns exec testns ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
23: k8sveth1@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether a2:f3:40:c1:21:4e brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 2002:ac12:b05f:1::2102/48 scope global
valid_lft forever preferred_lft forever
inet6 fe80::a0f3:40ff:fec1:214e/64 scope link
valid_lft forever preferred_lft forever
Now, I executed ping6 on the host:
# ping6 2002:ac1c:b401:1::11
PING 2002:ac1c:b401:1::11(2002:ac1c:b401:1::11) 56 data bytes
64 bytes from 2002:ac1c:b401:1::11: icmp_seq=1 ttl=63 time=1.14 ms
64 bytes from 2002:ac1c:b401:1::11: icmp_seq=2 ttl=63 time=1.05 ms
It's ok.But when I executed ping6 in the testns namespace, I got this:
# ip netns exec testns ping6 2002:ac1c:b401:1::11
PING 2002:ac1c:b401:1::11(2002:ac1c:b401:1::11) 56 data bytes
^C
--- 2002:ac1c:b401:1::11 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 5999ms
I try use tcpdump listen on the sit6to4 interface, No output.And then I use tcpdump listen on the cbr0 interface:
# tcpdump -i cbr0 -n icmp6 -eee
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on cbr0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:50:23.681084 a2:f3:40:c1:21:4e > 33:33:ff:00:00:11, ethertype IPv6 (0x86dd), length 86: 2002:ac12:b05f:1::2102 > ff02::1:ff00:11: ICMP6, neighbor solicitation, who has 2002:ac1c:b401:1::11, length 32
16:50:24.682453 a2:f3:40:c1:21:4e > 33:33:ff:00:00:11, ethertype IPv6 (0x86dd), length 86: 2002:ac12:b05f:1::2102 > ff02::1:ff00:11: ICMP6, neighbor solicitation, who has 2002:ac1c:b401:1::11, length 32
16:50:25.684448 a2:f3:40:c1:21:4e > 33:33:ff:00:00:11, ethertype IPv6 (0x86dd), length 86: 2002:ac12:b05f:1::2102 > ff02::1:ff00:11: ICMP6, neighbor solicitation, who has 2002:ac1c:b401:1::11, length 32
Try to bind sit6to4 interface to the cbr0:
# ip link set dev sit6to4 master cbr0
RTNETLINK answers: Invalid argument
I have allowed all ipv6 forwarding, and set cbr0 promisc on.
Can anyone give me some help?
fishu
Posted 2019-02-18T08:16:48.007
Reputation: 3
I do not configure hurrican tunnelboker on centos, but I found this https://fedoraproject.org/wiki/IPv6_tunnel_via_Hurricane_Electric hope can help
– AtomiX84 – 2019-02-18T08:38:28.653