一:网络环境
image.png
二:OLT上的配置
VLAN配置:
port vlan 3001 0/20 1
port vlan 3002 0/20 1
port vlan 3003 0/20 1
port vlan 3004 0/20 1
DBA模板:
dba-profile add profile-id 102 profile-name "gpon4" type4 max 1000000
业务模板:
ont-srvprofile gpon profile-id 102 profile-name "gpon4-internet"
ont-port pots adaptive eth adaptive
commit
线路模板:
ont-lineprofile gpon profile-id 3001 profile-name "line-profile_3001"
tcont 1 dba-profile-id 102
gem add 0 eth tcont 1
gem mapping 0 0 vlan 3001
gem mapping 0 1 vlan 3002
gem mapping 0 2 vlan 3003
gem mapping 0 3 vlan 3004
commit
添加ONU:
interface gpon 0/8
ont add 0 50 loid-auth "ipv6test" always-on omci ont-lineprofile-id 3001 ont-srvprofile-id 102 desc "ONT_NO_DESCRIPTION"
创建service-port:
service-port 17 vlan 3001 gpon 0/8/0 ont 50 gemport 0 multi-service user-vlan 3001 tag-transform transparent
service-port 23 vlan 3002 gpon 0/8/0 ont 50 gemport 0 multi-service user-vlan 3002 tag-transform transparent
service-port 24 vlan 3003 gpon 0/8/0 ont 50 gemport 0 multi-service user-vlan 3003 tag-transform transparent
service-port 25 vlan 3004 gpon 0/8/0 ont 50 gemport 0 multi-service user-vlan 3004 tag-transform transparent
三:IPv6服务器搭建
3.1 必备的服务
更新阿里云镜像
root@cxy-ipv6-01:/home/cxy#vim /etc/apt/sources.list
deb http://mirrors.aliyun.com/ubuntu/ xenial main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial main
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main
deb http://mirrors.aliyun.com/ubuntu/ xenial universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates universe
deb http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main
deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe
deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security universe
刷新源
root@cxy-ipv6-01:/home/cxy#sudo apt-get update
root@cxy-ipv6-01:/home/cxy#apt-get upgrade
安装需要软件
root@cxy-ipv6-01:/home/cxy#apt-get install isc-dhcp-server bind9 nginx radvd
3.2 接口配置
3.2.1 接口VLAN配置
vconfig add ens33 3001 #DHCPv6 stateful
vconfig add ens33 3002 #DHCPv6 stateless
vconfig add ens33 3003 #PPPoE DHCPv6 stateful
vconfig add ens33 3004 #PPPoE DHCPv6 stateless
3.2.2 接口IP配置
##Server01
root@cxy-ipv6-01:/home/cxy# cat /etc/network/interfaces
# The primary network interface
auto ens33
iface ens33 inet static
address 172.18.18.88
netmask 255.255.255.0
network 172.18.18.0
broadcast 172.18.18.255
gateway 172.18.18.1
dns-nameservers 172.18.18.1
iface ens33 inet6 static
modeprobe ipv6
address 2001:df8:0:1::1/64
prefix 64
auto ens33.3001
iface ens33.3001 inet static
address 172.31.0.1
netmask 255.255.255.0
iface ens33.3001 inet6 static
modeprobe ipv6
address 2001:3001::1/64
prefix 64
auto ens33.3002
iface ens33.3002 inet static
address 172.32.0.1
netmask 255.255.255.0
iface ens33.3002 inet6 static
modeprobe ipv6
address 2001:3002::1/64
prefix 64
auto ens33.3003
iface ens33.3003 inet static
address 172.33.0.1
netmask 255.255.255.0
iface ens33.3003 inet6 static
modeprobe ipv6
address 2001:3003::1/64
prefix 64
auto ens33.3004
iface ens33.3004 inet static
address 172.34.0.1
netmask 255.255.255.0
iface ens33.3004 inet6 static
modeprobe ipv6
address 2001:3004::1/64
prefix 64
##Server02
root@cxy-ipv6-02:/# cat /etc/network/interfaces
auto ens33
iface ens33 inet static
address 172.18.18.89
netmask 255.255.255.0
network 172.18.18.0
broadcast 10.0.0.255
gateway 172.18.18.1
dns-nameserver 8.8.8.8
iface ens33 inet6 static
modeprobe ipv6
address 2001:df8:0:1::2/64
prefix 64
auto ens33.3001
iface ens33.3001 inet static
address 172.31.0.2
netmask 255.255.255.0
iface ens33.3001 inet6 static
modeprobe ipv6
address 2001:3001::2/64
prefix 64
auto ens33.3002
iface ens33.3002 inet static
address 172.32.0.2
netmask 255.255.255.0
iface ens33.3002 inet6 static
modeprobe ipv6
address 2001:3002::2/64
prefix 64
auto ens33.3003
iface ens33.3003 inet static
address 172.33.0.2
netmask 255.255.255.0
iface ens33.3003 inet6 static
modeprobe ipv6
address 2001:3003::2/64
prefix 64
auto ens33.3004
iface ens33.3004 inet static
address 172.34.0.2
netmask 255.255.255.0
iface ens33.3004 inet6 static
modeprobe ipv6
address 2001:3004::2/64
prefix 64
3.3 DHCP Server 配置
3.3.1 修改isc-dhcp-server配置文件
##Server01
root@cxy-ipv6-01:/home/cxy# cat /etc/default/isc-dhcp-server
INTERFACES="ens33.3001"
##Server02
root@cxy-ipv6-02:/# vim /etc/default/isc-dhcp-server
INTERFACES="ens33.3002"
3.3.2 配置DHCP IPv4地址池
## Server01
root@cxy-ipv6-01:/home/cxy# cat /etc/dhcp/dhcpd.conf
subnet 172.31.0.0 netmask 255.255.255.0 {
range 172.31.0.10 172.31.0.210;
option domain-name-servers 172.31.0.1,8.8.8.8;
option domain-name "comlab21.com";
option subnet-mask 255.255.255.0;
option routers 172.31.0.1;
option broadcast-address 172.31.0.255;
default-lease-time 3600;
max-lease-time 7200;
}
## Server02
root@cxy-ipv6-02:/# cat /etc/dhcp/dhcpd.conf
subnet 172.32.0.0 netmask 255.255.255.0 {
range 172.32.0.10 172.32.0.210;
option domain-name-servers 172.32.0.2,8.8.8.8;
option domain-name "comlab21.com";
option subnet-mask 255.255.255.0;
option routers 172.32.0.2;
option broadcast-address 172.32.0.255;
default-lease-time 3600;
max-lease-time 7200;
}
3.3.3 配置DHCP IPv6地址池
## Server01
root@cxy-ipv6-01:/home/cxy# cat /etc/dhcp/dhcpd6.conf
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet6 2001:3001:0:0::/64 {
# Range for clients
range6 2001:3001:0:0::10 2001:3001:0:0::254;
# Range for clients requesting a temporary address
range6 2001:3001:0:0::/64 temporary;
# Additional options
option dhcp6.name-servers 2001:3001::1;
option dhcp6.domain-search "domain.example";
# Prefix range for delegation to sub-routers
prefix6 2001:3001:abcd:100:: 2001:3001:abcd:f00:: /64;
# Example for a fixed host address
host specialclient {
host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
fixed-address6 2001:3001:0:0::127;
}
}
## Server02
root@cxy-ipv6-02:/etc/dhcp# vim dhcpd6.conf
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet6 2001:3002:0:0::/64 {
# Range for clients
range6 2001:3002:0:0::10 2001:3002:0:0::254;
# Range for clients requesting a temporary address
range6 2001:3002:0:0::/64 temporary;
# Additional options
option dhcp6.name-servers 2001:3002::2;
option dhcp6.domain-search "domain.example";
# Prefix range for delegation to sub-routers
prefix6 2001:3002:abcd:100:: 2001:3002:abcd:f00:: /64;
# Example for a fixed host address
host specialclient {
host-identifier option dhcp6.client-id 00:01:00:01:4a:1f:ba:e3:60:b9:1f:01:23:45;
fixed-address6 2001:3002:0:0::127;
}
}
3.3.4 配置RADVD
## Server01
root@cxy-ipv6-01# cat /etc/radvd.conf
interface ens33.3001 {
AdvSendAdvert on;
MinRtrAdvInterval 10;
MaxRtrAdvInterval 20;
AdvSourceLLAddress on;
AdvManagedFlag on;
AdvOtherConfigFlag on;
AdvDefaultLifetime 1800;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvSourceLLAddress off;
prefix 2001:3001:1111::/64 {
AdvOnLink on;
AdvAutonomous off;
AdvRouterAddr off;
AdvValidLifetime 600;
AdvPreferredLifetime 600;
};
};
##Server02
root@cxy-ipv6-02:/# vim /etc/radvd.conf
interface ens33.3002 {
AdvSendAdvert on;
MinRtrAdvInterval 10;
MaxRtrAdvInterval 20;
AdvSourceLLAddress on;
AdvManagedFlag off;
AdvOtherConfigFlag on;
AdvDefaultLifetime 6000;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvSourceLLAddress off;
prefix 2001:3002:2222::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
AdvValidLifetime 600;
AdvPreferredLifetime 600;
};
};
3.3.5 启动dhcp以及其他服务
##这个命令只是启动了dhcpv4的服务器
root@cxy-ipv6-02:/# systemctl restart isc-dhcp-server
##开启dhcpv6服务
### server01
root@cxy-ipv6-01# dhcpd -6 -cf /etc/dhcp/dhcpd6.conf ens33.3001
### server02
root@cxy-ipv6-01# dhcpd -6 -cf /etc/dhcp/dhcpd6.conf ens33.3002
##查看dhcp服务进程
root@cxy-ipv6-02:/# ps -ef | grep dhcpd
##开启radvd
root@cxy-ipv6-02:/#vim /etc/sysctl.conf
net.ipv6.conf.all.forwarding=1
root@cxy-ipv6-02:/# /etc/init.d/radvd start
3.4 PPPoe Server配置
3.4.1 安装PPPoe Server
安装accel-ppp
可以参考accel-ppp的官方文档
https://accel-ppp.readthedocs.io/en/latest/installation/ubuntu.html
3.4.2 配置PPPoe Server
3.4.2.1 PPPoe配置文件
## 有状态PPPoe dhcpv6
root@cxy-ipv6-02:/etc/ppp# cat /etc/accel-ppp-ipv6stateful.conf
[modules]
log_file
#log_syslog
#log_tcp
#log_pgsql
pptp
l2tp
pppoe
auth_mschap_v2
auth_mschap_v1
auth_chap_md5
auth_pap
#radius
ippool
sigchld
pppd_compat
#shaper
#shaper_tbf (obsolete)
chap-secrets
#net-snmp
#logwtmp
#connlimit
ipv6_nd
ipv6_dhcp
ipv6pool
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4
[ppp]
verbose=1
min-mtu=1280
mtu=1400
mru=1400
#ccp=0
#sid-case=upper
#check-ip=0
#single-session=replace
#mppe=require
ipv4=require
ipv6=require
ipv6-intf-id=random
ipv6-peer-intf-id=radom
ipv6-accept-peer-intf-id=1
lcp-echo-interval=20
lcp-echo-failure=3
lcp-echo-timeout=120
#unit-cache=1000
[auth]
#any-login=0
#noauth=0
[pptp]
#echo-interval=30
#mppe=allow
#ip-pool=pool1
verbose=1
[pppoe]
interface=ens33.3003
#interface=eth1,padi-limit=1000
#ac-name=xxx
#service-name=yyy
#pado-delay=0
#pado-delay=0,100:100,200:200,-1:500
#ifname-in-sid=called-sid
#tr101=1
#padi-limit=0
#mppe=allow
#ip-pool=pool2
verbose=1
[l2tp]
#dictionary=/usr/local/share/accel-ppp/l2tp/dictionary
#hello-interval=60
#timeout=60
#rtimeout=5
#retransmit=5
#host-name=accel-ppp
#dir300_quirk=0
#secret=
#mppe=allow
#ip-pool=pool3
verbose=1
[dns]
dns1=172.33.0.2
dns2=8.8.8.8
[wins]
#wins1=172.16.0.1
#wins2=172.16.1.1
[radius]
#dictionary=/usr/local/share/accel-ppp/radius/dictionary
nas-identifier=accel-ppp
nas-ip-address=127.0.0.1
gw-ip-address=192.168.100.1
#auth-server=127.0.0.1:1812,testing123 (obsolete)
#acct-server=127.0.0.1:1813,testing123 (obsolete)
#server=127.0.0.1,testing123 (obsolete)
server=127.0.0.1,testing123,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
dae-server=127.0.0.1:3799,testing123
verbose=1
#timeout=3
#max-try=3
#acct-timeout=120
#acct-delay-time=0
[client-ip-range]
#10.0.0.0/8
#disable
[ip-pool]
gw-ip-address=10.13.0.1
#vendor=Cisco
#attr=Cisco-AVPair
attr=Framed-Pool
10.13.0.2-250
10.13.1.1-255,pool1
10.13.2.1-255,pool2
10.13.3.1-255,pool3
#172.68.4.0/24
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
#log-debug=/dev/stdout
#syslog=accel-pppd,daemon
#log-tcp=127.0.0.1:3000
copy=1
#color=1
#per-user-dir=per_user
#per-session-dir=per_session
#per-session=1
level=3
[log-pgsql]
conninfo=user=log
log-table=log
[pppd-compat]
#ip-pre-up=/etc/ppp/ip-pre-up
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
ip-change=/etc/ppp/ip-change
radattr-prefix=/var/run/radattr
verbose=1
[chap-secrets]
#gw-ip-address=192.168.100.1
chap-secrets=/etc/ppp/chap-secrets
#encrypted=0
#username-hash=md5
[shaper]
#attr=Filter-Id
#down-burst-factor=0.1
#up-burst-factor=1.0
#latency=50
#mpu=0
#mtu=0
#r2q=10
#quantum=1500
#cburst=1534
#ifb=ifb0
up-limiter=police
down-limiter=tbf
#leaf-qdisc=sfq perturb 10
verbose=1
#tbf is obsolete, use shaper module
#[tbf]
#attr=Filter-Id
#down-burst-factor=0.1
#up-burst-factor=1.0
#latency=50
[cli]
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
#password=123
[snmp]
master=0
agent-name=accel-ppp
[connlimit]
limit=10/min
burst=3
timeout=60
[ipv6-pool]
2001:3003:aa08::/48,64
delegate=2001:3003:aa08:8888::/36,48
[ipv6-dns]
2001:3003::2
#2001:603::2
#fc00:1::2
#fc00:1::3
#dnssl=suffix1.local.net
#dnssl=suffix2.local.net.
[ipv6-dhcp]
verbose=1
pref-lifetime=604800
valid-lifetime=2592000
#pref-lifetime=600
#valid-lifetime=1500
route-via-gw=1
[ipv6-nd]
AdvManagedFlag=1
AdvOtherConfigFlag=1
#AdvPrefixAutonomousFlag=1
#AdvLinkMTU=1
#AdvAutonomousFlag=1
## 无状态PPPoe dhcpv6
[modules]
log_file
#log_syslog
#log_tcp
#log_pgsql
pptp
l2tp
pppoe
auth_mschap_v2
auth_mschap_v1
auth_chap_md5
auth_pap
#radius
ippool
sigchld
pppd_compat
#shaper
#shaper_tbf (obsolete)
chap-secrets
#net-snmp
#logwtmp
#connlimit
ipv6_nd
ipv6_dhcp
ipv6pool
[core]
log-error=/var/log/accel-ppp/core.log
thread-count=4
[ppp]
verbose=1
min-mtu=1280
mtu=1400
mru=1400
#ccp=0
#sid-case=upper
#check-ip=0
#single-session=replace
#mppe=require
ipv4=require
ipv6=require
ipv6-intf-id=random
ipv6-peer-intf-id=radom
ipv6-accept-peer-intf-id=1
lcp-echo-interval=20
lcp-echo-failure=3
lcp-echo-timeout=120
#unit-cache=1000
[auth]
#any-login=0
#noauth=0
[pptp]
#echo-interval=30
#mppe=allow
#ip-pool=pool1
verbose=1
[pppoe]
interface=ens33.3004
#interface=eth1,padi-limit=1000
#ac-name=xxx
#service-name=yyy
#pado-delay=0
#pado-delay=0,100:100,200:200,-1:500
#ifname-in-sid=called-sid
#tr101=1
#padi-limit=0
#mppe=allow
#ip-pool=pool2
verbose=1
[l2tp]
#dictionary=/usr/local/share/accel-ppp/l2tp/dictionary
#hello-interval=60
#timeout=60
#rtimeout=5
#retransmit=5
#host-name=accel-ppp
#dir300_quirk=0
#secret=
#mppe=allow
#ip-pool=pool3
verbose=1
[dns]
dns1=172.34.0.2
dns2=8.8.8.8
[wins]
#wins1=172.16.0.1
#wins2=172.16.1.1
[radius]
#dictionary=/usr/local/share/accel-ppp/radius/dictionary
nas-identifier=accel-ppp
nas-ip-address=127.0.0.1
gw-ip-address=192.168.100.1
#auth-server=127.0.0.1:1812,testing123 (obsolete)
#acct-server=127.0.0.1:1813,testing123 (obsolete)
#server=127.0.0.1,testing123 (obsolete)
server=127.0.0.1,testing123,auth-port=1812,acct-port=1813,req-limit=0,fail-time=0
dae-server=127.0.0.1:3799,testing123
verbose=1
#timeout=3
#max-try=3
#acct-timeout=120
#acct-delay-time=0
[client-ip-range]
#10.0.0.0/8
#disable
[ip-pool]
gw-ip-address=10.34.0.1
#vendor=Cisco
#attr=Cisco-AVPair
attr=Framed-Pool
10.34.0.2-250
10.34.1.1-255,pool1
10.34.2.1-255,pool2
10.34.3.1-255,pool3
#172.68.4.0/24
[log]
log-file=/var/log/accel-ppp/accel-ppp.log
log-emerg=/var/log/accel-ppp/emerg.log
log-fail-file=/var/log/accel-ppp/auth-fail.log
#log-debug=/dev/stdout
#syslog=accel-pppd,daemon
#log-tcp=127.0.0.1:3000
copy=1
#color=1
#per-user-dir=per_user
#per-session-dir=per_session
#per-session=1
level=3
[log-pgsql]
conninfo=user=log
log-table=log
[pppd-compat]
#ip-pre-up=/etc/ppp/ip-pre-up
ip-up=/etc/ppp/ip-up
ip-down=/etc/ppp/ip-down
ip-change=/etc/ppp/ip-change
radattr-prefix=/var/run/radattr
verbose=1
[chap-secrets]
#gw-ip-address=192.168.100.1
chap-secrets=/etc/ppp/chap-secrets
#encrypted=0
#username-hash=md5
[shaper]
#attr=Filter-Id
#down-burst-factor=0.1
#up-burst-factor=1.0
#latency=50
#mpu=0
#mtu=0
#r2q=10
#quantum=1500
#cburst=1534
#ifb=ifb0
up-limiter=police
down-limiter=tbf
#leaf-qdisc=sfq perturb 10
verbose=1
#tbf is obsolete, use shaper module
#[tbf]
#attr=Filter-Id
#down-burst-factor=0.1
#up-burst-factor=1.0
#latency=50
[cli]
telnet=127.0.0.1:2000
tcp=127.0.0.1:2001
#password=123
[snmp]
master=0
agent-name=accel-ppp
[connlimit]
limit=10/min
burst=3
timeout=60
[ipv6-pool]
2001:3004:aa09::/48,64
delegate=2001:3004:aa09:8b45::/36,48
[ipv6-dns]
2001:3004::2
#fc00:1::2
#fc00:1::3
#dnssl=suffix1.local.net
#dnssl=suffix2.local.net.
[ipv6-dhcp]
verbose=1
pref-lifetime=604800
valid-lifetime=2592000
#pref-lifetime=600
#valid-lifetime=1500
route-via-gw=1
[ipv6-nd]
AdvManagedFlag=0
AdvOtherConfigFlag=1
#AdvPrefixAutonomousFlag=1
#AdvLinkMTU=1
AdvAutonomousFlag=1
3.4.2.2 拨号账户设置
root@cxy-ipv6-02:/etc/ppp# cat /etc/ppp/chap-secrets
#client server secret ip-address speed
test3003 * test3003 * *
test3004 * test3004 * *
3.4.2.3 启动服务
root@cxy-ipv6-02: /# accel-pppd -d -c /etc/accel-ppp-ipv6stateless.conf
root@cxy-ipv6-02:/# accel-pppd -d -c /etc/accel-ppp-ipv6stateful.conf
四:搭建DNS服务器
4.1 安装bind9
root@cxy-ipv6-01:/# apt-get install bind9
4.2 添加域名与ip的映射文件
Server01和Server02上都要创建
root@cxy-ipv6-01:/etc/bind# cat named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "cxytestv6.com" {
type master;
file "/etc/bind/zones/cxytestv6.com";
};
zone "cxytestv4.com" {
type master;
file "/etc/bind/zones/cxytestv4.com";
};
root@cxy-ipv6-01:/etc/bind#
4.3 创建解析文件
Server01
root@cxy-ipv6-01:/etc/bind/zones# cat cxytestv4.com
@ IN SOA testing.cxytestv4.com. admin.cxytestv4.com. ( 2
604800
86400
2419200
604800 )
@ IN NS localhost.
www IN A 172.18.18.88 ##本机ens33的ipv4地址
www IN AAAA 2001:1001::1
mta IN A 188.18.18.1
ns1 IN A 188.18.18.1
root@cxy-ipv6-01:/etc/bind/zones# cat cxytestv6.com
@ IN SOA testing.cxytestv6.com. admin.cxytestv6.com. ( 2
604800
86400
2419200
604800 )
@ IN NS localhost.
www IN A 188.18.18.88
www IN AAAA 2001:df8:0:1::1 ##本机ens33的ipv6地址
mta IN A 188.18.18.1
ns1 IN A 188.18.18.1
Server02
root@cxy-ipv6-02:/etc/bind/zones# cat cxytestv4.com
@ IN SOA testing.cxytestv4.com. admin.cxytestv4.com. ( 2
604800
86400
2419200
604800 )
@ IN NS localhost.
www IN A 172.18.18.89 ##本机ens33的ipv4地址
www IN AAAA 2001:1001::1
mta IN A 188.18.18.1
ns1 IN A 188.18.18.1
root@cxy-ipv6-02:/etc/bind/zones# cat cxytestv6.com
@ IN SOA testing.cxytestv6.com. admin.cxytestv6.com. ( 2
604800
86400
2419200
604800 )
@ IN NS localhost.
www IN A 188.18.18.88
www IN AAAA 2001:df8:0:1::2 ##本机ens33的ipv6地址
mta IN A 188.18.18.1
ns1 IN A 188.18.18.1
4.4 启动服务
root@cxy-ipv6-01:/etc/bind/zones# systemctl start bind*
root@cxy-ipv6-01:/etc/bind/zones# systemctl enable bind*
至此所有服务安装完成,可以对接测试了
网友评论