NAT产生的原因是公网地址不足,而在这个转换过程中也隐藏了内部的私网地址;IPv6有私网吗?当然有,如站点本地地址FEC0。但对于IPv6,不存在地址不足的问题,故不需要NAT。
一般我们向运营商申请的时候会得到一个公网IPv6地址、网关与前缀(部分也可以动态获取地址与前缀),而这个前缀就用来为终端分配地址。
对于上面的组网,配置如下
Server端配置:
#
sysname DHCPv6-server
#
dhcp enable
#
ipv6 dhcp prefix-pool 1 prefix 2001:410::/32 assign-len 48
#
dhcp server ip-pool 1
gateway-list 1.1.1.1
network 1.1.1.0 mask 255.255.255.0
forbidden-ip 1.1.1.1
#
ipv6 dhcp pool 1
network 1::/64
dns-server 2:2::3
domain-name h3c.com
prefix-pool 1 preferred-lifetime 86400 valid-lifetime 259200
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ipv6 address 2::2/64
#
interface GigabitEthernet0/0
ip address 1.1.1.1 255.255.255.0
ipv6 dhcp select server
ipv6 dhcp server allow-hint preference 255 rapid-commit
ipv6 address 1::1/64
ipv6 nd autoconfig managed-address-flag
ipv6 nd autoconfig other-flag
undo ipv6 nd ra halt
#
ipv6 route-static 2001:410:: 48 1::2
#
Client端配置:
1、
#
sysname DHCPv6-clinet
#
dhcp enable
#
dhcp server ip-pool 1
gateway-list 192.168.0.1
network 192.168.0.0 mask 255.255.255.0
forbidden-ip 192.168.0.1
#
interface GigabitEthernet0/0
ip address dhcp-alloc
nat outbound 2000
ipv6 address dhcp-alloc
ipv6 dhcp client pd 1
#
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
ipv6 address 1 ::1/64
undo ipv6 nd ra halt
#
ip route-static 0.0.0.0 0 1.1.1.1
#
acl basic 2000
rule 0 permit source 192.168.0.0 0.0.0.255
#
[DHCPv6-clinet-GigabitEthernet0/0]dis ipv6 int bri
*down: administratively down
(s): spoofing
Interface Physical Protocol IPv6 Address
GigabitEthernet0/0 up up 1::2
GigabitEthernet0/1 up up 2001:410::1
2、
#
sysname DHCPv6-clinet
#
dhcp enable
#
dhcp server ip-pool 1
gateway-list 192.168.0.1
network 192.168.0.0 mask 255.255.255.0
forbidden-ip 192.168.0.1
#
interface GigabitEthernet0/0
ip address dhcp-alloc
nat outbound 2000
ipv6 address 1::2/64
#
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
ipv6 address 1 ::1/64
undo ipv6 nd ra halt
#
ipv6 prefix 1 2001:410::/48
#
ip route-static 0.0.0.0 0 1.1.1.1
ipv6 route-static :: 0 1::1
#
acl basic 2000
rule 0 permit source 192.168.0.0 0.0.0.255
#
[DHCPv6-clinet-GigabitEthernet0/0]dis ipv6 int bri
*down: administratively down
(s): spoofing
Interface Physical Protocol IPv6 Address
GigabitEthernet0/0 up up 1::2
GigabitEthernet0/1 up up 2001:410::1
PC
#
interface GigabitEthernet0/0
ip address dhcp-alloc
ipv6 address auto
#
PC测试:
[PC]ping 2.2.2.2
Ping 2.2.2.2 (2.2.2.2): 56 data bytes, press CTRL_C to break
56 bytes from 2.2.2.2: icmp_seq=0 ttl=254 time=1.000 ms
56 bytes from 2.2.2.2: icmp_seq=1 ttl=254 time=2.000 ms
56 bytes from 2.2.2.2: icmp_seq=2 ttl=254 time=2.000 ms
56 bytes from 2.2.2.2: icmp_seq=3 ttl=254 time=1.000 ms
56 bytes from 2.2.2.2: icmp_seq=4 ttl=254 time=1.000 ms
--- Ping statistics for 2.2.2.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms
[PC]%Jan 7 13:06:00:052 2020 PC PING/6/PING_STATISTICS: Ping statistics for 2.2.2.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms.
[PC]ping ipv6 2::2
Ping6(56 data bytes) 2001:410::2477:CDFF:FEC9:305 --> 2::2, press CTRL_C to break
56 bytes from 2::2, icmp_seq=0 hlim=63 time=2.000 ms
56 bytes from 2::2, icmp_seq=1 hlim=63 time=1.000 ms
56 bytes from 2::2, icmp_seq=2 hlim=63 time=2.000 ms
56 bytes from 2::2, icmp_seq=3 hlim=63 time=1.000 ms
56 bytes from 2::2, icmp_seq=4 hlim=63 time=1.000 ms
--- Ping6 statistics for 2::2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms
[PC]%Jan 7 13:06:02:330 2020 PC PING/6/PING_STATISTICS: Ping6 statistics for 2::2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms.
真机测试:
Ping IPv4:
Ping IPv6:
总结:我们向运营商申请的时候会得到一个公网IPv6地址与前缀,用这个前缀为终端分配地址,从而实现IPv6网络的互通,但这个过程不存在类似于NAT的情况。
在一些情况下,运营商提供的网关不一定能否ping通(过滤了相关报文),可以测试以下地址:
V5平台:
设备作为DHCPv6客户端时,只支持DHCPv6无状态配置,即只能通过DHCPv6获取除地址/前缀外的其他网络配置参数,不能获取IPv6地址和前缀。
DHCPv6客户端通过地址无状态自动配置功能成功获取IPv6地址后,如果接收到的RA报文中M标志位为0、O标志位为1,则设备会自动启动DHCPv6无状态配置功能,以获取除地址/前缀外的其他网络配置参数。
(0)
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
ipv6 address 1 ::1/64 // 这对命令配置上去 最后接口的ipv6地址是1::1/64
undo ipv6 nd ra halt
注释:这对命令配置上去 最后接口的ipv6地址是1::1/64 ;这我注意到了1 ::1之间的空格;但是我的模拟器版本 ipv6 address的配置后没 数字+空格+::1/64 这样的语法
(0)
wan口先获取前缀1, ipv6 dhcp client pd 1
后面随便设置个地址就行
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作