前回の続きです。孫ルータがひ孫ルータに/80を委譲する場合です。/80の委譲なんてできるのか?ということについていえば、/56や/60の委譲と同じく、DHCPv6を使えばできます。あまりとやかく書いても仕方ないので、早速設定に入ります。構成は前回と同じですが、今回は孫ルータのgw3の設定です。
## 0-1a. /etc/network/interfaces.d/eth0
## 0-7a. /sbin/dhclient-scriptの変更(403行目)
/etc/resolv.confを自動で変更する場合(IPv6のREBIND6時)
/etc/resolv.confを手動で設定する場合
## 2-1a./usr/local/sbin/subnet-dhcpd6.sh ( chmod +x )
## 0-1a. /etc/network/interfaces.d/eth0
auto eth0 iface eth0 inet static address 172.16.2.2 netmask 255.255.255.0 gateway 172.16.2.1 iface eth0 inet6 dhcp accept_ra 2 request_prefix 1## 0-1b. /etc/network/interfaces.d/eth1
auto eth1 iface eth1 inet static address 172.16.3.1 netmask 255.255.255.0 iface eth1 inet6 manual## 0-2. /etc/sysctl.conf
net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.eth0.accept_ra = 2## 0-3. /etc/rc.local (chmod+x)
#!/bin/bash sysctl -p ifup eth1 sleep 10 /etc/init.d/isc-dhcp-server restart ip -4 route add 172.16.4.0/24 via 172.16.3.2## 0-4. /etc/radvd.conf (apt-get install radvd) 注:DHCPv6にアドレス管理を任せる場合は、AdvManagedFlagとAdvOtherConfigFlagをonにしてください。
interface eth1 { AdvManagedFlag off; AdvOtherConfigFlag off; AdvSendAdvert on; AdvLinkMTU 1500; MaxRtrAdvInterval 180; RDNSS 2606:4700:4700::1111 2606:4700:4700::1001 { }; AdvRASrcAddress { fe80::1; }; };## 0-5. /etc/keepalived/keepalived.conf (apt-get install keepalived)
global_defs { vrrp_version 3 } vrrp_sync_group G3 { group { ipv6_vgw03 } } vrrp_instance ipv6_vgw03 { state BACKUP interface eth1 virtual_router_id 62 priority 100 advert_int 1.0 virtual_ipaddress { fe80::1/10 } garp_master_delay 1 }## 0-6. /etc/default/isc-dhcp-server (apt-get install isc-dhcp-server)
INTERFACESv4="eth1" INTERFACESv6="eth1"注釈1:Debian 10/Debian 11のネットインストイメージで最小インストールをした場合、/etc/resolv.confは自動で設定されませんので手動/自動のいずれかを選択してください。
## 0-7a. /sbin/dhclient-scriptの変更(403行目)
/etc/resolv.confを自動で変更する場合(IPv6のREBIND6時)
#変更前 if [ "${reason}" = BOUND6 ] ||
#変更後 if [ "${reason}" = BOUND6 ] || [ "${reason}" = REBIND6 ] ||## 0-7b. /etc/resolv.conf
/etc/resolv.confを手動で設定する場合
nameserver 2606:4700:4700::1111 nameserver 2606:4700:4700::1001## 1. /etc/dhcp/dhclient-exit-hooks.d/prefix-delegation ( chmod +x )
#!/bin/bash if [ -n "$new_ip6_prefix" ];then ia_pd_interface=eth1 # check current inet6 addr and run the script unless proper prefix is given. bounded=false for addr in `ip -6 a show dev $ia_pd_interface | grep inet6 | awk '{print $2}'`;do if [ "$addr" = "$new_ip6_prefix" ];then bounded=true;fi done if ! "$bounded"; then ip -6 addr add $new_ip6_prefix dev $ia_pd_interface /usr/local/sbin/subnet-dhcpd4.sh 172.16.3.0 255.255.255.0 172.16.3.200 172.16.3.254 172.16.3.1 /usr/local/sbin/subnet-dhcpd6.sh $new_ip6_prefix fi fi ## Uncomment blow for debug #echo ====================== >> /tmp/pd.log #printenv >> /tmp/pd.log追記1:プレフィックスとアドレスを固定で割り当てる設定を追加しました。gw4のDUIDは、gw3の/var/log/syslogを参照してください。
## 2-1a./usr/local/sbin/subnet-dhcpd6.sh ( chmod +x )
#!/bin/bash PFX_W_LEN=$1 #SUBNET_LEN=4 #SUBNET_LEN=8 SUBNET_LEN=16 PFX=`echo $PFX_W_LEN | awk -F'::' '{print $1}'` PFX_WO_LEN=`echo $PFX_W_LEN | awk -F'/' '{print $1}'` PFX_LEN=`echo $PFX_W_LEN | awk -F'/' '{print $2}'` PFX1=`echo $PFX | awk -F':' '{print $1}'` PFX2=`echo $PFX | awk -F':' '{print $2}'` PFX3=`echo $PFX | awk -F':' '{print $3}'` PFX4=`echo $PFX | awk -F':' '{print $4}'` if [ -z "$PFX3" ]; then PFX3=0; fi if [ -z "$PFX4" ]; then PFX4=0; fi PFX5=0 PFX3=`printf %04x 0x$PFX3` PFX4=`printf %04x 0x$PFX4` PFX5=`printf %04x 0x$PFX5` #echo DEBUG: PFX1:PFX2:PFX3:PFX4::/PFX_LEN $PFX1\:$PFX2\:$PFX3\:$PFX4\::/$PFX_LEN #echo DEBUG: PFX_LEN: $PFX_LEN if [ $SUBNET_LEN == 4 ];then PD6_F1=`printf %x $(( 0x$PFX5 + 0x1000 ))` PD6_F2=`printf %x $(( 0x$PFX5 + 0x2000 ))` PD6_S=`printf %x $(( 0x$PFX5 + 0x3000 ))` PD6_E=`printf %x $(( 0x$PFX5 + 0xf000 ))` elif [ $SUBNET_LEN == 8 ];then PD6_F1=`printf %x $(( 0x$PFX5 + 0x0100 ))` PD6_F2=`printf %x $(( 0x$PFX5 + 0x0200 ))` PD6_S=`printf %x $(( 0x$PFX5 + 0x0300 ))` PD6_E=`printf %x $(( 0x$PFX5 + 0xff00 ))` elif [ $SUBNET_LEN == 16 ];then PD6_F1=`printf %x $(( 0x$PFX5 + 0x0001 ))` PD6_F2=`printf %x $(( 0x$PFX5 + 0x0002 ))` PD6_S=`printf %x $(( 0x$PFX5 + 0x0003 ))` PD6_E=`printf %x $(( 0x$PFX5 + 0xffff ))` fi #echo DEBUG: $PD6_S $PD6_E if [ ! -d /etc/dhcp/conf.d ]; then mkdir -p /etc/dhcp/conf.d fi #echo DEBUG: PFX_WO_LEN: $PFX_WO_LEN cat > /etc/dhcp/conf.d/$PFX_WO_LEN.conf << EOF default-lease-time 600; max-lease-time 7200; log-facility local7; subnet6 $PFX_W_LEN { range6 $PFX1:$PFX2:$PFX3:$PFX4:: $PFX1:$PFX2:$PFX3:$PFX4::ffff:ffff:ffff; range6 $PFX1:$PFX2:$PFX3:$PFX4:: temporary; option dhcp6.name-servers 2606:4700:4700::1111, 2606:4700:4700::1001; prefix6 $PFX1:$PFX2:$PFX3:$PFX4:$PD6_S:: $PFX1:$PFX2:$PFX3:$PFX4:$PD6_E:: /$(( $PFX_LEN + $SUBNET_LEN )); } host gw4 { host-identifier option dhcp6.client-id 00:01:00:01:22:33:44:55:00:66:77:88:99:04; hardware ethernet 00:15:5d:03:28:0c; fixed-address6 $PFX1:$PFX2:$PFX3:$PFX4::4; fixed-prefix6 $PFX1:$PFX2:$PFX3:$PFX4:$PD6_F1::/$(( $PFX_LEN + $SUBNET_LEN )); on commit { execute("/usr/local/sbin/pdr.sh", "$PFX1:$PFX2:$PFX3:$PFX4:$PD6_F1::", "$(( $PFX_LEN + $SUBNET_LEN ))", "$PFX1:$PFX2:$PFX3:$PFX4::4" ); } } on commit { if exists dhcp6.ia-pd { set pdaddr=binary-to-ascii(16, 16, ":", substring(option dhcp6.ia-pd,25,16)); set pdlen=binary-to-ascii(10, 8, "", substring(option dhcp6.ia-pd,24,1)); set nh=binary-to-ascii(16, 16, ":", substring(option dhcp6.ia-na,16,16)); execute("/usr/local/sbin/pdr.sh", pdaddr, pdlen, nh); } } EOF if [ ! -e /etc/dhcp/dhcpd6.config.bkup -a /etc/dhcp/dhcpd6.conf ];then mv /etc/dhcp/dhcpd6.conf /etc/dhcp/dhcpd6.config.bkup fi cat > /etc/dhcp/dhcpd6.conf << EOF include "/etc/dhcp/conf.d/$PFX_WO_LEN.conf"; EOF #/etc/init.d/isc-dhcp-server restart## 2-1b. /usr/local/sbin/pdr.sh ( chmod +x )
#!/bin/bash rt1=`ip -6 route show $1/$2 via $3` rt2=`ip -6 route show $1/$2` if [ -z "$rt1" ];then if [ -n "$rt2" ]; then ip -6 route delete $1/$2 fi ip -6 route add $1/$2 via $3 fi## 2-2./usr/local/sbin/subnet-dhcpd4.sh ( chmod +x )
#!/bin/bash SUBNET=$1 MASK=$2 RANGE_S=$3 RANGE_E=$4 RT=$5 if [ ! -d /etc/dhcp/conf.d ]; then mkdir -p /etc/dhcp/conf.d fi cat > /etc/dhcp/conf.d/$SUBNET.conf << EOF subnet $SUBNET netmask $MASK { range $RANGE_S $RANGE_E; option domain-name-servers 1.1.1.1, 1.0.0.1; option routers $5; } EOF if [ ! -e /etc/dhcp/dhcpd.conf.bkup ] && [ -e /etc/dhcp/dhcpd.conf ];then mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.bkup fi cat > /etc/dhcp/dhcpd.conf << EOF include "/etc/dhcp/conf.d/$SUBNET.conf"; EOF #/etc/init.d/isc-dhcp-server restart/80の委譲をおこなう孫ルータの設定は以上です。次回は/80を配布する(/80の委譲をうけた)ひ孫ルータの設定です。それでは。
コメント
コメントを投稿