DHCPv6-PD サブルータの構成 その３： /80の委譲を受けたひ孫ルータの場合

PREFIX /80の委譲を受けたひ孫ルータの設定です。今回も構成は前回と同じです。

それでは早速設定です。今回は、図のgw4です。
## 0-1a. /etc/network/interfaces.d/eth0

auto eth0

iface eth0 inet static
address 172.16.3.2
netmask 255.255.255.0
gateway 172.16.3.1

iface eth0 inet6 dhcp
  accept_ra 2
  request_prefix 1

## 0-1b. /etc/network/interfaces.d/eth1

auto eth1

iface eth1 inet static
  address 172.16.4.1
  netmask 255.255.255.0

iface eth1 inet6 manual

## 0-2. /etc/sysctl.conf

net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.eth0.accept_ra = 2

## 0-3. /etc/rc.local (chmod+x)

#!/bin/bash
## clear lease records just for sure.
rm /var/lib/dhcp/dhclient6.eth0.leases
touch /var/lib/dhcp/dhclient6.eth0.leases

sysctl -p

ifup eth1

sleep 10

/etc/init.d/isc-dhcp-server restart

## 0-4. /etc/radvd.conf (apt-get install radvd)

interface eth1 {
  AdvManagedFlag on;
  AdvOtherConfigFlag on;
  AdvSendAdvert on;
  AdvLinkMTU 1500;
  MaxRtrAdvInterval 180;

  RDNSS 2606:4700:4700::1111 2606:4700:4700::1001 {
  };

  AdvRASrcAddress {
    fe80::1;
  };
};

## 0-5. /etc/keepalived/keepalived.conf (apt-get install keepalived)

global_defs {
  vrrp_version 3
}

vrrp_sync_group G4 {
  group {
    ipv6_vgw04
  }
}

vrrp_instance ipv6_vgw04 {
  state BACKUP
  interface eth1
  virtual_router_id 62
  priority 100
  advert_int 1.0
  virtual_ipaddress {
    fe80::1/10
  }
  garp_master_delay 1
}

## 0-6. /etc/default/isc-dhcp-server (apt-get install isc-dhcp-server)

INTERFACESv4="eth1"
INTERFACESv6="eth1"

注釈１：Debian 10/Debian 11のネットインストイメージで最小インストールをした場合、/etc/resolv.confは自動で設定されませんので手動/自動のいずれかを選択してください。
## 0-7a. /sbin/dhclient-scriptの変更(403行目)
/etc/resolv.confを自動で変更する場合（IPv6のREBIND6時）

#変更前
if [ "${reason}" = BOUND6 ] ||

#変更後
if [ "${reason}" = BOUND6 ] || [ "${reason}" = REBIND6 ] ||

## 0-7b. /etc/resolv.conf
/etc/resolv.confを手動で設定する場合

nameserver 2606:4700:4700::1111
nameserver 2606:4700:4700::1001

## 1-1. /etc/dhcp/dhclient-exit-hooks.d/prefix-delegation ( chmod +x )

#!/bin/bash
if [ -n "$new_ip6_prefix" ];then
  ia_pd_interface=eth1
  # check current inet6 addr and run the script unless proper prefix is given.
  bounded=false
  for addr in `ip -6 a show dev $ia_pd_interface | grep inet6 | awk '{print $2}'`;do
    if [ "$addr" = "$new_ip6_prefix" ];then bounded=true;fi
  done

  if ! "$bounded"; then
    ip -6 addr add $new_ip6_prefix dev $ia_pd_interface
    /usr/local/sbin/subnet-dhcpd4.sh 172.16.4.0 255.255.255.0 172.16.4.200 172.16.4.254 172.16.4.1
    /usr/local/sbin/subnet-dhcpd6.sh $new_ip6_prefix
  fi
fi

## Uncomment blow for debug
#echo ====================== >> /tmp/pd.log
#printenv >> /tmp/pd.log

## 1-2 /etc/dhcp/dhclient-exit-hooks.d/prefix-delegation (chmod +x)

#!/bin/bash

if [ -n "$new_ip6_prefix" ];then
  ia_pd_interface=eth1
  # check current inet6 addr and run the script unless proper prefix is given.
  echo DEBUG1: $new_ip6_prefix
  bounded=false
  for addr in `ip -6 a show dev $ia_pd_interface | grep inet6 | awk '{print $2}'`;do
    echo DEBUG2: $addr
    if [ "$addr" = "$new_ip6_prefix" ];then bounded=true;fi
  done
  if ! "$bounded"; then
    echo DEBUG3: $new_ip6_prefix
    ip -6 addr add $new_ip6_prefix dev $ia_pd_interface
    /usr/local/sbin/subnet-dhcpd4.sh 172.16.4.0 255.255.255.0 172.16.4.200 172.16.4.254 172.16.4.1
    /usr/local/sbin/subnet-dhcpd6.sh $new_ip6_prefix
  fi
fi

## 2-1a./usr/local/sbin/subnet-dhcpd6.sh ( chmod +x )

#!/bin/bash

PFX_W_LEN=$1

#SUBNET_LEN=4
#SUBNET_LEN=8
SUBNET_LEN=16

PFX=`echo $PFX_W_LEN | awk -F'::' '{print $1}'`
PFX_WO_LEN=`echo $PFX_W_LEN | awk -F'/' '{print $1}'`
PFX_LEN=`echo $PFX_W_LEN  | awk -F'/' '{print $2}'`

PFX1=`echo $PFX | awk -F':' '{print $1}'`
PFX2=`echo $PFX | awk -F':' '{print $2}'`
PFX3=`echo $PFX | awk -F':' '{print $3}'`
PFX4=`echo $PFX | awk -F':' '{print $4}'`
PFX5=`echo $PFX | awk -F':' '{print $5}'`

if [ -z "$PFX3" ]; then PFX3=0; fi
if [ -z "$PFX4" ]; then PFX4=0; fi
if [ -z "$PFX5" ]; then PFX5=0; fi

PFX6=0
PFX3=`printf %04x 0x$PFX3`
PFX4=`printf %04x 0x$PFX4`
PFX5=`printf %04x 0x$PFX5`
PFX6=`printf %04x 0x$PFX6`

if [ $SUBNET_LEN == 4 ];then
PD6_S=`printf %x $(( 0x$PFX6 + 0x1000 ))`
PD6_E=`printf %x $(( 0x$PFX6 + 0xf000 ))`
elif [ $SUBNET_LEN == 8 ];then
PD6_S=`printf %x $(( 0x$PFX6 + 0x0100 ))`
PD6_E=`printf %x $(( 0x$PFX6 + 0xff00 ))`
elif [ $SUBNET_LEN == 16 ];then
PD6_S=`printf %x $(( 0x$PFX6 + 0x0001 ))`
PD6_E=`printf %x $(( 0x$PFX6 + 0xffff ))`
fi

#echo DEBUG: $PD6_S $PD6_E

if [ ! -d /etc/dhcp/conf.d ]; then
 mkdir -p /etc/dhcp/conf.d
fi

#echo DEBUG: PFX_WO_LEN: $PFX_WO_LEN

cat > /etc/dhcp/conf.d/$PFX_WO_LEN.conf << EOF
default-lease-time 600;
max-lease-time 7200;
log-facility local7;


subnet6 $PFX_W_LEN {
    range6 $PFX1:$PFX2:$PFX3:$PFX4:$PFX5:: $PFX1:$PFX2:$PFX3:$PFX4:$PFX5:ffff:ffff:ffff;
#    range6 $PFX1:$PFX2:$PFX3:$PFX4:$PFX5:: temporary;
    option dhcp6.name-servers 2606:4700:4700::1111, 2606:4700:4700::1001;
## （gw4はさらにサブルータを持ってくることもできますようにしていますが、不要ならば ここからコメント化してください。)
    prefix6 $PFX1:$PFX2:$PFX3:$PFX4:$PFX5:$PD6_S:: $PFX1:$PFX2:$PFX3:$PFX4:$PFX5:$PD6_E:: /$(( $PFX_LEN + $SUBNET_LEN ));
##  ここまで
}

## 同じくこちらもサブルータを構成させない場合、ここからコメント化してください。
on commit {
  if exists dhcp6.ia-pd {
    set pdaddr=binary-to-ascii(16, 16, ":", substring(option dhcp6.ia-pd,25,16));
    set pdlen=binary-to-ascii(10, 8, "", substring(option dhcp6.ia-pd,24,1));
    set nh=binary-to-ascii(16, 16, ":", substring(option dhcp6.ia-na,16,16));
    execute("/usr/local/sbin/pdr.sh", pdaddr, pdlen, nh);
  }
}
## ここまで
EOF

if [ ! -e /etc/dhcp/dhcpd6.config.bkup -a /etc/dhcp/dhcpd6.conf ];then
 mv /etc/dhcp/dhcpd6.conf /etc/dhcp/dhcpd6.config.bkup
fi
cat > /etc/dhcp/dhcpd6.conf << EOF
include "/etc/dhcp/conf.d/$PFX_WO_LEN.conf";
EOF

#/etc/init.d/isc-dhcp-server restart

## 2-1b. /usr/local/sbin/pdr.sh ( chmod +x )

#!/bin/bash
rt1=`ip -6 route show $1/$2 via $3`
rt2=`ip -6 route show $1/$2`
if [ -z "$rt1" ];then
  if [ -n "$rt2" ]; then
    ip -6 route delete $1/$2
  fi
  ip -6 route add $1/$2 via $3
fi

## 2-2./usr/local/sbin/subnet-dhcpd4.sh ( chmod +x )

#!/bin/bash

SUBNET=$1
MASK=$2

RANGE_S=$3
RANGE_E=$4

RT=$5

if [ ! -d /etc/dhcp/conf.d ]; then
 mkdir -p /etc/dhcp/conf.d
fi

cat > /etc/dhcp/conf.d/$SUBNET.conf << EOF
subnet $SUBNET netmask $MASK {
    range $RANGE_S $RANGE_E;
    option domain-name-servers 1.1.1.1, 1.0.0.1;
    option routers $5;
}

EOF

if [ ! -e /etc/dhcp/dhcpd.conf.bkup ] && [ -e /etc/dhcp/dhcpd.conf ];then
 mv /etc/dhcp/dhcpd.conf /etc/dhcp/dhcpd.conf.bkup
fi
cat > /etc/dhcp/dhcpd.conf << EOF
include "/etc/dhcp/conf.d/$SUBNET.conf";
EOF

#/etc/init.d/isc-dhcp-server restart

今回は以上です。それでは。