このページの翻訳:
- 日本語 (ja)
- English (en)
最近の更新
- 麻雀ルール [局の進行について]
- 01 ネットワーク設定nmcli [コネクションとデバイスを関連付け]
サイドバー
50_dialy:2025:07:27
2025.07.27 IPv6 DSR
IPv6でDSRやろうとして失敗した記録
※これは失敗した記録です。
IPv4だと、これが簡単にできるのですけど、IPv6だとうまくできない。
この辺
環境
LBはVIP [2408:a1c0:1ad:1fff::1110] を持っていて
[2408:a1c0:1ad:1fff::1110] へアクセスが来た場合、RSの [2408:a1c0:1ad:1fff::1112] へ転送して
[2408:a1c0:1ad:1fff::1112] が直接返答したい。
LB
# ip a
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1413 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:cb:c5:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.128.166/24 metric 100 brd 192.168.128.255 scope global dynamic enp2s0
valid_lft 83701sec preferred_lft 83701sec
inet6 2408:a1c0:1ad:1fff::1110/64 scope global
valid_lft forever preferred_lft forever
inet6 2408:a1c0:1ad:1fff::1111/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fecb:c53a/64 scope link
valid_lft forever preferred_lft forever
RS
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 2408:a1c0:1ad:1fff::1110/128 scope global
valid_lft forever preferred_lft forever
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1413 qdisc fq_codel state UP group default qlen 1000
link/ether fa:16:3e:5e:15:a3 brd ff:ff:ff:ff:ff:ff
inet 192.168.128.217/24 metric 100 brd 192.168.128.255 scope global dynamic enp2s0
valid_lft 84432sec preferred_lft 84432sec
inet6 2408:a1c0:1ad:1fff::1112/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe5e:15a3/64 scope link
valid_lft forever preferred_lft forever
LB側
# nft list table ip6 nat
table ip6 nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
ip6 daddr 2408:a1c0:1ad:1fff::1110 tcp dport 80 dnat to 2408:a1c0:1ad:1fff::1112
}
}
RS側
# nft list table ip6 nat
table ip6 nat {
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
ip6 daddr 2408:a1c0:1ad:1fff::1110 redirect
ip6 daddr 2408:a1c0:1ad:1fff::1110 tcp dport 80 redirect to :80
}
}
RS側までは通信届いてて、ACKを返している
が、確認側では受け取れてない。
# tcpdump -nne -i enp2s0 ip6 and port 80 tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on enp2s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes 07:40:07.223156 fa:16:3e:cb:c5:3a > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [S], seq 1408598023, win 64944, options [mss 1353,sackOK,TS val 1483087515 ecr 0,nop,wscale 7], length 0 07:40:07.223206 fa:16:3e:5e:15:a3 > fa:16:3e:6a:e4:85, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1112.80 > 2408:a1c0:1ad:1fff::1113.50342: Flags [S.], seq 102076255, ack 1408598024, win 64368, options [mss 1353,sackOK,TS val 2464373664 ecr 1483087515,nop,wscale 7], length 0 07:40:07.223538 fa:16:3e:6a:e4:85 > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 74: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [R], seq 1408598024, win 0, length 0 07:40:08.252682 fa:16:3e:cb:c5:3a > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [S], seq 1408598023, win 64944, options [mss 1353,sackOK,TS val 1483088546 ecr 0,nop,wscale 7], length 0 07:40:08.252732 fa:16:3e:5e:15:a3 > fa:16:3e:6a:e4:85, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1112.80 > 2408:a1c0:1ad:1fff::1113.50342: Flags [S.], seq 118162608, ack 1408598024, win 64368, options [mss 1353,sackOK,TS val 2464374693 ecr 1483088546,nop,wscale 7], length 0 07:40:08.253056 fa:16:3e:6a:e4:85 > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 74: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [R], seq 1408598024, win 0, length 0 07:40:09.276664 fa:16:3e:cb:c5:3a > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [S], seq 1408598023, win 64944, options [mss 1353,sackOK,TS val 1483089570 ecr 0,nop,wscale 7], length 0 07:40:09.276717 fa:16:3e:5e:15:a3 > fa:16:3e:6a:e4:85, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1112.80 > 2408:a1c0:1ad:1fff::1113.50342: Flags [S.], seq 134162336, ack 1408598024, win 64368, options [mss 1353,sackOK,TS val 2464375717 ecr 1483089570,nop,wscale 7], length 0 07:40:09.277056 fa:16:3e:6a:e4:85 > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 74: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [R], seq 1408598024, win 0, length 0 07:40:10.300694 fa:16:3e:cb:c5:3a > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [S], seq 1408598023, win 64944, options [mss 1353,sackOK,TS val 1483090594 ecr 0,nop,wscale 7], length 0 07:40:10.300744 fa:16:3e:5e:15:a3 > fa:16:3e:6a:e4:85, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1112.80 > 2408:a1c0:1ad:1fff::1113.50342: Flags [S.], seq 150162788, ack 1408598024, win 64368, options [mss 1353,sackOK,TS val 2464376741 ecr 1483090594,nop,wscale 7], length 0 07:40:10.301055 fa:16:3e:6a:e4:85 > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 74: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [R], seq 1408598024, win 0, length 0 07:40:11.324645 fa:16:3e:cb:c5:3a > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [S], seq 1408598023, win 64944, options [mss 1353,sackOK,TS val 1483091618 ecr 0,nop,wscale 7], length 0 07:40:11.324693 fa:16:3e:5e:15:a3 > fa:16:3e:6a:e4:85, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1112.80 > 2408:a1c0:1ad:1fff::1113.50342: Flags [S.], seq 166161982, ack 1408598024, win 64368, options [mss 1353,sackOK,TS val 2464377765 ecr 1483091618,nop,wscale 7], length 0 07:40:11.325033 fa:16:3e:6a:e4:85 > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 74: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [R], seq 1408598024, win 0, length 0 07:40:12.348552 fa:16:3e:cb:c5:3a > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [S], seq 1408598023, win 64944, options [mss 1353,sackOK,TS val 1483092642 ecr 0,nop,wscale 7], length 0 07:40:12.348590 fa:16:3e:5e:15:a3 > fa:16:3e:6a:e4:85, ethertype IPv6 (0x86dd), length 94: 2408:a1c0:1ad:1fff::1112.80 > 2408:a1c0:1ad:1fff::1113.50342: Flags [S.], seq 182160432, ack 1408598024, win 64368, options [mss 1353,sackOK,TS val 2464378789 ecr 1483092642,nop,wscale 7], length 0 07:40:12.348916 fa:16:3e:6a:e4:85 > fa:16:3e:5e:15:a3, ethertype IPv6 (0x86dd), length 74: 2408:a1c0:1ad:1fff::1113.50342 > 2408:a1c0:1ad:1fff::1112.80: Flags [R], seq 1408598024, win 0, length 0
確認VM側
LB経由の場合は、帰ってこない
# curl -6 -v http://[2408:a1c0:1ad:1fff::1110] * Trying [2408:a1c0:1ad:1fff::1110]:80...
RS直接の場合は届く、[2408:a1c0:1ad:1fff::1112]
# curl -6 -v http://[2408:a1c0:1ad:1fff::1112] * Trying [2408:a1c0:1ad:1fff::1112]:80... * Connected to 2408:a1c0:1ad:1fff::1112 (2408:a1c0:1ad:1fff::1112) port 80 > GET / HTTP/1.1 > Host: [2408:a1c0:1ad:1fff::1112] > User-Agent: curl/8.5.0 > Accept: */* > < HTTP/1.1 200 OK < Date: Sat, 26 Jul 2025 22:42:22 GMT < Server: Apache/2.4.58 (Ubuntu) < Last-Modified: Sat, 26 Jul 2025 08:27:31 GMT < ETag: "b-63ad0d463dc8d" < Accept-Ranges: bytes < Content-Length: 11 < Content-Type: text/html < test-lll02 * Connection #0 to host 2408:a1c0:1ad:1fff::1112 left intact
50_dialy/2025/07/27.txt · 最終更新: 2025/07/27 07:45 by matsui
特に明示されていない限り、本Wikiの内容は次のライセンスに従います: CC Attribution-Noncommercial-Share Alike 4.0 International
