aftr+b4环境搭建.doc

AFTR1.1安装配置一、 环境说明：网络结构：用户设备B4家庭网关AFTR网关公网用户设备和B4家庭网关间可是双栈(IPV4(私网IP)/IPV6)。在用户设备不支持IPV6的情况下可以是单一IPV4私网IP；B4与AFTR间为IPV6；AFTR与公网间为IPV4公网IP ;用户设备、B4、AFTR均用CENTOS6.3系统充当，由于B4和AFTR要编译源码，系统需安装开发包！（呵呵,手上只有这个镜像文件）系统需求: Linux or FreeBSD. Kernel must be built with IPv6 and tun(4).Linux kernel version must be greater than 2.6.26, to correct a small-packet-drop problem in tunnel46_rcv().二、 设备作用说明：B4为用户设备分配IPV4私网IP；与AFTR网关建立4in6隧道，让用户的IPV4数据在IPV6网络上转发；AFTR作为4in6隧道终点，使用IPV4NAT技术将用户私网IP转为公网IP；在AFTR上B4分配给用户的私网IPV4地址可以重复，因为AFTR内部维护的NAT表项与普通IPv4NAT不同，增加B4的WAN接口IPv6地址以区分用户。AFTR用为DHCPV6服务器为B4的WAN分配IP地址，并通过DHCP相应字段将AFTR的隧道端口地址通告给B4.三、 AFTR 安装配置1、安装下载AFTR 1.1安装包到充当AFTR的机器中，地址为：/isc/aftr/aftr-1.1.tar.gz执行如下命令：#cd /root#wget /isc/aftr/aftr-1.1.tar.gz#tar zxvf aftr-1.1.tar.gz#cd aftr-1.1# ./configure#make2、AFTR配置Aftr-1.1的安装包的conf目录里提供了很多aftr配置文件和脚本例子供大家参考，本文以最简单的建立连接为例,详细参数请见aftr自带文档说明。在aftr-1.1目录中创建aftr.conf配置文件。#vi aftr.confdefmtu 1420defmss ondeftoobig offacl6 2001:240:63f:ff00:/64 /需要接入的Ipv6网段(分配给B4 上接口的IPV6地址段)用于控制哪些网段设备可以接入隧道默认是全部拒绝的如果不添加将无法建立隧道连接。address endpoint 2001:240:63f:ff01:1 /aftr侧隧道端点address icmp 11 pool 11 /aftr上用于nat 转换的Ipv4地址池3、创建启动运行的脚本aftr-script#vi aftr-scriptaftr_start() set -x ip link set tun0 up ip addr add peer dev tun0 ip route add 11/32 dev tun0 /将用于NAT的地址指向隧道tun0 ip -6 addr add fe80:1 dev tun0 /为隧道tun0添加IPV6地址，可不用 ip -6 route add 2001:240:63f:ff01:/64 dev tun0 /将aftr侧隧道端地址指向 tun0aftr_stop() set -x ip link set tun0 downcase $1 instart)aftr_start;stop)aftr_stop;*)echo Usage: $0 start|stopexit 1;esacexit 0给aftr-script执行权限#chmod +x aftr-script4、让系统转发IPV4、IPV6数据包开启IPV4转发，修改sysctl.conf文件中的net.ipv4.ip_forward项，值改为1#vi /etc/sysctl.confnet.ipv4.ip_forward = 1刷新sysctl.conf#sysctl p开启IPV6转发，修改/etc/sysconfig/network,添加IPV6FORWARDING=yes#vi /etc/sysconfig/networkIPV6FORWARDING=yes重启网络服务#service network restart5、网络端口配置（不详说了）/etc/sysconfig/networkNETWORKING=yesNETWORKING_IPV6=yeseth1连接公网,端口配置DEVICE=eth1BOOTPROTO=noneNM_CONTROLLED=yesONBOOT=yesTYPE=EthernetHWADDR=00:0C:29:F1:B6:B0 /改为自已的，可不写IPADDR=00PREFIX=24GATEWAY=DNS1=00DEFROUTE=yesIPV4_FAILURE_FATAL=yesIPV6INIT=noNAME=System eth1Eth0连接B4，端口配置DEVICE=eth0HWADDR=00:0C:29:F1:B6:A6NM_CONTROLLED=yesONBOOT=yesTYPE=EthernetIPV6INIT=yesIPV6ADDR=2001:240:63f:ff00:1IPV6_AUTOCONF=no6、启动aftr./aftr 如果aftr.conf和aftr-script两个文件不当前目录需加 -c f参数指明文件位置./aftr -c /root/aftr-1.1/aftr.conf s /root/aftr-1.1/aftr-script启动aftr时也可加-g参数到调试模式，或telnet 1015到调试模式。调试模式中可以通地list tunnel命令查看与B4的隧道是否建立，隧道需用户发数据包触发的。7、B4侧配置eth0用于连接AFTR，网卡只配IPV6地址即可，也可DHCP自动获取。DEVICE=eth0#BOOTPROTO=dhcpHWADDR=00:0C:29:88:21:14NM_CONTROLLED=yesONBOOT=yesTYPE=EthernetIPV6INIT=yesIPV6ADDR=2001:240:63f:ff00:2IPV6_DEFAULTGW=2001:240:63f:ff00:1IPV6_AUTOCONF=noB4建立与aftr的IPV6隧道modprobe lpmodprobe ip6_tunnelip -6 route add 2001:240:63f:ff01:1/128 via 2001:240:63f:ff00:1 /如果在配置网卡时没有添加IPV6网关时，需执行这条命令ip -6 tunnel add tun0 mode ipip6 remote 2001:240:63f:ff01:1 local 2001:240:63f:ff00:2 dev eth0 encaplimit noneip link set tun0 upip addr add peer dev tun0ip route add /0 via 隧道建立完后，可以通过以下命令查看隧道、网卡、路由信息。#ip -6 tunnel show#ifconfig#netstat rn#netstat A inet6 rn在B4上去ping IPv4的地址会发现可以ping通在目的IP机器上抓包可以看到ping包伪装为11aftr服务器配置的地址池中的地址出去的如果看到Ping通了表示服务器已经搭建OK。在aftr上telnet 1015list tunnel 查看隧道debug natdebug statdebug tunnel四、 B4 DHCP获得IPV6地址1、 AFTR安装DHCP服务，使用的ISC的DHCP包在AFTR机器上下载DHCP安装包并安装#wget /isc/dhcp/4.2.4-P2/dhcp-4.2.4-P2.tar.gz#tar zxvf dhcp-4.2.4-P2.tar.gz#cd dhcp-4.2.4-P2#./configure#make#make install进入/usr/local/etc目录修改dhcpd.conf文件#cd /usr/local/etc#vi dhcpd.confdefault-lease-time 7200;max-lease-time 86400; log-facility local7;option dhcp6.softwire code 54 = ip6-address; /添加aftr的4in6隧道地址字节option dhcp6.defroute code 123 = ip6-address; /添加ipv6默认路由字节option dhcp6.defgateway code 99 = ip6-address; /添加ipv6默认路由网关字节default-lease-time 3600;max-lease-time 86400;authoritative;subnet6 2001:240:63f:ff00:/64 range6 2001:240:63f:ff00:5 2001:240:63f:ff00:10; option -servers 2001:240:63f:ff00:1; option dhcp6.softwire 2001:240:63f:ff01:1; /添加aftr的4in6隧道地址 option dhcp6.defgateway 2001:240:63f:ff00:1; /添加ipv6默认路由网关地址 option dhcp6.defroute 2001:240:63f:ff00:1; /添加ipv6默认路由地址创建dhcpd6.leases文件#cat /var/db/dhcpd6.leases启动dhcp服务#/usr/local/sbin/dhcpd -6 cf /usr/local/etc/dhcpd.conf2、 B4上安装DHCP客户端在B4机器上下载DHCP安装包并安装#wget /isc/dhcp/4.2.4-P2/dhcp-4.2.4-P2.tar.gz#tar zxvf dhcp-4.2.4-P2.tar.gz#cd dhcp-4.2.4-P2#./configure#make#make install进入/usr/local/etc目录修改dhclient.conf文件#cd /usr/local/etc#vi dhclient.confsend host-name = pick-first-value(gethostname(), ISC-dhclient);send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;send dhcp-lease-time 3600;#supersede domain-search , ;#prepend domain-name-servers ;request subnet-mask, broadcast-address, time-offset, routers, domain-name, domain-name-servers, host-name;require subnet-mask, domain-name-servers;timeout 60;retry 60;reboot 10;select-timeout 5;initial-interval 2;script /sbin/dhclient-script; /设备获取DHCP分配的地址信息后，需运行的此脚本将信息配置在设备上option dhcp6.softwire code 54 = ip6-address;option dhcp6.defgateway code 99 = ip6-address;option dhcp6.defroute code 123 = ip6-address;interface eth2 option domain-name-servers 2001:240:63f:ff00:1; also request dhcp6.softwire; /获取aftr的4in6隧道地址 also request dhcp6.defgateway; /获取默认网关信息 also request dhcp6.defroute; /获取默认路由信息创建dhclient6.leases文件# cat /var/db/dhclient6.leases运行dhcliet命令获取IPV6地址信息/usr/local/sbin/dhclient -6 eth2 -cf /usr/local/etc/dhclient.conf由于默认/sbin/dhclient-script不能将ISC DHCP中的默认网关、默认路由配置到网卡上，也无法识别softwire信息，所以要另写脚本配置相应信息。下面脚本作用是一个简单的自动获取地址、配置网关、建立隧道。也要将此脚本加入至/etc/rc.local中开机自动获取地址并建立隧道。#!/bin/bash/opt/dhcpcli/sbin/dhclient -6 eth2 -cf /opt/dhcpcli/etc/dhclient.confdefgateway=grep dhcp6.defgateway /var/db/dhclient6.leases| tail -1|awk -F ; print $5softwire=grep dhcp6.softwire /var/db/dhclient6.leases| tail -1|awk -F ; print $5#dhcpip=grep iaaddr /var/db/