IPv6-IPv4-IPv6 Tunnel Configuration
IPv6-IPv4-IPv6 Tunnel Configuration
172.16.0.0
------+---------------------------------------+--------
| |
(pcn0) 172.16.8.200 (pcn0) 172.16.8.205
<solaris200> <solaris205>
(pcn0:1)192.168.1.1 (pcn0:1)192.168.2.1
| |
+-192.168.1.2(pcn0) +-192.168.2.2(pcn0)
| |
+-192.168.1.3 +-192.168.2.3
| |
+-192.168.1.4 +-192.168.2.4
| |
+-192.168.1.5 +-192.168.2.5
| |
+-192.168.1.6 +-192.168.2.6
| |
+-192.168.1.7 +-192.168.2.7
| |
+-192.168.1.8 +-192.168.2.8
| |
+-192.168.1.9 +-192.168.2.9
| |
+-192.168.1.10 +-192.168.2.10
[그림] 실습 구성도
(자리배치도)
-----------------------------------
200 201 202 203 204 205
-----------------------------------
206 207 208 209 210 211
-----------------------------------
212 213 214 215 216 217
-----------------------------------
218 219 220 221 222 223
-----------------------------------
224 225 226 227 228 229
-----------------------------------
자리 번호: 201 -> 번호 할당: 2
- pcn0 192.168.1.2
- pcn0:1 192.168.1.202
자리 번호: 203 -> 번호 할당: 2
- pcn0 192.168.2.2
- pcn0:1 192.168.2.202
-------------
1. 공통 작업
-------------
(준비사항) 전체적인 설정
- IPv6 NIC 설정은 없는것으로 한다.
- in.ndpd 데몬이 뜨지 않아야 한다.
- routing table 정보에 default router 설정이 없어야 한다.
- 라우터 설정은 "강사"가 설정한다.
# ls /etc/hostname6.*
# rm /etc/hostname6.pcn0
# ifconfig pcn0 inet6 down unplumb
# ifconfig lo0 inet6 down unplumb
# ifconfig -a
# pgrep -lf in.routed
# pgrep -lf in.rdisc
# pkill -9 in.routed
# pkill -9 in.rdisc
# pgrep -lf in.ndpd
# pkill in.ndpd (# pkill -9 in.ndpd)
# route flush
---------------
2. Router 작업
---------------
(At Router)
■ 인터페이스 설정
■ pcn0 인터페이스(172.16.8.XXX)
■ pcn0:1 가상인터페이스 설정(192.168.[1-2].1)
■ pcn1 unplumb
■ 라우터 설정
■ in.routed -s
■ in.rdisc -r
■ ip_forwarding ON
(1). 인터페이스 설정
(a). pcn0 설정
서버와 통신이 되는지 확인한다. 기존의 설정을 그래도 사용한다.
# ifconfig -a
# ping -s 172.16.8.254
(b). pcn0:1 가상인퍼테이스 설정(192.168.X.1)
# ifconfig pcn0:1 plumb up
# ifcofnig pcn0:1 192.168.[1-2].1 netmask 255.255.255.0 broadcast +
(c). pcn1 unplumb
NAT Device에 연결된 NIC는 unplumb 시켜 놓는다.
# ifconfig pcn1 down unplumb
(2). 라우터 설정
# route flush
# in.routed -s
# in.rdisc -r
# ndd -set /dev/ip ip_forwarding 1
# pgrep -lf in.routed
# pgrep -lf rdisc
# ndd -get /dev/ip ip_forwarding
# netstat -nr
(상대방 라우터가 반드시 보여야 한다.)
(3). 라우터 상태 점검(Router1, 예: 172.16.8.200)
(IP 설정 점검) Router1
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
pcn0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.16.8.200 netmask ffff0000 broadcast 172.16.255.255
ether 0:c:29:ab:48:bd
pcn0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.1 netmask ffffff00 broadcast 192.168.1.255
-> pcn1 unplumb 시킴
-> pcn0:1의 IP를 192.168.1.1로 설정
(Routing Table 점검) Router1
# netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.1.0 192.168.1.1 U 1 11 pcn0:1
192.168.2.0 172.16.8.205 UG 1 0 pcn0 <----- 정보 확인
172.16.0.0 172.16.8.200 U 1 5 pcn0
224.0.0.0 172.16.8.200 U 1 0 pcn0
127.0.0.1 127.0.0.1 UH 21 5418 lo0
(Router 설정 점검) Router1
# pgrep -lf in.routed
567 in.routed -s
# pgrep -lf in.rdisc
570 in.rdisc -r
# ndd -get /dev/ip ip_forwarding
1
(4). 라우터 상태 점검(Router2, 예: 172.16.8.205)
(IP 설정 점검) Router2
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
pcn0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.16.8.205 netmask ffff0000 broadcast 172.16.255.255
ether 0:c:29:da:a8:1e
pcn0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.2.1 netmask ffffff00 broadcast 192.168.2.255
-> pcn1 unplumb
-> pcn0:1은 IP가 192.168.2.1 설정
(Routing Table 점검) Router2
# netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.1.0 172.16.8.200 UG 1 0 pcn0 <----- 설정 확인
192.168.2.0 192.168.2.1 U 1 1 pcn0:1
172.16.0.0 172.16.8.205 U 1 17 pcn0
224.0.0.0 172.16.8.205 U 1 0 pcn0
127.0.0.1 127.0.0.1 UH 45 75281 lo0
(Router 설정 점검) Router2
# pgrep -lf in.routed
2223 in.routed -s
# pgrep -lf in.rdisc
2225 in.rdisc -r
# ndd -get /dev/ip ip_forwarding
1
---------------
3. Host 작업
---------------
(At Client) 예: 192.168.2.2
(가정) 인터페이스는 Bridge Device 연결된 NIC1(pcn0)만 사용하는것으로 가정한다.
- 인터페이스 설정
- pcn0 설정 (예: 192.168.[1-2].X)
- pcn1 unplumb
- Default Router 설정(192.168.[1-2].1)
- 테스트
(1). 인터페이스 설정
(a). pcn0 설정
# ifconfig pcn0 192.168.[1-2].X netmask 255.255.255.0 broadcast + up
(b). pcn1 unplumb
# ifconfig pcn1 down unplumb (-> 솔라리스 CDE 환경에서 작업)
# ifconfig -a
(c). Default Router 설정
# route flush
# route add default 192.168.[1-2].1
# netstat -nr
(2). Host 설정 점검
(IP 설정 점검) 192.168.2.2
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
pcn0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.2.2 netmask ffffff00 broadcast 192.168.2.255
ether 0:c:29:4d:b1:ff
-> pcn1 unplumb
-> pcn0의 IP가 192.168.2.2
(Routing Table 점검) 192.168.2.2
# netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.2.0 192.168.2.2 U 1 4 pcn0
224.0.0.0 192.168.2.2 U 1 0 pcn0
default 192.168.2.1 UG 1 5 <----- 설정 확인
127.0.0.1 127.0.0.1 UH 20 27673 lo0
(IP 설정 점검) 192.168.1.2
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
pcn0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.2 netmask ffffff00 broadcast 192.168.1.255
ether 0:c:29:5d:97:e
(Routing Table 점검) 192.168.1.2
# netstat -nr
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.1.0 192.168.1.2 U 1 1 pcn0
224.0.0.0 192.168.1.2 U 1 0 pcn0
default 192.168.1.1 UG 1 14 <----- 설정 확인
127.0.0.1 127.0.0.1 UH 35 7139 lo0
192.168.2.2 ------- Router1 ------------------ Router2 ------- 192.168.1.2
192.168.2.1 172.16.8.205 172.16.8.200 192.168.1.1 |
| | | | |
--------------> | | | | |
| | | |
--------------------------> | | | |
| | |
----------------------------------------> | | |
| |
-----------------------------------------------------> | |
|
----------------------------------------------------------------> |
(192.168.2.2) -> (192.168.2.1)
-> (172.16.8.205)
-> (172.16.8.200)
-> (192.168.1.1)
-> (192.168.1.2)
# ping 192.168.2.1
# ping 172.16.8.205
# ping 172.16.8.200
# ping 192.168.1.1
# ping 192.168.1.2
(Trouble Shooting)
라우터에 이상이 있는 경우
- (a). 라우팅 테이블을 확인한다.
- (b). 라우터의 아이피를 재 설정해 본다.
호스트에 이상이 있는 경우
- (a). 아이피를 재 설정 해 본다.
4. Configuring IPv6-Over-IPv4 Tunnels
(1). 가상 NIC 추가 및 IPv6 설정 (예: 192.168.1.202 <----> 192.168.2.202)
- pcn0:1 (192.168.[1-2].20X) : 가상 인터페이스 설정
- pcn0에 IPv6 주소 생성
- ip.tun0 설정
(At 192.168.1.202) 192.168.1.2
(a). pcn0에 IPv6 주소 생성
# ifconfig pcn0 inet6 plumb up
(b). pcn0:1(192.168.1.20X) 설정
# ifconfig pcn0 addif 192.168.1.20X up
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
pcn0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.2 netmask ffffff00 broadcast 192.168.1.255
ether 0:c:29:20:b:b6
pcn0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.202 netmask ffffff00 broadcast 192.168.1.255 <----- IP 정보 확인
pcn0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 0:c:29:20:b:b6
inet6 fe80::20c:29ff:fe20:bb6/10 <----- IPv6 정보 확인
(At 192.168.2.202) 192.168.2.2
(a). pcn0에 IPv6 주소 생성
# ifconfig pcn0 inet6 plumb up
(b). pcn0:1(192.168.2.20X) 설정
# ifconfig pcn0 addif 192.168.2.20X up
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
pcn0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.2.2 netmask ffffff00 broadcast 192.168.1.255
ether 0:c:29:20:b:b6
pcn0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.2.202 netmask ffffff00 broadcast 192.168.1.255 <----- IP 정보 확인
pcn0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 0:c:29:20:b:b6
inet6 fe80::20c:29ff:fe20:bb6/10 <----- IPv6 정보 확인
(IP Tunnel 설정) 192.168.1.2 -> 192.168.2.2
192.168.1.202 -> 192.168.2.202
(At 192.168.1.202) 192.168.1.2
# ifconfig ip.tun0 inet6 plumb
# ifconfig ip.tun0 inet6 tsrc 192.168.1.202 tdst 192.168.2.202 up
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
pcn0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.2 netmask ffffff00 broadcast 192.168.1.255
ether 0:c:29:20:b:b6
pcn0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.1.202 netmask ffffff00 broadcast 192.168.1.255
pcn0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 0:c:29:20:b:b6
inet6 fe80::20c:29ff:fe20:bb6/10
ip.tun0: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6> mtu 1480 index 4
inet tunnel src 192.168.1.202 tunnel dst 192.168.2.202
tunnel hop limit 60
inet6 fe80::c0a8:1ca/10 --> fe80::c0a8:2ca <----- 정보 확인
(IP Tunnel 설정) 192.168.2.2 -> 192.168.1.2
192.168.2.202 -> 192.168.1.202
(At 192.168.2.202) 192.168.2.2
# ifconfig ip.tun0 inet6 plumb tsrc 192.168.2.202 tdst 192.168.1.202 up
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
pcn0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.2.2 netmask ffffff00 broadcast 192.168.2.255
ether 0:c:29:4d:b1:ff
pcn0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.2.202 netmask ffffff00 broadcast 192.168.2.255
pcn0: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
ether 0:c:29:4d:b1:ff
inet6 fe80::20c:29ff:fe4d:b1ff/10
ip.tun0: flags=2200851<UP,POINTOPOINT,RUNNING,MULTICAST,NONUD,IPv6> mtu 1480 index 6
inet tunnel src 192.168.2.202 tunnel dst 192.168.1.202
tunnel hop limit 60
inet6 fe80::c0a8:2ca/10 --> fe80::c0a8:1ca <----- 정보 확인
# ping fe80::c0a8:1ca
# ping -s fe80::c0a8:1ca
=> 패킷 캡쳐를 통해 확인해 본다.