[lacnog] Servidor en IPv6

frsoto en gmail.com frsoto en gmail.com
Vie Sep 24 10:26:06 -03 2021


Estimados por favor una consulta

 

Un servidor Linux en la LAN. por ejemplo un server DNS o DHCP, etc.

Conviene apagarle la autoconfiguración? y fijarle la ipv6 GUA y la puerta de
enlace GUA?

Si alguien conecta un router en la LAN podría cambiarle el DG con los RA no?

Alguna otra recomendación en la config del server?

 

 

Esto me funcionó en Ubuntu Server:

root en vm4s04p10:/etc/netplan# cat 00-installer-config.yaml

# This is the network config written by 'subiquity'

network:

  ethernets:

    ens160:

      addresses:

      - 2800:b51:20:0::11/64

      gateway6: 2800:b51:20:0::1

      accept-ra: no

  version: 2

 

 

root en vm4s04p10:/etc/netplan# route -n -A inet6

Kernel IPv6 routing table

Destination                    Next Hop                   Flag Met Ref Use
If

::1/128                        ::                         U    256 2     0
lo

2800:b51:20::/64               ::                         U    256 1     0
ens160

fe80::/64                      ::                         U    256 1     0
ens192

fe80::/64                      ::                         U    256 2     0
ens160

::/0                           2800:b51:20::1             UG   1024 2     0
ens160

::1/128                        ::                         Un   0   4     0
lo

2800:b51:20::11/128            ::                         Un   0   3     0
ens160

fe80::20c:29ff:fe36:ae97/128   ::                         Un   0   3     0
ens160

fe80::20c:29ff:fe36:aea1/128   ::                         Un   0   3     0
ens192

ff00::/8                       ::                         U    256 3     0
ens192

ff00::/8                       ::                         U    256 2     0
ens160

::/0                           ::                         !n   -1  1     0
lo

root en vm4s04p10:/etc/netplan# 

 

 

Pasar estos valores a 0 no me funcionó

root en vm5s04p10:/home/operador# /sbin/sysctl -a | grep ipv6.conf.all

net.ipv6.conf.all.accept_dad = 0

net.ipv6.conf.all.accept_ra = 1           

net.ipv6.conf.all.accept_ra_defrtr = 1

net.ipv6.conf.all.accept_ra_from_local = 0

net.ipv6.conf.all.accept_ra_min_hop_limit = 1

net.ipv6.conf.all.accept_ra_mtu = 1

net.ipv6.conf.all.accept_ra_pinfo = 1

net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0

net.ipv6.conf.all.accept_ra_rt_info_min_plen = 0

net.ipv6.conf.all.accept_ra_rtr_pref = 1

net.ipv6.conf.all.accept_redirects = 1

net.ipv6.conf.all.accept_source_route = 0

net.ipv6.conf.all.addr_gen_mode = 0

net.ipv6.conf.all.autoconf = 1            

net.ipv6.conf.all.dad_transmits = 1

net.ipv6.conf.all.disable_ipv6 = 0

net.ipv6.conf.all.disable_policy = 0

net.ipv6.conf.all.drop_unicast_in_l2_multicast = 0

net.ipv6.conf.all.drop_unsolicited_na = 0

net.ipv6.conf.all.enhanced_dad = 1

net.ipv6.conf.all.force_mld_version = 0

net.ipv6.conf.all.force_tllao = 0

net.ipv6.conf.all.forwarding = 0

net.ipv6.conf.all.hop_limit = 64

net.ipv6.conf.all.ignore_routes_with_linkdown = 0

net.ipv6.conf.all.keep_addr_on_down = 0

net.ipv6.conf.all.max_addresses = 16

net.ipv6.conf.all.max_desync_factor = 600

net.ipv6.conf.all.mc_forwarding = 0

net.ipv6.conf.all.mldv1_unsolicited_report_interval = 10000

net.ipv6.conf.all.mldv2_unsolicited_report_interval = 1000

net.ipv6.conf.all.mtu = 1280

net.ipv6.conf.all.ndisc_notify = 0

net.ipv6.conf.all.ndisc_tclass = 0

net.ipv6.conf.all.proxy_ndp = 0

net.ipv6.conf.all.regen_max_retry = 3

net.ipv6.conf.all.router_probe_interval = 60

net.ipv6.conf.all.router_solicitation_delay = 1

net.ipv6.conf.all.router_solicitation_interval = 4

net.ipv6.conf.all.router_solicitation_max_interval = 3600

net.ipv6.conf.all.router_solicitations = -1

net.ipv6.conf.all.seg6_enabled = 0

net.ipv6.conf.all.seg6_require_hmac = 0

net.ipv6.conf.all.suppress_frag_ndisc = 1

net.ipv6.conf.all.temp_prefered_lft = 86400

net.ipv6.conf.all.temp_valid_lft = 604800

net.ipv6.conf.all.use_oif_addrs_only = 0

net.ipv6.conf.all.use_tempaddr = 2

root en vm5s04p10:/home/operador#

 

 

------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20210924/40285b07/attachment.htm>


Más información sobre la lista de distribución LACNOG