[lacnog] Servidor en IPv6
frsoto en gmail.com
frsoto en gmail.com
Vie Sep 24 10:26:06 -03 2021
Estimados por favor una consulta
Un servidor Linux en la LAN. por ejemplo un server DNS o DHCP, etc.
Conviene apagarle la autoconfiguración? y fijarle la ipv6 GUA y la puerta de
enlace GUA?
Si alguien conecta un router en la LAN podría cambiarle el DG con los RA no?
Alguna otra recomendación en la config del server?
Esto me funcionó en Ubuntu Server:
root en vm4s04p10:/etc/netplan# cat 00-installer-config.yaml
# This is the network config written by 'subiquity'
network:
ethernets:
ens160:
addresses:
- 2800:b51:20:0::11/64
gateway6: 2800:b51:20:0::1
accept-ra: no
version: 2
root en vm4s04p10:/etc/netplan# route -n -A inet6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use
If
::1/128 :: U 256 2 0
lo
2800:b51:20::/64 :: U 256 1 0
ens160
fe80::/64 :: U 256 1 0
ens192
fe80::/64 :: U 256 2 0
ens160
::/0 2800:b51:20::1 UG 1024 2 0
ens160
::1/128 :: Un 0 4 0
lo
2800:b51:20::11/128 :: Un 0 3 0
ens160
fe80::20c:29ff:fe36:ae97/128 :: Un 0 3 0
ens160
fe80::20c:29ff:fe36:aea1/128 :: Un 0 3 0
ens192
ff00::/8 :: U 256 3 0
ens192
ff00::/8 :: U 256 2 0
ens160
::/0 :: !n -1 1 0
lo
root en vm4s04p10:/etc/netplan#
Pasar estos valores a 0 no me funcionó
root en vm5s04p10:/home/operador# /sbin/sysctl -a | grep ipv6.conf.all
net.ipv6.conf.all.accept_dad = 0
net.ipv6.conf.all.accept_ra = 1
net.ipv6.conf.all.accept_ra_defrtr = 1
net.ipv6.conf.all.accept_ra_from_local = 0
net.ipv6.conf.all.accept_ra_min_hop_limit = 1
net.ipv6.conf.all.accept_ra_mtu = 1
net.ipv6.conf.all.accept_ra_pinfo = 1
net.ipv6.conf.all.accept_ra_rt_info_max_plen = 0
net.ipv6.conf.all.accept_ra_rt_info_min_plen = 0
net.ipv6.conf.all.accept_ra_rtr_pref = 1
net.ipv6.conf.all.accept_redirects = 1
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.all.addr_gen_mode = 0
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.dad_transmits = 1
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.all.disable_policy = 0
net.ipv6.conf.all.drop_unicast_in_l2_multicast = 0
net.ipv6.conf.all.drop_unsolicited_na = 0
net.ipv6.conf.all.enhanced_dad = 1
net.ipv6.conf.all.force_mld_version = 0
net.ipv6.conf.all.force_tllao = 0
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.hop_limit = 64
net.ipv6.conf.all.ignore_routes_with_linkdown = 0
net.ipv6.conf.all.keep_addr_on_down = 0
net.ipv6.conf.all.max_addresses = 16
net.ipv6.conf.all.max_desync_factor = 600
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.all.mldv1_unsolicited_report_interval = 10000
net.ipv6.conf.all.mldv2_unsolicited_report_interval = 1000
net.ipv6.conf.all.mtu = 1280
net.ipv6.conf.all.ndisc_notify = 0
net.ipv6.conf.all.ndisc_tclass = 0
net.ipv6.conf.all.proxy_ndp = 0
net.ipv6.conf.all.regen_max_retry = 3
net.ipv6.conf.all.router_probe_interval = 60
net.ipv6.conf.all.router_solicitation_delay = 1
net.ipv6.conf.all.router_solicitation_interval = 4
net.ipv6.conf.all.router_solicitation_max_interval = 3600
net.ipv6.conf.all.router_solicitations = -1
net.ipv6.conf.all.seg6_enabled = 0
net.ipv6.conf.all.seg6_require_hmac = 0
net.ipv6.conf.all.suppress_frag_ndisc = 1
net.ipv6.conf.all.temp_prefered_lft = 86400
net.ipv6.conf.all.temp_valid_lft = 604800
net.ipv6.conf.all.use_oif_addrs_only = 0
net.ipv6.conf.all.use_tempaddr = 2
root en vm5s04p10:/home/operador#
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20210924/40285b07/attachment.htm>
Más información sobre la lista de distribución LACNOG