CentOS - Apr 2013 - centos 6.3 ipv6 default gateway

hello,
   i met a problem in configuratiion of ipv6 gw in my box
i install centos 6.3 (64 bit) on my boxs, which have four netcard.
i use a straight-through cable to connect centosv0:netcard-2 and
centosv1:netcard2
the topology is this:
client c(windows xp) <-->centosv0:netcard-3 <--> centosv0:netcard-2
<--->
centosv1:netcard-2 <---->centosv1:netcard-2  <---> client d
(backtrack r2
32)
1:2:3:4::2/64          1:2:3:4::1/64                       1:2:3::4/64
                  1:2:3::5/64             1:2:3:5::1/64
 1:2:3:5::2/64

what i want to do is set default gw on centosv0 to centosv1

i configure /etc/sysconfig/network-scripts/ifconfig-eth2  (centosv0) as this
DEVICE="eth2"
BOOTPROTO=static
HWADDR="60:A4:4C:23:2F:6F"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
#UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
IPV6INIT=yes
IPV6ADDR=1:2:3::4
IPV6_DEFAULTGW=1:2:3::5

and i also configure /etc/sysconfig/network to this:
NETWORKING=yes
HOSTNAME=centosv0
NETWORKING_IPV6=yes
IPV6_AUTOCONF=no

but i met an error:
Bringing up interface eth2:  WARN     : [ipv6_add_route] Unknown error

i do not know how why,and can some one gives me some suggestion?
thanks a lot.

Hello,

I may be totally off base here but...

On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote:
> hello,
>    i met a problem in configuratiion of ipv6 gw in my box
> i install centos 6.3 (64 bit) on my boxs, which have four netcard.
> i use a straight-through cable to connect centosv0:netcard-2 and
> centosv1:netcard2
> the topology is this:
> client c(windows xp) <-->centosv0:netcard-3 <-->
centosv0:netcard-2 <--->
> centosv1:netcard-2 <---->centosv1:netcard-2  <---> client d
(backtrack r2
> 32)
> 1:2:3:4::2/64          1:2:3:4::1/64                       1:2:3::4/64
>                   1:2:3::5/64             1:2:3:5::1/64
>  1:2:3:5::2/64
Surely, I hope you jest with those numbers.  You are not allowed to pick
numbers out of the air and just use them, even if it's for private use.
There are specific blocks of addresses for specific uses and assigned
"scopes" and all the "private use" addresses are in blocks
very high up
in the address space beginning with fc or fd.  If those are literally
the addresses you used, they will not work and I would expect them to
give you all sorts of grief at some point or another.
> what i want to do is set default gw on centosv0 to centosv1
I take it "centosv0"  and "centosv1" are configured for ipv6
forwarding?
You didn't provide the information on that.  There are some gotcha's in
there with default routing on a router (basically there is no such
thing) and the router needs to be set up properly for both routing and
its routes.  But I don't think that's your problem you're describing
down below.
> i configure /etc/sysconfig/network-scripts/ifconfig-eth2  (centosv0) as
this
> DEVICE="eth2"
> BOOTPROTO=static
> HWADDR="60:A4:4C:23:2F:6F"
> NM_CONTROLLED="yes"
> ONBOOT="yes"
> TYPE="Ethernet"
> #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
> IPV6INIT=yes
> IPV6ADDR=1:2:3::4
 ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128).
> IPV6_DEFAULTGW=1:2:3::5
 ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network (/128)
> and i also configure /etc/sysconfig/network to this:
> NETWORKING=yes
> HOSTNAME=centosv0
> NETWORKING_IPV6=yes
> IPV6_AUTOCONF=no
For forwarding...

In that file you're also going to need:

IPV6FORWARDING=yes

You may also need to add lines to /etc/sysctl.conf (I've needed in the
past on Fedora):

net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1

But those aren't your problem with this...
> but i met an error:
> Bringing up interface eth2:  WARN     : [ipv6_add_route] Unknown error
I'm not totally sure if this is because you didn't specify a prefix
length on your IPV6ADDR line or the fact that it then conflicted with
your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it
was because you choose and illegal IPv6 prefix or if it was a
combination of all of them.  The "WARN: [ipv6_add_route] Unknown
error"
makes me suspicious because your default gatway conflicts with your
interface network definition (because you didn't specify the prefix size
and it defaulted to /128) and the kernel has no way to route it out any
interface.  IAC...  You won't be able to use a default route on a router
anyways (more below).
> i do not know how why,and can some one gives me some suggestion?
> thanks a lot.
If those were literally the addresses you used, It may be an address
that's in an illegal scope.  IPv6 does not behave quite like IPv4 does
and you need to know what some of these blocks of addresses do and what
their scope is.

"Local" IPv6 unicast addresses begin with the prefix fc00::/7 and
there
are recommended procedures for assigning subnets out of them and
choosing network prefixes...

http://www.ietf.org/rfc/rfc4193.txt

Those may be routed between your machines but may not be routed on the
global net either as a source or destination address.  Your machines
should also be given "link local" addresses which are valid only on
that
network segment.  They're in the fe80::/64 prefix.

Global addresses are in the 2000::/3 block.  If you are using a Linux
system as an IPv6 router, the kernel is going to disable the default
route (::/0), preventing non-global addresses from routing.  You'll have
to add appropriate routes for all your "local" (fc00::/7) subnets and
also provide a global unicast default route using 2000::/3 on the
routers.

Don't try to do your setup above with the two routers pointing default
routes at each other.  Point specific static routes for each subnet
behind each respective opposite router.

Wikipedia has a rundown on the various address blocks and formats:

http://en.wikipedia.org/wiki/IPv6_address

Local addresses in particular are described here:

http://en.wikipedia.org/wiki/Unique_local_address

Anything in 1::/16 (if that's what you're doing) is going to be illegal
afaik as it's not in an assigned block and scope.  It should reject it
as being unroutable or having a non-valid scope.

Certain addresses below 2000::/3 are used for compatibility purposes.

::a.b.c.d use to be an IPv4 compatibility address but is largely
deprecated.

::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications
running in a dual stack environment where they see IPv4 addresses as
IPv6 addresses in the ::ffff:0:0/112 block.  All those addresses are for
internal use and are seriously hands off.

You can not treat IPv6 arbitrarily as if it were IPv4 with fat
addresses.  If you need to learn more about IPv6 and how it works, you
probably might want to start looking at Hurricane Electric aka
Tunnelbroker.net, http://www.tunnelbroker.net .  They have some very
good IPv6 interactive tutorials there for free and are very quick for
the basic stuff.  The first few exercise could be very helpful to you.
If you follow it all the way through, you will find yourself learning
how to set up DNS properly for IPv6 and registering your own IPv6 glue
records with your registrars.

Now, if I'm off base here and you were merely obfuscating your real
addresses, I would recommend obfuscating them with fc00: instead of 1:
and those would be valid example addresses.  You could use
fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and
fc00:1:1:3::/64 for yet another.  Read that RFC for recommendations on
what you really should chose (generally a random number for
fdxx:xxxx:xxxx::/48 before your SLA).  Since you've got 2 routers,
you'll need three network prefixes, which I see you have.  Generally,
you'll want to manipulate that fourth field as your SLA (Site Local
Address) which is IPv6 lingo for your subnet address.

Replace the leading "1:" in each of those nets with "fdxx:",
add your
appropriate subnets, add your appropriate prefix lengths to those static
address, and add appropriate static routes, and you might get further
along the road.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
URL:
<http://lists.centos.org/pipermail/centos/attachments/20130411/d394e961/attachment.sig>

2013/4/12 Michael H. Warfield <mhw at wittsend.com>
> Hello,
>
> I may be totally off base here but...
>
> On Thu, 2013-04-11 at 18:06 +0800, Jaze Lee wrote:
> > hello,
> >    i met a problem in configuratiion of ipv6 gw in my box
> > i install centos 6.3 (64 bit) on my boxs, which have four netcard.
> > i use a straight-through cable to connect centosv0:netcard-2 and
> > centosv1:netcard2
> > the topology is this:
> > client c(windows xp) <-->centosv0:netcard-3 <-->
centosv0:netcard-2 <--->
> > centosv1:netcard-2 <---->centosv1:netcard-2  <---> client
d (backtrack r2
> > 32)
> > 1:2:3:4::2/64          1:2:3:4::1/64                       1:2:3::4/64
> >                   1:2:3::5/64             1:2:3:5::1/64
> >  1:2:3:5::2/64
>
> Surely, I hope you jest with those numbers.  You are not allowed to pick
> numbers out of the air and just use them, even if it's for private use.
> There are specific blocks of addresses for specific uses and assigned
> "scopes" and all the "private use" addresses are in
blocks very high up
> in the address space beginning with fc or fd.  If those are literally
> the addresses you used, they will not work and I would expect them to
> give you all sorts of grief at some point or another.
>
> > what i want to do is set default gw on centosv0 to centosv1
>
> I take it "centosv0"  and "centosv1" are configured for
ipv6 forwarding?
> You didn't provide the information on that.  There are some
gotcha's in
> there with default routing on a router (basically there is no such
> thing) and the router needs to be set up properly for both routing and
> its routes.  But I don't think that's your problem you're
describing
> down below.
>
> > i configure /etc/sysconfig/network-scripts/ifconfig-eth2  (centosv0)
as
> this
> > DEVICE="eth2"
> > BOOTPROTO=static
> > HWADDR="60:A4:4C:23:2F:6F"
> > NM_CONTROLLED="yes"
> > ONBOOT="yes"
> > TYPE="Ethernet"
> > #UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
> > IPV6INIT=yes
> > IPV6ADDR=1:2:3::4
>  ^^^^^^^^^^^^^^^^^^ You didn't specify a netmask here (default /128).
>
> > IPV6_DEFAULTGW=1:2:3::5
>  ^^^^^^^^^^^^^^^^^^^^^^^^ Technically not on your interface's network
> (/128)
>
> > and i also configure /etc/sysconfig/network to this:
> > NETWORKING=yes
> > HOSTNAME=centosv0
> > NETWORKING_IPV6=yes
> > IPV6_AUTOCONF=no
>
> For forwarding...
>
> In that file you're also going to need:
>
> IPV6FORWARDING=yes
>
> You may also need to add lines to /etc/sysctl.conf (I've needed in the
> past on Fedora):
>
> net.ipv6.conf.all.forwarding = 1
> net.ipv6.conf.default.forwarding = 1
>
> But those aren't your problem with this...
>
> > but i met an error:
> > Bringing up interface eth2:  WARN     : [ipv6_add_route] Unknown error
>
> I'm not totally sure if this is because you didn't specify a prefix
> length on your IPV6ADDR line or the fact that it then conflicted with
> your IPV6_DEFAULTGW which would not have been on 1:2:3::4/128 or if it
> was because you choose and illegal IPv6 prefix or if it was a
> combination of all of them.  The "WARN: [ipv6_add_route] Unknown
error"
> makes me suspicious because your default gatway conflicts with your
> interface network definition (because you didn't specify the prefix
size
> and it defaulted to /128) and the kernel has no way to route it out any
> interface.  IAC...  You won't be able to use a default route on a
router
> anyways (more below).
>
> > i do not know how why,and can some one gives me some suggestion?
> > thanks a lot.
>
> If those were literally the addresses you used, It may be an address
> that's in an illegal scope.
  i test those ipv6 address on ubuntu 12.04, and it is ok. But now, we
should change system to Centos 6.3.
  And i add all the stuff that i miss. One machine is configured like this:

 [root at centosv0 sysconfig]# cat /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE="eth2"
BOOTPROTO=static
HWADDR="60:A4:4C:23:2F:6F"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
#UUID="0ddcf499-878f-4ac7-9d1a-c27f85d2bccf"
IPV6INIT=yes
IPV6ADDR=1:2:3::4/64
IPV6_DEFAULTGW=1:2:3::5/64

and add the below to /etc/sysctl.conf

  net.ipv6.conf.all.forwarding = 1
  net.ipv6.conf.default.forwarding = 1

and through /proc i can see this

  [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/default/forwarding
  1
   [root at centosv0 sysconfig]# cat /proc/sys/net/ipv6/conf/all/forwarding
   1

and through command ifconfig i can see this

eth1      Link encap:Ethernet  HWaddr 60:A4:4C:23:2F:6E
          inet6 addr: 1:2:3:4::1/64 Scope:Global                      --->
subnet
          inet6 addr: fe80::62a4:4cff:fe23:2f6e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:2028 (1.9 KiB)
          Interrupt:17 Memory:dc300000-dc320000

eth2      Link encap:Ethernet  HWaddr 60:A4:4C:23:2F:6F
          inet6 addr: 1:2:3::4/64 Scope:Global
  ----> connected by straight-through cable
          inet6 addr: fe80::62a4:4cff:fe23:2f6f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:210 (210.0 b)  TX bytes:2028 (1.9 KiB)
          Interrupt:18 Memory:dc200000-dc220000

eth3      Link encap:Ethernet  HWaddr 60:A4:4C:23:2F:70
          inet addr:192.168.5.211  Bcast:192.168.5.255  Mask:255.255.255.0
 ----> used by my ssh
          inet6 addr: fe80::62a4:4cff:fe23:2f70/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3008 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:291006 (284.1 KiB)  TX bytes:154231 (150.6 KiB)
          Interrupt:19 Memory:dc100000-dc120000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

but when restart the network, i also get this error

Shutting down interface eth1:                              [  OK  ]
Shutting down interface eth2:                              [  OK  ]
Shutting down interface eth3:                              [  OK  ]
Shutting down loopback interface:                          [  OK  ]
Bringing up loopback interface:                            [  OK  ]
Bringing up interface eth1:                                [  OK  ]
Bringing up interface eth2:  WARN     : [ipv6_add_route] Unknown error
                                                           [  OK  ]
Bringing up interface eth3:                                [  OK  ]

As you said that the ipv6 address is in illegal scope and can not goto
global net,
I use those ipv6 address for a private use, and i test them ok on ubuntu
12.04.

Must i change ipv6 address to some thing like 2000::/3, even i just want to
use ipv6 for private?




 IPv6 does not behave quite like IPv4 does
> and you need to know what some of these blocks of addresses do and what
> their scope is.
>
> "Local" IPv6 unicast addresses begin with the prefix fc00::/7 and
there
> are recommended procedures for assigning subnets out of them and
> choosing network prefixes...
>
> http://www.ietf.org/rfc/rfc4193.txt
>
> Those may be routed between your machines but may not be routed on the
> global net either as a source or destination address.  Your machines
> should also be given "link local" addresses which are valid only
on that
> network segment.  They're in the fe80::/64 prefix.
>
> Global addresses are in the 2000::/3 block.  If you are using a Linux
> system as an IPv6 router, the kernel is going to disable the default
> route (::/0), preventing non-global addresses from routing.  You'll
have
> to add appropriate routes for all your "local" (fc00::/7) subnets
and
> also provide a global unicast default route using 2000::/3 on the
> routers.
>
> Don't try to do your setup above with the two routers pointing default
> routes at each other.  Point specific static routes for each subnet
> behind each respective opposite router.
>
But the specific static routes are not connect directly, the peers are
connected by straight-through cable in eth2
client c <--> cetnosv0 eth1 <--> centosv0 eth2 <=====>
centosv1 eth2 <-->
centosv1 eth1 <--> client d
                                                                       |
                                                                       |___
here  are connected by straight-through cable

>
> Wikipedia has a rundown on the various address blocks and formats:
>
> http://en.wikipedia.org/wiki/IPv6_address
>
> Local addresses in particular are described here:
>
> http://en.wikipedia.org/wiki/Unique_local_address
>
> Anything in 1::/16 (if that's what you're doing) is going to be
illegal
> afaik as it's not in an assigned block and scope.  It should reject it
> as being unroutable or having a non-valid scope.
>
> Certain addresses below 2000::/3 are used for compatibility purposes.
>
> ::a.b.c.d use to be an IPv4 compatibility address but is largely
> deprecated.
>
> ::ffff:a.b.c.d are IPv4 / IPv6 transition addresses for applications
> running in a dual stack environment where they see IPv4 addresses as
> IPv6 addresses in the ::ffff:0:0/112 block.  All those addresses are for
> internal use and are seriously hands off.
>
> You can not treat IPv6 arbitrarily as if it were IPv4 with fat
> addresses.  If you need to learn more about IPv6 and how it works, you
> probably might want to start looking at Hurricane Electric aka
> Tunnelbroker.net, http://www.tunnelbroker.net .  They have some very
> good IPv6 interactive tutorials there for free and are very quick for
> the basic stuff.  The first few exercise could be very helpful to you.
> If you follow it all the way through, you will find yourself learning
> how to set up DNS properly for IPv6 and registering your own IPv6 glue
> records with your registrars.
>
> Now, if I'm off base here and you were merely obfuscating your real
> addresses, I would recommend obfuscating them with fc00: instead of 1:
> and those would be valid example addresses.  You could use
> fc00:1:1:1::/64 for one network and fc00:1:1:2::/64 for another and
> fc00:1:1:3::/64 for yet another.  Read that RFC for recommendations on
> what you really should chose (generally a random number for
> fdxx:xxxx:xxxx::/48 before your SLA).  Since you've got 2 routers,
> you'll need three network prefixes, which I see you have.  Generally,
> you'll want to manipulate that fourth field as your SLA (Site Local
> Address) which is IPv6 lingo for your subnet address.
>
> Replace the leading "1:" in each of those nets with
"fdxx:", add your
> appropriate subnets, add your appropriate prefix lengths to those static
> address, and add appropriate static routes, and you might get further
> along the road.
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |
> http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of
> all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
>
Best Regards,
jaze