我在本地数据中心托管了一台专用服务器,并在其上安装了 VMware Esxi 7。我最近订购了一个 IPv6 范围,当他们告诉我 IPv6 范围已激活时,我注意到 VMware Esxi 中的所有虚拟机都已自动收到 IPv6,而无需我在 VMware Esxi 或客户操作系统(例如 Ubuntu 22 VM)上进行任何设置。
我注意到,30 分钟后,Ubuntu 22 VM(或任何其他 VM)上的 IPv6 连接丢失!重新启动 VM 后,IPv6 开始工作,并在 30 分钟后再次停止工作。
这是 IPv6 工作时 Ubuntu 22 VM 中 ip -6 route 命令的输出:
root@testsocat:~# ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2a05:1a18:0:12::/64 dev ens160 proto ra metric 1024 expires 2591592sec pref medium
fe80::/64 dev ens160 proto kernel metric 256 pref medium
default via fe80::82e0:1dff:fe6f:3e00 dev ens160 proto ra metric 1024 expires 1392sec mtu 1500 pref medium
这是 IPv6 不工作时 Ubuntu 22 VM 中 ip -6 route 命令的输出,30 分钟后该命令消失:
root@testsocat:~# ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2a05:1a18:0:12::/64 dev ens160 proto ra metric 1024 expires 2589957sec pref medium
fe80::/64 dev ens160 proto kernel metric 256 pref medium
如您所见,该条目在 30 分钟后被删除:
default via fe80::82e0:1dff:fe6f:3e00 dev ens160 proto ra metric 1024 expires 1392sec mtu 1500 pref medium
然后我使用此命令手动添加网关路由:
ip -6 route add default via fe80::82e0:1dff:fe6f:3e00 dev ens160
这样,IPv6 就会再次开始工作,并且 30 分钟后也不会停止工作!
数据中心坚持认为他们的 IPv6 范围配置没有问题,问题出在我们这边。但是,我在多台虚拟机(Ubuntu、Centos 和 Windows)上测试过这个问题。所有虚拟机上都出现了这种情况。此外,我没有在 VMware 上看到任何可能导致 IPv6 地址在 30 分钟后停止工作的设置。
有人能帮我理解这里出了什么问题吗?为什么自动分配的 IPv6 会在 30 分钟后从虚拟机中消失?为什么我重新启动虚拟机后它会再次工作?为什么当我在客户操作系统中手动添加网关路由时它不会停止工作?
我在另一个数据中心有另一台具有相同设置的专用服务器,该服务器具有 IPv6 范围,但没有出现此问题。他们在配置我的 IPv6 范围时是否弄乱了任何参数?
如果你能帮助我了解问题所在并修复它,我将不胜感激。我已经处理这个问题好几天了。
编辑 1:使用“rdisc6 ens160”,我能够让默认路由再次显示出来。以下是该命令的完整输出:
root@testsocat:~# rdisc6 ens160
Soliciting ff02::2 (ff02::2) on ens160...
Hop limit : 64 ( 0x40)
Stateful address conf. : No
Stateful other conf. : No
Mobile home agent : No
Router preference : medium
Neighbor discovery proxy : No
Router lifetime : 1800 (0x00000708) seconds
Reachable time : unspecified (0x00000000)
Retransmit time : unspecified (0x00000000)
Source link-layer address: 80:E0:1D:6F:3E:00
MTU : 1500 bytes (valid)
Prefix : 2a05:1a18:0:12::/64
On-link : Yes
Autonomous address conf.: Yes
Valid time : 2592000 (0x00278d00) seconds
Pref. time : 604800 (0x00093a80) seconds
from fe80::82e0:1dff:fe6f:3e00
root@testsocat:~# ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2a05:1a18:0:12::/64 dev ens160 proto ra metric 1024 expires 2591981sec pref medium
fe80::/64 dev ens160 proto kernel metric 256 pref medium
default via fe80::82e0:1dff:fe6f:3e00 dev ens160 proto ra metric 1024 expires 1781sec mtu 1500 pref medium
编辑2:使用“tshark -n -i ens160 -f icmp6 -Y“icmpv6.type == 134”-VO“frame,icmpv6”,这是我得到的:
** (tshark:5007) 00:28:32.821551 [Main MESSAGE] -- Capture started.
** (tshark:5007) 00:28:32.822018 [Main MESSAGE] -- File: "/tmp/wireshark_ens160 7OI6P2.pcapng"
Frame 2: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interfac e ens160, id 0
Interface id: 0 (ens160)
Interface name: ens160
Encapsulation type: Ethernet (1)
Arrival Time: Jul 10, 2024 00:29:25.087268913 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1720571365.087268913 seconds
[Time delta from previous captured frame: 0.002588177 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.002588177 seconds]
Frame Number: 2
Frame Length: 118 bytes (944 bits)
Capture Length: 118 bytes (944 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ipv6:icmpv6]
Ethernet II, Src: 80:e0:1d:6f:3e:00, Dst: 00:0c:29:ea:8d:6f
Internet Protocol Version 6, Src: fe80::82e0:1dff:fe6f:3e00, Dst: fe80::6f36:a5e 0:992f:72bd
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0xff54 [correct]
[Checksum Status: Good]
Cur hop limit: 64
Flags: 0x00, Prf (Default Router Preference): Medium
0... .... = Managed address configuration: Not set
.0.. .... = Other configuration: Not set
..0. .... = Home Agent: Not set
...0 0... = Prf (Default Router Preference): Medium (0)
.... .0.. = Proxy: Not set
.... ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Source link-layer address : 80:e0:1d:6f:3e:00)
Type: Source link-layer address (1)
Length: 1 (8 bytes)
Link-layer address: 80:e0:1d:6f:3e:00
ICMPv6 Option (MTU : 1500)
Type: MTU (5)
Length: 1 (8 bytes)
Reserved
MTU: 1500
ICMPv6 Option (Prefix information : 2a05:1a18:0:12::/64)
Type: Prefix information (3)
Length: 4 (32 bytes)
Prefix Length: 64
Flag: 0xc0, On-link flag(L), Autonomous address-configuration flag(A)
1... .... = On-link flag(L): Set
.1.. .... = Autonomous address-configuration flag(A): Set
..0. .... = Router address flag(R): Not set
...0 0000 = Reserved: 0
Valid Lifetime: 2592000
Preferred Lifetime: 604800
Reserved
Prefix: 2a05:1a18:0:12::
编辑 3:第二个 RA 数据包已到达!时间戳很有趣。第一个是在 00:29:25 发送的,第二个是在 01:04:24 发送的。它们之间有 35 分钟的间隔,路由器的生命周期是 30 分钟!
Frame 45: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface ens160, id 0
Interface id: 0 (ens160)
Interface name: ens160
Encapsulation type: Ethernet (1)
Arrival Time: Jul 10, 2024 01:04:24.430745189 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1720573464.430745189 seconds
[Time delta from previous captured frame: 0.002469817 seconds]
[Time delta from previous displayed frame: 2099.343476276 seconds]
[Time since reference or first frame: 2099.346064453 seconds]
Frame Number: 45
Frame Length: 118 bytes (944 bits)
Capture Length: 118 bytes (944 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ipv6:icmpv6]
Ethernet II, Src: 80:e0:1d:6f:3e:00, Dst: 00:0c:29:12:f4:07
Internet Protocol Version 6, Src: fe80::82e0:1dff:fe6f:3e00, Dst: fe80::905f:89e5:45e4:2838
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0x97f7 [correct]
[Checksum Status: Good]
Cur hop limit: 64
Flags: 0x00, Prf (Default Router Preference): Medium
0... .... = Managed address configuration: Not set
.0.. .... = Other configuration: Not set
..0. .... = Home Agent: Not set
...0 0... = Prf (Default Router Preference): Medium (0)
.... .0.. = Proxy: Not set
.... ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Source link-layer address : 80:e0:1d:6f:3e:00)
Type: Source link-layer address (1)
Length: 1 (8 bytes)
Link-layer address: 80:e0:1d:6f:3e:00
ICMPv6 Option (MTU : 1500)
Type: MTU (5)
Length: 1 (8 bytes)
Reserved
MTU: 1500
ICMPv6 Option (Prefix information : 2a05:1a18:0:12::/64)
Type: Prefix information (3)
Length: 4 (32 bytes)
Prefix Length: 64
Flag: 0xc0, On-link flag(L), Autonomous address-configuration flag(A)
1... .... = On-link flag(L): Set
.1.. .... = Autonomous address-configuration flag(A): Set
..0. .... = Router address flag(R): Not set
...0 0000 = Reserved: 0
Valid Lifetime: 2592000
Preferred Lifetime: 604800
Reserved
Prefix: 2a05:1a18:0:12::
编辑 4:好的,我现在很困惑!RA 数据包 3 和 4 已经到达,而且这次发送得更早。第三个数据包于 01:26:15 到达(这个数据包和前一个数据包之间间隔 22 分钟),第四个数据包于 01:30:35 到达(比第三个数据包晚 4 分钟)。
Frame 50: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface ens160, id 0
Interface id: 0 (ens160)
Interface name: ens160
Encapsulation type: Ethernet (1)
Arrival Time: Jul 10, 2024 01:26:15.149204151 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1720574775.149204151 seconds
[Time delta from previous captured frame: 0.001792901 seconds]
[Time delta from previous displayed frame: 1310.718458962 seconds]
[Time since reference or first frame: 3410.064523415 seconds]
Frame Number: 50
Frame Length: 118 bytes (944 bits)
Capture Length: 118 bytes (944 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ipv6:icmpv6]
Ethernet II, Src: 80:e0:1d:6f:3e:00, Dst: 00:0c:29:78:ad:1b
Internet Protocol Version 6, Src: fe80::82e0:1dff:fe6f:3e00, Dst: fe80::402b:9e4e:408f:3ae4
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0xc66b [correct]
[Checksum Status: Good]
Cur hop limit: 64
Flags: 0x00, Prf (Default Router Preference): Medium
0... .... = Managed address configuration: Not set
.0.. .... = Other configuration: Not set
..0. .... = Home Agent: Not set
...0 0... = Prf (Default Router Preference): Medium (0)
.... .0.. = Proxy: Not set
.... ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Source link-layer address : 80:e0:1d:6f:3e:00)
Type: Source link-layer address (1)
Length: 1 (8 bytes)
Link-layer address: 80:e0:1d:6f:3e:00
ICMPv6 Option (MTU : 1500)
Type: MTU (5)
Length: 1 (8 bytes)
Reserved
MTU: 1500
ICMPv6 Option (Prefix information : 2a05:1a18:0:12::/64)
Type: Prefix information (3)
Length: 4 (32 bytes)
Prefix Length: 64
Flag: 0xc0, On-link flag(L), Autonomous address-configuration flag(A)
1... .... = On-link flag(L): Set
.1.. .... = Autonomous address-configuration flag(A): Set
..0. .... = Router address flag(R): Not set
...0 0000 = Reserved: 0
Valid Lifetime: 2592000
Preferred Lifetime: 604800
Reserved
Prefix: 2a05:1a18:0:12::
Frame 55: 118 bytes on wire (944 bits), 118 bytes captured (944 bits) on interface ens160, id 0
Interface id: 0 (ens160)
Interface name: ens160
Encapsulation type: Ethernet (1)
Arrival Time: Jul 10, 2024 01:30:35.107428556 UTC
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1720575035.107428556 seconds
[Time delta from previous captured frame: 0.002612786 seconds]
[Time delta from previous displayed frame: 259.958224405 seconds]
[Time since reference or first frame: 3670.022747820 seconds]
Frame Number: 55
Frame Length: 118 bytes (944 bits)
Capture Length: 118 bytes (944 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ipv6:icmpv6]
Ethernet II, Src: 80:e0:1d:6f:3e:00, Dst: 00:0c:29:ea:8d:6f
Internet Protocol Version 6, Src: fe80::82e0:1dff:fe6f:3e00, Dst: fe80::6f36:a5e0:992f:72bd
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0xff54 [correct]
[Checksum Status: Good]
Cur hop limit: 64
Flags: 0x00, Prf (Default Router Preference): Medium
0... .... = Managed address configuration: Not set
.0.. .... = Other configuration: Not set
..0. .... = Home Agent: Not set
...0 0... = Prf (Default Router Preference): Medium (0)
.... .0.. = Proxy: Not set
.... ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Source link-layer address : 80:e0:1d:6f:3e:00)
Type: Source link-layer address (1)
Length: 1 (8 bytes)
Link-layer address: 80:e0:1d:6f:3e:00
ICMPv6 Option (MTU : 1500)
Type: MTU (5)
Length: 1 (8 bytes)
Reserved
MTU: 1500
ICMPv6 Option (Prefix information : 2a05:1a18:0:12::/64)
Type: Prefix information (3)
Length: 4 (32 bytes)
Prefix Length: 64
Flag: 0xc0, On-link flag(L), Autonomous address-configuration flag(A)
1... .... = On-link flag(L): Set
.1.. .... = Autonomous address-configuration flag(A): Set
..0. .... = Router address flag(R): Not set
...0 0000 = Reserved: 0
Valid Lifetime: 2592000
Preferred Lifetime: 604800
Reserved
Prefix: 2a05:1a18:0:12::
每当主机收到路由器通告 (RA) 时,就会设置 IPv6 中的默认路由。数据中心路由器会以一定的间隔广播 RA – 例如,如果 RA 的“有效期”为 1 小时,则每 20-40 分钟广播一次,如果没有任何 RA,您的默认路由将在 1 小时内过期。
最初,当接口刚刚启动时,主机通过发送路由器请求来请求立即发送 RA,但从那时起,它希望 RA 按时到达。也就是说,主机不会发送定期请求;相反,路由器应该在前一个 RA 的“生命周期”结束之前定期广播新的 RA,无论是否有主机请求。
可以尝试的事情:
安装 ndisc6 并运行
rdisc6以发送路由器请求。如果收到 RA 响应,并且您的主机立即再次设置默认路由,则基本可以排除任何主机端问题 - 但如果主机忽略收到的 RA,则可能是防火墙或 sysctl 问题。(除非万不得已,否则不要执行此 crontab 任务。)
安装 tshark(Wireshark CLI)来捕获所有到达的路由器通告,并记录它们之间的相对时间。(这也可以使用 tcpdump 来完成,但我不记得 libpcap 过滤器只用于 RA,所以我使用 tshark,因为它也支持 Wireshark 显示过滤器。)
要查看每个 RA 内容的更详细视图:
如上所述,您应该会看到未经请求的 RA 大约在路由器生命周期的每 1/3 到 2/3 到达一次(略有随机性)。如果 RA 之间的间隔太长,那肯定是路由器端的问题。