我目前正在评估Server 2012作为
Linux和Windows工作站和服务器的小型异构网络中的域控制器,所有这些都将最终加入域.这是一个100%的双栈网络;每个设备都具有IPv4和IPv6连接.路由器是运行radvd 1.9.1的Linux服务器和各种其他必需品.
我刚刚安装了第一个域控制器;它的域名是ad.businessname.com(其中businessname.com由外部DNS服务器处理;域名也有公共网站,电子邮件等,此时这些域名不会加入域名).它是安装了AD DS和DNS角色的服务器核心.一切似乎都很好,我准备建立第二个DC并开始加入计算机,但……
现在我的网络上有额外的IPv6路由器广告,广告Unique Local Addresses.它还宣传实际路由器正在宣传的本机IPv6前缀.起初我认为这些RA来自域控制器,因为当我关闭它时它们就消失了,但是在运行Wireshark后我看到它们来自我的实际IPv6路由器. Wireshark显示,这个版本的RA很快就跟随了来自DC的fd4a:e7ab:34a5 :: 1的邻居请求.
奇怪的是,当域控制器不在网络上时,路由器也发送它通常发送的原始路由通告.这个版本的RA匹配/etc/radvd.conf(下面是一个副本).与Wireshark的快速会话证实,两个版本的路由器广告都来自运行radvd的Linux路由器的MAC地址.
到目前为止,这些似乎无害,因为我的IPv6连接并未因额外RA的存在而中断.但由于我已经拥有全球IPv6连接,因此ULA似乎是不必要且不需要的.
我昨晚花了很多钱,今天在互联网上搜索,试图弄清楚发生了什么,但除了暗示它是might have something to do with the IP Helper Service(以及模糊警告不要关闭它)之外,几乎找不到任何解释.但据我所知,当本机IPv6可用时禁用此服务应该是安全的.
所以我的问题是:
>为什么Windows为ULA网络发送邻居请求?
>为什么要发送这些RA,显然是作为回应?
>为什么他们除了我的本地地址之外还宣传ULA?
>这不会导致以后的IPv6路由出现问题吗?
>我是否必须忍受这个,或者我如何使Windows和radvd行为?
各种配置信息如下:
这是一个被发送的捕获RA(如radvdump所示,IMO比wireshark的输出更容易阅读).你可以看到它正在宣传ULA和公共前缀(这里隐藏).当我关闭域控制器时,此版本的RA停止出现在网络上.
#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#
interface eth0
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag off;
AdvOtherConfigFlag on;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 0;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
AdvLinkMTU 1500;
prefix fd4a:e7ab:34a5::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
prefix 2001:db8:16:bf::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
RDNSS fd4a:e7ab:34a5::1
{
AdvRDNSSLifetime 86400;
}; # End of RDNSS definition
DNSSL businessname.com
{
AdvDNSSLLifetime 1800;
}; # End of DNSSL definition
}; # End of interface definition
这是原始路由器广告,它与路由器的/etc/radvd.conf匹配,并且仍然被发送到网络上,与上面的路由器交替:
#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#
interface eth0
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag off;
AdvOtherConfigFlag off;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
prefix 2001:db8:16:bf::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
RDNSS 2001:4860:4860::8888 2001:4860:4860::8844
{
AdvRDNSSLifetime 600;
}; # End of RDNSS definition
}; # End of interface definition
域控制器上已安装的角色/功能列表:
[dc1]: PS C:\Users\Administrator\Documents> Get-WindowsFeature | where {$_.InstallState -eq "Installed"}
Display Name Name Install State
------------ ---- -------------
[X] Active Directory Domain Services AD-Domain-Services Installed
[X] DNS Server DNS Installed
[X] File And Storage Services FileAndStorage-Services Installed
[X] File and iSCSI Services File-Services Installed
[X] File Server FS-FileServer Installed
[X] Storage Services Storage-Services Installed
[X] .NET Framework 4.5 Features NET-Framework-45-Fea... Installed
[X] .NET Framework 4.5 NET-Framework-45-Core Installed
[X] WCF Services NET-WCF-Services45 Installed
[X] TCP Port Sharing NET-WCF-TCP-PortShar... Installed
[X] Group Policy Management GPMC Installed
[X] Remote Server Administration Tools RSAT Installed
[X] Role Administration Tools RSAT-Role-Tools Installed
[X] AD DS and AD LDS Tools RSAT-AD-Tools Installed
[X] Active Directory module for Windows ... RSAT-AD-PowerShell Installed
[X] Windows PowerShell PowerShellRoot Installed
[X] Windows PowerShell 3.0 PowerShell Installed
[X] WoW64 Support WoW64-Support Installed
以太网接口的IPv6配置,如聊天中所要求的:
[dc1]: PS C:\Users\Administrator\Documents> netsh interface ipv6 show interface interface=Ethernet Interface Ethernet Parameters ---------------------------------------------- IfLuid : ethernet_7 IfIndex : 12 State : connected Metric : 10 Link MTU : 1500 bytes Reachable Time : 33500 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 1 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : enabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : enabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 64 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled ECN capability : application
解决方法
虽然我仍然不知道为什么会发生这种情况(并且欢迎解释!)现在似乎已经修复了.
我用精细的牙齿梳理了网络配置,发现我的懊恼是默认网关中有错字!
[dc1]: PS C:\Users\Administrator\Documents> Get-NetRoute -PolicyStore PersistentStore -AddressFamily IPv6 ifIndex DestinationPrefix NextHop RouteMetric PolicyStore ------- ----------------- ------- ----------- ----------- 12 ::/0 2001:db8:116:bf::1 256 Persiste...
嗯,哎呀! 116:bf应为16:bf.
所以我修正了拼写错误,并且很好地从以太网接口删除了ULA地址,瞧,没有额外的RA,我的网络再次开心.
[dc1]: PS C:\Users\Administrator\Documents> Remove-NetRoute -NextHop 2001:db8:116:bf::1 Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Active" [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Persistent" [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y [dc1]: PS C:\Users\Administrator\Documents> New-NetRoute -NextHop 2001:db8:16:bf::1 -DestinationPrefix ::/0 -InterfaceIndex 12 ifIndex DestinationPrefix NextHop RouteMetric PolicyStore ------- ----------------- ------- ----------- ----------- 12 ::/0 2001:db8:16:bf::1 256 ActiveStore 12 ::/0 2001:db8:16:bf::1 256 Persiste... [dc1]: PS C:\Users\Administrator\Documents> Remove-NetIPAddress -AddressFamily IPv6 -IPAddress fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -PrefixLength 64 Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "NetIPAddress -IPv6Address fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -InterfaceIndex 12 -Store Active" [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
Wireshark说,在邻居请求,路由器广告或其他任何地方都没有ULA的进一步信号.