我目前正在评估Server 2012作为
Linux和Windows工作站和服务器的小型异构网络中的域控制器,所有这些都将最终加入域.这是一个100%的双栈网络;每个设备都具有IPv4和IPv6连接.路由器是运行radvd 1.9.1的Linux服务器和各种其他必需品.
我刚刚安装了第一个域控制器;它的域名是ad.businessname.com(其中businessname.com由外部DNS服务器处理;域名也有公共网站,电子邮件等,此时这些域名不会加入域名).它是安装了AD DS和DNS角色的服务器核心.一切似乎都很好,我准备建立第二个DC并开始加入计算机,但……
现在我的网络上有额外的IPv6路由器广告,广告Unique Local Addresses.它还宣传实际路由器正在宣传的本机IPv6前缀.起初我认为这些RA来自域控制器,因为当我关闭它时它们就消失了,但是在运行Wireshark后我看到它们来自我的实际IPv6路由器. Wireshark显示,这个版本的RA很快就跟随了来自DC的fd4a:e7ab:34a5 :: 1的邻居请求.
奇怪的是,当域控制器不在网络上时,路由器也发送它通常发送的原始路由通告.这个版本的RA匹配/etc/radvd.conf(下面是一个副本).与Wireshark的快速会话证实,两个版本的路由器广告都来自运行radvd的Linux路由器的MAC地址.
到目前为止,这些似乎无害,因为我的IPv6连接并未因额外RA的存在而中断.但由于我已经拥有全球IPv6连接,因此ULA似乎是不必要且不需要的.
我昨晚花了很多钱,今天在互联网上搜索,试图弄清楚发生了什么,但除了暗示它是might have something to do with the IP Helper Service(以及模糊警告不要关闭它)之外,几乎找不到任何解释.但据我所知,当本机IPv6可用时禁用此服务应该是安全的.
所以我的问题是:
>为什么Windows为ULA网络发送邻居请求?
>为什么要发送这些RA,显然是作为回应?
>为什么他们除了我的本地地址之外还宣传ULA?
>这不会导致以后的IPv6路由出现问题吗?
>我是否必须忍受这个,或者我如何使Windows和radvd行为?
各种配置信息如下:
这是一个被发送的捕获RA(如radvdump所示,IMO比wireshark的输出更容易阅读).你可以看到它正在宣传ULA和公共前缀(这里隐藏).当我关闭域控制器时,此版本的RA停止出现在网络上.
- #
- # radvd configuration generated by radvdump 1.9.1
- # based on Router Advertisement from fe80::20c:29ff:fef4:66f1
- # received by interface eth0
- #
- interface eth0
- {
- AdvSendAdvert on;
- # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
- AdvManagedFlag off;
- AdvOtherConfigFlag on;
- AdvReachableTime 0;
- AdvRetransTimer 0;
- AdvCurHopLimit 0;
- AdvDefaultLifetime 1800;
- AdvHomeAgentFlag off;
- AdvDefaultPreference medium;
- AdvSourceLLAddress on;
- AdvLinkMTU 1500;
- prefix fd4a:e7ab:34a5::/64
- {
- AdvValidLifetime 86400;
- AdvPreferredLifetime 86400;
- AdvOnLink on;
- AdvAutonomous on;
- AdvRouterAddr off;
- }; # End of prefix definition
- prefix 2001:db8:16:bf::/64
- {
- AdvValidLifetime 86400;
- AdvPreferredLifetime 86400;
- AdvOnLink on;
- AdvAutonomous on;
- AdvRouterAddr off;
- }; # End of prefix definition
- RDNSS fd4a:e7ab:34a5::1
- {
- AdvRDNSSLifetime 86400;
- }; # End of RDNSS definition
- DNSSL businessname.com
- {
- AdvDNSSLLifetime 1800;
- }; # End of DNSSL definition
- }; # End of interface definition
这是原始路由器广告,它与路由器的/etc/radvd.conf匹配,并且仍然被发送到网络上,与上面的路由器交替:
- #
- # radvd configuration generated by radvdump 1.9.1
- # based on Router Advertisement from fe80::20c:29ff:fef4:66f1
- # received by interface eth0
- #
- interface eth0
- {
- AdvSendAdvert on;
- # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
- AdvManagedFlag off;
- AdvOtherConfigFlag off;
- AdvReachableTime 0;
- AdvRetransTimer 0;
- AdvCurHopLimit 64;
- AdvDefaultLifetime 1800;
- AdvHomeAgentFlag off;
- AdvDefaultPreference medium;
- AdvSourceLLAddress on;
- prefix 2001:db8:16:bf::/64
- {
- AdvValidLifetime 86400;
- AdvPreferredLifetime 14400;
- AdvOnLink on;
- AdvAutonomous on;
- AdvRouterAddr off;
- }; # End of prefix definition
- RDNSS 2001:4860:4860::8888 2001:4860:4860::8844
- {
- AdvRDNSSLifetime 600;
- }; # End of RDNSS definition
- }; # End of interface definition
域控制器上已安装的角色/功能列表:
- [dc1]: PS C:\Users\Administrator\Documents> Get-WindowsFeature | where {$_.InstallState -eq "Installed"}
- Display Name Name Install State
- ------------ ---- -------------
- [X] Active Directory Domain Services AD-Domain-Services Installed
- [X] DNS Server DNS Installed
- [X] File And Storage Services FileAndStorage-Services Installed
- [X] File and iSCSI Services File-Services Installed
- [X] File Server FS-FileServer Installed
- [X] Storage Services Storage-Services Installed
- [X] .NET Framework 4.5 Features NET-Framework-45-Fea... Installed
- [X] .NET Framework 4.5 NET-Framework-45-Core Installed
- [X] WCF Services NET-WCF-Services45 Installed
- [X] TCP Port Sharing NET-WCF-TCP-PortShar... Installed
- [X] Group Policy Management GPMC Installed
- [X] Remote Server Administration Tools RSAT Installed
- [X] Role Administration Tools RSAT-Role-Tools Installed
- [X] AD DS and AD LDS Tools RSAT-AD-Tools Installed
- [X] Active Directory module for Windows ... RSAT-AD-PowerShell Installed
- [X] Windows PowerShell PowerShellRoot Installed
- [X] Windows PowerShell 3.0 PowerShell Installed
- [X] WoW64 Support WoW64-Support Installed
以太网接口的IPv6配置,如聊天中所要求的:
- [dc1]: PS C:\Users\Administrator\Documents> netsh interface ipv6 show interface interface=Ethernet
- Interface Ethernet Parameters
- ----------------------------------------------
- IfLuid : ethernet_7
- IfIndex : 12
- State : connected
- Metric : 10
- Link MTU : 1500 bytes
- Reachable Time : 33500 ms
- Base Reachable Time : 30000 ms
- Retransmission Interval : 1000 ms
- DAD Transmits : 1
- Site Prefix Length : 64
- Site Id : 1
- Forwarding : disabled
- Advertising : disabled
- Neighbor Discovery : enabled
- Neighbor Unreachability Detection : enabled
- Router Discovery : enabled
- Managed Address Configuration : disabled
- Other Stateful Configuration : enabled
- Weak Host Sends : disabled
- Weak Host Receives : disabled
- Use Automatic Metric : enabled
- Ignore Default Routes : disabled
- Advertised Router Lifetime : 1800 seconds
- Advertise Default Route : disabled
- Current Hop Limit : 64
- Force ARPND Wake up patterns : disabled
- Directed MAC Wake up patterns : disabled
- ECN capability : application
解决方法
虽然我仍然不知道为什么会发生这种情况(并且欢迎解释!)现在似乎已经修复了.
我用精细的牙齿梳理了网络配置,发现我的懊恼是默认网关中有错字!
- [dc1]: PS C:\Users\Administrator\Documents> Get-NetRoute -PolicyStore PersistentStore -AddressFamily IPv6
- ifIndex DestinationPrefix NextHop RouteMetric PolicyStore
- ------- ----------------- ------- ----------- -----------
- 12 ::/0 2001:db8:116:bf::1 256 Persiste...
嗯,哎呀! 116:bf应为16:bf.
所以我修正了拼写错误,并且很好地从以太网接口删除了ULA地址,瞧,没有额外的RA,我的网络再次开心.
- [dc1]: PS C:\Users\Administrator\Documents> Remove-NetRoute -NextHop 2001:db8:116:bf::1
- Confirm
- Are you sure you want to perform this action?
- Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Active"
- [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
- Confirm
- Are you sure you want to perform this action?
- Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Persistent"
- [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
- [dc1]: PS C:\Users\Administrator\Documents> New-NetRoute -NextHop 2001:db8:16:bf::1 -DestinationPrefix ::/0 -InterfaceIndex 12
- ifIndex DestinationPrefix NextHop RouteMetric PolicyStore
- ------- ----------------- ------- ----------- -----------
- 12 ::/0 2001:db8:16:bf::1 256 ActiveStore
- 12 ::/0 2001:db8:16:bf::1 256 Persiste...
- [dc1]: PS C:\Users\Administrator\Documents> Remove-NetIPAddress -AddressFamily IPv6 -IPAddress fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -PrefixLength 64
- Confirm
- Are you sure you want to perform this action?
- Performing operation "Remove" on Target "NetIPAddress -IPv6Address fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -InterfaceIndex 12 -Store Active"
- [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
Wireshark说,在邻居请求,路由器广告或其他任何地方都没有ULA的进一步信号.
