為什麼我的域控制器導致我的路由器發送唯一本地地址的廣告?
我目前正在評估 Server 2012 以作為 Linux 和 Windows 工作站和伺服器的小型異構網路中的域控制器,所有這些最終都將加入到域中。這是一個 100% 雙棧網路;每個設備都有 IPv4 和 IPv6 連接。路由器是執行 radvd 1.9.1 和其他各種必需品的 Linux 伺服器。
我剛剛安裝了第一個域控制器;它的域名是
ad.businessname.com
(其中businessname.com
由外部 DNS 伺服器處理;該域還有公共網站、電子郵件等,目前這些不會加入該域)。它是安裝了 AD DS 和 DNS 角色的伺服器核心。一切似乎都很好,我正準備設置第二個 DC 並開始加入電腦,但是……現在我的網路上有額外的 IPv6 路由器廣告,廣告Unique Local Addresses。它還通告實際路由器正在通告的本機 IPv6 前綴。起初我以為這些 RA 來自域控制器,因為當我關閉它時它們消失了,但在執行 Wireshark 之後我發現它們來自我實際的 IPv6 路由器。Wireshark 顯示此版本的 RA 很快就在來自 DC 的 fd4a:e7ab:34a5::1 的鄰居請求之後。
奇怪的是,當域控制器不在網路上時,路由器*也會發送它通常發送的原始路由通告。*此版本的 RA 匹配
/etc/radvd.conf
(副本如下)。與 Wireshark 的快速會話證實,這兩個版本的路由器廣告都來自正在執行的 Linux 路由器的 MAC 地址radvd
。到目前為止,這些似乎是無害的,因為我的 IPv6 連接並沒有因額外 RA 的存在而中斷。但由於我已經擁有全球 IPv6 連接,因此 ULA 似乎是不必要和不需要的。
我昨晚和今天花了很多時間在網際網路上搜尋以試圖弄清楚發生了什麼,但除了暗示它可能與 IP 助手服務有關(以及模糊的警告不要把它關掉)。但據我所知,當本地 IPv6 可用時禁用此服務應該是安全的。
所以我的問題是:
- 為什麼 Windows 為 ULA 網路發送鄰居請求?
- 為什麼要發送這些 RA,顯然是為了響應?
- 為什麼除了我的本地地址之外,他們還宣傳 ULA?
- 這不會在以後導致 IPv6 路由出現問題嗎?
- 我是否必須忍受這個,或者我怎樣才能讓 Windows 和 radvd 正常執行?
各種配置資訊如下:
這是發送的擷取的 RA(如圖所示,
radvdump
IMO 比wireshark 的輸出更容易閱讀)。您可以看到它同時在宣傳 ULA 和公共前綴(此處被遮蔽)。當我關閉域控制器時,這個版本的 RA 就不再出現在網路上。# # radvd configuration generated by radvdump 1.9.1 # based on Router Advertisement from fe80::20c:29ff:fef4:66f1 # received by interface eth0 # interface eth0 { AdvSendAdvert on; # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump AdvManagedFlag off; AdvOtherConfigFlag on; AdvReachableTime 0; AdvRetransTimer 0; AdvCurHopLimit 0; AdvDefaultLifetime 1800; AdvHomeAgentFlag off; AdvDefaultPreference medium; AdvSourceLLAddress on; AdvLinkMTU 1500; prefix fd4a:e7ab:34a5::/64 { AdvValidLifetime 86400; AdvPreferredLifetime 86400; AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; # End of prefix definition prefix 2001:db8:16:bf::/64 { AdvValidLifetime 86400; AdvPreferredLifetime 86400; AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; # End of prefix definition RDNSS fd4a:e7ab:34a5::1 { AdvRDNSSLifetime 86400; }; # End of RDNSS definition DNSSL businessname.com { AdvDNSSLLifetime 1800; }; # End of DNSSL definition }; # End of interface definition
這是原始路由器廣告,它與路由器匹配,
/etc/radvd.conf
並且仍在發送到網路上,與上面的交替:# # radvd configuration generated by radvdump 1.9.1 # based on Router Advertisement from fe80::20c:29ff:fef4:66f1 # received by interface eth0 # interface eth0 { AdvSendAdvert on; # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump AdvManagedFlag off; AdvOtherConfigFlag off; AdvReachableTime 0; AdvRetransTimer 0; AdvCurHopLimit 64; AdvDefaultLifetime 1800; AdvHomeAgentFlag off; AdvDefaultPreference medium; AdvSourceLLAddress on; prefix 2001:db8:16:bf::/64 { AdvValidLifetime 86400; AdvPreferredLifetime 14400; AdvOnLink on; AdvAutonomous on; AdvRouterAddr off; }; # End of prefix definition RDNSS 2001:4860:4860::8888 2001:4860:4860::8844 { AdvRDNSSLifetime 600; }; # End of RDNSS definition }; # End of interface definition
域控制器上安裝的角色/功能列表:
[dc1]: PS C:\Users\Administrator\Documents> Get-WindowsFeature | where {$_.InstallState -eq "Installed"} Display Name Name Install State ------------ ---- ------------- [X] Active Directory Domain Services AD-Domain-Services Installed [X] DNS Server DNS Installed [X] File And Storage Services FileAndStorage-Services Installed [X] File and iSCSI Services File-Services Installed [X] File Server FS-FileServer Installed [X] Storage Services Storage-Services Installed [X] .NET Framework 4.5 Features NET-Framework-45-Fea... Installed [X] .NET Framework 4.5 NET-Framework-45-Core Installed [X] WCF Services NET-WCF-Services45 Installed [X] TCP Port Sharing NET-WCF-TCP-PortShar... Installed [X] Group Policy Management GPMC Installed [X] Remote Server Administration Tools RSAT Installed [X] Role Administration Tools RSAT-Role-Tools Installed [X] AD DS and AD LDS Tools RSAT-AD-Tools Installed [X] Active Directory module for Windows ... RSAT-AD-PowerShell Installed [X] Windows PowerShell PowerShellRoot Installed [X] Windows PowerShell 3.0 PowerShell Installed [X] WoW64 Support WoW64-Support Installed
乙太網介面的 IPv6 配置,按照聊天中的要求:
[dc1]: PS C:\Users\Administrator\Documents> netsh interface ipv6 show interface interface=Ethernet Interface Ethernet Parameters ---------------------------------------------- IfLuid : ethernet_7 IfIndex : 12 State : connected Metric : 10 Link MTU : 1500 bytes Reachable Time : 33500 ms Base Reachable Time : 30000 ms Retransmission Interval : 1000 ms DAD Transmits : 1 Site Prefix Length : 64 Site Id : 1 Forwarding : disabled Advertising : disabled Neighbor Discovery : enabled Neighbor Unreachability Detection : enabled Router Discovery : enabled Managed Address Configuration : disabled Other Stateful Configuration : enabled Weak Host Sends : disabled Weak Host Receives : disabled Use Automatic Metric : enabled Ignore Default Routes : disabled Advertised Router Lifetime : 1800 seconds Advertise Default Route : disabled Current Hop Limit : 64 Force ARPND Wake up patterns : disabled Directed MAC Wake up patterns : disabled ECN capability : application
雖然我仍然不知道為什麼會發生這種情況(並且歡迎解釋!)它現在似乎已修復。
我用細齒梳檢查了網路配置,令我懊惱的是,預設網關有一個錯字!
[dc1]: PS C:\Users\Administrator\Documents> Get-NetRoute -PolicyStore PersistentStore -AddressFamily IPv6 ifIndex DestinationPrefix NextHop RouteMetric PolicyStore ------- ----------------- ------- ----------- ----------- 12 ::/0 2001:db8:116:bf::1 256 Persiste...
嗯,哎呀!
116:bf
應該是16:bf
。所以我修正了錯字,並從乙太網介面中刪除了 ULA 地址,瞧,不再有額外的 RA,我的網路又恢復了。
[dc1]: PS C:\Users\Administrator\Documents> Remove-NetRoute -NextHop 2001:db8:116:bf::1 Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Active" [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "NetRoute -DestinationPrefix ::/0 -InterfaceIndex 12 -NextHop 2001:db8:116:bf::1 -Store Persistent" [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y [dc1]: PS C:\Users\Administrator\Documents> New-NetRoute -NextHop 2001:db8:16:bf::1 -DestinationPrefix ::/0 -InterfaceIndex 12 ifIndex DestinationPrefix NextHop RouteMetric PolicyStore ------- ----------------- ------- ----------- ----------- 12 ::/0 2001:db8:16:bf::1 256 ActiveStore 12 ::/0 2001:db8:16:bf::1 256 Persiste... [dc1]: PS C:\Users\Administrator\Documents> Remove-NetIPAddress -AddressFamily IPv6 -IPAddress fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -PrefixLength 64 Confirm Are you sure you want to perform this action? Performing operation "Remove" on Target "NetIPAddress -IPv6Address fd4a:e7ab:34a5:0:807e:e44a:7ffc:ea90 -InterfaceIndex 12 -Store Active" [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is "Y"): y
Wireshark 說,在鄰居請求、路由器廣告或其他任何地方都沒有進一步的 ULA 跡象。