Ubnt EdgeRouter X如何设置支持ipv6上网

目前各家主流家庭宽带运营商已经开启ipv4/ipv6双栈接入能力。

博主在很久前被种草 2018-03-22 购买了Ubnt EdgeRouter X路由器

今天测试了一位网友的配置,终于可以使用原生ipv4/ipv6双栈网络接入,网络环境:江苏扬州电信家庭宽带PPPoE拨号

使用ssh客户端工具,博主在windows上面使用的是Xshell,进入shell环境

ssh ubnt:ubnt@192.168.1.1
# 这是我的ipv6部分以及相应防火墙的设置,er-x sfp,应该和er-x差不多,eth0是wan口,eth1-eth4为lan口,switch0,供参考:


configure
# Configure the PPPoE for IPv6(eth0):
set interfaces ethernet eth0 pppoe 0 ipv6 enable
set interfaces ethernet eth0 pppoe 0 ipv6 address autoconf
set interfaces ethernet eth0 pppoe 0 ipv6 dup-addr-detect-transmits 1
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 prefix-length /60
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd rapid-commit enable
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd prefix-only

# Enable IPv6 SLAAC on the LAN(switch0):
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 host-address ::1
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 prefix-id :0
set interfaces ethernet eth0 pppoe 0 dhcpv6-pd pd 0 interface switch0 service slaac

# Enable IPv6 on switch0:
set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1
set interfaces switch switch0 ipv6 router-advert cur-hop-limit 64
set interfaces switch switch0 ipv6 router-advert link-mtu 0
set interfaces switch switch0 ipv6 router-advert managed-flag false
set interfaces switch switch0 ipv6 router-advert max-interval 600
set interfaces switch switch0 ipv6 router-advert other-config-flag false
set interfaces switch switch0 ipv6 router-advert prefix '::/64' autonomous-flag true
set interfaces switch switch0 ipv6 router-advert prefix '::/64' on-link-flag true
set interfaces switch switch0 ipv6 router-advert prefix '::/64' valid-lifetime 2592000
set interfaces switch switch0 ipv6 router-advert reachable-time 0
set interfaces switch switch0 ipv6 router-advert retrans-timer 0
set interfaces switch switch0 ipv6 router-advert send-advert true

# create a policy for WAN->Router:
set firewall ipv6-name WANv6_LOCAL default-action drop
set firewall ipv6-name WANv6_LOCAL description 'Local network traffic'
set firewall ipv6-name WANv6_LOCAL enable-default-log
set firewall ipv6-name WANv6_LOCAL rule 10 action accept
set firewall ipv6-name WANv6_LOCAL rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_LOCAL rule 10 state established enable
set firewall ipv6-name WANv6_LOCAL rule 10 state related enable
set firewall ipv6-name WANv6_LOCAL rule 20 action drop
set firewall ipv6-name WANv6_LOCAL rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_LOCAL rule 20 state invalid enable
set firewall ipv6-name WANv6_LOCAL rule 30 action accept
set firewall ipv6-name WANv6_LOCAL rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name WANv6_LOCAL rule 30 protocol icmpv6
set firewall ipv6-name WANv6_LOCAL rule 40 action accept
set firewall ipv6-name WANv6_LOCAL rule 40 description 'allow dhcpv6'
set firewall ipv6-name WANv6_LOCAL rule 40 destination port 546
set firewall ipv6-name WANv6_LOCAL rule 40 protocol udp
set firewall ipv6-name WANv6_LOCAL rule 40 source port 547
# create a policy for WAN->LAN Clients:
set firewall ipv6-name WANv6_IN default-action drop
set firewall ipv6-name WANv6_IN description 'WAN inbound traffic to the router'
set firewall ipv6-name WANv6_IN enable-default-log
set firewall ipv6-name WANv6_IN rule 10 action accept
set firewall ipv6-name WANv6_IN rule 10 description 'Allow established/related sessions'
set firewall ipv6-name WANv6_IN rule 10 state established enable
set firewall ipv6-name WANv6_IN rule 10 state related enable
set firewall ipv6-name WANv6_IN rule 20 action drop
set firewall ipv6-name WANv6_IN rule 20 description 'Drop invalid state'
set firewall ipv6-name WANv6_IN rule 20 state invalid enable
set firewall ipv6-name WANv6_IN rule 30 action accept
set firewall ipv6-name WANv6_IN rule 30 description 'Allow IPv6 icmp'
set firewall ipv6-name WANv6_IN rule 30 protocol icmpv6
set firewall ipv6-name WANv6_IN rule 40 action accept
set firewall ipv6-name WANv6_IN rule 40 description 'allow dhcpv6'
set firewall ipv6-name WANv6_IN rule 40 destination port 546
set firewall ipv6-name WANv6_IN rule 40 protocol udp
set firewall ipv6-name WANv6_IN rule 40 source port 547
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set interfaces ethernet eth0 pppoe 0 firewall in ipv6-name WANv6_IN
set interfaces ethernet eth0 pppoe 0 firewall local ipv6-name WANv6_LOCAL

commit
save
exit
# 重启路由器
reboot

等待路由器5分钟重启完毕,重启网卡以重新获取ip地址,可以看到如下信息

打开当前博客任意页面,查看右侧小工具,检测当前ip地址是否是网卡分配的对应地址

参考资料: [网络] ER-X如何设置支持ipv6上网?

如何在阿里云ECS上部署原生ipv4/ipv6双栈网站

阿里云老早就在“呼和浩特”地域开放了ECS部署原生ipv6的能力,现在处于公测中。不排除会在其他地域开放此能力

此篇文章引导读者一步一步,使用 CentOS7 部署阿里云ipv6网站,ipv4不赘述。

网络上绝大多数使用he.net的免费转换服务,把he.net提供的ipv6地址和自己的服务器建立一个基于ipv4的网络隧道。这个虽然是切实可行的,架不住延迟大,不稳定。毕竟国内ipv6用户要使用ipv6协议访问到国内的服务器上,要绕道香港、新加坡或者日本。

另外阿里云和其他云厂商提供了收费的ipv6转换服务,当用户的ipv6请求过来后,ipv6转换服务会把网络包转换成ipv4的协议,再发送给ECS、SLB等等服务。

这些转换服务都不是原生的ipv6能力,需要依赖ipv4协议栈工作,而且不方便拿到客户端的ipv6地址,不推荐。

继续阅读“如何在阿里云ECS上部署原生ipv4/ipv6双栈网站”