我目前正在评估Server 2012,以在Linux和Windows工作站与服务器的小型异构网络中充当域控制器,所有这些最终都将加入该域。这是一个100%的双堆栈网络;每个设备都具有IPv4和IPv6连接。路由器是运行radvd 1.9.1和其他各种必需品的Linux服务器。
我刚刚安装了第一个域控制器;它的域名是ad.businessname.com(businessname.com由外部DNS服务器处理;该域还具有公共网站,电子邮件等,这些现在将不加入该域)。它是安装有AD DS和DNS角色的服务器核心。一切似乎都很好,我准备设置第二个DC并开始加入计算机,但是...
现在,我的网络上有额外的IPv6路由器广告,广告“ 唯一本地地址”。它也是广告的本地IPv6前缀实际路由器是广告。起初我以为这些RA源自域控制器,因为当我关闭它们时它们消失了,但是运行Wireshark之后,我看到它们来自我的实际IPv6路由器。Wireshark显示,此版本的RA很快就遵循了来自DC的fd4a:e7ab:34a5 :: 1的邻居请求。
奇怪的是,当域控制器不在网络上时,路由器也会发送它通常发送的原始路由公告。此版本的RA匹配/etc/radvd.conf(下面是副本)。与Wireshark的快速对话证实了路由器通告的两个版本都来自运行Linux路由器的MAC地址radvd。
到目前为止,这些似乎无害,因为我的IPv6连接并没有被额外RA中断。但是由于我已经具有全球IPv6连接,因此ULA似乎是不必要的。
昨晚和今天,我花了很多时间在Internet上搜索,试图找出正在发生的事情,但是除了暗示它可能与IP Helper Service有关的暗示外,几乎没有其他任何解释(以及模糊的警告提示)。把它关掉)。但是据我所知,当本机IPv6可用时,禁用此服务应该是安全的。
所以我的问题是:
- Windows为什么要发送ULA网络的邻居请求?
- 为什么发送这些RA,显然是为了响应?
- 他们为什么除了我的本机地址外还宣传ULA?
- 这样会不会在以后引起IPv6路由问题?
- 我必须忍受这一点吗,或者如何使Windows和radvd表现良好?
各种配置信息如下:
这是发送的捕获的RA(如图所示,radvdump与wireshark的输出相比,IMO更易于阅读)。您可以看到它同时在宣传ULA和公共前缀(在此处模糊)。当我关闭域控制器时,此版本的RA停止出现在网络上。
#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#
interface eth0
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag off;
AdvOtherConfigFlag on;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 0;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
AdvLinkMTU 1500;
prefix fd4a:e7ab:34a5::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
prefix 2001:db8:16:bf::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
RDNSS fd4a:e7ab:34a5::1
{
AdvRDNSSLifetime 86400;
}; # End of RDNSS definition
DNSSL businessname.com
{
AdvDNSSLLifetime 1800;
}; # End of DNSSL definition
}; # End of interface definition
这是原始路由器广告,与路由器的广告匹配,/etc/radvd.conf并且仍在发送到网络上,与上面的广告交替显示:
#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#
interface eth0
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag off;
AdvOtherConfigFlag off;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
prefix 2001:db8:16:bf::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
RDNSS 2001:4860:4860::8888 2001:4860:4860::8844
{
AdvRDNSSLifetime 600;
}; # End of RDNSS definition
}; # End of interface definition
域控制器上已安装角色/功能的列表:
[dc1]: PS C:\Users\Administrator\Documents> Get-WindowsFeature | where {$_.InstallState -eq "Installed"}
Display Name Name Install State
------------ ---- -------------
[X] Active Directory Domain Services AD-Domain-Services Installed
[X] DNS Server DNS Installed
[X] File And Storage Services FileAndStorage-Services Installed
[X] File and iSCSI Services File-Services Installed
[X] File Server FS-FileServer Installed
[X] Storage Services Storage-Services Installed
[X] .NET Framework 4.5 Features NET-Framework-45-Fea... Installed
[X] .NET Framework 4.5 NET-Framework-45-Core Installed
[X] WCF Services NET-WCF-Services45 Installed
[X] TCP Port Sharing NET-WCF-TCP-PortShar... Installed
[X] Group Policy Management GPMC Installed
[X] Remote Server Administration Tools RSAT Installed
[X] Role Administration Tools RSAT-Role-Tools Installed
[X] AD DS and AD LDS Tools RSAT-AD-Tools Installed
[X] Active Directory module for Windows ... RSAT-AD-PowerShell Installed
[X] Windows PowerShell PowerShellRoot Installed
[X] Windows PowerShell 3.0 PowerShell Installed
[X] WoW64 Support WoW64-Support Installed
聊天中要求的以太网接口的IPv6配置:
[dc1]: PS C:\Users\Administrator\Documents> netsh interface ipv6 show interface interface=Ethernet
Interface Ethernet Parameters
----------------------------------------------
IfLuid : ethernet_7
IfIndex : 12
State : connected
Metric : 10
Link MTU : 1500 bytes
Reachable Time : 33500 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : enabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 64
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
ECN capability : application
太棒了 没有以正确的方式安装RRAS吗?
—
Shane Madden
@ShaneMadden
—
迈克尔·汉普顿
Get-WindowsFeature说..不。
这使这更加疯狂。为什么在地球上..
—
Shane Madden