双栈教育网架构
1、典型校园网络架构
图为典型校园网的拓扑
1.1 出口
双出口,教育网和联通双链路接入,一般默认路由指到联通,明细指到教育网
Ipv4环境下,分别在教育网和联通出接口做源nat,对服务器做目的nat
Ipv6环境下,都是公网地址,无需nat
1.2 核心交换机
作为办公区的网关
1.3 学生宿舍区
使用BRAS进行认证接入计费,和家庭上网类似
1.4 教师办公区
直接二层连入核心
2、典型配置
1 # 2 ipv6 3 #router-id是必要的,否则无法正常建立邻居 4 ospfv3 1 5 router-id 11.11.11.11 6 import-route static 7 #互联接口的地址都为链路地址 8 interface GigabitEthernet0/0/0 9 ipv6 enable 10 ip address 192.168.1.2 255.255.255.252 11 ipv6 address auto link-local 12 ospfv3 1 area 0.0.0.0 13 # 14 interface GigabitEthernet0/0/1 15 ipv6 enable 16 ip address 192.168.2.1 255.255.255.252 17 ipv6 address 1001::2/126 18 # 19 interface GigabitEthernet0/0/2 20 ipv6 enable 21 ip address 192.168.3.1 255.255.255.252 22 ipv6 address 1000::2/126 23 # 24 interface LoopBack0 25 ip address 11.11.11.11 255.255.255.255 26 # 27 ospf 1 28 import-route static 29 area 0.0.0.0 30 network 192.168.1.0 0.0.0.3 31 # 32 ip route-static 1.1.1.1 255.255.255.255 192.168.2.2 33 ip route-static 2.2.2.2 255.255.255.255 192.168.3.2 34 # 35 ipv6 route-static 1111::1 128 1001::1 36 ipv6 route-static 2222::2 128 1000::1 37 #
1 # 2 ipv6 3 # 4 vlan batch 100 1000 to 1002 5 # 6 # 7 vlan 100 8 description office 9 # 10 ip pool vlan100 11 gateway-list 192.168.100.254 12 network 192.168.100.0 mask 255.255.255.0 13 dns-list 8.8.8.8 14 # 15 # 16 ospfv3 1 17 router-id 10.10.10.10 18 # 19 interface Vlanif1 20 # 21 interface Vlanif100 22 ipv6 enable 23 ip address 192.168.100.254 255.255.255.0 24 ipv6 address 2001:250:4800:100::/64 eui-64 25 undo ipv6 nd ra halt 26 ospfv3 1 area 0.0.0.0 27 dhcp select global 28 # 29 interface Vlanif1000 30 ipv6 enable 31 ip address 192.168.1.1 255.255.255.252 32 ipv6 address auto link-local 33 ospfv3 1 area 0.0.0.0 34 # 35 interface Vlanif1001 36 ipv6 enable 37 ip address 192.168.4.1 255.255.255.252 38 ipv6 address auto link-local 39 ospfv3 1 area 0.0.0.0 40 # 41 interface MEth0/0/1 42 # 43 interface GigabitEthernet0/0/1 44 port link-type access 45 port default vlan 1000 46 # 47 interface GigabitEthernet0/0/2 48 port link-type access 49 port default vlan 1001 50 # 51 interface GigabitEthernet0/0/3 52 port link-type trunk 53 port trunk allow-pass vlan 2 to 4094 54 # 55 interface LoopBack0 56 ip address 10.10.10.10 255.255.255.255 57 # 58 ospf 1 59 import-route direct 60 area 0.0.0.0 61 network 192.168.1.0 0.0.0.3 62 network 192.168.4.0 0.0.0.3 63 #
1 #由于用普通路由器代替的 2 #所有缺少了很多BRAS相关的配置 3 ipv6 4 # 5 dhcp enable 6 # 7 ospfv3 1 8 router-id 12.12.12.12 9 import-route direct 10 #ospfv3直接在接口下讲接口加入进程 11 interface GigabitEthernet0/0/0 12 ipv6 enable 13 ip address 192.168.4.2 255.255.255.252 14 ipv6 address auto link-local 15 ospfv3 1 area 0.0.0.0 16 # 17 interface GigabitEthernet0/0/1 18 #终端ipv6通过nd协议自动获取 19 interface GigabitEthernet0/0/1.1 20 dot1q termination vid 101 21 ipv6 enable 22 ip address 192.168.101.254 255.255.255.0 23 ipv6 address 2001:250:4800:101::/64 eui-64 24 undo ipv6 nd ra halt 25 dhcp select interface 26 # 27 interface LoopBack0 28 ip address 12.12.12.12 255.255.255.255 29 # 30 ospf 1 31 area 0.0.0.0 32 network 192.168.4.0 0.0.0.3 33 #
3、Ipv6现存的问题
3.1 大部分国产应用层设备以及家庭路由器都不支持
这个暂时无解,只能靠厂家升级软件版本了
3.2 国内ipv6资源较少
目前ipv6基本是当梯子在用,访问国外的资源,这个暂时也无解,只能从国家层面来推动了,目前是只有教育网内在大规模的使用ipv6
3.3 国产手机不支持ipv6
这个暂时无解,只能等ipv6大规模铺开后,厂家再跟进了
3.4 nd协议无法下发DNS
本来用ipv6的优势是nd协议即插即用,结果无法下发DNS,只能靠DHCP下发,有点鸡肋
