IPv6接口上的本地链接和全局IP [英] Link-local and global IPs on IPv6 interfaces

问题描述

我目前正在尝试了解IPv6地址的工作方式.小型和组织网络分别使用本地链接地址和站点本地地址.但是，如果其中一个客户端也可以访问Internet，则需要两个IP，对吗?一个链接/本地站点和一个全球地址.如何通过接口和路由器进行管理?一个接口需要两个IP，因为IPv6中没有NAT.

I'm currently trying to understand how IPv6 adresses work. There are link-local and site-local adresses used for small and organisational networks respectively. But if one of those clients also has internet access, it would need two IPs, correct? One link/site-local and one global adress. How is that managed by the interface and the routers? One interface would need two IPs, since there is no NAT in IPv6.

推荐答案

通常，接口具有一个链接本地作用域单播地址和零个或多个全局作用域单播地址. (它们也可以是一定数量的多播组的成员.)地址可以手动分配，也可以像IPv4一样由DHCPv6分配，但是当路由器广告允许时，有时(不是总是)会自动生成地址.某些主机实现会自动为路由器发布的每个前缀生成一个持久的全局地址，并为其附带一个辅助隐私地址，请参见c.f. RFC 4191 .在使用DHCPv6分配地址的情况下，主机可能会请求一个或多个临时地址来代替隐私地址来使用.

In general, interfaces have one link-local scope unicast address and zero or more global scope unicast addresses. (They may be also members of some finite number of multicast groups.) Addresses may be assigned manually or by DHCPv6 as in IPv4, but they may also sometimes (not always) be automatically generated when the router advertisements permit it. Some host implementations will automatically generate a persistent global address for each prefix the router advertises and an ancillary privacy address to go along with it, c.f. RFC 4191. Where DHCPv6 is used to assign addresses, hosts might request one or more temporary addresses to use instead of privacy addresses.

不要使用站点本地地址. RFC 3879 不推荐使用它们，主要是因为sin6_scope_id字段的定义不明确用于站点本地地址.在getifaddrs()返回的列表中看到它们的应用程序可能应该使用标准错误流的诊断消息将其丢弃.应用程序应该期望网络管理员将使用唯一本地地址(ULA)而不是站点本地地址c.f. RFC 4941 .

Don't use site-local addresses. They're deprecated by RFC 3879, mainly because the sin6_scope_id field isn't well-defined for site-local addresses. Applications that see them in the list returned from getifaddrs() should probably discard them with a diagnostic message to the standard error stream. Applications should expect that network administrators will use Unique Local Addresses (ULA) instead of site-local addresses, c.f. RFC 4941.

应用软件通常无法确定ULA地址的可达性.您唯一可以肯定的是，通过全局公共默认无约束区域的任何路径都无法访问它们.它们可以从Internet上的任何地方访问，在自治系统之间的双边协议中交换ULA前缀的路由.另一方面，它们通常会通过IPv6家庭网关进行广告宣传，仅供用户本地使用，而在家庭以外的任何地方都无法访问，请参见c.f.. ID.ietf-v6ops-ipv6-cpe-router

The reachability of ULA addresses is not generally decidable by application software. The only thing you know for certain about them is that they aren't reachable by any path that passes through the global public default-free zone. They may be reachable from anywhere on the Internet where the routes to the ULA prefix are exchanged in bilateral agreements between autonomous systems. On the other hand, they will often be advertised by IPv6 home gateways for subscriber local use only, and won't be reachable anywhere outside the home, c.f. I-D.ietf-v6ops-ipv6-cpe-router.

这篇关于IPv6接口上的本地链接和全局IP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！