温馨提示:
本文所述内容具有依赖性,可能因软硬条件不同而与预期有所差异,故请以实际为准,仅供参考。
如果您希望在控制台通过 GUI 画面操作,请移步《Oracle Cloud 甲骨文云启用原生 IPv6 地址详细教程》。
研究使用 OCI 命令行来配置 IPv6,是因为最近控制台打开实在是慢,还经常出错,花了一个下午的时间才配置了一台,效率实在太低!
使用 OCI 命令行的好处就是不用加载那些 css、js、图片等乱七八槽的东西,对资源可以直接进行操作,速度快、效率高!还有一定几率防止触发风控?
关于 OCI 命令行,在《Oracle Cloud 甲骨文云对象存储 ObjectStorage API(OCI)详细使用说明》已有提及,所以在进行下文操作前,请先看这篇文章第一节配置环境和第二节配置参数,下文默认认为您已配置好运行环境。
下文操作建立在已经创建好主机实例(instance),但没有分配 IPv6 地址,并且在控制台创建 IPv6 时出现了 NotAuthorizedOrNotFound 错误的情形下,您可以根据自己的实际情况阅读。
操作步骤与《Oracle Cloud 甲骨文云启用原生 IPv6 地址详细教程》大致一致,分为四大部分:
- 查找区间 OCID
- 分配 IPv6 地址
- 更新路由表
- 更新安全列表
查找区间 OCID
查看区间 OCID compartment-id:
root@oc-in:~# oci iam compartment list
{
"data": [
{
"compartment-id": "ocid1.tenancy.oc1..就是这个引号里的完整字段,下同",
"defined-tags": {},
"description": "idcs-**mask**",
"freeform-tags": {},
"id": "ocid1.compartment.oc1..**mask**",
"inactive-status": null,
"is-accessible": null,
"lifecycle-state": "ACTIVE",
"name": "ManagedCompartmentForPaaS",
"time-created": "2020-07-31T05:03:37.739000+00:00"
}
]
}将 compartment-id 记录,后面会用到很多次。
分配 IPv6 地址
查看 VCN ID(把 [compartment-id] 替换成上一步记录的 compartment-id,后续用 [] 包裹的操作类似,即替换成实际的 id,不再赘述):
root@oc-in:~# oci network vcn list --compartment-id [compartment-id]
{
"data": [
{
"cidr-block": "10.0.0.0/16",
"cidr-blocks": [
"10.0.0.0/16"
],
"compartment-id": "ocid1.tenancy.oc1..**mask**",
"default-dhcp-options-id": "ocid1.dhcpoptions.oc1.**mask**",
"default-route-table-id": "ocid1.routetable.oc1.一起记录",
"default-security-list-id": "ocid1.securitylist.oc1.还有这段",
"defined-tags": {
"Oracle-Tags": {
"CreatedBy": "**mask**",
"CreatedOn": "2020-07-31T04:52:52.216Z"
}
},
"display-name": "vcn-20200731-1249",
"dns-label": "vcn",
"freeform-tags": {},
"id": "ocid1.vcn.oc1.就是这个引号里的字段",
"ipv6-cidr-blocks": null,
"lifecycle-state": "AVAILABLE",
"time-created": "2020-07-31T04:52:52.219000+00:00",
"vcn-domain-name": "vcn.oraclevcn.com"
}
]
}将 default-route-table-id 和 default-security-list-id,以及 id 记录一下。
申请添加 IPv6 CIDR 地址块:
root@oc-in:~# oci network vcn add-ipv6-vcn-cidr --vcn-id [vcn-id]
{
"etag": "6fae1c7e"
}这一步没有直接返回 IPv6 CIDR 地址块,所以我们需要重新查询一下 VCN 信息:
root@oc-in:~# oci network vcn list --compartment-id [compartment-id]
{
"data": [
{
"cidr-block": "10.0.0.0/16",
"cidr-blocks": [
"10.0.0.0/16"
],
"compartment-id": "ocid1.tenancy.oc1..**mask**",
"default-dhcp-options-id": "ocid1.dhcpoptions.oc1.**mask**",
"default-route-table-id": "ocid1.routetable.oc1.**mask**",
"default-security-list-id": "ocid1.securitylist.oc1.**mask**",
"defined-tags": {
"Oracle-Tags": {
"CreatedBy": "**mask**",
"CreatedOn": "2020-07-31T04:52:52.216Z"
}
},
"display-name": "vcn-20200731-1249",
"dns-label": "vcn",
"freeform-tags": {},
"id": "ocid1.vcn.oc1.**mask**",
"ipv6-cidr-blocks": [
"就是这个引号里的字段::/56"
],
"lifecycle-state": "AVAILABLE",
"time-created": "2020-07-31T04:52:52.219000+00:00",
"vcn-domain-name": "vcn.oraclevcn.com"
}
]
}把 IPv6 地址块 ipv6-cidr-blocks 记录一下,然后 查看子网 ID:
root@oc-in:~# oci compute instance list-vnics --compartment-id [compartment-id]
{
"data": [
{
"availability-domain": "CimG:AP-HYDERABAD-1-AD-1",
"compartment-id": "ocid1.tenancy.oc1..**mask**",
"defined-tags": {
"Oracle-Tags": {
"CreatedBy": "**mask**",
"CreatedOn": "2020-07-31T04:53:01.915Z"
}
},
"display-name": "oc-in",
"freeform-tags": {},
"hostname-label": "oc-in",
"id": "ocid1.vnic.oc1.**mask**",
"is-primary": true,
"lifecycle-state": "AVAILABLE",
"mac-address": "**mask**",
"nsg-ids": [],
"private-ip": "10.0.0.2",
"public-ip": "**mask**",
"skip-source-dest-check": false,
"subnet-id": "ocid1.subnet.就是这串字段",
"time-created": "2020-07-31T04:53:07.822000+00:00",
"vlan-id": null
}
]把 subnet-id 记录一下,给子网分配 IPv6 CIDR 地址块(注意分配的块大小是 /64,上面申请的是 /56):
root@oc-in:~# oci network subnet update --subnet-id [subnet-id] --ipv6-cidr-block [ipv6-cidr-block ]
{
"data": {
"availability-domain": null,
"cidr-block": "10.0.0.0/24",
"compartment-id": "ocid1.tenancy.oc1..**mask**",
"defined-tags": {
"Oracle-Tags": {
"CreatedBy": "**mask**",
"CreatedOn": "2020-07-31T04:52:57.630Z"
}
},
"dhcp-options-id": "ocid1.dhcpoptions.oc1.**mask**",
"display-name": "\u516c\u5171\u5b50\u7f51",
"dns-label": "subnet",
"freeform-tags": {},
"id": "ocid1.subnet.oc1.**mask**",
"ipv6-cidr-block": "注意看是 /64 的大小 *::/64",
"ipv6-virtual-router-ip": "fe80::200:17ff:fe34:db0d",
"lifecycle-state": "UPDATING",
"prohibit-internet-ingress": false,
"prohibit-public-ip-on-vnic": false,
"route-table-id": "ocid1.routetable.oc1.**mask**",
"security-list-ids": [
"ocid1.securitylist.oc1.**mask**"
],
"subnet-domain-name": "subnet.vcn.oraclevcn.com",
"time-created": "2020-07-31T04:52:57.658000+00:00",
"vcn-id": "ocid1.vcn.oc1.**mask**",
"virtual-router-ip": "10.0.0.1",
"virtual-router-mac": "00:00:17:34:DB:0D"
},
"etag": "ccca6381"
}查看实例 instance 附加的 VNIC ID:
root@oc-in:~# oci compute vnic-attachment list --compartment-id [compartment-id]
{
"data": [
{
"availability-domain": "CimG:AP-HYDERABAD-1-AD-1",
"compartment-id": "ocid1.tenancy.oc1..**mask**",
"display-name": null,
"id": "ocid1.vnicattachment.oc1.**mask**",
"instance-id": "ocid1.instance.oc1.**mask**",
"lifecycle-state": "ATTACHED",
"nic-index": 0,
"subnet-id": "ocid1.subnet.oc1.**mask**",
"time-created": "2020-07-31T04:53:08.141000+00:00",
"vlan-id": null,
"vlan-tag": 115,
"vnic-id": "ocid1.vnic.oc1.就是这串字段"
}
]
}把 vnic-id 记录一下,然后给实例 分配 IPv6 地址,其中 --ip-address 是根据上面 /64 大小的 IPv6 地址块自定义指定的 IP(不含掩码),不指定的话 Oracle 会自己分配一个:
root@oc-in:~# oci network ipv6 create --vnic-id [vnic-id] --ip-address [ip-address]
{
"data": {
"compartment-id": "ocid1.tenancy.oc1..**mask**",
"defined-tags": {
"Oracle-Tags": {
"CreatedBy": "**mask**",
"CreatedOn": "2021-05-13T13:28:25.947Z"
}
},
"display-name": "ipv620210513132825",
"freeform-tags": {},
"id": "ocid1.ipv6.oc1.**mask**",
"ip-address": "这就是分配的 IPv6 地址",
"lifecycle-state": "AVAILABLE",
"subnet-id": "ocid1.subnet.oc1.**mask**",
"time-created": "2021-05-13T13:28:25.983000+00:00",
"vnic-id": "ocid1.vnic.oc1.**mask**"
},
"etag": "d73e9698"
}至此,实例 instance IPv6 已分配完毕。
更新路由表
早期建立实例时,尚不支持 IPv6,所以路由表、安全列表都没有放行 IPv6,故需要更新一下。
把分配 IPv6 记录的 default-route-table-id 拿出来用,或者重新查询一下 查看路由表 ID 以及 network-entity-id:
root@oc-in:~# oci network route-table list --compartment-id [compartment-id]
{
"data": [
{
"compartment-id": "ocid1.tenancy.oc1..**mask**",
"defined-tags": {
"Oracle-Tags": {
"CreatedBy": "**mask**",
"CreatedOn": "2020-07-31T04:52:52.216Z"
}
},
"display-name": "Default Route Table for vcn-20200731-1249",
"freeform-tags": {},
"id": "ocid1.routetable.oc1.就是这一串",
"lifecycle-state": "AVAILABLE",
"route-rules": [
{
"cidr-block": "0.0.0.0/0",
"description": null,
"destination": "0.0.0.0/0",
"destination-type": "CIDR_BLOCK",
"network-entity-id": "ocid1.internetgateway.oc1.还有这一串"
}
],
"time-created": "2020-07-31T04:52:52.219000+00:00",
"vcn-id": "ocid1.vcn.oc1.**mask**"
}
]
}把 IPv6 路由加进去(会覆盖原有,所以 IPv4 也要重新添加):
root@oc-in:~# oci network route-table update --rt-id [route-table-id] --route-rules '[{"destination":"0.0.0.0/0","networkEntityId":"[networkEntityId]"},{"destination":"::/0","networkEntityId":"[networkEntityId]"}]'
WARNING: Updates to defined-tags and freeform-tags and route-rules will replace any existing values. Are you sure you want to continue? [y/N]: y
{
"data": {
"compartment-id": "ocid1.tenancy.oc1..**mask**",
"defined-tags": {
"Oracle-Tags": {
"CreatedBy": "**mask**",
"CreatedOn": "2020-07-31T04:52:52.216Z"
}
},
"display-name": "Default Route Table for vcn-20200731-1249",
"freeform-tags": {},
"id": "ocid1.routetable.oc1.**mask**",
"lifecycle-state": "AVAILABLE",
"route-rules": [
{
"cidr-block": null,
"description": null,
"destination": "0.0.0.0/0",
"destination-type": "CIDR_BLOCK",
"network-entity-id": "ocid1.internetgateway.**mask**"
},
{
"cidr-block": null,
"description": null,
"destination": "::/0",
"destination-type": "CIDR_BLOCK",
"network-entity-id": "ocid1.internetgateway.oc1.**mask**"
}
],
"time-created": "2020-07-31T04:52:52.219000+00:00",
"vcn-id": "ocid1.vcn.oc1.**mask**"
},
"etag": "79156d3"
}上面 json 中的规则表示所有流量都通过 Internet 网关传输。
更新安全列表
把分配 IPv6 记录的 default-security-list-id 拿出来用,或者重新查询一下生效中的安全列表:
root@oc-in:~# oci network security-list list --compartment-id [compartment-id]
{
"data": [
{
"compartment-id": "ocid1.tenancy.oc1..**mask**",
"defined-tags": {
"Oracle-Tags": {
"CreatedBy": "**mask**",
"CreatedOn": "2020-07-31T04:52:52.216Z"
}
},
"display-name": "Default Security List for vcn-20200731-1249",
"egress-security-rules": [
{
"description": null,
"destination": "0.0.0.0/0",
"destination-type": "CIDR_BLOCK",
"icmp-options": null,
"is-stateless": false,
"protocol": "all",
"tcp-options": null,
"udp-options": null
}
],
"freeform-tags": {},
"id": "ocid1.securitylist.oc1 就是这串",
"ingress-security-rules": [
{
"description": null,
"icmp-options": null,
"is-stateless": false,
"protocol": "all",
"source": "0.0.0.0/0",
"source-type": "CIDR_BLOCK",
"tcp-options": null,
"udp-options": null
},
{
"description": null,
"icmp-options": {
"code": 4,
"type": 3
},
"is-stateless": false,
"protocol": "1",
"source": "0.0.0.0/0",
"source-type": "CIDR_BLOCK",
"tcp-options": null,
"udp-options": null
},
{
"description": null,
"icmp-options": {
"code": null,
"type": 3
},
"is-stateless": false,
"protocol": "1",
"source": "10.0.0.0/16",
"source-type": "CIDR_BLOCK",
"tcp-options": null,
"udp-options": null
}
],
"lifecycle-state": "AVAILABLE",
"time-created": "2020-07-31T04:52:52.219000+00:00",
"vcn-id": "ocid1.vcn.oc1.**mask**"
}
]
}可能查询出来会很多内容,都不管,找到 id 就行,然后更新规则:
root@oc-in:~# oci network security-list update --security-list-id [security-list-id] --egress-security-rules '[{"destination": "0.0.0.0/0","protocol": "all"},{"destination": "::/0","protocol": "all"}]' --ingress-security-rules '[{"source": "0.0.0.0/0","protocol": "all"},{"source": "::/0","protocol": "all"}]'
WARNING: Updates to defined-tags and egress-security-rules and freeform-tags and ingress-security-rules will replace any existing values. Are you sure you want to continue? [y/N]: y
{
"data": {
"compartment-id": "ocid1.tenancy.oc1..**mask**",
"defined-tags": {
"Oracle-Tags": {
"CreatedBy": "**mask**",
"CreatedOn": "2020-07-31T04:52:52.216Z"
}
},
"display-name": "Default Security List for vcn-20200731-1249",
"egress-security-rules": [
{
"description": null,
"destination": "0.0.0.0/0",
"destination-type": "CIDR_BLOCK",
"icmp-options": null,
"is-stateless": false,
"protocol": "all",
"tcp-options": null,
"udp-options": null
},
{
"description": null,
"destination": "::/0",
"destination-type": "CIDR_BLOCK",
"icmp-options": null,
"is-stateless": false,
"protocol": "all",
"tcp-options": null,
"udp-options": null
}
],
"freeform-tags": {},
"id": "ocid1.securitylist.oc1.**mask**",
"ingress-security-rules": [
{
"description": null,
"icmp-options": null,
"is-stateless": false,
"protocol": "all",
"source": "0.0.0.0/0",
"source-type": "CIDR_BLOCK",
"tcp-options": null,
"udp-options": null
},
{
"description": null,
"icmp-options": null,
"is-stateless": false,
"protocol": "all",
"source": "::/0",
"source-type": "CIDR_BLOCK",
"tcp-options": null,
"udp-options": null
}
],
"lifecycle-state": "AVAILABLE",
"time-created": "2020-07-31T04:52:52.219000+00:00",
"vcn-id": "ocid1.vcn.oc1.**mask**"
},
"etag": "9d16d5a7"
}
上面 json 中的规则表示所有进站流量、所有出站流量都放行。
测试 IPv6
至此,所有操作均已完成,正常情况下,实例应该已自动获取到 IPv6 地址,查看下:
root@oc-in:~# ifconfig
ens3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9000
inet 10.0.0.2 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 就是这串 prefixlen 128 scopeid 0x0<global>
inet6 fe80::17ff:fe00:7ea2 prefixlen 64 scopeid 0x20<link>
ether 02:00:17:00:7e:a2 txqueuelen 1000 (Ethernet)
RX packets 92820018 bytes 11994337983 (11.9 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 138715227 bytes 15562906623 (15.5 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 130611886 bytes 13405900832 (13.4 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 130611886 bytes 13405900832 (13.4 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
测试一下到 Google 的延迟:
root@oc-in:~# ping google.com -6 -c 5
PING google.com(maa03s34-in-x0e.1e100.net (2404:6800:4007:806::200e)) 56 data bytes
64 bytes from maa03s34-in-x0e.1e100.net (2404:6800:4007:806::200e): icmp_seq=1 ttl=119 time=14.6 ms
64 bytes from maa03s34-in-x0e.1e100.net (2404:6800:4007:806::200e): icmp_seq=2 ttl=119 time=14.6 ms
64 bytes from maa03s34-in-x0e.1e100.net (2404:6800:4007:806::200e): icmp_seq=3 ttl=119 time=14.7 ms
64 bytes from maa03s34-in-x0e.1e100.net (2404:6800:4007:806::200e): icmp_seq=4 ttl=119 time=14.6 ms
64 bytes from maa03s34-in-x0e.1e100.net (2404:6800:4007:806::200e): icmp_seq=5 ttl=119 time=14.6 ms
--- google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 14.617/14.663/14.710/0.031 ms
可以看到已经 IPv6 已经通了,延迟也还行。
Mac OS X 10_15_6Safari 605.1.15来自 福建 的大神
评论后弹出登录框?
Windows 10Chrome 98.0.4758.102来自 福建 的大神
评论后弹出登录框?