Last active
August 29, 2015 14:24
-
-
Save glyn/1e8f4ba771d8b8b42e9b to your computer and use it in GitHub Desktop.
ipv6 experiments
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Ensure garden-linux is booted with -allowHostAccess=true (and a reasonable grace time like 500m). | |
| ============================================================================================================= | |
| IPv4 experiment | |
| Start a netcat server: | |
| nc -l <host IP> 5000 | |
| Create a privileged container: | |
| curl -H "Content-Type: application/json" -XPOST http://127.0.0.1:7777/containers -d '{"rootfs":"docker:///ubuntu","privileged":true}' | |
| Enter the container: | |
| cd /var/vcap/data/garden/depot/<handle> | |
| sudo ./bin/wsh -user=root | |
| Connect to the server: | |
| echo hello | nc -w 1 <host IP> 5000 | |
| The same works if the container's bridge IP is substituted for the host IP. | |
| ============================================================================================================= | |
| IPv6 experiment using bridge IP address | |
| Create a privileged container: | |
| curl -H "Content-Type: application/json" -XPOST http://127.0.0.1:7777/containers -d '{"rootfs":"docker:///ubuntu","privileged":true}' | |
| Use ifconfig to find bridge device name (<bridge>) | |
| Assign ipv6 address to bridge: | |
| sudo ip -6 addr add 2001:4860:4860::8890/64 dev <bridge> | |
| Start a netcat server: | |
| nc -6 -l 2001:4860:4860::8890 5000 | |
| Configure ip6tables: | |
| cd /home/vagrant/go/src | |
| sudo ./setup6.sh | |
| Enter the container: | |
| cd /var/vcap/data/garden/depot/<handle> | |
| sudo ./bin/wsh -user=root | |
| Inside the container: | |
| Get the virtual ethernet device (<device>) in the container using ifconfig. | |
| ip -6 addr add 2001:4860:4860::8889/64 dev <device> | |
| Connect to the server: | |
| echo hello | nc -w 1 -6 2001:4860:4860::8890 5000 | |
| The server should print "hello". | |
| ================================================================================================================ | |
| IPv6 expirment with IP on host ethernet card interface | |
| As above with the following differences... | |
| Assign ipv6 address to network interface (on Linux vagrant box, disconnected from ipv6 internet): | |
| sudo ip -6 addr add 3001:4860:4860::8888/64 dev eth0 | |
| Start a netcat server: | |
| nc -6 -l 3001:4860:4860::8888 5000 | |
| Inside the container: | |
| Add a default route | |
| ip -6 route add default via 2001:4860:4860::8890 | |
| Connect to the server: | |
| echo hello | nc -w 1 -6 3001:4860:4860::8888 5000 | |
| ================================================================================ | |
| Other notes | |
| Suitable IPv6 IP addresses for experimentation when disconnected from IPv6 network are Google's: | |
| https://groups.google.com/forum/#!topic/public-dns-announce/yCg-9A23L3g | |
| Sniff traffic: | |
| tcpdump -i <bridge> -vv ip6 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment