When it comes to Global Unicast addresses things become more complicated. In IPv4 there are 2 ways to set up interface configuration (manual and DHCP), while in IPv6 there are 3:
– Manual
– Stateless Address Auto-Configuration (SLAAC)
– – SLAAC (plain)
– – SLAAC with Recursive DNS Server (RDNSS) or Router Advertisement Options for DNS Configuration (RFC 6106)
– – SLAAC with Stateless DHCPv6
– Stateful
– – Stateful DHCPv6 – provides IP address assignment
Before we go deeper in Global Unicast address (GUA) assignment, we need to have good understating of the purpose of Router Advertisement (RA) message. It was briefly reviewed in previous part of this series – IPv6. Part 2. Neighbor Discovery Protocol and link-local addresses
Let’s review what need to be configured on host in order to be able to communicate in routed network:
– IP address
– Default gateway
– (optional) DNS
– (optional) Other options, like domain name
In my guess, main idea of SLAAC is to provide minimum necessary information, such as IP address and Default gateway. This information can be provided via Neighbor Discovery Protocol by using ICMPv6 RA message. Later the DNS option was added to RA message (RFC 6106).
The other options provided via DHCPv6 server.
By default, RA messages are periodically sent out each configured interface of an IPv6 router. Periodical RA messages are sent to the all-nodes multicast address (FF02::1). RAs are also sent in response to router solicitation (RS) messages. When an RA is sent in response to a RS, the destination address in the RA message is the unicast address of the source of the router solicitation message. If it is needed you can disable sending of RA messages on individual interfaces by using the ipv6 nd ra suppress command.
For understating GUA assignment we will review following information from RA message:
– Default router information
– Autoconfiguration options (M and O flags)
– (optional) One or more onlink IPv6 prefixes and its options (A and L flags)
– Additional information, such as hop limit and MTU
Default router information
“Router Lifetime” field indicates whether the router should be used as a default router or not. If this value is set to 0 then this router is not a default router and SHOULD NOT appear on the default router list.
SLAAC (plain)
For SLAAC to work properly, the advertised prefix length must be /64.
Before enabling IPv6 on interface let’s enable ND and ICMPv6 debug:
Router#debug ipv6 nd
ICMP Neighbor Discovery events debugging is on
Router#debug ipv6 icmp
ICMPv6 Packet debugging is on
Router#sh run int vlan 136 | i interface|ipv6
interface Vlan136
ipv6 enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int vlan 136
Router(config-if)# ipv6 address 2001:136::1/64
Router(config-if)#
IPv6-Addrmgr-ND: Received prefix PI-flag change notification: prefix 2001:136::/64 (onlink,active) state is not ready
IPv6-Addrmgr-ND: DAD request for 2001:136::1 on Vlan136
ICMPv6-ND: (Vlan136,2001:136::1) Sending DAD NS [E2765]
ICMPv6: Sent N-Solicit, Src=::, Dst=FF02::1:FF00:1
IPv6-Addrmgr-ND: DAD: 2001:136::1 is unique.
ICMPv6-ND: (Vlan136,2001:136::1) Sending NA to FF02::1
ICMPv6: Sent N-Advert, Src=2001:136::1, Dst=FF02::1A minute later there is a periodic RA:
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) send RA to FF02::1
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) Sending RA (1800) to FF02::1
ICMPv6-ND: MTU = 1500
ICMPv6-ND: prefix 2001:136::/64 [LA] 2592000/604800
ICMPv6: Sent R-Advert, Src=FE80::1EDF:FFF:FEBC:EB9A, Dst=FF02::1The value in parenthesis is “Router Lifetime” in seconds:
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) Sending RA (1800) to FF02::1So we can conclude that source address of this RA will be added to default router list of a host. By the way, Source IPv6 address of the RA message is a link-local address (LLA), this implies that next hop of a default route is a LLA.
Next what we see is the prefix and its flags – L and A:
ICMPv6-ND: prefix 2001:136::/64 [LA] 2592000/604800A-bit indicates that this prefix can be used for SLAAC
L-bit indicates that this prefix can be used for on-link determination. In English this means that prefix is reachable via L2 – no router is needed.
In my understanding there is no way to change these bits using CLI. You may want you read RFC 4943 for more information.
Result configuration for plain SLAAC:
interface Vlan136
ipv6 address 2001:136::1/64
ipv6 enableSLAAC with Recursive DNS Server (RDNSS) or Router Advertisement Options for DNS Configuration (RFC 6106)
In order to add DNS information in RA use ipv6 nd ra dns server command:
Router#sh run int vlan 136 | i interface|ipv6
interface Vlan136
ipv6 address 2001:136::1/64
ipv6 enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int vlan 136
Router(config-if)#ipv6 nd ra dns server 2001:136::1
Router(config-if)#
ICMPv6-ND: Allocate ND config on 10
ICMPv6-ND: (Vlan136) RA parameter change
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) send RA to FF02::1
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) Sending RA (1800) to FF02::1
ICMPv6-ND: MTU = 1500
ICMPv6-ND: DNS lifetime 400
ICMPv6-ND: server 2001:136::1
ICMPv6-ND: prefix 2001:136::/64 [LA] 2592000/604800
ICMPv6: Sent R-Advert, Src=FE80::1EDF:FFF:FEBC:EB9A, Dst=FF02::1But it seems that there is no support for this feature in OSs. Here is an interesting comment on this issue:
First IPv6 proposal didn’t contain RDNSS and people in IETF always argued, that putting DNS info into RA message is a layer violation (information from the application layer is inserted into a message from the network layer). Thus, the “pristine” solution, according to many people in IETF, is to use RA just for addressing and routing and DHCPv6 for everything else. (You will hear the same arguments if you asked why DHCPv6 doesn’t support prefix information for assigned address and default gateway.) These religious wars are still present and if you watch NANOG or other mailing lists, you will see it every half year. One camp would like to have feature parity, other camp wants “clean” design. (c) Windows and support for IPv6 RFC 6106 / RDNSS
Result configuration for SLAAC with Recursive DNS Server (RDNSS) or Router Advertisement Options for DNS Configuration (RFC 6106):
interface Vlan136
ipv6 address 2001:136::1/64
ipv6 enable
ipv6 nd ra dns server 2001:136::1SLAAC with Stateless DHCPv6
In order to instruct host to request other interface configuration (like DNS, etc) from DHCP following actions need to be done:
1) configure DHCPv6 pool:
ipv6 dhcp pool 2001:136::1
dns-server 2001:136::1
domain-name yurmagccie.local2) Set the O-flag in RA message by using ipv6 nd other-config-flag command and DHCP server mapping:
Router#sh run int vlan 136 | i interface|ipv6
interface Vlan136
ipv6 address 2001:136::1/64
ipv6 enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int vlan 136
Router(config-if)#ipv6 dhcp server 2001:136::1
Router(config-if)#ipv6 nd other-config-flag
Router(config-if)#
ICMPv6-ND: Allocate ND config on 10
ICMPv6-ND: (Vlan136) RA parameter change
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) send RA to FF02::1
ICMPv6-ND: Other stateful
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) Sending RA (1800/O) to FF02::1
ICMPv6-ND: MTU = 1500
ICMPv6-ND: prefix 2001:136::/64 [LA] 2592000/604800
ICMPv6: Sent R-Advert, Src=FE80::1EDF:FFF:FEBC:EB9A, Dst=FF02::1I have not managed to configure Windows for SLAAC with DHCPv6, so another problem is to configure host’s side.
Result configuration for SLAAC with Stateless DHCPv6:
ipv6 dhcp pool 2001:136::1
dns-server 2001:136::1
domain-name yurmagccie.local
!
interface Vlan136
ipv6 address 2001:136::1/64
ipv6 enable
ipv6 nd other-config-flag
ipv6 dhcp server 2001:136::1Stateful DHCPv6
In order to instruct host to request all IPv6 related information following actions need to be done:
1) configure DHCPv6 pool:
ipv6 dhcp pool 2001:136::1
address prefix 2001:136::/64
dns-server 2001:136::1
domain-name yurmagccie.local2) disable prefix advertisement in RA using ipv6 nd prefix default no-advertise or ipv6 nd prefix 2001:136::/64 no-advertise:
Router#sh run int vlan 136 | i interface|ipv6
interface Vlan136
ipv6 address 2001:136::1/64
ipv6 enable
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#int vlan 136
Router(config-if)#ipv6 nd prefix default no-advertise
Router(config-if)#
ICMPv6-ND: (Vlan136) RA parameter change
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) send RA to FF02::1
ICMPv6-ND: Other stateful
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) Sending RA (1800) to FF02::1
ICMPv6-ND: MTU = 1500
ICMPv6: Sent R-Advert, Src=FE80::1EDF:FFF:FEBC:EB9A, Dst=FF02::13) Set the M-flag in RA message by using ipv6 nd managed-config-flag command and DHCP server mapping:
Router(config-if)#ipv6 dhcp server 2001:136::1
Router(config-if)#ipv6 nd managed-config-flag
Router(config-if)#
ICMPv6-ND: Allocate ND config on 10
ICMPv6-ND: (Vlan136) RA parameter change
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) Request to send RA in holddown
Router(config-if)#
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) send RA to FF02::1
ICMPv6-ND: Managed address
ICMPv6-ND: (Vlan136,FE80::1EDF:FFF:FEBC:EB9A) Sending RA (1800/M) to FF02::1
ICMPv6-ND: MTU = 1500
ICMPv6: Sent R-Advert, Src=FE80::1EDF:FFF:FEBC:EB9A, Dst=FF02::1In most documents I have seen there is a recommendation to set the O-flag along with the M-flag , but I do not know why, because the M-flag “overrides” the O-flag. I have checked configuration with only M-flag and it works, at least on CentOS.
Result configuration for Stateful DHCPv6:
ipv6 dhcp pool 2001:136::1
address prefix 2001:136::/64
dns-server 2001:136::1
domain-name yurmagccie.local
!
interface Vlan136
ipv6 address 2001:136::1/64
ipv6 enable
ipv6 nd prefix default no-advertise
ipv6 nd managed-config-flag
ipv6 dhcp server 2001:136::1
Cisco networking 