Ndp protocol.
IPv6 dynamic address assignment depends on Neighbor Discovery Protocol (NDP). NDP acts at the data link layer and is responsible for discovering other nodes and corresponding IPv6 addresses on the link and determining available routes and maintaining information reachability to other active nodes. It provides the IPv6 network with the equivalent of the Address Resolution Protocol (ARP) and ICMP router discovery and redirection protocols in IPv4 networks. However, NDP adds many improvements and new features. NDP defines five ICMPv6 message types:
The first two message types here, RS and RA, are the keys to implementing dynamic IPv6 address assignment. The host sends an RS message to the multicast address ff02::2 of all routers in the local network segment to request routing information. When the router receives the RS from the network node, it sends an immediate RA in response. The message format of the RA is as follows
2 3 4 5 6 7 8 9 10 11 12 13 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Cur Hop Limit |M|O| Reserved | Router Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reachable Time | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Retrans Timer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options ... +-+-+-+-+-+-+-+-+-+-+-+- |
It defines two special bits, M and O, with the following meaning:
The RA message ends with the Options section, which originally had three possible options: Source Link-Layer Address, MTU, and Prefix Information. Later, RFC 8106 (which replaced RFC 6106) added the Recursive DNS Server (RDNSS) and DNS Search List (DNSSL) options. The Prefix Information option directly provide hosts with on-link prefixes and prefixes for Address Autoconfiguration, and it has the following format
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Length | Prefix Length |L|A| Reserved1 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Valid Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Preferred Lifetime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Reserved2 | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | + + | | + Prefix + | | + + | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
Here the Prefix Length and the Prefix jointly determine the network prefix of the IPv6 address. In addition, the Prefix Information option also defines two special bits, L and A:
Similar to the IPv4 subnet mask feature, the purpose of the "on-link" determination is to allow the host to determine which networks an interface can access. By default, the host only considers the network where the link-local address is located as "on-link". If the "on-link" status of a destination address cannot be determined, the host forwards the IPv6 datagram to the default gateway (or default router) by default. When the host receives an RA message, if the "on-link" flag for a prefix information option is set to 1 and the Valid Lifetime is also a non-zero value, the host creates a new prefix network entry for it in the prefix list. All unexpired prefix network entries are "on-link".
After understanding the NDP protocol and the information conveyed by the RA messages, let's see how they guide the network nodes to achieve dynamic address assignment.
Routers in the network periodically send RA messages to the multicast addresses (ff02::1) of all nodes in the local subnet. However, to avoid latency, the host sends one or more RS messages to all routers in the local subnet as soon as it has finished booting. The protocol requires the routers to respond to the RA messages within 0.5 seconds. Then, based on the values of the M/O/A bits in the received RA messages, the host decides how to dynamically configure the unique local and global unicast addresses of the interface and how to obtain other configuration information. With certain combinations of bit fetch values, the host needs to run DHCPv6 client software to connect to the server to obtain address assignment and/or other configuration information. The entire process is shown in the following message sequence diagram.
Note: Unlike the IPv4 DHCP protocol, DHCPv6 clients use UDP port 546 and servers use UDP port 547.
Next explain in detail three dynamic allocation schemes determined by the combination of the M/O/A-bit values:
Stateful dhcpv6.
SLAAC is the simplest automatic IPv6 address assignment scheme and does not require any server. It works by sending an RS message request after the host starts up and the router sends back RA messages to all nodes in the local network segment. If the RA message contains the following configuration
Then the host receives this RA message and performs the following operations to implement SLAAC:
This way, the host gets one or more IPv6 unique local addresses or global unicast addresses, plus the default gateway and domain name service information to complete various Internet connections.
The following is an example of the SLAAC configuration on a Cisco Catalyst 9300 Multilayer Access Switch:
2 3 4 5 6 | interface Vlan10 ipv6 enable ipv6 address 2001:ABCD:1000::1/64 ipv6 nd ra dns server 2001:4860:4860::8888 infinite ipv6 nd ra dns search-list example.com |
The Layer 3 interface of the Cisco Multilayer Switch provides routing functionality. As you can see, when IPv6 is activated on the Layer 3 interface in VLAN 10, its default address auto-assignment scheme is SLAAC. the control bits of RA messages from this interface are all set according to the SLAAC scheme, and the network prefixes for each IPv6 address it configures are automatically added to the RA prefix information options list. Of course, the network administrator can also exclude certain network prefixes with a separate interface configuration command. The last two lines of the example configuration command specify RDNSS and DNSSL, which are also added to the RA message options.
If a host connects to a port in VLAN 10, it immediately gets a global unicast address with the network prefix of 2001:ABCD:1000::/64, and its default gateway address is set to 2001:ABCD:1000::1. Open a browser and enter a URL, and it will send a message to the specified domain name server 2001:4860:4860::8888 (Google's public name server address) to obtain the IPv6 address of the destination URL to establish a connection.
SLAAC automatic address assignment is fast and easy, providing a plug-and-play IPv6 deployment solution for small and medium-sized network deployments. However, if a network node needs access to additional configuration information, such as NTP/SNTP server, TFTP server, and SIP server addresses, or if its functionality relies on certain Vendor-specific Information Options, it must choose SLAAC + stateless DHCPv6 scheme.
This scenario still uses SLAAC automatic address assignment, but the router instructs the host to connect to a DHCPv6 server for additional configuration information. At this point, the RA message sent back by the router has
After receiving this RA message, the host performs the following actions:
As you can see, SLAAC + stateless DHCPv6 is not different from SLAAC in terms of address assignment. DHCPv6 only provides additional configuration information and does not assign IPv6 addresses. So the DHCPv6 server does not track the address assignment status of network nodes, which is what "stateless" means.
The corresponding configuration commands on the Catalyst 9300 switch are as follows.
2 3 4 5 6 7 8 9 10 11 | ipv6 dhcp pool vlan-10-clients dns-server 2001:4860:4860::8888 domain-name example.com sntp address 2001:DB8:2000:2000::33 interface Vlan10 ipv6 enable ipv6 address 2001:ABCD:1000::1/64 ipv6 nd other-config-flag ipv6 dhcp server vlan-10-clients # ipv6 dhcp relay destination 2001:9:6:40::1 |
The difference with the SLAAC example is that the VLAN 10 interface configuration command ipv6 nd other-config-flag explicitly specifies to set the O-bit of the RA message. Its next command, ipv6 dhcp server vlan-10-clients , activates the DHCPv6 server response feature of the interface, corresponding to the server's pool name of vlan-10-clients . The DHCPv6 server is configured above the interface configuration, starting at ipv6 dhcp pool vlan-10-clients , and contains the DNS server address, DNS domain name, and SNTP server address.
If you are using a separate DHCPv6 server located on a network segment, you can remove the ipv6 dhcp server command and enable the ipv6 dhcp relay destination command on the next line of the example to specify the address to forward DHCPv6 requests to the external server.
Many large enterprises use DHCP to manage the IPv4 addresses of their devices, so deploying DHCPv6 to centrally assign and manage IPv6 addresses is a natural preference. This is where Stateful DHCPv6 comes into play. This scenario also requires RA messages sent by the router but does not rely solely on network prefixes for automatic address assignment. The control bits of the RA messages are configured to
Upon receiving this RA message, the host performs the following actions:
An example of the Stateful DHCPv6 configuration command on a Catalyst 9300 switch is as follows.
2 3 4 5 6 7 8 9 10 11 12 | ipv6 dhcp pool vlan-10-clients address prefix FD09:9:5:90::/64 address prefix 2001:9:5:90::/64 dns-server 2001:9:5:90::115 domain-name test.com interface Vlan10 ipv6 enable ipv6 address 2001:ABCD:1:1::1/64 ipv6 nd prefix 2001:ABCD:1:1::/64 no-advertise ipv6 nd managed-config-flag ipv6 dhcp server vlan-10-clients |
Compared to SLAAC + Stateless DHCPv6 , the interface configuration here removes the ipv6 nd other-config-flag and replaces it with the ipv6 nd managed-config-flag command. This corresponds to setting the M-bit of the RA message header. The DHCPv6 server configuration adds two address prefix commands to set the network prefix. Also, the ipv6 nd prefix 2001:ABCD:1:1::/64 no-advertise configured for the interface specifies that the router does not include the 2001:ABCD:1:1::/64 prefix information option into the RA. So, this example host interface will not generate SLAAC addresses, but only two addresses from DHPCv6: a unique local address with the network prefix FD09:9:5:90::/64, and a global unicast address with the network prefix 2001:9:5:90::/64. The interface identifier for each of these two addresses is also specified by DHPCv6.
How to distinguish the source of dynamically assigned addresses for host interfaces? The method is simple. One thing to remember is that DHPCv6 does not send the network prefix length to the requestor, so the network prefix length of the addresses received from DHPCv6 is 128, while the network prefix length of the addresses generated by SLAAC will not be 128. See the following example of the wired0 interface on a Linux host:
2 3 4 5 6 7 8 9 10 | wired0 Link encap:Ethernet HWaddr A0:EC:F9:6C:D9:30 inet6 addr: 2001:20::53c7:1364:a4d8:fd91/128 Scope:Global inet6 addr: 2001:20::a2ec:f9ff:fe6c:d930/64 Scope:Global inet6 addr: fe80::a2ec:f9ff:fe6c:d930/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:510 errors:0 dropped:0 overruns:0 frame:0 TX packets:1213 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:93670 (91.4 KiB) TX bytes:271979 (265.6 KiB) |
We can immediately determine that the interface is using Stateful DHCPv6 address assignment, but also generates the SLAAC address with the same network prefix 2001:20::/64 received.
Note: DHPCv6 server also does not provide any IPv6 default gateway information. The host needs to be informed of the dynamic default gateway from the RA message.
The following table shows the control bit combinations of RA messages concerning different address allocation and other configuration acquisition methods.
M-bit | O-bit | A-bit | Host Address | Other Configuration |
---|---|---|---|---|
0 | 0 | 0 | Static Settings | Manual Configuration |
0 | 0 | 1 | Prefix specified by RA, automatically generated | manually configured |
0 | 1 | 0 | Static Settings | DHCPv6 |
0 | 1 | 1 | Prefix specified by RA, automatically generated | DHCPv6 |
1 | 0 | 0 | Stateful DHCPv6 | DHCPv6 |
1 | 0 | 1 | Stateful DHCPv6 and/or automatically generated | DHCPv6 |
1 | 1 | 0 | Stateful DHCPv6 | DHCPv6 |
1 | 1 | 1 | Stateful DHCPv6 and/or automatically generated | DHCPv6 |
Summarize three dynamic allocation schemes:
Allocation Scheme | Features | Appiccation Scenarios |
---|---|---|
SLAAC | Simple and practical, fast deployment | SMB, Consumer Product Networking, Internet of Things (IoT) |
SLAAC + Stateless DHCPv6 | Auto Configuration, Extended Services | SMBs need additional network services |
Stateful DHCPv6 | Centralized management and control | Large enterprises, institutions, and campus networks |
Note: Since IPv6 network interfaces can have multiple addresses (a link-local address, plus one or more unique local addresses and/or global unicast addresses), it becomes important how the source address is selected when establishing an external connection. RFC 6724 gives detailed IPv6 source address selection rules. In the development of embedded systems, the control plane and the data plane connected to the same remote device are often implemented by different functional components. For example, the control plane directly calls a Linux userspace socket to establish the connection, and the IPv6 source address used for the connection is selected by the TCP/IP stack, while the data plane directly implements data encapsulation processing and transmission in kernel space. In this case, the IPv6 source address selected by the control plane has to be synchronized to the data plane in time, otherwise, the user data might not be delivered to the same destination.
The common IPv6 dynamic address assignment debugging and troubleshooting commands on Cisco routers and switches are listed in the following table.
Command | Description |
---|---|
Displays a short summary of IPv6 status and configuration for each interface | |
Displays IPv6 and NDP usability status information for single interface | |
Displays IPv6 network prefix information for single interface | |
Display DHCPv6 configuration pool information | |
Displays all automatic client bindings from the DHCPv6 server binding table | |
Display DHCPv6 interface information | |
Debug IPv6 NDP protocol | |
Debug DHCPv6 server |
The following console NDP protocol debug log shows that the router received an RS message from host FE80::5850:6D61:1FB:EF3A and responded with an RA message to the multicast address FF02::1 of all nodes in this network:
2 3 4 5 6 7 8 | ICMP Neighbor Discovery events debugging is on Router# show logging | include RS ICMPv6-ND: Received RS on GigabitEthernet0/0/0 from FE80::5850:6D61:1FB:EF3A Router# show logging | include RA ICMPv6-ND: Sending solicited RA on GigabitEthernet0/0/0 ICMPv6-ND: Request to send RA for FE80::C801:EFFF:FE5A:8 ICMPv6-ND: Setup RA from FE80::C801:EFFF:FE5A:8 to FF02::1 on GigabitEthernet0/0/0 |
And the next log shows an example of Stateless DHCPv6 observed after entering the debug ipv6 dhcp debug command. Host FE80::5850:6D61:1FB:EF3A sends an INFORMATION-REQUEST message to the DHCPv6 server, which selects the source address FE80::C801:B9FF:FEF0:8 and sends a response message.
2 3 4 5 6 7 8 | IPv6 DHCP debugging is on IPv6 DHCP: Received INFORMATION-REQUEST from FE80::5850:6D61:1FB:EF3A on FastEthernet0/0 IPv6 DHCP: Option VENDOR-CLASS(16) is not processed IPv6 DHCP: Using interface pool LAN_POOL IPv6 DHCP: Source Address from SAS FE80::C801:B9FF:FEF0:8 IPv6 DHCP: Sending REPLY to FE80::5850:6D61:1FB:EF3A on FastEthernet0/0 |
The following debug log of Stateful DHCPv6 shows the complete process of two message exchanges (SOLICIT/ADVERTISE, REQUEST/REPLY) on lines 1, 15, 16, and 26.
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | IPv6 DHCP: Option UNKNOWN(39) is not processed IPv6 DHCP: Option VENDOR-CLASS(16) is not processed IPv6 DHCP: Using interface pool LAN_POOL IPv6 DHCP: Creating binding for FE80::5850:6D61:1FB:EF3A in pool LAN_POOL IPv6 DHCP: Binding for IA_NA 0E000C29 not found IPv6 DHCP: Allocating IA_NA 0E000C29 in binding for FE80::5850:6D61:1FB:EF3A IPv6 DHCP: Looking up pool 2001:ABCD::/64 entry with username '000100011F3E8772000C29806CCC0E000C29' IPv6 DHCP: Poolentry for the user not found IPv6 DHCP: Allocated new address 2001:ABCD::D9F7:61C:D803:DCF1 IPv6 DHCP: Allocating address 2001:ABCD::D9F7:61C:D803:DCF1 in binding for FE80::5850:6D61:1FB:EF3A, IAID 0E000C29 IPv6 DHCP: Updating binding address entry for address 2001:ABCD::D9F7:61C:D803:DCF1 IPv6 DHCP: Setting timer on 2001:ABCD::D9F7:61C:D803:DCF1 for 60 seconds IPv6 DHCP: Source Address from SAS FE80::C801:B9FF:FEF0:8 IPv6 DHCP: Sending ADVERTISE to FE80::5850:6D61:1FB:EF3A on FastEthernet0/0 IPv6 DHCP: Received REQUEST from FE80::5850:6D61:1FB:EF3A on FastEthernet0/0 IPv6 DHCP: Option UNKNOWN(39) is not processed IPv6 DHCP: Option VENDOR-CLASS(16) is not processed IPv6 DHCP: Using interface pool LAN_POOL IPv6 DHCP: Looking up pool 2001:ABCD::/64 entry with username '000100011F3E8772000C29806CCC0E000C29' IPv6 DHCP: Poolentry for user found IPv6 DHCP: Found address 2001:ABCD::D9F7:61C:D803:DCF1 in binding for FE80::5850:6D61:1FB:EF3A, IAID 0E000C29 IPv6 DHCP: Updating binding address entry for address 2001:ABCD::D9F7:61C:D803:DCF1 IPv6 DHCP: Setting timer on 2001:ABCD::D9F7:61C:D803:DCF1 for 172800 seconds IPv6 DHCP: Source Address from SAS FE80::C801:B9FF:FEF0:8 IPv6 DHCP: Sending REPLY to FE80::5850:6D61:1FB:EF3A on FastEthernet0/0 |
For complex cases where it is difficult to identify whether the problem is with the host, router, or DHCPv6 server, we recommend using the free open-source network packet analysis software Wireshark to capture packets of the entire process for analysis. While analyzing packets with Wireshark, you can apply the keyword filtering function.
Filter String | Only Show |
---|---|
icmpv6.type=133 | ICMPv6 RS |
icmpv6.nd.ra.flag | ICMPv6 RA |
dhcpv6 | DHCPv6 packets |
We can either run Wireshark directly on the host side, or we can use the Switched Port Analyzer (SPAN) provided with the switch. Running on the network side, SPAN can collectively redirect packets from a given port to the monitor port running Wireshark for capturing. Cisco Catalyst 9300 Series switches also directly integrate with Wireshark software to intercept and analyze filtered packets online, making it very easy to use.
Sample packet capture files for three allocation scheme are available here for download and study: slaac.pcap , stateless-dhcpv6.pcap , stateful-dhcpv6.pcap
Accurate and effective testing of IPv6 products is key to ensuring high interoperability, security, and reliability of IPv6 infrastructure deployments. The IPv6 Ready logo is an IPv6 testing and certification program created by the IPv6 Forum . Its goals are to define IPv6 conformance and interoperability test specifications, provide a self-testing toolset, establish Global IPv6 Test Centers and provide product validation services, and finally, issue IPv6 Ready logo.
In May 2020, IPv6 Ready Logo Program published new version 5.0 test specifications :
Along with these two new test specifications, the project team also affirmed two permanent changes:
Not surprisingly, the new version 5.0 core protocols test specification has a section dedicated to defining SLAAC test cases to validate this core IPv6 protocol.
In the list below, the RFCs shown in bold are directly covered by the IPv6 Ready Version 5.0 Core Protocol Test Specification:
4sysops - The online community for SysAdmins and DevOps
Stateless mode and stateful mode of a windows 2008 r2 dhcp server, how to change a dhcpv6 server from stateless to stateful mode.
When I first installed a DHCPv6 server on Window Server 2008 R2, my clients (Vista and Windows 7) were unable to receive IP addresses. Thus, I started googling to find out what went wrong. I found quite a few official and unofficial resources with promising advice. In the end, it turned out that most of those resources were either outdated or simply provided wrong information. In my last post about DHCPv6 server installation , I mentioned the wrong advice regarding client settings.
However, the most prominent confusion about setting up DHCPv6 on Windows Server 2008 R2 is the difference between stateless and stateful autoconfiguration. I briefly discussed the difference already in my article about the IPv6 features. With stateless autoconfiguration of IPv6 addresses, a host uses the IPv6 prefix (the subnet address) advertised by a router on the link (subnet) to generate an IPv6 address.
Clients can use the MAC address of their network interface to determine the interface identifier. The interface identifier is the last 64 bits of an IPv6 address. If you are interested in how this interface identifier generation works in stateless autoconfiguration, I recommend this explanation .
Much of the confusion on the web stems from the fact that when you install the DHCP role on a Window 2008 or R2 server, you have to choose whether you " Enable DHCPv6 stateless mode for this server " or " Disable DHCPv6 stateless mode for this server " (see screenshots). Since disabling stateless mode seems to imply that you enable stateful mode, many recommend that you re-install your DHCP server and make sure that your DHCP server is in stateful mode because only then will it issue IPv6 addresses to DHCPv6 clients.
This claim is wrong. As to my tests, this setting makes no difference with regard to automatic IPv6 address assignment through a Windows DHCPv6 server. The only difference between those two options is that if you choose to enable stateless mode, the installation wizard will ask for a Parent Domain and an IPv6 DNS Server. The reason for this is that, with stateless autoconfiguration, clients can only receive the IPv6 prefix from a router to derive the IPv6 address but no additional network settings as the DNS server.
However, a router can tell clients to obtain this configuration from a DHCPv6 server by setting the so-called M Flag to 0 and the O Flag to 1. In this scenario, the corresponding DHCP server runs in stateless mode because it won't assign IPv6 addresses to clients. But since you have no IPv6 scopes in stateless mode on the DHCP server where you could assign those options, you have to configure them during the DHCP server installation and assign them to the server. More information about the M Flag and O Flag can be found in this article .
I also often saw the question of how to change the mode of a Windows DHCPv6 server from stateless to stateful mode. Since there is no explicit setting where you could change a Windows DHCP server from stateful to stateless mode in the DHCP management console, it is often recommended to re-install the DHCP server. However, from what I have just said above, it is clear that this advice doesn't make sense.
All you have to do is to change the DHCP server from stateless to stateful mode is to add and activate an IPv6 scope and you get a stateful DHCPv6 server that is able to assign IPv6 addresses to clients.
And if you want to move a DHCP server from stateful to stateless mode, you simply have to deactivate or delete all IPv6 scopes from the server.
The parameters Parent Domain and IPv6 DNS Server, which the installation wizard asked for during the DHCP server role installation if you chose "enable stateless mode," can be added manually to the Server Options node in the DHCP management console. The stateless DHPC server can then configure clients with these settings while the IPv6 prefix has to be provided by a router.
Read All IT Administration News
Join our IT community and read articles without ads!
Do you want to write for 4sysops? We are looking for new authors.
Great Info :o)
Great document!
I noticed that you’re using a ‘special’ sample IPv6 address. Say I want to use my own site-link address; how do I generate/get such address? I know these start from FEC:: through FFF::, but how I do go about generating them?
@ Edward , please see the SixXS ULA page , or read RFC 4193 .
I didn’t understand your explaination of what stateful mode is. I am not a computer expert. I just want a simple answer to the question.
Stateful – dhcp server assigns ip addresses to clients
Stateless – clients generate addresses by assistance from a router (this is configurable)
great summarized informations
Compare Address Auto-Configuration and DHCPv6 and how the co-exist.
How to configure Windows server 2019 as stateful DHCPv6 Server?
Please enclose code in pre tags: <pre></pre>
Your email address will not be published. Required fields are marked *
Notify me of followup comments via e-mail. You can also subscribe without commenting.
Receive new post notifications
Follow 4sysops.
Please ask IT administration questions in the forums . Any other messages are welcome.
or Create an account
Create account.
Explain Like I'm Five is the best forum and archive on the internet for layperson-friendly explanations. Don't Panic!
Courses moved online and the material we were given makes this part a bit confusing.
By continuing, you agree to our User Agreement and acknowledge that you understand the Privacy Policy .
You’ve set up two-factor authentication for this account.
Create your username and password.
Reddit is anonymous, so your username is what you’ll go by here. Choose wisely—because once you get a name, you can’t change it.
Enter your email address or username and we’ll send you a link to reset your password
An email with a link to reset your password was sent to the email address associated with your account
Stateless autoconfiguration for IPv6 is like a “mini-DHCP” server for IPv6. Routers running IPv6 can give the prefix of the network and a gateway address to clients looking for an IPv6 address. IPv6 uses the NDP (Neighbor Discovery Protocol), and one of the things this protocol offers is RS (Route Solicitation and (RA) Router Advertisement messages that help an IPv6 device configure an IPv6 address automatically. Let’s take a look at a configuration example:
Besides configuring an IPv6 address, we must use the ipv6 unicast-routing command to make R2 act like a router. Remember this command since you need it for routing protocols as well.
We need to enable ipv6 address autoconfig on R1 to make sure it generates its own IPv6 address.
We can use debug ipv6 nd to watch the whole process.
593 Sign Ups in the last 30 days
Good article…
Making it a little more comprehensive will make it a lot better and one of the best learning source especially for starters.
Thanks. I’ll add some more IPv6 stuff in the feature, especially since the new CCNA exams cover much more IPv6 then the previous version.
good article. But I could not get ipv6 address from my neighbor router in gns3 ((
Did you enable the interfaces? It worked fine on a couple of 3600 routers in GNS3.
it works for me. using 7200
44 more replies! Ask a question or join the discussion by visiting our Community Forum
The debate over the pros and cons of transitioning to IPv6 continues. Recent articles have agreed that many organizations are IPv6 capable, but because of NAT (Network address translation) borrowing us time against running out of available IP addresses, and the cost associated with upgrading providers’ hardware being a deterrent, IPv6 isn’t as widely used as some experts thought it may be at this time. In any case, it still seems safe to say that IPv6 is an inevitability.
One aspect of IPv6 that seems intriguing is the stateless auto-configuration. IPv6 stateless auto-configuration is a quick-and-easy, plug-and-play method of having a host join an existing IPv6 network. Stateless auto-configuration process consists of the following:
The IPv6 host generates a link-local address for its interface. A link-local address is formed by taking the well-known link-local prefix of fe80:: and appending an interface identifier . The interface identifier is derived from the host’s MAC address. This link-local address is used solely on the host’s segment and is not routable. An example of a link-local address – fe80::21b:63ff:feab:e6a6 where 21b:63ff:feab:e6a6 was derived from the host’s MAC address using the EUI-64 interface id assignment.
The link-local address is created so the host can use it to send a Router solicitation message to the all-routers multicast group on its local segment, requesting a router inform the host on what network (prefix) it resides.
In response to its Router solicitation request, the host receives a Router Advertisement (RA) containing the prefix. The host creates its IPv6 address by appending its interface identifier to the prefix . An example of a host’s IPv6 address – 2001:DB8::212:7FFF:FEEB:6B40 where 212:7FFF:FEEB:6B40 was derived from the host’s MAC address using the EUI-64 interface id assignment.
Stateless auto-configuration is not a replacement for DHCP (Dynamic Host Configuration Protocol). DHCPv6 will still be used when hosts require addresses for NTP servers, TFTP servers, and other common options. DHCPv6 also offers the audit, tracking and management capabilities if more control of address assignment is required.
To learn more about Cisco training, visit https://go.skyline-ats.com/ciscotraining
Tony DeSimone is a Senior Content Engineer at Skyline ATS with a unique combination of 17 years of certified IT instructor experience coupled with hands-on network administration, course development, and a business background with a degree in management information systems.
Video: what’s the difference between lan, man and wan, related posts, use python pygal to visualize network snmp data, what nbar is and how to use it, how to troubleshoot a network connectivity issue, video: cisco exam taking tips 101, what you need to know about the comptia..., what is static routing and what do we..., top 5 ways to use gre tunneling, breaking down the cisco devnet associate exam: network..., finding the best way to learn about networking, how to run flask in containers.
Stack Exchange network consists of 183 Q&A communities including Stack Overflow , the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
On macOS, I can rely on IN6_IFF_AUTOCONF (SLAAC) and IN6_IFF_DYNAMIC (DHCPv6). https://opensource.apple.com/source/xnu/xnu-4570.41.2/bsd/netinet6/in6_var.h.auto.html
On Windows, I have NL_PREFIX_ORIGIN and NL_SUFFIX_ORIGIN fields.
How can I know which configuration method (stateful/stateless) produced a particular IPv6 address on Linux? I didn't find any useful flags in ifa_flags field.
For stateless, use the command: ip addr show dynamic
For stateful, use the command: ip addr show permanent
Quoting the ip-address man page:
Not the answer you're looking for browse other questions tagged linux networking ipv6 ..
Find centralized, trusted content and collaborate around the technologies you use most.
Q&A for work
Connect and share knowledge within a single location that is structured and easy to search.
Get early access and see previews of new features.
I have just started working with IPv6, so I've done a lot of reading in the last couple of days. Unfortunately, some of my questions have not been answered in my research.
My goal is to keep track of what addresses are assigned, and to what interface they are assigned. From what I've read, there are a few ways that an interface can get an IPv6 address, which I've listed below in sub sections. I've highlighted what I've discovered so far, and posed some questions in these sections. If anyone can make any corrections to what I've learned, or have answers to the questions, please do so. If anyone knows of a place I can find more information, I don't mind researching it more myself.
Edit: I've discovered that Prefix Delegation does not actually result in address assignment. It is used by DHCP servers to get the prefixes to use from another DHCP server.
The methods for obtaining an IPv6 address are:
SLAAC is used in small networks to generate an IPv6 address for an interface. It requires (almost) no configuration and basically works as follows:
Assuming no reply is received by the end of the timeout period, the address is assumed to be unique and it is assigned as the link-local address to the interface.
Now the node has connectivity to all other nodes on this link
The node either waits to receive a Router Advertisement ( RA ), or sends a Router Solicitation ( RS ) message to the multicast group for all routers. When an RS is received by a router, it will respond with an RA . The RA will contain a prefix.
Question 3: It is possible to have more than one address for the interface. In fact, at the end of the above process, a single interface will have 2 addresses - a link-local one and a global unicast one. Is it possible to get additional addresses for this interface using SLAAC? Or must another method (e.g. DHCPv6) be used?
A node may obtain a link-local address using steps 1-3 from above. I believe this is optional and that it can simply use ::/128 (unspecified) as its source address in DHCP requests until it is assigned an address.
There are two methods of obtaining an address - normal and rapid-commit. Normal is a 4 message exchange ( Solicit , Advertise , Request , Reply ), and Rapid is a 2 message exchange ( Solicit , Reply ). Rapid-commit is done when the client requests it with a Rapid-Commit option in the Solicit message. It is essentially the same as Normal, and since it doesn't make a difference for my usage, I am going to ignore it for now.
Also, it is possible that messages are proxied through relays. Messages sent to a server from a relay are RELAY_FORW messages, and messages sent from the server to the relay are RELAY_REPL messages. The actual dialog between the client and server is encapsulated in its entirety within an OPTION_RELAY_MSG option. For the following, I am dealing only with non-relay messages. If a message was relayed, then it is easy to obtian the original message and the following still holds.
Address assignment takes place as follows:
This is the general method by which addresses are assigned, but more specifically, there are 3 ways that this can be done:
All three methods are accomplished by including an option in the Request which is then populated by the server and returned in the Reply . For the first two, a complete IPv6 address is returned which can then be assigned as an IP address for the interface. For the third, a prefix is returned similar to the RA in the SLAAC method. This prefix is then used with the interface identifier to create a complete global IPv6 address.
Question 5: In my pcap captures, I am seeing that the Solicit and Advertise often contain these options as well. This seems redundant in the non-rapid case since the Request and subsequent Reply must also contain the option. What is the purpose for including this option in the Solicit ? And what is the purpose of the DHCP server creating the IP address (or prefix) in the Advertise before being Request ed to do so?
Question 6: The RFCs indicate that multiple instances of the IA_NA (or IA_TA ) option can be included. I assume this means that the interface will then have multiple addresses. Does the client simply include multiple instances of the option in the Request to get multiple addresses? What happens if a DHCP server can supply some, but not all of the addresses? Does the entire Reply indicate a failure? Or are some addresses given?
For DHCPv6, an address in use can be released with a Release message. An address assigned by the server in a Reply can be declined by the client with a Decline message instead of being used.
If a client fails to send the Release or Decline , the server will continue to hold the address for the client until it expires.
Question 7: If a client can't send the Release (or Decline ) and reboots, it will initiate a new DHCP request. Will the DHCP server give back the old address? Or will it assume this is a request for an additional IP address and assign a new one?
I am not sure how addresses created by SLAAC or DHCP PD are released, if ever. Perhaps the release of these addresses is only done internally and no external device need know of the event.
As I stated at the beginning, my goal is to keep track of all the address assignments that are currently valid. My plan was to do the following:
Question 8: How do I detect SLAAC generated addresses or DHCP PD addresses? Is there some field in the messages I can use to regenerate the complete IP address? I will already have the prefix, but the interface ID is unknown.
Is this sufficient to maintain a list of IP addresses assigned to clients?
OK - so I've done some more research and I have most of the answers now.
First of all, a correction. Addresses are not obtained via PD with DHCP. That is how DHCP servers obtain a network prefix to use for the DHCP clients they host. There is another DHCP server which deals with handing out these prefixes. Thus, PD can be ignored as a method for obtaining IP addresses.
Question 1a/b: Is there really no fall back here?
Answer: There is no automated fallback mechanism. One can be implemented, but it would be custom.
Question 2: Is this also an NS message?
Answer: Yes
Answer: Multiple addresses can be generated with SLAAC. A client can use the Router Advertisements from multiple routers, and each router may advertise multiple prefixes. Each prefix can be used by the host to create a global unicast address.
Question 8 (modified): How do I detect SLAAC generated addresses? Is there some field in the messages I can use to regenerate the complete IP address? I will already have the prefix, but the interface ID is unknown.
Answer: The only way to detect them is to listen for NS messages. Since these messages are optional, there is no guaranteed way to detect SLAAC generated addresses.
I still don't have answers for questions 4-7, but I am not too concerned with them at the moment.
There is a third method to get an IPv6 address, manual configuration.
Reminder: Answers generated by artificial intelligence tools are not allowed on Stack Overflow. Learn more
Post as a guest.
Required, but never shown
By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy .
Bias-free language.
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Capwap access controller dhcpv6 option, dns search list option, dhcpv6 client link-layer address option, dhcp relay agent, dhcpv6 relay agent, dhcpv6 relay interface-id option, configuring capwap access points, configuring dns search list using ipv6 router advertisement options, example: configuring capwap access points, verifying dhcpv6 options support, additional references for dhcpv6 options support, feature history for dhcpv6 options support, information about dhcpv6 options support.
The Control And Provisioning of Wireless Access Points (CAPWAP) protocol allows lightweight access points to use DHCPv6 to discover a wireless controller to which it can connect. CAPWAP is a standard, interoperable protocol that enables a controller to manage a collection of wireless access points.
Wireless access points use the DHCPv6 option 52 (RFC 5417) to supply the IPv6 management interface addresses of the primary, secondary, and tertiary wireless controllers.
Both stateless and stateful DHCPv6 addressing modes are supported. In stateless mode, access points obtain IPv6 address using the Stateless Address Auto Configuration (SLAAC), while additional network information (not obtained from router advertisements) is obtained from a DHCPv6 server. In stateful mode, access points obtain both IPv6 addressing and additional network information exclusively from the DHCPv6 server. In both modes, a DHCPv6 server is required to provide option 52 if Wireless Controller discovery using DHCPv6 is required.
When the MAX_PACKET_SIZE exceeds 15, and option 52 is configured, the DHCPv6 server does not send DHCP packets.
DNS Search List (DNSSL) is a list of Domain Name System (DNS) suffix domain names used by IPv6 hosts when they perform DNS query searches for short, unqualified domain names. The DNSSL option contains one or more domain names. All domain names share the same lifetime value, which is the maximum time in seconds over which this DNSSL may be used. If different lifetime values are required, multiple DNSSL options can be used. There can be a maximum of 5 DNSSLs.
DHCP messages with long DNSSL names are discarded by the device.
RFC 6106 specifies IPv6 Router Advertisement (RA) options to allow IPv6 routers to advertise a DNS Search List (DNSSL) to IPv6 hosts for an enhanced DNS configuration.
The DHCPv6 Client Link-Layer Address Option (RFC 6939) defines an optional mechanism and the related DHCPv6 option to allow first-hop DHCPv6 relay agents (relay agents that are connected to the same link as the client) to provide the client's link-layer address in DHCPv6 messages that are sent towards the server.
The Client Link-Layer Address option is only exchanged between relay agents and servers. DHCPv6 clients are not aware of the use of the Client Link-Layer Address option. The DHCPv6 client must not send the Client Link-Layer Address option, and must ignore the Client Link-Layer Address option if received.
Each DHCPv6 client and server is identified by a DHCP unique identifier (DUID). The DUID is carried in the client identifier and server identifier options. The DUID is unique across all DHCP clients and servers, and it is stable for any specific client or server. DHCPv6 uses DUIDs based on link-layer addresses for both the client and server identifier. The device uses the MAC address from the lowest-numbered interface to form the DUID. The network interface is assumed to be permanently attached to the device.
A DHCP relay agent is a Layer 3 device that forwards DHCP packets between clients and servers. Relay agents forward requests and replies between clients and servers when they are not on the same physical subnet. Relay agent forwarding is different from the normal Layer 2 forwarding, in which IP datagrams are switched transparently between networks. Relay agents receive DHCP messages and generate new DHCP messages to send on output interfaces.
A DHCPv6 relay agent, which may reside on the client’s link, is used to relay messages between the client and the server. The DHCPv6 relay agent operation is transparent to the client. A DHCPv6 client locates a DHCPv6 server using a reserved, link-scoped multicast address. For direct communication between the DHCPv6 client and the DHCPv6 server, both of them must be attached to the same link. However, in some situations where ease of management, economy, or scalability is a concern, it is desirable to allow a DHCPv6 client to send a message to a DHCPv6 server that is not connected to the same link.
A DHCPv6 relay agent adds an Interface-Id option in the upstream DHCPv6 message. The Interface-Id option serves to identify the interface on which the client is connected. This information is used by the DHCPv6 relay agent while forwarding the downstream DHCPv6 message to the DHCPv6 client.
In a scenario where a Switch Virtual Interface (SVI) is configured to act as a relay agent, the Interface-Id option does not carry the physical interface details of the client interface. The Interface-Id option contains only the VLAN number of the client interface. The DHCPv6 server cannot identify which client sent the packet. The server cannot assign IPv6 addressess and policies to the packet.
Starting with the Cisco IOS XE Dublin 17.12.1 release, when an SVI acts as a relay agent the Interface-Id option will contain the physical interface details of the client interface. The physical interface details are included along with the VLAN number which is included by default. The new data is added as a sub-option. This makes it backward compatible as well as easily extensible.
The following is an example of the Interface-Id format before the physical interface details of the client interface are included.
The following is an example of the Interface-Id format after the physical interface details of the client interface are included.
This section provides information about how to configure DHCPv6 options support:
Command or Action | Purpose | |
---|---|---|
| enable | |
| configure terminal | |
| ipv6 dhcp pool | |
| capwap-ac address | |
| end |
Perform this task to configure the DNS search list using IPv6 router advertisement options:
command can only be configured on physical interfaces that are configured as routed ports in layer 3 mode. This is done by running the no switchport command in interface configuration mode. |
Use the no ipv6 nd ra dns-search-list domain domain-name command in interface configuration mode to delete a single DNS search list under an interface.
IMAGES
COMMENTS
IPv6 addresses have a 128-bit length, compared to the 32-bit length of IPv4 addresses, which provides a huge number of unique addresses to assign to devices and networks. IPv6 has two addressing modes, stateful and stateless. In this tutorial, we'll discuss the differences between these addressing modes in IPv6. 2. IPv6 Addressing Modes.
In a Stateless assignment scenario, there is no server or device which keeps a running log of what IP addresses have been assigned and what IP addresses are remaining, available to be assigned. The mentality in a Stateless assignment scenario is: Pick an IP address. If it happens to be in use, pick another one. TLDR: Stateful requires a DHCP ...
18. Stateful autoconfiguration of IPv6 is the equivalent to the use of DHCP in IPv4. It requires a DHCPv6 service to provide the IPv6 address to the client device and that both client device and server maintain the "state" of that address (i.e. lease time, etc). Stateless autoconfiguration of IPv6 allows the client device to self-configure its ...
Devices request and receive specific IPv6 addresses from a DHCPv6 server, which maintains a record of assigned addresses and manages the overall address space. Pros: Centralized Control: Stateful DHCPv6 offers network administrators greater control over address assignments, ensuring a more structured and organized network.
The most common method for IPv6 client address assignment is Stateless Address Auto-Configuration (SLAAC). SLAAC provides simple plug-and-play connectivity where clients self-assign an address based on the IPv6 prefix. ... :1 interface Vlan20 description IPv6-DHCP-Stateful ip address 192.168.20.1 255.255.255. ipv6 address 2001:DB8:0:20::1/64 ...
SLAAC stands for Stateless Address Autoconfiguration and the name pretty much explains what it does. It is a mechanism that enables each host on the network to auto-configure a unique IPv6 address without any device keeping track of which address is assigned to which node. Stateless and Stateful in the context of address assignment mean the ...
(List of assigned IPv6 addresses, for example) The M flag indicates if the DHCPv6 Stateful should be used or not. The O flag is not involved and it can be ignored. The following command is used to change the M flag from 0 to 1 and so, indicate the DHCPv6 Stateful: Router (config-if) # ipv6 nd managed-config-flag . DHCPV6 - Additional ...
Our DHCPv6 server will assign IPv6 addresses to all DHCPv6 clients and keep track of the bindings. In short, the DHCPv6 servers know exactly what IPv6 address has been assigned to what host. Stateless works a bit differently…the DHCPv6 server does not assign IPv6 addresses to the DHCPv6 clients; this is done through autoconfiguration. The ...
In Settings go to Network & Internet and click the Properties button for the interface you wish to configure. Click the Edit button under IP settings, change the configuration type to Manual ...
To enable Stateful DHCPv6, we must set the M-flag to 1 using the following command under the interface configuration mode. Router(config-if)# ipv6 nd managed-config-flag. And disable SLAAC by setting the A-flag to 0 using the following command: Router(config-if)# ipv6 nd prefix 2001:1234:A:B::/64 no-autoconfig.
The stateless approach is used when a site is not concerned with the exact addresses that hosts use. However, the addresses must be unique. The addresses must also be properly routable. The stateful approach is used when a site requires more precise control over exact address assignments. Stateful and stateless address autoconfiguration can be ...
IPv6 supports multiple addresses, making address assignments more flexible and convenient. Unlike IPv4, which relied solely on the DHCP protocol for address assignment, IPv6 incorporates a native Stateless Address AutoConfiguration SLAAC) protocol. SLAAC can either work alone to provide IPv6 addresses to hosts, or it can work with DHCPv6 to generate new assignment schemes.
IANA "owns" the entire IPv6 address space and they assign certain prefixes to the RIRs (Regional Internet Registry). There are 5 RIRs at the moment: AFRINIC: Africa. APNIC: Asia/Pacific. ARIN: North America. LACNIC: Latin America and some Caribbean Islands. RIPE NCC: Europe, Middle east and Central Asia.
DHCP for IPv6 Address Assignment. DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 clients. ... For example, neighbor discovery followed by a stateless or stateful DHCPv6 client can occur on the link between the CPE and the home devices (such as the home router or PC). In some cases, the ...
All you have to do is to change the DHCP server from stateless to stateful mode is to add and activate an IPv6 scope and you get a stateful DHCPv6 server that is able to assign IPv6 addresses to clients. And if you want to move a DHCP server from stateful to stateless mode, you simply have to deactivate or delete all IPv6 scopes from the server.
DHCPv6 stateful - this is similar to DHCPv4 where there is a pool of addresses and the DHCP server keeps track of which addresses are handed out to which MACs (clients) DHCP stateless - DHCP server has a prefix/subnet (like 1111:1111:1111:1111::/64) and sends that to hosts. Hosts can then come up with their own IP address using SLAAC.
I will use two routers to show you how stateless autoconfiguration works. R2 will have an IPv6 address and is going to send router advertisements. R1 will use this to configure its own IPv6 address. R2(config)#ipv6 unicast-routing. R2(config)#interface fastEthernet 0/0. R2(config-if)#ipv6 address 2001:1234::/64 eui-64.
IPv6 stateless auto-configuration is a quick-and-easy, plug-and-play method of having a host join an existing IPv6 network. Stateless auto-configuration process consists of the following: The IPv6 host generates a link-local address for its interface. A link-local address is formed by taking the well-known link-local prefix of fe80:: and ...
DHCPv6 enables DHCP servers to pass configuration parameters, such as IPv6 network addresses, to IPv6 clients. The address assignment feature manages non-duplicate address assignment in the correct prefix based on the network where the host is connected. Assigned addresses can be from one or multiple prefix pools.
For stateless, use the command: ip addr show dynamic For stateful, use the command: ip addr show permanent Quoting the ip-address man page: dynamic and permanent (IPv6 only) only list addresses installed due to stateless ad‐ dress configuration or only list permanent (not dynamic) ad‐ dresses.
The most common method for IPv6 client address assignment is Stateless Address Auto-Configuration (SLAAC). SLAAC provides simple plug-and-play connectivity where clients self-assign an address based on the IPv6 prefix. This process is achieved when the IPv6 router sends out periodic Router Advertisement (RA) messages, which inform the client of ...
The most common method for IPv6 client address assignment is Stateless Address Auto-Configuration (SLAAC). SLAAC provides simple plug-and-play connectivity where clients self-assign an address based on the IPv6 prefix. ... :1 interface Vlan20 description IPv6-DHCP-Stateful ip address 192.168.20.1 255.255.255. ipv6 address 2001:DB8:0:20::1/64 ...
Stateful DHCPv6. A node may obtain a link-local address using steps 1-3 from above. I believe this is optional and that it can simply use ::/128 (unspecified) as its source address in DHCP requests until it is assigned an address. There are two methods of obtaining an address - normal and rapid-commit.
Both stateless and stateful DHCPv6 addressing modes are supported. In stateless mode, access points obtain IPv6 address using the Stateless Address Auto Configuration (SLAAC), while additional network information (not obtained from router advertisements) is obtained from a DHCPv6 server. ... The server cannot assign IPv6 addressess and policies ...