8.0 Introduction
8.0.1 Welcome
Welcome to SLAAC and DHCPv6!
SLAAC and DHCPv6 are dynamic addressing protocols for an IPv6 network. So, a little bit of configuring will make your day as a network administrator lot easier. In this module, you will learn how to use SLAAC to allow hosts to create their own IPv6 global unicast address, as well as configure a Cisco IOS router to be a DHCPv6 server, a DHCPv6 client, or a DHCPv6 relay agent. This module includes a lab where you will configure DHCPv6 on real equipment!
8.0.2 What will I learn to do in this module?
Module Title: SLAAC and DHCPv6
Module Objective: Configure dynamic address allocation in IPv6 networks.
Topic Title | Topic Objective |
---|---|
IPv6 Global Unicast Address Assignment | Explain how an IPv6 host can acquire its IPv6 configuration. |
SLAAC | Explain the operation of SLAAC. |
DHCPv6 | Explain the operation of DHCPv6. |
Configure DHCPv6 Server | Configure a stateful and stateless DHCPv6 server. |
8.1 IPv6 GUA Assignment
8.1.1 IPv6 Host Configuration
First things first. To use either stateless address autoconfiguration (SLAAC) or DHCPv6, you should review global unicast addresses (GUAs) and link-local addresses (LLAs). This topic covers both.
On a router, an IPv6 global unicast address (GUA) is manually configured using the ipv6 address ipv6-address/prefix-length interface configuration command.
A Windows host can also be manually configured with an IPv6 GUA address configuration, as shown in the figure.
Manually entering an IPv6 GUA can be time consuming and somewhat error prone. Therefore, most Windows host are enabled to dynamically acquire an IPv6 GUA configuration, as shown in the figure.
8.1.2 IPv6 Host Link-Local Address
When automatic IPv6 addressing is selected, the host will attempt to automatically obtain and configure IPv6 address information on the interface. The host will use one of three methods defined by the Internet Control Message Protocol version 6 (ICMPv6) Router Advertisement (RA) message received on the interface. An IPv6 router that is on the same link as the host sends out RA messages that suggest to the hosts how to obtain their IPv6 addressing information. The IPv6 link-local address is automatically created by the host when it boots and the Ethernet interface is active. The example ipconfig output shows an automatically generated link-local address (LLA) on an interface.
In the figure, notice that the interface did not create an IPv6 GUA. The reason is because, in this example, the network segment does not have a router to provide network configuration instructions for the host.
Note: Host operating systems will at times show a link-local address appended with a “%” and a number. This is known as a Zone ID or Scope ID. It is used by the OS to associate the LLA with a specific interface.
Note: DHCPv6 is defined in RFC 3315.
C:\PC1> ipconfig Windows IP Configuration Ethernet adapter Ethernet0: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : Link-local IPv6 Address . . . . . : fe80::fb:1d54:839f:f595%21 IPv4 Address. . . . . . . . . . . : 169.254.202.140 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : C:\PC1>
8.1.3 IPv6 GUA Assignment
IPv6 was designed to simplify how a host can acquire its IPv6 configuration. By default, an IPv6-enabled router advertises its IPv6 information. This allows a host to dynamically create or acquire its IPv6 configuration.
The IPv6 GUA can be assigned dynamically using stateless and stateful services, as shown in the figure.
All stateless and stateful methods in this module use ICMPv6 RA messages to suggest to the host how to create or acquire its IPv6 configuration. Although host operating systems follow the suggestion of the RA, the actual decision is ultimately up to the host.
8.1.4 Three RA Message Flags
The decision of how a client will obtain an IPv6 GUA depends on the settings within the RA message.
An ICMPv6 RA message includes three flags to identify the dynamic options available to a host, as follows:
- A flag – This is the Address Autoconfiguration flag. Use Stateless Address Autoconfiguration (SLAAC) to create an IPv6 GUA.
- O flag – This is the Other Configuration flag. Other information is available from a stateless DHCPv6 server.
- M flag – This is the Managed Address Configuration flag. Use a stateful DHCPv6 server to obtain an IPv6 GUA.
Using different combinations of the A, O and M flags, RA messages inform the host about the dynamic options available.
The figure illustrates these three methods.
8.2 SLAAC
8.2.1 SLAAC Overview
Not every network has access to a DHCPv6 server. But every device in an IPv6 network needs a GUA. The SLAAC method enables hosts to create their own unique IPv6 global unicast address without the services of a DHCPv6 server.
SLAAC is a stateless service. This means there is no server that maintains network address information to know which IPv6 addresses are being used and which ones are available.
SLAAC uses ICMPv6 RA messages to provide addressing and other configuration information that would normally be provided by a DHCP server. A host configures its IPv6 address based on the information that is sent in the RA. RA messages are sent by an IPv6 router every 200 seconds.
A host can also send a Router Solicitation (RS) message requesting that an IPv6-enabled router send the host an RA.
SLAAC can be deployed as SLAAC only, or SLAAC with DHCPv6.
8.2.2 Enabling SLAAC
Refer to the following topology to see how SLAAC is enabled to provide stateless dynamic GUA allocation.
Assume R1 GigabitEthernet 0/0/1 has been configured with the indicated IPv6 GUA and link-local addresses. Click each button for an explanation of how R1 is enabled for SLAAC.
8.2.3 SLAAC Only Method
The SLAAC only method is enabled by default when the ipv6 unicast-routing command is configured. All enabled Ethernet interfaces with an IPv6 GUA configured will start sending RA messages with the A flag set to 1, and the O and M flags set to 0, as shown in the figure.
The A = 1 flag suggests to the client that it create its own IPv6 GUA using the prefix advertised in the RA. The client can create its own Interface ID using either Extended Unique Identifier method (EUI-64) or have it randomly generated.
The O =0 and M=0 flags instruct the client to use the information in the RA message exclusively. The RA includes the prefix, prefix-length, DNS server, MTU, and default gateway information. There is no further information available from a DHCPv6 server.
In the example, PC1 is enabled to obtain its IPv6 addressing information automatically. Because of the settings of the A, O and M flags, PC1 performs SLAAC only, using the information contained in the RA message sent by R1.
The default gateway address is the source IPv6 address of the RA message, which is the LLA for R1. The default gateway can only be obtained automatically from the RA message. A DHCPv6 server does not provide this information.
C:\PC1> ipconfig Windows IP Configuration Ethernet adapter Ethernet0: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1:1de9:c69:73ee:ca8c Link-local IPv6 Address . . . . . : fe80::fb:1d54:839f:f595%21 IPv4 Address. . . . . . . . . . . : 169.254.202.140 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : fe80::1%6 C:\PC1>
8.2.4 ICMPv6 RS Messages
A router sends RA messages every 200 seconds. However, it will also send an RA message if it receives an RS message from a host.
When a client is configured to obtain its addressing information automatically, it sends an RS message to the IPv6 all-routers multicast address of ff02::2.
The figure illustrates how a host initiates the SLAAC method.
- PC1 has just booted and has not yet received an RA message. Therefore, it sends an RS message to the IPv6 all-routers multicast address of ff02::2 requesting an RA.
- R1 is part of the IPv6 all-routers group and received the RS message. It generates an RA containing the local network prefix and prefix length (e.g., 2001:db8:acad:1::/64). It then sends the RA message to the IPv6 all-nodes multicast address of ff02::1. PC1 uses this information to create a unique IPv6 GUA.
8.2.5 Host Process to Generate Interface ID
Using SLAAC, a host typically acquires its 64-bit IPv6 subnet information from the router RA. However, it must generate the remainder 64-bit interface identifier (ID) using one of two methods:
- Randomly generated – The 64-bit interface ID is randomly generated by the client operating system. This is the method now used by Windows 10 hosts.
- EUI-64 – The host creates an interface ID using its 48-bit MAC address and inserts the hex value of fffe in the middle of the address. Some operating systems default to the randomly generated interface ID instead of the EUI-64 method, due to privacy concerns. This is because the Ethernet MAC address of the host is used by EUI-64 to create the interface ID.
Note: Windows, Linux, and Mac OS allow for the user to modify the generation of the interface ID to be either randomly generated or to use EUI-64.
For instance, in the following ipconfig output, the Windows 10 PC1 host used the IPv6 subnet information contained in the R1 RA and randomly generated a 64-bit interface ID as highlighted in the output.
C:\PC1> ipconfig Windows IP Configuration Ethernet adapter Ethernet0: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:db8:acad:1:1de9:c69:73ee:ca8c Link-local IPv6 Address . . . . . : fe80::fb:1d54:839f:f595%21 IPv4 Address. . . . . . . . . . . : 169.254.202.140 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : fe80::1%6 C:\PC1>
8.2.6 Duplicate Address Detection
The process enables the host to create an IPv6 address. However, there is no guarantee that the address is unique on the network.
SLAAC is a stateless process; therefore, a host has the option to verify that a newly created IPv6 address is unique before it can be used. The Duplicate Address Detection (DAD) process is used by a host to ensure that the IPv6 GUA is unique.
DAD is implemented using ICMPv6. To perform DAD, the host sends an ICMPv6 Neighbor Solicitation (NS) message with a specially constructed multicast address, called a solicited-node multicast address. This address duplicates the last 24 bits of IPv6 address of the host.
If no other devices respond with a NA message, then the address is virtually guaranteed to be unique and can be used by the host. If an NA is received by the host, then the address is not unique, and the operating system has to determine a new interface ID to use.
The Internet Engineering Task Force (IETF) recommends that DAD is used on all IPv6 unicast addresses regardless of whether it is created using SLAAC only, obtained using stateful DHCPv6, or manually configured. DAD is not mandatory because a 64-bit interface ID provides 18 quintillion possibilities and the chance that there is a duplication is remote. However, most operating systems perform DAD on all IPv6 unicast addresses, regardless of how the address is configured.
8.3 DHCPv6
8.3.1 DHCPv6 Operation Steps
This topic explains stateless and stateful DHCPv6. Stateless DHCPv6 uses parts of SLAAC to ensure that all the necessary information is supplied to the host. Stateful DHCPv6 does not require SLAAC.
Although DHCPv6 is similar to DHCPv4 in what it provides, the two protocols are independent of each other.
The host begins the DHCPv6 client/server communications after stateless DHCPv6 or stateful DHCPv6 is indicated in the RA.
Server to client DHCPv6 messages use UDP destination port 546 while client to server DHCPv6 messages use UDP destination port 547.
The steps for DHCPv6 operations are as follows:
- The host sends an RS message.
- The router responds with an RA message.
- The host sends a DHCPv6 SOLICIT message.
- The DHCPv6 server responds with an ADVERTISE message.
- The host responds to the DHCPv6 server.
- The DHCPv6 server sends a REPLY message.
Click each button for an explanation and illustration of these DHCPv6 operation steps.
8.3.2 Stateless DHCPv6 Operation
The stateless DHCPv6 option tells the client to use the information in the RA message for addressing, but additional configuration parameters are available from a DHCPv6 server.
This process is known as stateless DHCPv6 because the server is not maintaining any client state information (i.e., a list of available and allocated IPv6 addresses). The stateless DHCPv6 server is only providing configuration parameters for clients, not IPv6 addresses.
The figure illustrates stateless DHCPv6 operation.
- PC1 receives a stateless DHCP RA message. The RA message contains the network prefix and prefix length. The M flag for stateful DHCP is set to the default value 0. The A=1 flag tells the client to use SLAAC. The O=1 flag informs the client that additional configuration information is available from a stateless DHCPv6 server.
- The client sends a DHCPv6 SOLICIT message looking for a stateless DHCPv6 server to obtain additional information (e.g., DNS server addresses).
8.3.3 Enable Stateless DHCPv6 on an Interface
Stateless DHCPv6 is enabled on a router interface using the ipv6 nd other-config-flag interface configuration command. This sets the O flag to 1.
The highlighted output confirms the RA will tell receiving hosts to use stateless autoconfigure (A flag = 1) and contact a DHCPv6 server to obtain another configuration information (O flag = 1).
Note: You can use the no ipv6 nd other-config-flag to reset the interface to the default SLAAC only option (O flag = 0).
R1(config-if)# ipv6 nd other-config-flag R1(config-if)# end R1# R1# show ipv6 interface g0/0/1 | begin ND ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) ND advertised reachable time is 0 (unspecified) ND advertised retransmit interval is 0 (unspecified) ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds ND advertised default router preference is Medium Hosts use stateless autoconfig for addresses. Hosts use DHCP to obtain other configuration. R1#
8.3.4 Stateful DHCPv6 Operation
This option is most similar to DHCPv4. In this case, the RA message tells the client to obtain all addressing information from a stateful DHCPv6 server, except the default gateway address which is the source IPv6 link-local address of the RA.
This is known as stateful DHCPv6 because the DHCPv6 server maintains IPv6 state information. This is similar to a DHCPv4 server allocating addresses for IPv4.
The figure illustrates stateful DHCPv6 operation.
- PC1 receives a DHCPv6 RA message with the O flag set to 0 and the M flag set to 1, indicating to PC1 that it will receive all its IPv6 addressing information from a stateful DHCPv6 server.
- PC1 sends a DHCPv6 SOLICIT message looking for a stateful DHCPv6 server.
Note: If A=1 and M=1, some operating systems such as Windows will create an IPv6 address using SLAAC and obtain a different address from the stateful DHCPv6 server. In most cases it is recommended to manually set the A flag to 0.
8.3.5 Enable Stateful DHCPv6 on an Interface
Stateful DHCPv6 is enabled on a router interface using the ipv6 nd managed-config-flag interface configuration command. This sets the M flag to 1.
The highlighted output in the example confirms that the RA will tell the host to obtain all IPv6 configuration information from a DHCPv6 server (M flag = 1).
R1(config)# int g0/0/1 R1(config-if)# ipv6 nd managed-config-flag R1(config-if)# end R1# R1# show ipv6 interface g0/0/1 | begin ND ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) ND advertised reachable time is 0 (unspecified) ND advertised retransmit interval is 0 (unspecified) ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds ND advertised default router preference is Medium Hosts use DHCP to obtain routable addresses. R1#
8.4 Configure DHCPv6 Server
8.4.1 DHCPv6 Router Roles
Cisco IOS routers are powerful devices. In smaller networks, you do not have to have separate devices to have a DHCPv6 server, client, or relay agent. A Cisco IOS router can be configured to provide DHCPv6 server services.
Specifically, it can be configured to be one of the following:
- DHCPv6 Server – Router provides stateless or stateful DHCPv6 services.
- DHCPv6 Client – Router interface acquires an IPv6 IP configuration from a DHCPv6 server.
- DHCPv6 Relay Agent – Router provides DHCPv6 forwarding services when the client and the server are located on different networks.
8.4.2 Configure a Stateless DHCPv6 Server
The stateless DHCPv6 server option requires that the router advertise the IPv6 network addressing information in RA messages. However, the client must contact a DHCPv6 server for more information.
Refer to the sample topology to learn how to configure the stateless DHCPv6 server method.
In this example, R1 will provide SLAAC services for the host IPv6 configuration and DHCPv6 services.
There are five steps to configure and verify a router as a stateless DHCPv6 server:
Step 1. Enable IPv6 routing.
Step 2. Define a DHCPv6 pool name.
Step 3. Configure the DHCPv6 pool.
Step 4. Bind the DHCPv6 pool to an interface.
Step 5. Verify that the hosts have received IPv6 addressing information.
Click each button for an example of these steps.
8.4.3 Configure a Stateless DHCPv6 Client
A router can also be a DHCPv6 client and get an IPv6 configuration from a DHCPv6 server, such as a router functioning as a DHCPv6 server. In the figure, R1 is a stateless DHCPv6 server.
There are five steps to configure and verify a router as a stateless DHCPv6 server.
Step 1. Enable IPv6 routing.
Step 2. Configure the client router to create an LLA.
Step 3. Configure the client router to use SLAAC.
Step 4. Verify that the client router is assigned a GUA.
Step 5. Verify that the client router received other necessary DHCPv6 information.
Click each button for an example of these steps.
8.4.4 Configure a Stateful DHCPv6 Server
The stateful DHCP server option requires that the IPv6 enabled router tells the host to contact a DHCPv6 server to obtain all necessary IPv6 network addressing information.
In the figure, R1 will provide stateful DHCPv6 services to all hosts on the local network. Configuring a stateful DHCPv6 server is similar to configuring a stateless server. The most significant difference is that a stateful DHCPv6 server also includes IPv6 addressing information similar to a DHCPv4 server.
There are five steps to configure and verify a router as a stateless DHCPv6 server:
Step 1. Enable IPv6 routing.
Step 2. Define a DHCPv6 pool name.
Step 3. Configure the DHCPv6 pool.
Step 4. Bind the DHCPv6 pool to an interface.
Step 5. Verify that the hosts have received IPv6 addressing information.
Click each button for an example of these steps.
8.4.5 Configure a Stateful DHCPv6 Client
A router can also be a DHCPv6 client. The client router needs to have ipv6 unicast-routing enabled and an IPv6 link-local address to send and receive IPv6 messages.
Refer to the sample topology to learn how to configure the stateful DHCPv6 client.
There are five steps to configure and verify a router as a stateless DHCPv6 server.
Step 1. Enable IPv6 routing.
Step 2. Configure the client router to create an LLA.
Step 3. Configure the client router to use DHCPv6.
Step 4. Verify that the client router is assigned a GUA.
Step 5. Verify that the client router received other necessary DHCPv6 information.
Click each button for an example of these steps.
8.4.6 DHCPv6 Server Verification Commands
Use the show ipv6 dhcp pool and show ipv6 dhcp binding commands to verify DHCPv6 operation on a router.
Click each button for example output.
8.4.7 Configure a DHCPv6 Relay Agent
If the DHCPv6 server is located on a different network than the client, then the IPv6 router can be configured as a DHCPv6 relay agent. The configuration of a DHCPv6 relay agent is similar to the configuration of an IPv4 router as a DHCPv4 relay.
In the figure, R3 is configured as a stateful DHCPv6 server. PC1 is on the 2001:db8:acad:2::/64 network and requires the services of a stateful DHCPv6 server to acquire its IPv6 configuration. R1 needs to be configured as the DHCPv6 Relay Agent.
The command syntax to configure a router as a DHCPv6 relay agent is as follows:
Router(config-if)# ipv6 dhcp relay destination ipv6-address [interface-type interface-number]
This command is configured on the interface facing the DHCPv6 clients and specifies the DHCPv6 server address and egress interface to reach the server, as shown in the output. The egress interface is only required when the next-hop address is an LLA.
R1(config)# interface gigabitethernet 0/0/1 R1(config-if)# ipv6 dhcp relay destination 2001:db8:acad:1::2 G0/0/0 R1(config-if)# exit R1(config)#
8.4.8 Verify the DHCPv6 Relay Agent
Verify that the DHCPv6 relay agent is operational with the show ipv6 dhcp interface and show ipv6 dhcp binding commands. Verify Windows hosts received IPv6 addressing information with the ipconfig /all command.
Click each button for example output.
8.5 Module Practice and Quiz
8.5.1 Lab – Configure DHCPv6
In this lab, you will complete the following objectives:
- Part 1: Build the Network and Configure Basic Device Settings
- Part 2: Verify SLAAC address assignment from R1
- Part 3: Configure and verify a Stateless DHCPv6 Server on R1
- Part 4: Configure and verify a Stateful DHCPv6 Server on R1
- Part 5: Configure and verify a DHCPv6 Relay on R2
8.5.2 What did I learn in this module?
IPv6 GUA Assignment
On a router, an IPv6 global unicast addresses (GUA) is manually configured using the ipv6 address ipv6-address/prefix-length interface configuration command. When automatic IPv6 addressing is selected, the host will attempt to automatically obtain and configure IPv6 address information on the interface. The IPv6 link-local address is automatically created by the host when it boots and the Ethernet interface is active. By default, an IPv6-enabled router advertises its IPv6 information enabling a host to dynamically create or acquire its IPv6 configuration. The IPv6 GUA can be assigned dynamically using stateless and stateful services. The decision of how a client will obtain an IPv6 GUA depends on the settings within the RA message. An ICMPv6 RA message includes three flags to identify the dynamic options available to a host:
- A flag – This is the Address Autoconfiguration flag. Use SLAAC to create an IPv6 GUA.
- O flag – This is the Other Configuration flag. Get Other information from a stateless DHCPv6 server.
- M flag – This is the Managed Address Configuration flag. Use a stateful DHCPv6 server to obtain an IPv6 GUA.
SLAAC
The SLAAC method enables hosts to create their own unique IPv6 global unicast address without the services of a DHCPv6 server. SLAAC, which is stateless, uses ICMPv6 RA messages to provide addressing and other configuration information that would normally be provided by a DHCP server. SLAAC can be deployed as SLAAC only, or SLAAC with DHCPv6. To enable the sending of RA messages, a router must join the IPv6 all-routers group using the ipv6 unicast-routing global config command. Use the show ipv6 interface command to verify if a router is enabled. The SLAAC only method is enabled by default when the ipv6 unicast-routing command is configured. All enabled Ethernet interfaces with an IPv6 GUA configured will start sending RA messages with the A flag set to 1, and the O and M flags set to 0. The A = 1 flag suggests to the client to create its own IPv6 GUA using the prefix advertised in the RA. The O =0 and M=0 flags instructs the client to use the information in the RA message exclusively. A router sends RA messages every 200 seconds. However, it will also send an RA message if it receives an RS message from a host. Using SLAAC, a host typically acquires its 64-bit IPv6 subnet information from the router RA. However, it must generate the remainder 64-bit interface identifier (ID) using one of two methods: randomly generated, or EUI-64. The DAD process is used by a host to ensure that the IPv6 GUA is unique. DAD is implemented using ICMPv6. To perform DAD, the host sends an ICMPv6 NS message with a specially constructed multicast address, called a solicited-node multicast address. This address duplicates the last 24 bits of IPv6 address of the host.
DHCPv6
The host begins the DHCPv6 client/server communications after stateless DHCPv6 or stateful DHCPv6 is indicated in the RA. Server to client DHCPv6 messages use UDP destination port 546, while client to server DHCPv6 messages use UDP destination port 547. The stateless DHCPv6 option informs the client to use the information in the RA message for addressing, but additional configuration parameters are available from a DHCPv6 server. This is called stateless DHCPv6 because the server is not maintaining any client state information. Stateless DHCPv6 is enabled on a router interface using the ipv6 nd other-config-flag interface configuration command. This sets the O flag to 1. In stateful DHCPv6, the RA message tells the client to obtain all addressing information from a stateful DHCPv6 server, except the default gateway address which is the source IPv6 link-local address of the RA. It is called stateful because the DHCPv6 server maintains IPv6 state information. Stateful DHCPv6 is enabled on a router interface using the ipv6 nd managed-config-flag interface configuration command. This sets the M flag to 1.
Configure DHCPv6 Server
A Cisco IOS router can be configured to provide DHCPv6 server services as one of the following three types: DHCPv6 server, DHCPv6 client, or DHCPv6 relay agent. The stateless DHCPv6 server option requires that the router advertise the IPv6 network addressing information in RA messages. A router can also be a DHCPv6 client and get an IPv6 configuration from a DHCPv6 server. The stateful DHCP server option requires that the IPv6-enabled router tells the host to contact a DHCPv6 server to acquire all required IPv6 network addressing information. For a client router to be a DHCPv6 router, it needs to have ipv6 unicast-routing enabled and an IPv6 link-local address to send and receive IPv6 messages. Use the show ipv6 dhcp pool and show ipv6 dhcp binding commands to verify DHCPv6 operation on a router. If the DHCPv6 server is located on a different network than the client, then the IPv6 router can be configured as a DHCPv6 relay agent using the ipv6 dhcp relay destination ipv6-address [interface-type interface-number] command. This command is configured on the interface facing the DHCPv6 clients and specifies the DHCPv6 server address and egress interface to reach the server. The egress interface is only required when the next-hop address is an LLA. Verify the DHCPv6 relay agent is operational with the show ipv6 dhcp interface and show ipv6 dhcp binding commands.