Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
1 juillet 2013 1 01 /07 /juillet /2013 14:22

One of the novelty IPv6 brought is SLAAC ( Stateless Address Autoconfiguration ).

 

D5a

 

Basically, it builds on the premises of the old IPv4 169. autoconfig, but turns it into something fully functionnable. A simple, plug and play, full autoconfiguration of hosts, for Global Internet connectivity.


We will see SLAAC theory, then real exemples and configurations of SLAAC served by a 40€/$ network router and SLAAC served by a Windows OS router. We'll have a look at what benefits a 200+ €/$ network router can bring SLAAC-wise. Finally, we'll sum up all the flags settings we'll go through.



SLAAC :  The theory

 

SLAAC ( Stateless Address Autoconfiguration ) allows an host to do autoconfigure by mean of advertised network prefixes.

SLAAC is build on RAs ( Router Advertisement ) as  a foundation. Let's see an advertised SLAAC RA closely.

First, the ' managed ' flag must be unset to allow host to autoconfigure :

 

D5d

 

  Secondly, we have a RA option here, named prefix information :

 

D5b

 

Let's expand the ' prefix information message ' to see the option flags :

 

D5c

 

if the ' on link ' flag and the ' Autonomous address-configuration ' flag are both set, then a host can create an IPv6 address, using the advertised prefix as network ID, and using either a modified EUI-64 ( MAC address based ) or a RFC 4941 privacy ID ( IPv6 Privacy ) as a host ID.


Network ID+Host ID = Autoconfigured IPv6 address

 

We now have an IPv6 address autoconfigured

 

We already have a default gateway autoconfigured ( see Part 1 of IPv6 Dynamic Networking )

 

What our host still lacks for Global Internet connectivity is the DNS servers IP. Either of two mechanismes are providing for this : ND RDNSS or Stateless DHCPv6



SLAAC and ND RDNSS

 

The first mechanisme is ND RDNSS ( Network Discovery Recursive DNS Server ) and ND DNSSL ( Network Discovery DNS Search List ) as a RA option ( RFC 6106 ). It provide a mean for the router to add these optionnal lines in the advertised RAs.
Some OS don't support RFC 6106, like Windows OS, unless you use an open-source third-party add-on
When using ND RDNSS, the router's RA ' other ' flag is unset :

 

D5d

 

 

 

SLAAC and Stateless DHCPv6

The second mechanisme is the host configuration being completed by a DHCPv6 request.

 

The router keeps the managed flag unset, allowing the host to perform SLAAC. The ' other ' flag is set, thus informing the host to perform a stateless DHCPv6 request to complete its configuration :

 

D5i

Note that in this case, the DHCPv6 request can by served by either the network router or a discrete link-local DHCPv6 server. The host preference will follow the same rules as outlined in the previous post about DHCPv6.


IPv6 SLAAC using a network router

D5a

 

 

 

Performing SLAAC by mean of our neat Dlink DIR 626-L is pretty straightforward. We just have to check the ' Enable automatic IPv6 address assignment ' and choose either SLAAC+RDNSS or SLAAC+Stateless DHCPv6 :

 

D5e

 

I haven't managed to make SLAAC+RDNSS work on the DLink 626L. The RDNSS options are not in the captured IPv6 RAs on the network. I keep on being puzzled by that. I'll complete or correct this subject here when I find out.


In the case of SLAAC+Stateless DHCPv6, it worked and performed perfectly. The IPv6 address is autoconfigured, based on the Lan IPv6 Address of the network router, configured on the same page. It can just only be a /64.

 

The DNS DHCPv6 request is served by the Dlink own DHCPv6 server, without anything needing to be configured. It just passes the own Dlink configured DNS servers IPs on the same page.

 

In case another DHCPv6 server is present link-local, it will get preffered by the host, provided it features more informations or has a >0 preference flag ( see previous post ).

a few last notes about the DLink DIR 626-L with SLAAC :


The DLink router lifetime as a gateway is set to 180 s by design
The router advertisement lifetime setting is the host's SLAAC address lifetime ( 1440m=24h default )

 

 

IPv6 SLAAC using a Windows Server 2008 R2 as an IPv6 router + SLAAC provider

 

 

D5f

 

( To see how to make an IPv6 router out of any Windows OS with two network card, or how to set it up as an IPv6 tunnel endpoint, please see previous posts ).

 

Windows Server 2008 R2 doesn't supportserving SLAAC+RDNSS, so we can only use SLAAC+Stateless DHCPv6.

 

Let's do a quick cleanup of the server DHCP and IPv6 settings :
We empty the folders C:\windows\System32\DHCP and C:\Windows\System32\DHCP\Backup
We do an IPv6 reset : netsh int ipv6 reset
We reboot

First, we add the DHCP server role, using server manager :


We check only the LAN NIC

 

we choose the DNS search list and the DNS servers, and don't need to create an IPv4 scope. Just clicking next.
we choose ' Enable DHCPv6 stateless mode ' and fill the DNS search list and DNS servers that will be advertised by the server :

 

D5g

 

we have now enabled the DHCPv6 server to perform stateless requests.


To have the hosts being able to perform SLAAC, more jobs need to be done by hand.

 

We first allow router discovery and advertising :

 

netsh int ipv6 set int [Idx] routerdiscovery=enable
netsh int ipv6 set int [Idx] advertise=enable

 

where [Idx] is the lan interface index.

 

We then have to choose and allow the published prefix. For this, we just have to type :

 

netsh int ipv6 show route
netsh int ipv6 set route [prefix]::/64 [IDx] :: publish=yes

 

where [prefix] is the lan prefix you want to be published, and [IDx] is the lan interface index.

 

Finally, to allow the router to be a routing default gateway :

 

netsh int ipv6 set int [IDx] forwarding=enable
netsh int ipv6 set int [IDx] advertisedrouterlifetime=1800
netsh int ipv6 set int [IDx] advertisedefaultroute=enable
netsh int ipv6 set int [IDx2] forwarding=enable

where [Idx] is the lan interface index and where [Idx2] is the Wan interface index.


Here is the complete sequence :

D5h

 

Well, nothing else needs to be taken care of. Just look at your advertisedrouterlifetime setting ( 1800 s default ) because a too little value may have your hosts discard the default gateway before a new RA arrives to renew the validity, thus creating an inconsistent connection. To verify a host default gateway remaining lifetime :

 

netsh int ipv6 show route verbose

A few more notes : Windows Server 2008 R2, when proposing you to enable or disable DHCPv6 Stateless mode, really does nothing more than handling you the option 23 and option 24 of the DHCPv6 Statefull Server ( See previous post : DHCPv6 ). We can as well choose the ' disable DHCPv6 Stateless mode ' option, and right click the DHCP Server IPv6 option to set the DNS Servers and DNS Search List options ( no 23 and 24 ). It will all work ok all the same.


 

SLAAC with a pro-grade network router

Here is what a pro-grade ( 200+ €/$ ) network router may bring you SLAAC-wise a consumer-grade network router lacks :

Domain search list
Unicast / Multicast advertise mode
Advertise interval
RA flags manual setup
Router Preference
MTU settings   
Router lifetime
Prefix length
Prefix lifetime


Sum-up of flags combinaisons

Here is the different combinaison for the 4 flags : managed, other, on-link, autoconfigure

and the host setup it initiates :

 

flags set                                                       setup

 

managed                                                     full DHCPv6
other + onlink + autoconfigure                SLAAC+Stateless DHCPv6
onlink + autoconfigure                              SLAAC+RDNSS

Partager cet article

Repost 0
Published by computer outlines - dans IPv6
commenter cet article

commentaires

Présentation

  • : Computer Outlines Blog
  • : Blog mainly focused over IPv6, Windows Server, and Networking in general.
  • Contact

Recherche

Liens