One of the novelty IPv6 brought is SLAAC ( Stateless Address Autoconfiguration ).
Basically, it builds on the premises of the old IPv4 169. autoconfig, but turns it into something fully functionnable. A simple, plug and play, full autoconfiguration of hosts, for Global Internet connectivity.
We will see SLAAC theory, then real exemples and configurations of SLAAC served by a 40€/$ network router and SLAAC served by a Windows OS router. We'll have a look at what benefits a 200+ €/$ network router can bring SLAAC-wise. Finally, we'll sum up all the flags settings we'll go through.
SLAAC : The theory
SLAAC ( Stateless Address Autoconfiguration ) allows an host to do autoconfigure by mean of advertised network prefixes.
SLAAC is build on RAs ( Router Advertisement ) as a foundation. Let's see an advertised SLAAC RA closely.
First, the ' managed ' flag must be unset to allow host to autoconfigure :
Secondly, we have a RA option here, named prefix information :
Let's expand the ' prefix information message ' to see the option flags :
if the ' on link ' flag and the ' Autonomous address-configuration ' flag are both set, then a host can create an IPv6 address, using the advertised prefix as network ID, and using either a modified EUI-64 ( MAC address based ) or a RFC 4941 privacy ID ( IPv6 Privacy ) as a host ID.
Network ID+Host ID = Autoconfigured IPv6 address
We now have an IPv6 address autoconfigured
We already have a default gateway autoconfigured ( see Part 1 of IPv6 Dynamic Networking )
What our host still lacks for Global Internet connectivity is the DNS servers IP. Either of two mechanismes are providing for this : ND RDNSS or Stateless DHCPv6
SLAAC and ND RDNSS
The first mechanisme is ND RDNSS ( Network Discovery Recursive DNS Server ) and ND DNSSL ( Network Discovery DNS Search List ) as a RA option ( RFC 6106 ). It provide a mean for the router to add these optionnal lines in the advertised RAs.
Some OS don't support RFC 6106, like Windows OS, unless you use an open-source third-party add-on
When using ND RDNSS, the router's RA ' other ' flag is unset :
SLAAC and Stateless DHCPv6
The second mechanisme is the host configuration being completed by a DHCPv6 request.
The router keeps the managed flag unset, allowing the host to perform SLAAC. The ' other ' flag is set, thus informing the host to perform a stateless DHCPv6 request to complete its configuration :
Note that in this case, the DHCPv6 request can by served by either the network router or a discrete link-local DHCPv6 server. The host preference will follow the same rules as outlined in the previous post about DHCPv6.
IPv6 SLAAC using a network router
Performing SLAAC by mean of our neat Dlink DIR 626-L is pretty straightforward. We just have to check the ' Enable automatic IPv6 address assignment ' and choose either SLAAC+RDNSS or SLAAC+Stateless DHCPv6 :
I haven't managed to make SLAAC+RDNSS work on the DLink 626L. The RDNSS options are not in the captured IPv6 RAs on the network. I keep on being puzzled by that. I'll complete or correct this subject here when I find out.
In the case of SLAAC+Stateless DHCPv6, it worked and performed perfectly. The IPv6 address is autoconfigured, based on the Lan IPv6 Address of the network router, configured on the same page. It can just only be a /64.
The DNS DHCPv6 request is served by the Dlink own DHCPv6 server, without anything needing to be configured. It just passes the own Dlink configured DNS servers IPs on the same page.
In case another DHCPv6 server is present link-local, it will get preffered by the host, provided it features more informations or has a >0 preference flag ( see previous post ).
a few last notes about the DLink DIR 626-L with SLAAC :
The DLink router lifetime as a gateway is set to 180 s by design
The router advertisement lifetime setting is the host's SLAAC address lifetime ( 1440m=24h default )
IPv6 SLAAC using a Windows Server 2008 R2 as an IPv6 router + SLAAC provider
( To see how to make an IPv6 router out of any Windows OS with two network card, or how to set it up as an IPv6 tunnel endpoint, please see previous posts ).
Windows Server 2008 R2 doesn't supportserving SLAAC+RDNSS, so we can only use SLAAC+Stateless DHCPv6.
Let's do a quick cleanup of the server DHCP and IPv6 settings :
We empty the folders C:\windows\System32\DHCP and C:\Windows\System32\DHCP\Backup
We do an IPv6 reset : netsh int ipv6 reset
First, we add the DHCP server role, using server manager :
We check only the LAN NIC
we choose the DNS search list and the DNS servers, and don't need to create an IPv4 scope. Just clicking next.
we choose ' Enable DHCPv6 stateless mode ' and fill the DNS search list and DNS servers that will be advertised by the server :
we have now enabled the DHCPv6 server to perform stateless requests.
To have the hosts being able to perform SLAAC, more jobs need to be done by hand.
We first allow router discovery and advertising :
netsh int ipv6 set int [Idx] routerdiscovery=enable
netsh int ipv6 set int [Idx] advertise=enable
where [Idx] is the lan interface index.
We then have to choose and allow the published prefix. For this, we just have to type :
netsh int ipv6 show route
netsh int ipv6 set route [prefix]::/64 [IDx] :: publish=yes
where [prefix] is the lan prefix you want to be published, and [IDx] is the lan interface index.
Finally, to allow the router to be a routing default gateway :
netsh int ipv6 set int [IDx] forwarding=enable
netsh int ipv6 set int [IDx] advertisedrouterlifetime=1800
netsh int ipv6 set int [IDx] advertisedefaultroute=enable
netsh int ipv6 set int [IDx2] forwarding=enable
where [Idx] is the lan interface index and where [Idx2] is the Wan interface index.
Here is the complete sequence :
Well, nothing else needs to be taken care of. Just look at your advertisedrouterlifetime setting ( 1800 s default ) because a too little value may have your hosts discard the default gateway before a new RA arrives to renew the validity, thus creating an inconsistent connection. To verify a host default gateway remaining lifetime :
netsh int ipv6 show route verbose
A few more notes : Windows Server 2008 R2, when proposing you to enable or disable DHCPv6 Stateless mode, really does nothing more than handling you the option 23 and option 24 of the DHCPv6 Statefull Server ( See previous post : DHCPv6 ). We can as well choose the ' disable DHCPv6 Stateless mode ' option, and right click the DHCP Server IPv6 option to set the DNS Servers and DNS Search List options ( no 23 and 24 ). It will all work ok all the same.
SLAAC with a pro-grade network router
Here is what a pro-grade ( 200+ €/$ ) network router may bring you SLAAC-wise a consumer-grade network router lacks :
Domain search list
Unicast / Multicast advertise mode
RA flags manual setup
Sum-up of flags combinaisons
Here is the different combinaison for the 4 flags : managed, other, on-link, autoconfigure
and the host setup it initiates :
flags set setup
managed full DHCPv6
other + onlink + autoconfigure SLAAC+Stateless DHCPv6
onlink + autoconfigure SLAAC+RDNSS