Neighbor discoverydhcp
 

Like this? Share it with your network

Share

Neighbor discoverydhcp

on

  • 524 views

 

Statistics

Views

Total Views
524
Views on SlideShare
523
Embed Views
1

Actions

Likes
1
Downloads
35
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Neighbor discoverydhcp Document Transcript

  • 1. IPv6 Neighbor Discovery RFC4861, RFC4862 And DHCPv6 FRED BOVY – CCIE #3013 1 02/10/14
  • 2. Fred Bovy. ccie #3013 1. INTRODUCTION More details to the presentation: http://www.ipv6forlife.com/Docs/IPv6Autoconfig20c.pdf ND o o o o o is used by End Nodes to : Resolve data link layer address to send a frame (ARP functionality). Determine when the address of a neighbor has changed Determine if a neighbor is still reachable Discover the neighbors Autoconfigure addresses, prefixes, routes and other parameters ND is used by Routers to: o Announce their presence, provide host with configuration parameters, routes and prefixes. o Inform a host about a better next hop to transmit a packet for a particular destination. ND processes are for: o Routers discovery o Prefixes discovery o Automatic address Configuration o Information to a host when a better next-host exists for a packet it is routing The Processes are: ✔ MAC Address resolution ✔ Next-hop Determination ✔ Unreachable neighbor detection ✔ Duplicate Address Detection CISCO ROUTER LOG: *Sep 22 03:55:50.586: %LINK­3­UPDOWN: Interface FastEthernet1/0, changed state to up *Sep 22 03:55:51.586: %LINEPROTO­5­UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up *Sep 22 03:55:51.598: ICMPv6­ND: L2 came up on FastEthernet1/0 *Sep 22 03:55:51.602: IPv6­Addrmgr­ND: DAD request for FE80::C800:6FF:FEA9:1C on FastEthernet1/0 *Sep 22 03:55:51.606: ICMPv6­ND: Sending NS for FE80::C800:6FF:FEA9:1C on FastEthernet1/0 *Sep 22 03:55:51.626: ICMPv6­ND: ND output feature SEND executed on 5 ­ rc=0 *Sep 22 03:55:51.638: %SYS­5­CONFIG_I: Configured from console by console *Sep 22 03:55:52.610: IPv6­Addrmgr­ND: DAD: FE80::C800:6FF:FEA9:1C is unique. *Sep 22 03:55:52.618: ICMPv6­ND: Sending NA for FE80::C800:6FF:FEA9:1C on FastEthernet1/0 *Sep 22 03:55:52.618: ICMPv6­ND: L3 came up on FastEthernet1/0 *Sep 22 03:55:52.666: IPv6­Addrmgr­ND: DAD request for F:1::1 on FastEthernet1/0 *Sep 22 03:55:52.678: ICMPv6­ND: Sending NS for F:1::1 on FastEthernet1/0 *Sep 22 03:55:52.686: ICMPv6­ND: Linklocal FE80::C :1 800:6FF:FEA9:1C on FastEthernet1/0, Up 2 02/10/14 ­ IPv6 For Life
  • 3. Fred Bovy. ccie #3013 *Sep 22 03:55:52.686: ICMPv6­ND: Created RA context for FE80::C800:6FF:FEA9:1C *Sep 22 03:55:52.690: ICMPv6­ND: Request to send RA for FE80::C800:6FF:FEA9:1C *Sep 22 03:55:52.698: ICMPv6­ND: Sending RA from FE80::C800:6FF:FEA9:1C to FF02::1 on FastEthernet1/0 *Sep 22 03:55:52.706: ICMPv6­ND:     MTU = 1500 *Sep 22 03:55:52.706: ICMPv6­ND:     prefix = F:1::/64 onlink autoconfig *Sep 22 03:55:52.710: ICMPv6­ND:             2592000/604800 (valid/preferred) *Sep 22 03:55:52.718: ICMPv6­ND: ND output feature SEND executed on 5 ­ rc=0 *Sep 22 03:55:52.718: ICMPv6­ND: ND output feature SEND executed on 5 ­ rc=0 *Sep 22 03:55:52.722: ICMPv6­ND: ND output feature SEND executed on 5 ­ rc=0 *Sep 22 03:55:53.682: IPv6­Addrmgr­ND: DAD: F:1::1 is unique. *Sep 22 03:55:53.682: ICMPv6­ND: Sending NA for F:1::1 on FastEthernet1/0 *Sep 22 03:55:53.686: ICMPv6­ND: ND output feature SEND executed on 5 ­ rc=0 *Sep 22 03:55:54.558: ICMPv6­ND: ULP neighbour FE80::C801:6FF:FEA9:1C on FastEthernet1/0 *Sep 22 03:55:54.562: ICMPv6­ND: DELETE ­> INCMP: FE80::C801:6FF:FEA9:1C *Sep 22 03:55:54.566: ICMPv6­ND: Sending NS for FE80::C801:6FF:FEA9:1C on FastEthernet1/0 *Sep 22 03:55:54.570: ICMPv6­ND: Set ULP NUD for FE80::C801:6FF:FEA9:1C on FastEthernet1/0 *Sep 22 03:55:54.594: ICMPv6­ND: ND output feature SEND executed on 5 ­ rc=0 *Sep 22 03:55:54.614: ICMPv6­ND: ND input feature SEND executed on 5 ­ rc=0 *Sep 22 03:55:54.618: ICMPv6­ND: Received NA for FE80::C801:6FF:FEA9:1C on FastEthernet1/0 from  FE80::C801:6FF:FEA9:1C *Sep 22 03:55:54.622: ICMPv6­ND: Neighbour FE80::C801:6FF:FEA9:1C on FastEthernet1/0 : LLA  ca01.06a9.001c *Sep 22 03:55:. 54622: ICMPv6­ND: INCMP ­> REACH: FE80::C801:6FF:FEA9:1C Five • • • • • ND messages : Router Solicitation (Type 133) Router Advertisement (Type 134) Neighbor Solicitation (Type 135) Neighbor Advertisement (Type 136) Redirect (Type 137) 2. NEIGHBOR DISCOVERY MESSAGES 2.1. Router Solicitation Sent by a host to get information from neighboring routers. MAC Layer • Source MAC Address is NIC address • Destination is all routers MAC address 33-33-00-00-00-02 IPv6 Layer • Link local or unspecified IPv6 address. • Link local all routers IPv6 address ICMPv6 Layer • Type 133 • Code 0 3 02/10/14 ­ IPv6 For Life
  • 4. Fred Bovy. ccie #3013 • • ICMPv6 Checksum Source Link-Layer Address option ICMPv6 Option (Source link­layer address)         Type: Source link­layer address (1)         Length: 8         Link­layer address: ca:02:06:a9:00:54 2.2. Router Advertisement Illustration 1: Router Advertisement recevied from FREE SP Sent unsolicited on a regular basis or as an answer to a router solicitation. Ethernet header: • Source MAC of the sending NIC 4 02/10/14 ­ IPv6 For Life
  • 5. Fred Bovy. ccie #3013 • Destination MAC Address will be 33-33-00-00-00-01 IPv6 header: • Link local source • Destination will be all-nodes : FF02::1 or the unicast address of the station which has sent the Router Solicitation • Hop Limit 255 Router Advertisement: • Type 134 • Code 0 • Checksum ICMPv6 • Current Hop Limit • Managed Address Configuration Flag • Other Stateful Configuration Flag • Default Router Preference • Reserved • Router Lifetime • Retransmission timer • Source Link-Layer Address Option • MTU Option • Prefix Information Ooptions • Advertisement Interval Option • Home Agent Information Option • Route information options Capture Frame 5801 (118 bytes on wire, 118 bytes captured) Ethernet II, Src: ca:02:06:a9:00:1c (ca:02:06:a9:00:1c), Dst:  IPv6mcast_00:00:00:01 (33:33:00:00:00:01)     Destination: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)     Source: ca:02:06:a9:00:1c (ca:02:06:a9:00:1c)     Type: IPv6 (0x86dd) Internet Protocol Version 6     0110 .... = Version: 6     .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0     .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000     Payload length: 64     Next header: ICMPv6 (0x3a)     Hop limit: 255     Source: fe80::c802:6ff:fea9:1c (fe80::c802:6ff:fea9:1c)     Destination: ff02::1 (ff02::1) Internet Control Message Protocol v6 5 02/10/14 ­ IPv6 For Life
  • 6. Fred Bovy. ccie #3013     Type: 134 (Router advertisement)     Code: 0     Checksum: 0x90a8 [correct]     Cur hop limit: 64     Flags: 0x00     Router lifetime: 1800     Reachable time: 0     Retrans timer: 0     ICMPv6 Option (Source link­layer address)         Type: Source link­layer address (1)         Length: 8         Link­layer address: ca:02:06:a9:00:1c     ICMPv6 Option (MTU)         Type: MTU (5)         Length: 8 MTU: 1500 ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix length: 64 Flags: 0xc0 Valid lifetime: 2592000 Preferred lifetime: 604800 Prefix: 2001:db8:c0a8:b:: 2.3. Neighbor Solicitation. 6 02/10/14 ­ IPv6 For Life
  • 7. Fred Bovy. ccie #3013 Illustration 2: NS sent to ourself for DAD Type 135 Code 0 Target Address Source Link-Layer Address Option NS are used: • To ask the link layer address of a neighbor The Destination Address will be the solicited Node Multicast Address • In the Duplicate Address Detection Procedure or DAD. The Destination Address will be its own Address • To check if a neighbor is alive (Neighbor Unreachability Detection or NUD) The Destination Address will be the Unicast address of the Neighbor. Capture: Frame 5344 (86 bytes on wire, 86 bytes captured) Ethernet II, Src: ca:01:06:a9:00:1c (ca:01:06:a9:00:1c), Dst: ca:00:06:a9:00:1c (ca:00:06:a9:00:1c) Destination: ca:00:06:a9:00:1c (ca:00:06:a9:00:1c) 7 02/10/14 ­ IPv6 For Life
  • 8. Fred Bovy. ccie #3013 Source: ca:01:06:a9:00:1c (ca:01:06:a9:00:1c) Type: IPv6 (0x86dd) Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c801:6ff:fea9:1c (fe80::c801:6ff:fea9:1c) Destination: 2001:db8:c0a8:b:c800:6ff:fea9:1c (2001:db8:c0a8:b:c800:6ff:fea9:1c) Internet Control Message Protocol v6 Type: 135 (Neighbor solicitation) Code: 0 Checksum: 0x6230 [correct] Target: 2001:db8:c0a8:b:c800:6ff:fea9:1c (2001:db8:c0a8:b:c800:6ff:fea9:1c) ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: ca:01:06:a9:00:1c 2.4. Neighbor Advertisement Type 136 Code 0 Router Flag Solicited flag Override Flag Target Address Target Link-Layer Address Option Answer to Neighbor Solicitation Capture: Frame 23 (454 bytes on wire, 454 bytes captured) Ethernet II, Src: ca:02:09:b9:00:08 (ca:02:09:b9:00:08), Dst: ca:01:09:b9:00:08 (ca:01:09:b9:00:08) Internet Protocol Version 6 Internet Control Message Protocol v6 Type: 136 (Neighbor advertisement) Code: 0 Checksum: 0xc988 [correct] Flags: 0x60000000 Target: 2001::347c:26bf:9a38:61c3 (2001::347c:26bf:9a38:61c3) ICMPv6 Option (Target link-layer address) ICMPv6 Option (CGA) 8 02/10/14 ­ IPv6 For Life
  • 9. Fred Bovy. ccie #3013 ICMPv6 Option (Timestamp) ICMPv6 Option (Nonce) ICMPv6 Option (RSA Signature) 2.5. Redirect Inform a neighbor of a better next hop to reaach a particular destination. Capture: Internet Control Message Protocol v6 Type: 137 (Redirect) Code: 0 Checksum: 0xd231 [correct] rfc (2001:db8:c0a8:a:c800:6ff:fea9:1c) Destination: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c) ICMPv6 Option (Target link-layer address) Type: Target link-layer address (2) Length: 8 Link-layer address: ca:00:06:a9:00:1c ICMPv6 Option (Redirected header) Type: Redirected header (4) Length: 112 Reserved: 0 (correct) Redirected packet Internet Protocol Version 6 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 60 Next header: ICMPv6 (0x3a) Hop limit: 63 Source: 2001:db8:c0a8:b::1 (2001:db8:c0a8:b::1) Destination: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c) Internet Control Message Protocol v6 Type: 128 (Echo request) Code: 0 Checksum: 0xbce7 [correct] ID: 0x22ef Sequence: 0x0004 Data (52 bytes) 0000 0010 0020 0030 04 14 24 34 05 15 25 35 06 16 26 36 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 37 ................ ............ !"# $%&'()*+,-./0123 4567 3.0 PROCEDURES Neighbor Discovery is activated by a Finite State Machine. It is much more powerful and optimized than ARP which has only a timer to purge oldest entries. 9 02/10/14 ­ IPv6 For Life
  • 10. Fred Bovy. ccie #3013 It is presented in a very simplified FSM below. Defaults timers length are in RFC4861. Illustration 3: IPv6 ND Simplified FSM 10 02/10/14 ­ IPv6 For Life
  • 11. Fred Bovy. ccie #3013 3.1. Neighbor Discovery Options 3.1.1. Source Link-Layer address Option Frame 56 (118 bytes on wire, 118 bytes captured) Ethernet II, Src: ca:02:06:a9:00:54 (ca:02:06:a9:00:54), Dst: IPv6mcast_00:00:00:01  (33:33:00:00:00:01)     Destination: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)     Source: ca:02:06:a9:00:54 (ca:02:06:a9:00:54)     Type: IPv6 (0x86dd) Internet Protocol Version 6     0110 .... = Version: 6     .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0     .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000     Payload length: 64     Next header: ICMPv6 (0x3a)     Hop limit: 255     Source: fe80::c802:6ff:fea9:54 (fe80::c802:6ff:fea9:54)     Destination: ff02::1 (ff02::1) Internet Control Message Protocol v6     Type: 134 (Router advertisement)     Code: 0     Checksum: 0x9040 [correct]     Cur hop limit: 64     Flags: 0x00     Router lifetime: 1800     Reachable time: 0     Retrans timer: 0     ICMPv6 Option (Source link­layer address)         Type: Source link­layer address (1)         Length: 8         Link­layer address: ca:02:06:a9:00:54     ICMPv6 Option (MTU)         Type: MTU (5)         Length: 8         MTU: 1500     ICMPv6 Option (Prefix information)         Type: Prefix information (3)         Length: 32         Prefix length: 64         Flags: 0xc0         Valid lifetime: 2592000         Preferred lifetime: 604800         Prefix: 2001:db8:c0a8:3:: 3.1.2. Target Link-Layer address Option Frame 25 (86 bytes on wire, 86 bytes captured) Ethernet II, Src: ca:01:06:a9:00:54 (ca:01:06:a9:00:54), Dst: ca:02:06:a9:00:54 (ca:02:06:a9:00:54) Destination: ca:02:06:a9:00:54 (ca:02:06:a9:00:54) Source: ca:01:06:a9:00:54 (ca:01:06:a9:00:54) Type: IPv6 (0x86dd) Internet Protocol Version 6 11 02/10/14 ­ IPv6 For Life
  • 12. Fred Bovy. ccie #3013 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 32 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c801:6ff:fea9:54 (fe80::c801:6ff:fea9:54) Destination: fe80::c802:6ff:fea9:54 (fe80::c802:6ff:fea9:54) Internet Control Message Protocol v6 Type: 136 (Neighbor advertisement) Code: 0 Checksum: 0x5f24 [correct] Flags: 0xe0000000 Target: fe80::c801:6ff:fea9:54 (fe80::c801:6ff:fea9:54) ICMPv6 Option (Target link-layer address) Type: Target link-layer address (2) Length: 8 Link-layer address: ca:01:06:a9:00:54 3.1.3. Prefix Information Option Sent with a Router Advertisement. More than one prefixes can be included. Type. 3 Length. 4. Prefix Length. 8 bits. Generally 64. On-Link Flag. 1 bit. Autonomous Flag. 1 bit. Router Address flag. Defined in RFC 3775 for Mobile IPv6 Site Prefix Flag. Reserved1. Valid Lifetime. Prefered Lifetime.. Reserved2 Site Prefix Length. Prefix. Frame 56 (118 bytes on wire, 118 bytes captured) Ethernet II, Src: ca:02:06:a9:00:54 (ca:02:06:a9:00:54), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Destination: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Source: ca:02:06:a9:00:54 (ca:02:06:a9:00:54) Type: IPv6 (0x86dd) Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 64 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c802:6ff:fea9:54 (fe80::c802:6ff:fea9:54) Destination: ff02::1 (ff02::1) Internet Control Message Protocol v6 Type: 134 (Router advertisement) 12 02/10/14 ­ IPv6 For Life
  • 13. Fred Bovy. ccie #3013 Code: 0 Checksum: 0x9040 [correct] Cur hop limit: 64 Flags: 0x00 Router lifetime: 1800 Reachable time: 0 Retrans timer: 0 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: ca:02:06:a9:00:54 ICMPv6 Option (MTU) Type: MTU (5) Length: 8 MTU: 1500 ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix length: 64 Flags: 0xc0 Valid lifetime: 2592000 Preferred lifetime: 604800 Prefix: 2001:db8:c0a8:3:: 3.1.4. Redirected Header Option Frame 92 (214 bytes on wire, 214 bytes captured) Ethernet II, Src: ca:01:06:a9:00:1c (ca:01:06:a9:00:1c), Dst: ca:02:06:a9:00:1c (ca:02:06:a9:00:1c) Destination: ca:02:06:a9:00:1c (ca:02:06:a9:00:1c) Source: ca:01:06:a9:00:1c (ca:01:06:a9:00:1c) Type: IPv6 (0x86dd) Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 160 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c801:6ff:fea9:1c (fe80::c801:6ff:fea9:1c) Destination: 2001:db8:c0a8:b::1 (2001:db8:c0a8:b::1) Internet Control Message Protocol v6 Type: 137 (Redirect) Code: 0 Checksum: 0xd231 [correct] Target: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c) Destination: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c) ICMPv6 Option (Target link-layer address) Type: Target link-layer address (2) Length: 8 Link-layer address: ca:00:06:a9:00:1c ICMPv6 Option (Redirected header) Type: Redirected header (4) Length: 112 Reserved: 0 (correct) Redirected packet Internet Protocol Version 6 13 02/10/14 ­ IPv6 For Life
  • 14. Fred Bovy. ccie #3013 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 60 Next header: ICMPv6 (0x3a) Hop limit: 63 Source: 2001:db8:c0a8:b::1 (2001:db8:c0a8:b::1) Destination: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c) Internet Control Message Protocol v6 Type: 128 (Echo request) Code: 0 Checksum: 0xbce7 [correct] ID: 0x22ef Sequence: 0x0004 Data (52 bytes) 0000 0010 0020 0030 04 14 24 34 05 15 25 35 06 16 26 36 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 37 ................ ............ !"# $%&'()*+,-./0123 4567 3.1.5. MTU Option Frame 56 (118 bytes on wire, 118 bytes captured) Ethernet II, Src: ca:02:06:a9:00:54 (ca:02:06:a9:00:54), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Destination: IPv6mcast_00:00:00:01 (33:33:00:00:00:01) Source: ca:02:06:a9:00:54 (ca:02:06:a9:00:54) Type: IPv6 (0x86dd) Internet Protocol Version 6 0110 .... = Version: 6 .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 64 Next header: ICMPv6 (0x3a) Hop limit: 255 Source: fe80::c802:6ff:fea9:54 (fe80::c802:6ff:fea9:54) Destination: ff02::1 (ff02::1) Internet Control Message Protocol v6 Type: 134 (Router advertisement) Code: 0 Checksum: 0x9040 [correct] Cur hop limit: 64 Flags: 0x00 Router lifetime: 1800 Reachable time: 0 Retrans timer: 0 ICMPv6 Option (Source link-layer address) Type: Source link-layer address (1) Length: 8 Link-layer address: ca:02:06:a9:00:54 ICMPv6 Option (MTU) 14 02/10/14 ­ IPv6 For Life
  • 15. Fred Bovy. ccie #3013 Type: MTU (5) Length: 8 MTU: 1500 ICMPv6 Option (Prefix information) Type: Prefix information (3) Length: 32 Prefix length: 64 Flags: 0xc0 Valid lifetime: 2592000 Preferred lifetime: 604800 Prefix: 2001:db8:c0a8:3:: 3.1.6. Route Information Option Sent in Router Advertisement (see RFC4191.) Type Length Prefix Length Reserved1 Preference Reserved2 Route Lifetime Prefix In the RA it is possible to advertise Recursive DNS Servers (RFC 5006): 3.1.7. Recursive DNS Server Option Type 25 Length Reserved Lifetime MaxRtrAdvInterval <= Lifetime <= 2* MaxRtrAdvInterval IPv6 DNS Recursive DNS Servers Addresses 15 02/10/14 ­ IPv6 For Life
  • 16. Fred Bovy. ccie #3013 4.0 STATELESS ADDRESS AUTOCONFIGURATION (SLAAC) 16 02/10/14 ­ IPv6 For Life
  • 17. Fred Bovy. ccie #3013 Illustration 4: Stateless Address Autoconfig A host starting without an IPv6 address will first allocate a Link-Local Address for each interface and test it's unique. If this fails the interface is disable for IPv6. STOP 17 02/10/14 ­ IPv6 For Life
  • 18. Fred Bovy. ccie #3013 Illustration 5: SLAAC Prefix list option processing A->B Otherwise it sends a Router Solicitation and wait Router Advertisements. If it can find a prefix list option it tries to derive an IPv6 address from each prefix according to flags and timers advertised with each prefix and the DAD procedure to verify if it is unique. This is done between A and B on the diagram. In both case it build the address from the prefix receives or the Link-Local and an Interface ID of 64 bits. The Interface ID can be derived from the MAC Address, this is EUI-64 or it can be random and replaced on a regular basis for confidentiality. 18 02/10/14 ­ IPv6 For Life
  • 19. Fred Bovy. ccie #3013 Once it has made an IPv6 address, it uses ND DAD (Duplicate Address Detection) to check that the address is unique. DAD is just sending a NS to itself and wait. If somebody replies there is a DUP. After a short timeout the address is considered unique and initialized. For the Link-Local address, the interface is disabled for IPv6 if it fails. If Secured Neighbor Discovery is in used it makes two more tries with two more computed addresses (CGA). In the normal case, without SeND, it disables it immediately after the first failure. IPv6 is down for this interface. If the address is a DUP, for Global addresses derived from the prefix received from the Routers, the address is not used but the interface it still Up. ‘Debug ipv6 nd’ Cisco Capture with SeND: *Sep 23 04:06:46.348: *Sep 23 04:06:47.352: changed state to up *Sep 23 04:06:47.368: *Sep 23 04:06:47.368: FastEthernet2/0 *Sep 23 04:06:47.376: *Sep 23 04:06:47.388: *Sep 23 04:06:47.632: *Sep 23 04:06:47.636: *Sep 23 04:06:47.776: *Sep 23 04:06:47.780: *Sep 23 04:06:47.788: *Sep 23 04:06:48.376: *Sep 23 04:06:48.380: *Sep 23 04:06:48.384: *Sep 23 04:06:48.428: FastEthernet2/0 *Sep 23 04:06:48.432: *Sep 23 04:06:48.436: *Sep 23 04:06:48.440: *Sep 23 04:06:48.444: *Sep 23 04:06:48.444: FastEthernet2/0 *Sep 23 04:06:48.452: *Sep 23 04:06:48.456: *Sep 23 04:06:48.456: *Sep 23 04:06:48.460: *Sep 23 04:06:49.436: *Sep 23 04:06:49.440: *Sep 23 04:06:49.444: *Sep 23 04:06:59.808: *Sep 23 04:06:59.808: *Sep 23 04:07:04.532: *Sep 23 04:07:04.536: FastEthernet2/0 *Sep 23 04:07:04.544: *Sep 23 04:07:04.548: 19 %LINK-3-UPDOWN: Interface FastEthernet2/0, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0, ICMPv6-ND: L2 came up on FastEthernet2/0 IPv6-Addrmgr-ND: DAD request for FE80::C801:6FF:FEA9:38 on ICMPv6-ND: Sending NS for FE80::C801:6FF:FEA9:38 on FastEthernet2/0 ICMPv6-ND: ND output feature SEND executed on 7 - rc=0 ICMPv6-ND: Sending RS on FastEthernet2/0 ICMPv6-ND: ND output feature SEND executed on 7 - rc=0 ICMPv6-ND: ND input feature SEND executed on 7 - rc=0 ICMPv6-ND: Received RA from FE80::C802:6FF:FEA9:38 on FastEthernet2/0 ICMPv6-ND: Autoconfiguring F:2::C801:6FF:FEA9:38 on FastEthernet2/0 IPv6-Addrmgr-ND: DAD: FE80::C801:6FF:FEA9:38 is unique. ICMPv6-ND: Sending NA for FE80::C801:6FF:FEA9:38 on FastEthernet2/0 ICMPv6-ND: L3 came up on FastEthernet2/0 IPv6-Addrmgr-ND: DAD request for F:2::C801:6FF:FEA9:38 on ICMPv6-ND: ICMPv6-ND: ICMPv6-ND: ICMPv6-ND: ICMPv6-ND: Sending NS for F:2::C801:6FF:FEA9:38 on FastEthernet2/0 Linklocal FE80::C801:6FF:FEA9:38 on FastEthernet2/0, Up Created RA context for FE80::C801:6FF:FEA9:38 Request to send RA for FE80::C801:6FF:FEA9:38 Sending RA from FE80::C801:6FF:FEA9:38 to FF02::1 on ICMPv6-ND: MTU = 1500 ICMPv6-ND: ND output feature SEND executed on 7 - rc=0 ICMPv6-ND: ND output feature SEND executed on 7 - rc=0 ICMPv6-ND: ND output feature SEND executed on 7 - rc=0 IPv6-Addrmgr-ND: DAD: F:2::C801:6FF:FEA9:38 is unique. ICMPv6-ND: Sending NA for F:2::C801:6FF:FEA9:38 on FastEthernet2/0 ICMPv6-ND: ND output feature SEND executed on 7 - rc=0 ICMPv6-ND: ND input feature SEND executed on 5 - rc=0 ICMPv6-ND: Received RA from FE80::C800:6FF:FEA9:1C on FastEthernet1/0 ICMPv6-ND: Request to send RA for FE80::C801:6FF:FEA9:38 ICMPv6-ND: Sending RA from FE80::C801:6FF:FEA9:38 to FF02::1 on ICMPv6-ND: MTU = 1500 ICMPv6-ND: ND output feature SEND executed on 7 - rc=0 02/10/14 ­ IPv6 For Life
  • 20. Fred Bovy. ccie #3013 CISCO “show interface”: r2(config-if)#do show ipv6 interface f2/0 FastEthernet2/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::C801:6FF:FEA9:38 No Virtual link-local address(es): Stateless address autoconfig enabled Global unicast address(es): F:2::C801:6FF:FEA9:38, subnet is F:2::/64 [EUI/CAL/PRE] valid lifetime 2591913 preferred lifetime 604713 • Joined group address(es): FF02::1 FF02::2 FF02::D FF02::16 FF02::1:FFA9:38 MTU is 1500 bytes ICMP error messages limited to one every 100 milliseconds ICMP redirects are enabled ICMP unreachables are sent Output features: MFIB Adjacency ND DAD is enabled, number of DAD attempts: 1 ND reachable time is 30000 milliseconds (using 30000) ND advertised reachable time is 0 (unspecified) ND advertised retransmit interval is 0 (unspecified) ND router advertisements are sent every 200 seconds ND router advertisements live for 1800 seconds ND advertised default router preference is Medium Hosts use stateless autoconfig for addresses. 5.0 STATEFUL ADDRESS AUTOCONFIGURATION. (DHCPV6) Illustration 6: DHCP Header from Non Temp DHCPv6 can also be used to provide automatically addresses and other 20 02/10/14 ­ IPv6 For Life
  • 21. Fred Bovy. ccie #3013 parameters such as DNS server address and other servers but no Router by default. RA are still needed or you need static configurations on the workstations. An "identity­association" (IA) is a construct through which a server and a client can identify, group, and manage a set of related IPv6 addresses.  Each IA consists of an IAID and associated configuration information. DHCPv6 can manage Temporary Random Addresses. This is when the client wants to change often its address, generally every day so the client cannot be identified from his source address. This was requested by IPv4 folks when they complained about privacy with IPv6 as we always had the same address on the Net. So the Temporary addresses were introduced and can be managed by SLAAC or DHCPv6. When Temporary Addresses are used, the header does not include T1 and T2 timers to advertise the frequency for the Lease refreshment to keep one address. It must be managed by the client alone. A DHCPv6 header contains an "identity-association" (IA) which is a group of Addresses that can be used by the Client and the Server. Each IA has an IAID. The Configuration of the IA has a T1 and a T2 Timer for all the addresses. T1 is the timer when the the client should Renew its Lease with its own server. If Renew has failed when T2 expires, it it is time for the client to Rebind. Restarting the process from scratch discovering all DHCP Servers available and then hopefully select one to send a Request if a server replied with a RA. 21 02/10/14 ­ IPv6 For Life
  • 22. Fred Bovy. ccie #3013 Illustration 7: Synchronization DHCP with IPv6 Timers 5.1 capture of the two fi rst packets DHCP SOLICIT Internet Protocol Version 6 0110 .... = Version: 6 [0110 .... = This field makes the filter "ip.version == 6" possible: 6] .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 56 Next header: UDP (0x11) Hop limit: 255 Source: fe80::38b1:e73c:c0f0:4442 (fe80::38b1:e73c:c0f0:4442) Destination: ff02::1:2 (ff02::1:2) User Datagram Protocol, Src Port: dhcpv6-client (546), Dst Port: dhcpv6-server (547) Source port: dhcpv6-client (546) Destination port: dhcpv6-server (547) Length: 56 22 02/10/14 ­ IPv6 For Life
  • 23. Fred Bovy. ccie #3013 Checksum: 0x86f0 [validation disabled] DHCPv6 Message type: Solicit (1) Transaction-ID: 0x00b33306 Elapsed time option type: 8 option length: 2 elapsed-time: 0 ms Client Identifier option type: 1 option length: 10 DUID type: link-layer address (3) Hardware type: Ethernet (1) Link-layer address: ba:02:42:76:00:08 Option Request option type: 6 option length: 4 Requested Option code: DNS recursive name server (23) Requested Option code: Domain Search List (24) Identity Association for Non-temporary Address option type: 3 option length: 12 IAID: 262145 T1: 0 T2: 0 DHCP ADVERTISE Internet Protocol Version 6 0110 .... = Version: 6 [0110 .... = This field makes the filter "ip.version == 6" possible: 6] .... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0 .... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000 Payload length: 102 Next header: UDP (0x11) Hop limit: 255 Source: fe80::2027:9779:3775:5cf8 (fe80::2027:9779:3775:5cf8) Destination: fe80::38b1:e73c:c0f0:4442 (fe80::38b1:e73c:c0f0:4442) User Datagram Protocol, Src Port: dhcpv6-server (547), Dst Port: dhcpv6-client (546) Source port: dhcpv6-server (547) Destination port: dhcpv6-client (546) Length: 102 Checksum: 0x6db3 [validation disabled] DHCPv6 Message type: Advertise (2) Transaction-ID: 0x00b44306 Server Identifier option type: 2 option length: 10 DUID type: link-layer address (3) Hardware type: Ethernet (1) Link-layer address: ca:03:42:76:00:08 23 02/10/14 ­ IPv6 For Life
  • 24. Fred Bovy. ccie #3013 Client Identifier option type: 1 option length: 10 DUID type: link-layer address (3) Hardware type: Ethernet (1) Link-layer address: ca:02:42:76:00:08 Identity Association for Non-temporary Address option type: 3 option length: 40 IAID: 262145 T1: 43200 T2: 69120 IA Address option type: 5 option length: 24 IPv6 address: bad:1:2:2d98:8e14:c0b1:6ef5:8548 Preferred lifetime: 86400 Valid lifetime: 172800 Domain Search List option type: 24 option length: 14 DNS Domain Search List Domain: fredbovy.com We miss Request and Reply packets in this capture. 5.2 Other CISCO Useful commands R4>show ipv6 dhcp This device's DHCPv6 unique identifier(DUID): 00030001CA0342760008 R4>show ipv6 dhcp int FastEthernet0/0 is in server mode Using pool: fred Preference value: 0 Hint from client: ignored Rapid-Commit: disabled R4#show ipv6 dhcp pool DHCPv6 pool: fred Static bindings: Binding for client BADCAF0E IA PD: IA ID not specified Prefix: DEAD:BEEF::/48 preferred lifetime 604800, valid lifetime 2592000 Address allocation prefix: DEAD:BEEF:1:2:3::/64 valid 172800 preferred 86400 (1 in use, 0 conflicts) Domain name: fredbovy.com Active clients: 1 R4#show ipv6 dhcp bind Client: FE80::38B1:E73C:C0F0:4442 DUID: 00030001CA0242760008 Username : unassigned IA NA: IA ID 0x00040001, T1 43200, T2 69120 Address: DEAD:BEEF:1:2:6090:18A5:E017:DE5C preferred lifetime 86400, valid lifetime 172800 expires at Aug 11 2010 03:23 PM (172554 seconds) hote#show ipv6 dhcp interface FastEthernet0/0 is in client mode Prefix State is IDLE Address State is OPEN 24 02/10/14 ­ IPv6 For Life
  • 25. Fred Bovy. ccie #3013 Renew for address will be sent in 11:39:08 List of known servers: Reachable via address: FE80::2027:9779:3775:5CF8 DUID: 00030001CA0342760008 Preference: 0 Configuration parameters: IA NA: IA ID 0x00040001, T1 43200, T2 69120 Address: BAD:1:2:FC64:8ECC:593A:15C3:654/128 preferred lifetime 86400, valid lifetime 172800 expires at Aug 11 2010 02:36 PM (171549 seconds) Domain name: fredbovy.com Information refresh time: 0 Prefix Rapid-Commit: disabled Address Rapid-Commit: disabled Configuration: interface FastEthernet0/0 ipv6 address dhcp 6.0 DHCPV6 STATELESS AUTOCONFIGURATION In this hybrid mode, DHCPv6 is not used for address allocation but for other (stateless) parameters. Typically RA and SLAAC are used to configure addresses while DHCPv6 is only used to get DNS Domain name, SIP Servers configurations or any other specific configurations. It is stateless because DHCPv6 does not allocate address so it does not have to keep a state for each allocated address in order to recover the address if the client is gone without releasing the lease. A DHCP Lease is provided with two timers T1 and T2. When T1 expires, the client should renew its lease with its DHCP server to say that it is going to keep it. When T2 expires and the client has not been able to Renew its address with its server it must rebind, restarting from scratch a DNS Server discovery (Solicit) to find any server able to provide an address. With Stateless DHCP we do not need these timers. The client sends an “Information Request “ message. And the server sends a reply. 7. DHCP PREFIX BASED In IPv6 it is possible to request a block of addresses instead of a single address. This way when a site is started, it requests a block to the Service Provider and it 25 02/10/14 ­ IPv6 For Life
  • 26. Fred Bovy. ccie #3013 configures all its Networks from this block. For instance it request a /56 block which will give it 256 Networks to configure. Illustration 8: IA PD headers 8. SUMMARY 26 02/10/14 ­ IPv6 For Life
  • 27. Fred Bovy. ccie #3013 27 02/10/14 ­ IPv6 For Life
  • 28. Fred Bovy. ccie #3013 Illustration 9: IPv6 Addressing methods To summarize, it is possible to combine these methods for instance, receive a Prefixe as a DHCP-PD Client, subnet it and configure the router interfaces. The attached workstation will automatically configure their default gateway and Global Addresses from the router RA. Then they can receive additional configuration from a DHCPv6 Stateless server like a SIP Server address 28 02/10/14 ­ IPv6 For Life