2. Fred Bovy. ccie #3013
1. INTRODUCTION
More details to the presentation:
http://www.ipv6forlife.com/Docs/IPv6Autoconfig20c.pdf
ND
o
o
o
o
o
is used by End Nodes to :
Resolve data link layer address to send a frame (ARP functionality).
Determine when the address of a neighbor has changed
Determine if a neighbor is still reachable
Discover the neighbors
Autoconfigure addresses, prefixes, routes and other parameters
ND is used by Routers to:
o Announce their presence, provide host with configuration parameters,
routes and prefixes.
o Inform a host about a better next hop to transmit a packet for a particular
destination.
ND processes are for:
o Routers discovery
o Prefixes discovery
o Automatic address Configuration
o Information to a host when a better next-host exists for a packet it is routing
The Processes are:
✔ MAC Address resolution
✔ Next-hop Determination
✔ Unreachable neighbor detection
✔ Duplicate Address Detection
CISCO ROUTER LOG:
*Sep 22 03:55:50.586: %LINK3UPDOWN: Interface FastEthernet1/0, changed state to up
*Sep 22 03:55:51.586: %LINEPROTO5UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to
up
*Sep 22 03:55:51.598: ICMPv6ND: L2 came up on FastEthernet1/0
*Sep 22 03:55:51.602: IPv6AddrmgrND: DAD request for FE80::C800:6FF:FEA9:1C on FastEthernet1/0
*Sep 22 03:55:51.606: ICMPv6ND: Sending NS for FE80::C800:6FF:FEA9:1C on FastEthernet1/0
*Sep 22 03:55:51.626: ICMPv6ND: ND output feature SEND executed on 5 rc=0
*Sep 22 03:55:51.638: %SYS5CONFIG_I: Configured from console by console
*Sep 22 03:55:52.610: IPv6AddrmgrND: DAD: FE80::C800:6FF:FEA9:1C is unique.
*Sep 22 03:55:52.618: ICMPv6ND: Sending NA for FE80::C800:6FF:FEA9:1C on FastEthernet1/0
*Sep 22 03:55:52.618: ICMPv6ND: L3 came up on FastEthernet1/0
*Sep 22 03:55:52.666: IPv6AddrmgrND: DAD request for F:1::1 on FastEthernet1/0
*Sep 22 03:55:52.678: ICMPv6ND: Sending NS for F:1::1 on FastEthernet1/0
*Sep 22 03:55:52.686: ICMPv6ND: Linklocal FE80::C :1
800:6FF:FEA9:1C on FastEthernet1/0, Up
2
02/10/14 IPv6 For Life
3. Fred Bovy. ccie #3013
*Sep 22 03:55:52.686: ICMPv6ND: Created RA context for FE80::C800:6FF:FEA9:1C
*Sep 22 03:55:52.690: ICMPv6ND: Request to send RA for FE80::C800:6FF:FEA9:1C
*Sep 22 03:55:52.698: ICMPv6ND: Sending RA from FE80::C800:6FF:FEA9:1C to FF02::1 on FastEthernet1/0
*Sep 22 03:55:52.706: ICMPv6ND: MTU = 1500
*Sep 22 03:55:52.706: ICMPv6ND: prefix = F:1::/64 onlink autoconfig
*Sep 22 03:55:52.710: ICMPv6ND: 2592000/604800 (valid/preferred)
*Sep 22 03:55:52.718: ICMPv6ND: ND output feature SEND executed on 5 rc=0
*Sep 22 03:55:52.718: ICMPv6ND: ND output feature SEND executed on 5 rc=0
*Sep 22 03:55:52.722: ICMPv6ND: ND output feature SEND executed on 5 rc=0
*Sep 22 03:55:53.682: IPv6AddrmgrND: DAD: F:1::1 is unique.
*Sep 22 03:55:53.682: ICMPv6ND: Sending NA for F:1::1 on FastEthernet1/0
*Sep 22 03:55:53.686: ICMPv6ND: ND output feature SEND executed on 5 rc=0
*Sep 22 03:55:54.558: ICMPv6ND: ULP neighbour FE80::C801:6FF:FEA9:1C on FastEthernet1/0
*Sep 22 03:55:54.562: ICMPv6ND: DELETE > INCMP: FE80::C801:6FF:FEA9:1C
*Sep 22 03:55:54.566: ICMPv6ND: Sending NS for FE80::C801:6FF:FEA9:1C on FastEthernet1/0
*Sep 22 03:55:54.570: ICMPv6ND: Set ULP NUD for FE80::C801:6FF:FEA9:1C on FastEthernet1/0
*Sep 22 03:55:54.594: ICMPv6ND: ND output feature SEND executed on 5 rc=0
*Sep 22 03:55:54.614: ICMPv6ND: ND input feature SEND executed on 5 rc=0
*Sep 22 03:55:54.618: ICMPv6ND: Received NA for FE80::C801:6FF:FEA9:1C on FastEthernet1/0 from
FE80::C801:6FF:FEA9:1C
*Sep 22 03:55:54.622: ICMPv6ND: Neighbour FE80::C801:6FF:FEA9:1C on FastEthernet1/0 : LLA
ca01.06a9.001c
*Sep 22 03:55:. 54622: ICMPv6ND: INCMP > REACH: FE80::C801:6FF:FEA9:1C
Five
•
•
•
•
•
ND messages :
Router Solicitation (Type 133)
Router Advertisement (Type 134)
Neighbor Solicitation (Type 135)
Neighbor Advertisement (Type 136)
Redirect (Type 137)
2. NEIGHBOR DISCOVERY MESSAGES
2.1. Router Solicitation
Sent by a host to get information from neighboring routers.
MAC Layer
• Source MAC Address is NIC address
• Destination is all routers MAC address 33-33-00-00-00-02
IPv6 Layer
• Link local or unspecified IPv6 address.
• Link local all routers IPv6 address
ICMPv6 Layer
• Type 133
• Code 0
3
02/10/14 IPv6 For Life
4. Fred Bovy. ccie #3013
•
•
ICMPv6 Checksum
Source Link-Layer Address option
ICMPv6 Option (Source linklayer address)
Type: Source linklayer address (1)
Length: 8
Linklayer address: ca:02:06:a9:00:54
2.2. Router Advertisement
Illustration 1: Router Advertisement recevied from FREE SP
Sent unsolicited on a regular basis or as an answer to a router solicitation.
Ethernet header:
• Source MAC of the sending NIC
4
02/10/14 IPv6 For Life
5. Fred Bovy. ccie #3013
•
Destination MAC Address will be 33-33-00-00-00-01
IPv6 header:
• Link local source
• Destination will be all-nodes : FF02::1 or the unicast address of the station
which has sent the Router Solicitation
• Hop Limit 255
Router Advertisement:
• Type 134
• Code 0
• Checksum ICMPv6
• Current Hop Limit
• Managed Address Configuration Flag
• Other Stateful Configuration Flag
• Default Router Preference
• Reserved
• Router Lifetime
• Retransmission timer
• Source Link-Layer Address Option
• MTU Option
• Prefix Information Ooptions
• Advertisement Interval Option
• Home Agent Information Option
• Route information options
Capture
Frame 5801 (118 bytes on wire, 118 bytes captured)
Ethernet II, Src: ca:02:06:a9:00:1c (ca:02:06:a9:00:1c), Dst:
IPv6mcast_00:00:00:01 (33:33:00:00:00:01)
Destination: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)
Source: ca:02:06:a9:00:1c (ca:02:06:a9:00:1c)
Type: IPv6 (0x86dd)
Internet Protocol Version 6
0110 .... = Version: 6
.... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 64
Next header: ICMPv6 (0x3a)
Hop limit: 255
Source: fe80::c802:6ff:fea9:1c (fe80::c802:6ff:fea9:1c)
Destination: ff02::1 (ff02::1)
Internet Control Message Protocol v6
5
02/10/14 IPv6 For Life
7. Fred Bovy. ccie #3013
Illustration 2: NS sent to ourself for DAD
Type 135
Code 0
Target Address
Source Link-Layer Address Option
NS are used:
• To ask the link layer address of a neighbor
The Destination Address will be the solicited Node Multicast Address
•
In the Duplicate Address Detection Procedure or DAD.
The Destination Address will be its own Address
•
To check if a neighbor is alive (Neighbor Unreachability Detection or NUD)
The Destination Address will be the Unicast address of the Neighbor.
Capture:
Frame 5344 (86 bytes on wire, 86 bytes captured)
Ethernet II, Src: ca:01:06:a9:00:1c (ca:01:06:a9:00:1c), Dst: ca:00:06:a9:00:1c
(ca:00:06:a9:00:1c)
Destination: ca:00:06:a9:00:1c (ca:00:06:a9:00:1c)
7
02/10/14 IPv6 For Life
8. Fred Bovy. ccie #3013
Source: ca:01:06:a9:00:1c (ca:01:06:a9:00:1c)
Type: IPv6 (0x86dd)
Internet Protocol Version 6
0110 .... = Version: 6
.... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 32
Next header: ICMPv6 (0x3a)
Hop limit: 255
Source: fe80::c801:6ff:fea9:1c (fe80::c801:6ff:fea9:1c)
Destination: 2001:db8:c0a8:b:c800:6ff:fea9:1c
(2001:db8:c0a8:b:c800:6ff:fea9:1c)
Internet Control Message Protocol v6
Type: 135 (Neighbor solicitation)
Code: 0
Checksum: 0x6230 [correct]
Target: 2001:db8:c0a8:b:c800:6ff:fea9:1c (2001:db8:c0a8:b:c800:6ff:fea9:1c)
ICMPv6 Option (Source link-layer address)
Type: Source link-layer address (1)
Length: 8
Link-layer address: ca:01:06:a9:00:1c
2.4. Neighbor Advertisement
Type 136
Code 0
Router Flag
Solicited flag
Override Flag
Target Address
Target Link-Layer Address Option
Answer to Neighbor Solicitation
Capture:
Frame 23 (454 bytes on wire, 454 bytes captured)
Ethernet II, Src: ca:02:09:b9:00:08 (ca:02:09:b9:00:08), Dst: ca:01:09:b9:00:08
(ca:01:09:b9:00:08)
Internet Protocol Version 6
Internet Control Message Protocol v6
Type: 136 (Neighbor advertisement)
Code: 0
Checksum: 0xc988 [correct]
Flags: 0x60000000
Target: 2001::347c:26bf:9a38:61c3 (2001::347c:26bf:9a38:61c3)
ICMPv6 Option (Target link-layer address)
ICMPv6 Option (CGA)
8
02/10/14 IPv6 For Life
9. Fred Bovy. ccie #3013
ICMPv6 Option (Timestamp)
ICMPv6 Option (Nonce)
ICMPv6 Option (RSA Signature)
2.5. Redirect
Inform a neighbor of a better next hop to reaach a particular destination.
Capture:
Internet Control Message Protocol v6
Type: 137 (Redirect)
Code: 0
Checksum: 0xd231 [correct]
rfc (2001:db8:c0a8:a:c800:6ff:fea9:1c)
Destination: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c)
ICMPv6 Option (Target link-layer address)
Type: Target link-layer address (2)
Length: 8
Link-layer address: ca:00:06:a9:00:1c
ICMPv6 Option (Redirected header)
Type: Redirected header (4)
Length: 112
Reserved: 0 (correct)
Redirected packet
Internet Protocol Version 6
0110 .... = Version: 6
.... 0000 0000 .... .... .... .... .... = Traffic class: 0x00000000
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 60
Next header: ICMPv6 (0x3a)
Hop limit: 63
Source: 2001:db8:c0a8:b::1 (2001:db8:c0a8:b::1)
Destination: 2001:db8:c0a8:a:c800:6ff:fea9:1c (2001:db8:c0a8:a:c800:6ff:fea9:1c)
Internet Control Message Protocol v6
Type: 128 (Echo request)
Code: 0
Checksum: 0xbce7 [correct]
ID: 0x22ef
Sequence: 0x0004
Data (52 bytes)
0000
0010
0020
0030
04
14
24
34
05
15
25
35
06
16
26
36
07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13
17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23
27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33
37
................
............ !"#
$%&'()*+,-./0123
4567
3.0 PROCEDURES
Neighbor Discovery is activated by a Finite State Machine. It is much more
powerful and optimized than ARP which has only a timer to purge oldest entries.
9
02/10/14 IPv6 For Life
10. Fred Bovy. ccie #3013
It is presented in a very simplified FSM below. Defaults timers length are in
RFC4861.
Illustration 3: IPv6 ND Simplified FSM
10
02/10/14 IPv6 For Life
15. Fred Bovy. ccie #3013
Type: MTU (5)
Length: 8
MTU: 1500
ICMPv6 Option (Prefix information)
Type: Prefix information (3)
Length: 32
Prefix length: 64
Flags: 0xc0
Valid lifetime: 2592000
Preferred lifetime: 604800
Prefix: 2001:db8:c0a8:3::
3.1.6. Route Information Option
Sent in Router Advertisement (see RFC4191.)
Type
Length
Prefix Length
Reserved1
Preference
Reserved2
Route Lifetime
Prefix
In the RA it is possible to advertise Recursive DNS Servers (RFC 5006):
3.1.7. Recursive DNS Server Option
Type 25
Length
Reserved
Lifetime
MaxRtrAdvInterval <= Lifetime <= 2* MaxRtrAdvInterval
IPv6 DNS Recursive DNS Servers Addresses
15
02/10/14 IPv6 For Life
16. Fred Bovy. ccie #3013
4.0 STATELESS ADDRESS AUTOCONFIGURATION (SLAAC)
16
02/10/14 IPv6 For Life
17. Fred Bovy. ccie #3013
Illustration 4: Stateless Address Autoconfig
A host starting without an IPv6 address will first allocate a Link-Local Address
for each interface and test it's unique. If this fails the interface is disable for IPv6.
STOP
17
02/10/14 IPv6 For Life
18. Fred Bovy. ccie #3013
Illustration 5: SLAAC Prefix list option processing A->B
Otherwise it sends a Router Solicitation and wait Router Advertisements. If it
can find a prefix list option it tries to derive an IPv6 address from each prefix
according to flags and timers advertised with each prefix and the DAD procedure
to verify if it is unique. This is done between A and B on the diagram.
In both case it build the address from the prefix receives or the Link-Local and an
Interface ID of 64 bits. The Interface ID can be derived from the MAC Address, this
is EUI-64 or it can be random and replaced on a regular basis for confidentiality.
18
02/10/14 IPv6 For Life
19. Fred Bovy. ccie #3013
Once it has made an IPv6 address, it uses ND DAD (Duplicate Address Detection)
to check that the address is unique. DAD is just sending a NS to itself and wait. If
somebody replies there is a DUP. After a short timeout the address is considered
unique and initialized. For the Link-Local address, the interface is disabled for IPv6
if it fails. If Secured Neighbor Discovery is in used it makes two more tries with
two more computed addresses (CGA). In the normal case, without SeND, it
disables it immediately after the first failure. IPv6 is down for this interface.
If the address is a DUP, for Global addresses derived from the prefix received from
the Routers, the address is not used but the interface it still Up.
‘Debug ipv6 nd’ Cisco Capture with SeND:
*Sep 23 04:06:46.348:
*Sep 23 04:06:47.352:
changed state to up
*Sep 23 04:06:47.368:
*Sep 23 04:06:47.368:
FastEthernet2/0
*Sep 23 04:06:47.376:
*Sep 23 04:06:47.388:
*Sep 23 04:06:47.632:
*Sep 23 04:06:47.636:
*Sep 23 04:06:47.776:
*Sep 23 04:06:47.780:
*Sep 23 04:06:47.788:
*Sep 23 04:06:48.376:
*Sep 23 04:06:48.380:
*Sep 23 04:06:48.384:
*Sep 23 04:06:48.428:
FastEthernet2/0
*Sep 23 04:06:48.432:
*Sep 23 04:06:48.436:
*Sep 23 04:06:48.440:
*Sep 23 04:06:48.444:
*Sep 23 04:06:48.444:
FastEthernet2/0
*Sep 23 04:06:48.452:
*Sep 23 04:06:48.456:
*Sep 23 04:06:48.456:
*Sep 23 04:06:48.460:
*Sep 23 04:06:49.436:
*Sep 23 04:06:49.440:
*Sep 23 04:06:49.444:
*Sep 23 04:06:59.808:
*Sep 23 04:06:59.808:
*Sep 23 04:07:04.532:
*Sep 23 04:07:04.536:
FastEthernet2/0
*Sep 23 04:07:04.544:
*Sep 23 04:07:04.548:
19
%LINK-3-UPDOWN: Interface FastEthernet2/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2/0,
ICMPv6-ND: L2 came up on FastEthernet2/0
IPv6-Addrmgr-ND: DAD request for FE80::C801:6FF:FEA9:38 on
ICMPv6-ND: Sending NS for FE80::C801:6FF:FEA9:38 on FastEthernet2/0
ICMPv6-ND: ND output feature SEND executed on 7 - rc=0
ICMPv6-ND: Sending RS on FastEthernet2/0
ICMPv6-ND: ND output feature SEND executed on 7 - rc=0
ICMPv6-ND: ND input feature SEND executed on 7 - rc=0
ICMPv6-ND: Received RA from FE80::C802:6FF:FEA9:38 on FastEthernet2/0
ICMPv6-ND: Autoconfiguring F:2::C801:6FF:FEA9:38 on FastEthernet2/0
IPv6-Addrmgr-ND: DAD: FE80::C801:6FF:FEA9:38 is unique.
ICMPv6-ND: Sending NA for FE80::C801:6FF:FEA9:38 on FastEthernet2/0
ICMPv6-ND: L3 came up on FastEthernet2/0
IPv6-Addrmgr-ND: DAD request for F:2::C801:6FF:FEA9:38 on
ICMPv6-ND:
ICMPv6-ND:
ICMPv6-ND:
ICMPv6-ND:
ICMPv6-ND:
Sending NS for F:2::C801:6FF:FEA9:38 on FastEthernet2/0
Linklocal FE80::C801:6FF:FEA9:38 on FastEthernet2/0, Up
Created RA context for FE80::C801:6FF:FEA9:38
Request to send RA for FE80::C801:6FF:FEA9:38
Sending RA from FE80::C801:6FF:FEA9:38 to FF02::1 on
ICMPv6-ND:
MTU = 1500
ICMPv6-ND: ND output feature SEND executed on 7 - rc=0
ICMPv6-ND: ND output feature SEND executed on 7 - rc=0
ICMPv6-ND: ND output feature SEND executed on 7 - rc=0
IPv6-Addrmgr-ND: DAD: F:2::C801:6FF:FEA9:38 is unique.
ICMPv6-ND: Sending NA for F:2::C801:6FF:FEA9:38 on FastEthernet2/0
ICMPv6-ND: ND output feature SEND executed on 7 - rc=0
ICMPv6-ND: ND input feature SEND executed on 5 - rc=0
ICMPv6-ND: Received RA from FE80::C800:6FF:FEA9:1C on FastEthernet1/0
ICMPv6-ND: Request to send RA for FE80::C801:6FF:FEA9:38
ICMPv6-ND: Sending RA from FE80::C801:6FF:FEA9:38 to FF02::1 on
ICMPv6-ND:
MTU = 1500
ICMPv6-ND: ND output feature SEND executed on 7 - rc=0
02/10/14 IPv6 For Life
20. Fred Bovy. ccie #3013
CISCO “show interface”:
r2(config-if)#do show ipv6 interface f2/0
FastEthernet2/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C801:6FF:FEA9:38
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
F:2::C801:6FF:FEA9:38, subnet is F:2::/64 [EUI/CAL/PRE]
valid lifetime 2591913 preferred lifetime 604713
•
Joined group address(es):
FF02::1
FF02::2
FF02::D
FF02::16
FF02::1:FFA9:38
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
Output features: MFIB Adjacency
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
5.0 STATEFUL ADDRESS AUTOCONFIGURATION. (DHCPV6)
Illustration 6: DHCP Header from Non Temp
DHCPv6 can also be used to provide automatically addresses and other
20
02/10/14 IPv6 For Life
21. Fred Bovy. ccie #3013
parameters such as DNS server address and other servers but no Router by
default. RA are still needed or you need static configurations on the workstations.
An "identityassociation" (IA) is a construct through which
a server and a client can identify, group, and manage a set
of related IPv6 addresses. Each IA consists of an IAID and
associated configuration information.
DHCPv6 can manage Temporary Random Addresses. This is when the client wants
to change often its address, generally every day so the client cannot be identified
from his source address. This was requested by IPv4 folks when they complained
about privacy with IPv6 as we always had the same address on the Net. So the
Temporary addresses were introduced and can be managed by SLAAC or DHCPv6.
When Temporary Addresses are used, the header does not include T1 and T2
timers to advertise the frequency for the Lease refreshment to keep one address.
It must be managed by the client alone.
A DHCPv6 header contains an "identity-association" (IA) which is a group of
Addresses that can be used by the Client and the Server. Each IA has an IAID.
The Configuration of the IA has a T1 and a T2 Timer for all the addresses. T1 is the
timer when the the client should Renew its Lease with its own server. If Renew
has failed when T2 expires, it it is time for the client to Rebind. Restarting the
process from scratch discovering all DHCP Servers available and then hopefully
select one to send a Request if a server replied with a RA.
21
02/10/14 IPv6 For Life
22. Fred Bovy. ccie #3013
Illustration 7: Synchronization DHCP with IPv6 Timers
5.1 capture of the two fi rst packets
DHCP SOLICIT
Internet Protocol Version 6
0110 .... = Version: 6
[0110 .... = This field makes the filter "ip.version == 6" possible: 6]
.... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 56
Next header: UDP (0x11)
Hop limit: 255
Source: fe80::38b1:e73c:c0f0:4442 (fe80::38b1:e73c:c0f0:4442)
Destination: ff02::1:2 (ff02::1:2)
User Datagram Protocol, Src Port: dhcpv6-client (546), Dst Port: dhcpv6-server
(547)
Source port: dhcpv6-client (546)
Destination port: dhcpv6-server (547)
Length: 56
22
02/10/14 IPv6 For Life
23. Fred Bovy. ccie #3013
Checksum: 0x86f0 [validation disabled]
DHCPv6
Message type: Solicit (1)
Transaction-ID: 0x00b33306
Elapsed time
option type: 8
option length: 2
elapsed-time: 0 ms
Client Identifier
option type: 1
option length: 10
DUID type: link-layer address (3)
Hardware type: Ethernet (1)
Link-layer address: ba:02:42:76:00:08
Option Request
option type: 6
option length: 4
Requested Option code: DNS recursive name server (23)
Requested Option code: Domain Search List (24)
Identity Association for Non-temporary Address
option type: 3
option length: 12
IAID: 262145
T1: 0
T2: 0
DHCP ADVERTISE
Internet Protocol Version 6
0110 .... = Version: 6
[0110 .... = This field makes the filter "ip.version == 6" possible: 6]
.... 1110 0000 .... .... .... .... .... = Traffic class: 0x000000e0
.... .... .... 0000 0000 0000 0000 0000 = Flowlabel: 0x00000000
Payload length: 102
Next header: UDP (0x11)
Hop limit: 255
Source: fe80::2027:9779:3775:5cf8 (fe80::2027:9779:3775:5cf8)
Destination: fe80::38b1:e73c:c0f0:4442 (fe80::38b1:e73c:c0f0:4442)
User Datagram Protocol, Src Port: dhcpv6-server (547), Dst Port: dhcpv6-client
(546)
Source port: dhcpv6-server (547)
Destination port: dhcpv6-client (546)
Length: 102
Checksum: 0x6db3 [validation disabled]
DHCPv6
Message type: Advertise (2)
Transaction-ID: 0x00b44306
Server Identifier
option type: 2
option length: 10
DUID type: link-layer address (3)
Hardware type: Ethernet (1)
Link-layer address: ca:03:42:76:00:08
23
02/10/14 IPv6 For Life
24. Fred Bovy. ccie #3013
Client Identifier
option type: 1
option length: 10
DUID type: link-layer address (3)
Hardware type: Ethernet (1)
Link-layer address: ca:02:42:76:00:08
Identity Association for Non-temporary Address
option type: 3
option length: 40
IAID: 262145
T1: 43200
T2: 69120
IA Address
option type: 5
option length: 24
IPv6 address: bad:1:2:2d98:8e14:c0b1:6ef5:8548
Preferred lifetime: 86400
Valid lifetime: 172800
Domain Search List
option type: 24
option length: 14
DNS Domain Search List
Domain: fredbovy.com
We miss Request and Reply packets in this capture.
5.2 Other CISCO Useful commands
R4>show ipv6 dhcp
This device's DHCPv6 unique identifier(DUID): 00030001CA0342760008
R4>show ipv6 dhcp int
FastEthernet0/0 is in server mode
Using pool: fred
Preference value: 0
Hint from client: ignored Rapid-Commit: disabled
R4#show ipv6 dhcp pool
DHCPv6 pool: fred Static bindings:
Binding for client BADCAF0E
IA PD: IA ID not
specified
Prefix: DEAD:BEEF::/48
preferred lifetime 604800, valid
lifetime 2592000 Address allocation prefix: DEAD:BEEF:1:2:3::/64 valid 172800
preferred 86400 (1 in use, 0 conflicts) Domain name: fredbovy.com Active clients: 1
R4#show ipv6 dhcp bind
Client: FE80::38B1:E73C:C0F0:4442
DUID: 00030001CA0242760008 Username : unassigned
IA NA: IA ID 0x00040001, T1 43200, T2 69120
Address: DEAD:BEEF:1:2:6090:18A5:E017:DE5C
preferred lifetime 86400, valid lifetime 172800
expires at Aug 11 2010 03:23 PM (172554 seconds)
hote#show ipv6 dhcp interface
FastEthernet0/0 is in client mode
Prefix State is IDLE
Address State is OPEN
24
02/10/14 IPv6 For Life
25. Fred Bovy. ccie #3013
Renew for address will be sent in 11:39:08
List of known servers:
Reachable via address: FE80::2027:9779:3775:5CF8
DUID: 00030001CA0342760008
Preference: 0
Configuration parameters:
IA NA: IA ID 0x00040001, T1 43200, T2 69120
Address: BAD:1:2:FC64:8ECC:593A:15C3:654/128
preferred lifetime 86400, valid lifetime 172800
expires at Aug 11 2010 02:36 PM (171549 seconds)
Domain name: fredbovy.com
Information refresh time: 0
Prefix Rapid-Commit: disabled
Address Rapid-Commit: disabled
Configuration:
interface FastEthernet0/0 ipv6 address dhcp
6.0 DHCPV6 STATELESS AUTOCONFIGURATION
In this hybrid mode, DHCPv6 is not used for address allocation but for other
(stateless) parameters. Typically RA and SLAAC are used to configure addresses
while DHCPv6 is only used to get DNS Domain name, SIP Servers configurations or
any other specific configurations.
It is stateless because DHCPv6 does not allocate address so it does not have to
keep a state for each allocated address in order to recover the address if the
client is gone without releasing the lease.
A DHCP Lease is provided with two timers T1 and T2.
When T1 expires, the client should renew its lease with its DHCP server to say that
it is going to keep it.
When T2 expires and the client has not been able to Renew its address with its
server it must rebind, restarting from scratch a DNS Server discovery (Solicit) to
find any server able to provide an address.
With Stateless DHCP we do not need these timers.
The client sends an “Information Request “ message. And the server sends a
reply.
7. DHCP PREFIX BASED
In IPv6 it is possible to request a block of addresses instead of a single address.
This way when a site is started, it requests a block to the Service Provider and it
25
02/10/14 IPv6 For Life
26. Fred Bovy. ccie #3013
configures all its Networks from this block.
For instance it request a /56 block which will give it 256 Networks to configure.
Illustration 8: IA PD headers
8. SUMMARY
26
02/10/14 IPv6 For Life
28. Fred Bovy. ccie #3013
Illustration 9: IPv6 Addressing methods
To summarize, it is possible to combine these methods for instance, receive a
Prefixe as a DHCP-PD Client, subnet it and configure the router interfaces. The
attached workstation will automatically configure their default gateway and Global
Addresses from the router RA. Then they can receive additional configuration from
a DHCPv6 Stateless server like a SIP Server address
28
02/10/14 IPv6 For Life
