IOS DHCPv6 deployment schemes
January 18, 2012 2 Comments
The following four posts are dedicated to DHCPv6 deployment. For the reasons I mentioned in the previous post, I used IOS version 12.4(24)T for all routers.
-
Stateful DHCPv6:
the client receives IPv6 prefix, DNS server and domain name through DHCP.
-
Stateless DHCPv6 + SLAAC:
the client receives IPv6 prefix through SLAAC, but gets the DNS server and domain name through DHCP.
-
Stateful DHCPv6 Relay (Rapid-commit):
clients are not in the same segment as the server.
-
Stateful DHCPv6 Prefix delegation (Rapid-commit):
a centrally located DHCP server controlling prefix delegation to intermediate DHCP servers.
(XXXX:YYYY pattern in certain IPv6 addresses is used to hide a part of prefixes for privacy purpose)
Stateful DHCPv6 [1/4]
Rapid-commit
For this classic client-server DHCPv6 model, I deployed both modes rapid and normal commit.
Picture1: Stateful DHCPv6 rapid-commit topology
Server configuration [> 12.4(24) T]:
ipv6 unicast-routing
ipv6 dhcp pool pool23 address prefix 2001:DB8:23::/64 lifetime infinite infinite dns-server XXXX:YYYY:8B6B:90E0::57 dns-server 2001:DB8::57 domain-name nouri.com
|
interface FastEthernet0/1
ipv6 address 2001:DB8:23::2/64 ipv6 dhcp server pool23 rapid-commit
|
R2(config-if)#do #do sh ipv6 int brief
FastEthernet0/0 [administratively down/down] unassigned FastEthernet0/1 [up/up] FE80::C803:37FF:FEAC:62001:DB8:23::2 FastEthernet1/0 [administratively down/down] unassigned FastEthernet1/1 [administratively down/down] unassigned R2(config-if)# |
Client configuration [> 12.4(24) T]:
ipv6 unicast-routing
!interface FastEthernet0/0 ipv6 address dhcp ipv6 enable |
Make sure to explicitly enable IPv6 on the interface otherwise the interface will not send the SOLLICIT message as shown below:
R3(config-if)#
*Oct 23 00:41:58.363: IPv6 DHCP: IPv6 not ready on FastEthernet0/0, message not sent |
With Rapid-Commit only 2 messages exchanged between the client and the server:
The Client asks for an address by sending SOLLICIT message and the Server responds with the address in REPLY message.
The other messages used in Normal-commit, the default mode, are used in an environment with redundant DHCPv6 servers so they are informed of the allocated addresses to avoid duplicate address assignment.
R3(config-if)#*Oct 23 00:43:13.179: IPv6 DHCP: Sending SOLICIT to FF02::1:2 on FastEthernet0/0 *Oct 23 00:43:13.287: IPv6 DHCP: Received REPLY from FE80::C803:37FF:FEAC:6 on FastEthernet0/0 *Oct 23 00:43:13.287: IPv6 DHCP: Adding server FE80::C803:37FF:FEAC:6*Oct 23 00:43:13.291: IPv6 DHCP: Processing options*Oct 23 00:43:13.291: IPv6 DHCP: Adding address 2001:DB8:23:0:70F8:B144:49B6:1FC8/128 to FastEthernet0/0*Oct 23 00:43:13.299: IPv6 DHCP: T1 set to expire in 43200 seconds*Oct 23 00:43:13.303: IPv6 DHCP: T2 set to expire in 69120 seconds *Oct 23 00:43:13.303: IPv6 DHCP: Configuring DNS server XXXX:YYYY:8B6B:90E0::57 *Oct 23 00:43:13.303: IPv6 DHCP: Configuring DNS server 2001:DB8::57 *Oct 23 00:43:13.303: IPv6 DHCP: Configuring domain name nouri.com *Oct 23 00:43:13.303: IPv6 DHCP: DHCPv6 address changes state from SOLICIT to OPEN (ADDR_REPLY_RECEIVED) on FastEthernet0/0 R3(config-if)# |
Picture2: Rapid-Commit packet exchange
R3(config-if)#do show ipv6 int brief
FastEthernet0/0 [up/up] FE80::C806:CFF:FE88:82001:DB8:23:0:70F8:B144:49B6:1FC8 FastEthernet0/1 [administratively down/down] unassigned R3(config-if)# |
Verification:
DHCPv6 Server R2:
R2#sh ipv6 dhcp binding
Client: FE80::C806:CFF:FE88:8DUID: 00030001CA060C880008 Username : unassigned IA NA: IA ID 0x00040001, T1 43200, T2 69120 Address: 2001:DB8:23:0:8A1:BD85:5F98:2321 preferred lifetime INFINITY, , valid lifetime INFINITY, R2# |
DHCP roles are configured per-interface
R2#sh ipv6 dhcp interface
FastEthernet0/1 is in server mode Using pool: pool23 Preference value: 0 Hint from client: ignored Rapid-Commit: enabled R2# |
After the assignment, the server is aware of the client.
R2#sh ipv6 dhcp pool
DHCPv6 pool: pool23 Address allocation prefix: 2001:DB8:23::/64 valid 4294967295 preferred 4294967295 (1 in use, 0 conflicts) DNS server: XXXX:YYYY:8B6B:90E0::57 DNS server: 2001:DB8::57 Domain name: nouri.com Active clients: 1 R2# |
DHCPv6 Client R3:
R3#sh ipv6 dhcpThis device’s DHCPv6 unique identifier(DUID): 00030001CA060C880008R3#
|
R3#sh ipv6 dhcp interface
FastEthernet0/0 is in client modePrefix State is IDLEAddress State is OPEN Renew for address will be sent in 10:18:52List of known servers: Reachable via address: FE80::C803:37FF:FEAC:6 DUID: 00030001CA0337AC0008 Preference: 0 Configuration parameters: IA NA: IA ID 0x00040001, T1 43200, T2 69120 Address: 2001:DB8:23:0:8A1:BD85:5F98:2321/128 preferred lifetime INFINITY, valid lifetime INFINITY DNS server: XXXX:YYYY:8B6B:90E0::57 DNS server: 2001:DB8::57 Domain name: nouri.com Information refresh time: 0 Prefix Rapid-Commit: disabled Address Rapid-Commit: enabled R3# |
The client is pointing a static route to the DHCP client interface, because it is a point-to-point segment, no next-hop is needed.
R3#ping ipv6 2001:DB8:23::2
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001:DB8:23::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 8/22/44 msR3# |
Normal-commit (default)
Picture3: Stateful DHCPv6 normal-commit topology
R2 (server):
interface FastEthernet0/1ipv6 address 2001:DB8:23::2/64
ipv6 dhcp server pool23 |
R3 (Client):
interface FastEthernet0/0ipv6 address dhcp
ipv6 enable |
To enable Normal-commit, enough to omit the keyword “rapid-commit”
The ADVERTISE message proposes a prefix to the client and waits for a REQUEST message from this last (destined to all DHCP agents FF02::1:2).
This way, all DHCP servers will be informed of the new IPv6 address assignment.
R3 (client) debug ipv6 dhcp:
R3(config-if)#
*Oct 23 17:41:57.463: IPv6 DHCP: Sending SOLICIT to FF02::1:2on FastEthernet0/0*Oct 23 17:41:57.511: IPv6 DHCP: Received ADVERTISE from FE80::C803:37FF:FEAC:6on FastEthernet0/0*Oct 23 17:41:57.511: IPv6 DHCP: Adding server FE80::C803:37FF:FEAC:6*Oct 23 17:41:58.611: IPv6 DHCP: Sending REQUEST to FF02::1:2on FastEthernet0/0 *Oct 23 17:41:58.611: IPv6 DHCP: DHCPv6 address changes state from SOLICIT to REQUEST (ADDR_ADVERTISE_RECEIVED) on FastEthernet0/0 *Oct 23 17:41:58.655: IPv6 DHCP: Received REPLY from FE80::C803:37FF:FEAC:6on FastEthernet0/0 *Oct 23 17:41:58.655: IPv6 DHCP: Processing options *Oct 23 17:41:58.655: IPv6 DHCP: Adding address 2001:DB8:23:0:9D54:7AB6:AC57:8230/128 to FastEthernet0/0 *Oct 23 17:41:58.663: IPv6 DHCP: T1 set to expire in 43200 seconds *Oct 23 17:41:58.663: IPv6 DHCP: T2 set to expire in 69120 seconds *Oct 23 17:41:58.663: IPv6 DHCP: Configuring DNS server XXXX:YYYY:8B6B:90E0::57 *Oct 23 17:41:58.667: IPv6 DHCP: Configuring DNS server 2001:DB8::57 *Oct 23 17:41:58.667: IPv6 DHCP: Configuring domain name nouri.com *Oct 23 17:41:58.667: IPv6 DHCP: DHCPv6 address changes state from REQUEST to OPEN (ADDR_REPLY_RECEIVED) on FastEthernet0/0 R3(config-if)# |
Picture4: Stateful DHCPv6 normal-commit message exchange
Pingback: IPv4 and IPv6 dual-stack PPPoE | CCIE, the beginning!
Pingback: IPv4 and IPv6 dual-stack PPPoE | ytd2525