DHCPv6 address assignment


The immense address space provided by IPv6 engenders some challenges related to the management and the distribution of these 128-bit hexadecimal addresses. SLAAC or Stateless Auto Configuration is a good solution for small networks or separated segments, but such address distribution could not be appropriate for big networks where address assignment requires more control and management. Here comes DHPCv6 or Stateful Address Auto-configuration.

In this post I will try to share with you my experience with Cisco IOS implementation of DHCPv6 which became more mature with recent IOS versions.

Cisco IOS DHCPv6 prior to 12.4(24)T

As shown below It looks like IOS < 12.4(24)T do not support DHCPv6 IA (Identity Association) used by DHCPv6 clients to query and manage the type of IPv6 addresses (Temporary or Non-Temporary).

Picture: Example of DHCPv6 server reaction to Request containing IA (IOS 12.4(15) T8):

Picture: Linux dibbler-client with default option IA:

Only stateless DHCPv6 works by disabling the “ia” option in DHCPv6 dibbler-client.

######## After disabling IA option on dibbler-client with Cisco IOS < 12.4(24)T

user@debian:/etc/init.d$ sudo dibbler-client run
| Dibbler – a portable DHCPv6, version 0.7.3 (CLIENT, Linux port)

| Authors : Tomasz Mrugalski<thomson(at)klub.com.pl>,Marek Senderski<msend(at)o2.pl>

| Licence : GNU GPL v2 only. Developed at Gdansk University of Technology.

| Homepage: http://klub.com.pl/dhcpv6/


2011.12.23 16:03:51 Client Info Creating INFORMATION-REQUEST message on eth1/3 interface.

2011.12.23 16:03:52 Client Info Received REPLY on eth1/3,TransID=0x799f59, 4 opts: 2 1 23 24

2011.12.23 16:03:52 Client Notice Setting up DNS server 2001:db8:3000:3000::42 on interface eth1/3.

2011.12.23 16:03:52 Client Notice Setting up Domain example.com on interface eth1/3.

——

Before starting DHCPv6 configuration, I would like to mention a couple of definitions of some DHCPv6 concepts according to different sources:

– Identity association for non-temporary addresses (IA_NA): An IA that carries assigned addresses that are not temporary addresses

– Identity association for temporary addresses (IA_TA): An IA that carries temporary addresses (see RFC 3041).

– Temporary Addresses (TA) for DHCPv6 are Privacy Extensions for Stateless Address Auto configuration (SLAAC) and the primary purpose is to provides a level of privacy and protects against eavesdropping and spying transaction in hostile environments, but in an enterprise network it means difficulties for troubleshooting, attack trace back and monitoring

http://www.ietf.org/rfc/rfc3315.txt

DHCPv6 protocol is a stateful counterpart to "IPv6 Stateless Address Autoconfiguration" (RFC 2462)
 The Rapid Commit option is used to signal the use of the two message exchange for address assignment. 

http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-dhcp.html#wp1054059

Rapid Commit: The DHCPv6 client can obtain configuration parameters from a server either through a rapid two-message exchange (solicit, reply) or through a normal four-message exchange (solicit, advertise, request, reply). By default, the four-message exchange is used. When the rapid-commit option is enabled by both client and server, the two-message exchange is used.

The normal commit mode is useful when you have more than one DHCPv6 server and other servers need to be informed of any address assignment.

Dibbler documentation defines “stateful” and “stateless” slightly differently which could be confusing:

http://klub.com.pl/dhcpv6/doc/dibbler-user.pdf

stateful { it assumes that addresses (and possibly other parameters) are assigned to a client. To perform this kind of configuration, four messages are exchanged: SOLICIT, ADVERTISE, REQUEST and REPLY.stateless { when only parameters are configured (without assigning addresses to a client). During execution of this type of configuration, only two messages are exchanged: INF-REQUEST and REPLY.

For more information about DHCPv6 supported features in your IOS and device, refer to Feature Information for Implementing DHCP for IPv6  and Cisco Feature navigator

Lab Configuration using IOS 12.4(24)T:

Starting from IOS >12.4(24)T, IA(Identity Association) is supported with the command “address-prefix” under “ipv6 DHCP pool”

I used:

– IOS 12.4(24)T on GNS3 for DHCPv6 server and client modes.

– Three different devices as DHCPv6 clients: IOS router, Linux Debian and Windows Vista.

Picture: Lab topology

Cisco router DHCPv6 server

!
ipv6 unicast-routing

ipv6 cef

ipv6 dhcp pool pool1


address prefix 2001:DB8:1111::/64 lifetime infinite infinite

dns-server 2001:DB8:1201::1

domain-name domain1.com

!

ipv6 dhcp pool pool2


address prefix 2001:DB8:2222::/64 lifetime infinite infinite

dns-server 2001:DB8:1202::1

domain-name domain2.com

!

ipv6 dhcp pool pool3


address prefix 2001:DB8:3333::/64 lifetime infinite infinite

dns-server 2001:DB8:1203::1

domain-name domain3.com

Now you can configure interfaces with the server role to serve clients from the corresponding pool, don’t forget the “ipv6 nd managed-config-flag” to instruct the client via RA (Router Advertisement) to get their address through stateful auto configuration (DHCPv6).

interface FastEthernet0/0
ipv6 address 2001:DB8:1111::1/64

ipv6 enable

ipv6 nd managed-config-flag

ipv6 dhcp server pool1

!

interface FastEthernet0/1

ipv6 address 2001:DB8:2222::1/64

ipv6 enable

ipv6 nd managed-config-flag

ipv6 dhcp server pool2

!

interface FastEthernet1/0

ipv6 address 2001:DB8:3333::1/64

ipv6 enable

ipv6 nd managed-config-flag

ipv6 dhcp server pool3

DHCPv6#sh ipv6 dhcp
This device’s DHCPv6 unique identifier(DUID): 00030001CA0490380008

DHCPv6#

DHCPv6#sh ipv6 dhcp pool

DHCPv6 pool: pool1

Address allocation prefix: 2001:DB8:1111::/64 valid 4294967295 preferred 4294967295 (1 in use, 0 conflicts)

DNS server: 2001:DB8:1201::1

Domain name: domain1.com


Active clients: 1

DHCPv6 pool: pool2

Address allocation prefix: 2001:DB8:2222::/64 valid 4294967295 preferred 4294967295 (1 in use, 0 conflicts)

DNS server: 2001:DB8:1202::1

Domain name: domain2.com


Active clients: 1

DHCPv6 pool: pool3

Address allocation prefix: 2001:DB8:3333::/64 valid 4294967295 preferred 4294967295 (1 in use, 0 conflicts)

DNS server: 2001:DB8:1203::1

Domain name: domain3.com


Active clients: 1

DHCPv6#

DHCPv6#sh ipv6 dhcp interface

FastEthernet0/0 is in server mode

Using pool: pool1

Preference value: 0

Hint from client: ignored

Rapid-Commit: disabled

FastEthernet0/1 is in server mode

Using pool: pool2

Preference value: 0

Hint from client: ignored

Rapid-Commit: disabled

FastEthernet1/0 is in server mode

Using pool: pool3

Preference value: 0

Hint from client: ignored

Rapid-Commit: disabled

DHCPv6#

Windows Vista dibbler-client:

netsh interface ipv6>show address loopback0

Paramètres de l’adresse 2001:db8:3333:0:2537:afc2:4365:1370

———————————————————

LUID d’interface    : loopback0

ID d’étendue : 0.0

Durée de vie valide  : infinite

Durée de vie préférée : infinite

État DAD : Préféré

Type d’adresse : Dhcp

Paramètres de l’adresse fe80::f825:40a1:16dd:e757%12

———————————————————

LUID d’interface    : loopback0

ID d’étendue : 0.12

Durée de vie valide  : infinite

Durée de vie préférée : infinite

État DAD : Préféré

Type d’adresse : Autre

netsh interface ipv6>

Debian dibbler-Client:

user@debian:/etc/init.d$ sudo dibbler-client run
| Dibbler – a portable DHCPv6, version 0.7.3 (CLIENT, Linux port)

| Authors : Tomasz Mrugalski<thomson(at)klub.com.pl>,Marek Senderski<msend(at)o2.pl>

| Licence : GNU GPL v2 only. Developed at Gdansk University of Technology.

| Homepage: http://klub.com.pl/dhcpv6/


2011.12.23 17:08:48 Client Info Creating SOLICIT message with 1 IA(s), no TA and 0 PD(s) on eth1/3 interface.

2011.12.23 17:08:49 Client Info Received ADVERTISE on eth1/3,TransID=0xee14b2, 5 opts: 2 1 3 23 24

2011.12.23 17:08:50 Client Info Creating REQUEST. Backup server list contains 1 server(s).

2011.12.23 17:08:51 Client Info Received REPLY on eth1/3,TransID=0x201d85, 5 opts: 2 1 3 23 24

2011.12.23 17:08:51 Client Notice Address 2001:db8:2222:0:8d1b:4b3d:24e1:d21e/64 added to eth1/3 interface.

2011.12.23 17:08:51 Client Notice Setting up DNS server 2001:db8:1202::1 on interface eth1/3.

2011.12.23 17:08:51 Client Notice Setting up Domain domain2.com on interface eth1/3.

user@debian:~$ ping6 2001:db8:2222::1PING 2001:db8:2222::1(2001:db8:2222::1) 56 data bytes

64 bytes from 2001:db8:2222::1: icmp_seq=1 ttl=64 time=49.4 ms

64 bytes from 2001:db8:2222::1: icmp_seq=2 ttl=64 time=19.2 ms

64 bytes from 2001:db8:2222::1: icmp_seq=3 ttl=64 time=24.9 ms

^C

— 2001:db8:2222::1 ping statistics —

3 packets transmitted, 3 received, 0% packet loss, time 5010ms

rtt min/avg/max/mdev = 10.164/23.191/49.493/12.532 ms

user@debian:~$

One last thing, let’s remove the address pool from on interface and see if the server can find the appropriate pool based on the network where the client is connected

IOS DHCPv6 Server:

interface FastEthernet0/0
ipv6 address 2001:DB8:1111::1/64

ipv6 enable

ipv6 nd managed-config-flag


no ipv6 dhcp server pool1


ipv6 dhcp server automatic

Let’s verify the settings

DHCPv6#sh ipv6 dhcp interface

FastEthernet0/0 is in server mode

Using pool: pool1

Preference value: 0

Hint from client: ignored

Rapid-Commit: disabled

FastEthernet0/1 is in server mode


Using pool:

Preference value: 0

Hint from client: ignored

Rapid-Commit: disabled

FastEthernet1/0 is in server mode

Using pool: pool3

Preference value: 0

Hint from client: ignored

Rapid-Commit: disabled

DHCPv6#

No explicit binding of any pool to the interface fa0/1

user@debian:/etc/init.d$ sudo dibbler-client run

Re-run dibbler client

DHCPv6(config-if)#…

*Dec 30 04:55:57.391: IPv6 DHCP: Received REQUEST from FE80::A00:27FF:FE83:6B58 on FastEthernet0/1

*Dec 30 04:55:57.399: IPv6 DHCP: Matched prefix 2001:DB8:2222:: at length = 64

*Dec 30 04:55:57.399: IPv6 DHCP: Using longest match 2001:DB8:2222::/64 pool pool2 for incoming interface

*Dec 30 04:55:57.411: IPv6 DHCP: Updating binding address entry for address 2001:DB8:2222:0:559:1016:D88A:D520

*Dec 30 04:55:57.411: IPv6 DHCP: Sending REPLY to FE80::A00:27FF:FE83:6B58 on FastEthernet0/1

DHCPv6(config-if)#

The DHCPv6 server has found the longuest match of the interface IP address receiving the SOLLICIT with the pool “pool2”.

Debian dibbler-client

user@debian:/etc/init.d$ sudo dibbler-client run
| Dibbler – a portable DHCPv6, version 0.7.3 (CLIENT, Linux port)

| Authors : Tomasz Mrugalski<thomson(at)klub.com.pl>,Marek Senderski<msend(at)o2.pl>

| Licence : GNU GPL v2 only. Developed at Gdansk University of Technology.

| Homepage: http://klub.com.pl/dhcpv6/

2011.12.30 03:55:53 Client Info Creating SOLICIT message with 1 IA(s), no TA and 0 PD(s) on eth1/3 interface.

11.12.30 03:55:54 Client Info Received ADVERTISE on eth1/3,TransID=0x721ebd, 5 opts: 2 1 3 23 24

2011.12.30 03:55:55 Client Info Creating REQUEST. Backup server list contains 1 server(s).

2011.12.30 03:55:56 Client Info Received REPLY on eth1/3,TransID=0x4c8253, 5 opts: 2 1 3 23 24

2011.12.30 03:55:56 Client Notice Address 2001:db8:2222:0:559:1016:d88a:d520/64 added to eth1/3 interface.

2011.12.30 03:55:56 Client Notice Setting up DNS server 2001:db8:1202::1 on interface eth1/3.

2011.12.30 03:55:56 Client Notice Setting up Domain domain2.com on interface eth1/3.

References:
http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-dhcp_ps6441_TSD_Products_Configuration_Guide_Chapter.html
http://blog.ioshints.info/2011/12/dhcpv6-server-on-cisco-ios-making.html
http://blog.ioshints.info/2011/10/ipv6-stateless-autoconfiguration-101.html
http://blog.ioshints.info/2011/10/do-i-need-ipv6-in-my-enterprise-again.html
http://blog.ioshints.info/2011/12/we-just-might-need-nat66.html
http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=%2Fcom.ibm.aix.commadmn%2Fdoc%2Fcommadmndita%2Ftcpip_dhcpv6_intro.htm
http://technet.microsoft.com/en-us/magazine/2007.08.cableguy.aspx
http://ipv6int.net/systems/cisco_ios_router-ipv6.html#dhcpv6

About ajnouri
Se vi deziras sekure komuniki eksterbloge, jen mia publika (GPG) ŝlosilo: My public key for secure communication: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x41CCDE1511DF0EB8

2 Responses to DHCPv6 address assignment

  1. Pingback: IOS DHCPv6 deployment schemes « CCIE, the beginning!

  2. Jadjay says:

    Hum looks like you need to use dibbler.
    Why don’t you use the Microsoft DHCP client ?
    I tryied it and it looks like that client doesn’t want to assign a default route based on the dhcpv6’s information. Special isn’t it ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: