Ipv6 Clients Autoconfiguration: The Whole Process In-Depth Fully Explained!

IPv6 Clients
Autoconfiguration
The whole process In-Depth fully explained!
Version 2.0
2011 Fred Bovy.
IPv6AutoConfig2-1
Presentation Objectives
This presentation gives an in-depth explanation of the IPv6
Autoconfiguration process. It covers all the possible combinations to
configure and to maintain automatically the IPv6 nodes using all the
possible options currently available.
This presentation focuses on IPv6 Autoconfiguration but it also introduces
the Mobile IPv6 based applications.
At the end of the presentation you will fully understand how the IPv6
nodes initially get configured and how the network configuration may
be changed over time if needed. You will also understand the benefits
of running Mobile IPv6.
And you will deserve a good coffee break!
2011 Fred Bovy.
IPv6AutoConfig2-2
About the Author

Fred Bovy
15 years experience in IPv6
IPv6 Forum Certified Gold Engineer
IPv6 Forum Certified Gold Trainer
20+ years experience with CISCO, TCP/IP

15 years CCIE #3013 (it was only R&S in 1997!)
18 years CCSI #33517 since 1994 (it was #95003)
7 years Cisco IOS IPv6 Software Engineer (NSSTG Group)
3 years Cisco Network Consultant (CA Group)
12+ years experience in MPLS
Meet me on:
Twitter: FredBovy
Skype: FredericBovy
Blogs: http://www.fredbovy.com/Go46/
LinkedIn, owner of 3 IPv6 Groups
Email me: fred@fredbovy.com
2011 Fred Bovy.
IPv6AutoConfig2-3
Introduction to Autoconfiguration
IPv6 Autoconfiguration
2011 Fred Bovy.
IPv6AutoConfig2-4
What is Autoconfiguration ?
With Autoconfiguration, a network node can
configure itself completely and modify its configuration
anytime needed.
Network Addresses, default route,
DNS and Others Servers addresses, domain name,
Dynamic DNS Updates
How Autoconfiguration is used:

For Offices or Campuses:
-
-
-
Renumbering if a new prefix must be used for a site or a company

For privacy, the Interface ID can be changed with a random value every day
With Mobile IPv6 enabled, support the Mobile users. They keep using their office home addresses
while they are roaming.
Roaming devices without Mobile IPv6

-
-
-
Autoconfigured is used to get addresses for each visited access network

Application must be restarted each time as sockets are differents
This is how MOST devices are currently operating !
Mobile IPv6: Mobile Routers (NEMO), MANET, Sensors (6LowPAN)
2011 Fred Bovy.
-
-
The home Address is the only address known by the end-user Application
A new Address (COA) acquired by Autoconfig is used for each visited network (Wifi, 3G)
Because the home address is the same, the same socket is used, there is no interruption, no
need to restart the applications
IPv6AutoConfig2-5
Autoconfiguration (SLAAC) on Linux!

Autoconfiguration is Enabled by default on
most platforms but Linux !
For Linux use sysctl -w or add in the /etc/
sysctl.conf the following configuration:
To Enable Autoconfig use:
This is only about Stateless Address

Autoconfiguration (SLAAC) and has
nothing to do with Mobile IPv6.
We will introduce Mobile IPv6 later in
this presentation
2011 Fred Bovy.
IPv6AutoConfig2-6
Autoconfig Addresses in Tentative Mode

Autoconfiguration First Step is the Tentative Mode to verify the IPv6
Addresses which are configured or could be configured on the interface
IPV6 INTERFACE IS GOING UP
First, the Link local address is generated and tested to enable the interface for IPv6
The Link Local address is verified with Duplicate Address Detection (DAD)
The Link-Local address MUST be valid or Autoconfig exits and the Interface is disabled for
IPv6
Once the Link-Local passed DAD, the IPv6 Interface is Up and other addresses are also
generated from the RA or allocated by DHCPv6 and validated by DAD
Valid
Tentative
Preferred
Deprecated
Invalid
Preferred Lifetime
Valid Lifetime
2011 Fred Bovy.
IPv6AutoConfig2-7
Autoconfig Address is in Preferred state

n The NORMAL state for an address in production.
n The address verified by DAD can be used to send and receive unicast traffic.
n The address can be used for new connections or by existing one
n The Preferred Lifetime is determined by the field Preferred Lifetime included
in the RA Prefix Information or the Preferred-Lifetime Option in the DHCPv6
As long as the derived Address is refreshed with RA Prefixes or the

allocated address is reniewed by DHCPv6, the address state will
remain Preferred!
Valid
Tentative
Preferred
Deprecated
Invalid
Preferred Lifetime
Valid Lifetime
2011 Fred Bovy.
IPv6AutoConfig2-8
Autoconfig Address is in Deprecated state

The Address was not refreshed by a RA or DHCPv6 for Preferred timer
n Can be used for Renumbering, during the transition to a NEW prefix
n New connection SHOULD not use this address
n Existing communications SHOULD still be able to use this address as source.
An implementation MAY prevent any new communication from
using a deprecated address, but system management MUST have
the ability to disable such a facility, and the facility
MUST be disabled by default. RFC4862!
Valid
Tentative
Preferred
Deprecated
Invalid
Preferred Lifetime
Valid Lifetime
2011 Fred Bovy.
IPv6AutoConfig2-9
Autoconfig Address is in Valid state

The address can be used to send and received unicast traffic
Valid state = Preferred + Deprecated
The Valid Lifetime is determined by the field Valid Lifetime
included in the RA Prefix Information or the Valid-Lifetime
Option in the DHCPv6 IA Address
Valid
Tentative
Preferred
Deprecated
Invalid
Preferred Lifetime
Valid Lifetime
2011 Fred Bovy.
IPv6AutoConfig2-10
Autoconfig Address is in Invalid State

The address cannot be used to send or receive traffic
The address reaches the Invalid state when the Valid Lifetime has
expired
An address (and its association with an interface) becomes
invalid when its valid lifetime expires. An invalid address MUST
NOT be used as a source address in outgoing communications and MUST
NOT be recognized as a destination on a receiving interface.
RFC4862!
Valid
Tentative
Preferred
Deprecated
Invalid
Preferred Lifetime
Valid Lifetime
2011 Fred Bovy.
IPv6AutoConfig2-11
IPv6 Interface is going up

2011 Fred Bovy.
IPv6AutoConfig2-12
Client initializes the Link-Local Address

Derive the link-local
address
FE80::[Interface ID]
Set Hop Limit,

Reachable Time,
Retrans Timer, MTU
Send multicast NS.

Destination address
derived from the linklocal
Yes
Prefix
Information
present ?
No
Yes
NA received ?
Stop
No
Managed
Address
Configuration
Flag = 1 ?
Initialize the link-local
No
Other
Configuration
Flag = 1 ?
Send RS
No
RA Received ?
Yes
Yes
Use DHCPv6
No
Use DHCPv6
Stop
Yes
2011 Fred Bovy.
IPv6AutoConfig2-13
1. IPv6 Interface is going up

1. Initialize and check the Link-Local Address
2. Send a Router Solicitation (RS) message to get the
Autoconfiguration info from the Router Advertizements (RA)
3. Initialize and validate default Parameters and other Addresses
derived from the Prefixes learned from the Router Advertizement
(RAs)
4. Check if DHCPv6 must be used for Addresses ? Other
configurations ?
fe80::202:b3ff:fe1e:8329
To As Solicited node address FF02::1:FF1E:8329
2011 Fred Bovy.
IPv6AutoConfig2-14
Initialization of the Link-Local Address

Workstation picks up a link-local address
i.e. fe80::202:b3ff:fe1e:8329 EUI-64
Using prefix fe80::/10 and build the 64 bit Interface ID from EUI-64 format
May be generated Cryptographically if SeND CGA is used (RFC3972)
Workstation performs Duplicate Address Detection (DAD)

Sends NS to its own Neighbor Solicited Node Multicast Address !
FF02::1:FF00:0/104 + last 24 bits = ff02::1:ff1:8329
Expect no answer or the address is a duplicated (DUP)
IF DAD Fails for the the Link-Local address

the IPv6 Intf is disabled ! 3 attempts if CGA(RFC3972)
2011 Fred Bovy.
IPv6AutoConfig2-15
Ubuntu performing DAD (NS) Captured

IPv6 Neighbor Solicitation
IPv6 Router Solicitation

message to the All-Routers
ff02::2
IPv6 Source address is ::
Neighbor
Solicitation
Dst address is the solicited
node multicast address:
ff02::1:ff30:3386
2011 Fred Bovy.
IPv6AutoConfig2-16
Client Send Request and get Autoconf parameters

address
Set Hop Limit,

Reachable Time,
Retrans Timer, MTU
Send multicast NS.

Destination address
Yes
Prefix
Information
present ?
No
Yes
NA received ?
Stop
No
Managed
Address
Configuration
Flag = 1 ?
No
Other
Configuration
Flag = 1 ?
Send RS
No
RA Received ?
Yes
Yes
Use DHCPv6
No
Use DHCPv6
Stop
Yes
2011 Fred Bovy.
IPv6AutoConfig2-17
2. IPv6 Intf is Going Up!

1. Link-Local Address initialized and unique !
2. Send a Router Solicitation (RS) message to get the
Autoconfiguration info from the Router Advertizements (RA)
(RAs)
4. if Check DHCPv6 must be used for Addresses ? Other
conffigurations ?
2011 Fred Bovy.
IPv6AutoConfig2-18
2. Clients request Autoconfig Information

The client issues a Router Solicitation (RS) using its link-local as
source Address to the all-routers multicast destination address to
request all the parameters needed for autoconfiguration:
The default Hop Limit, the Link MTU, a default route
The Prefixes to used for autoconfiguration
DHCPv6 must be used and what for? Addresses or Other Configurations?
No Router
If NO Response to the RS, then try a DHCPv6 Solicit

and EXIT Autoconfig!!!
All-Routers: FF02::2
2011 Fred Bovy.
IPv6AutoConfig2-19
To Accept RA on Linux clients

For Linux, it must be configured with sysctl command or
editing the /etc/sysctl.conf file.
Use sysctl -w or add in the /etc/sysctl.conf the
following config:
To Accept the RA use:
2011 Fred Bovy.
IPv6AutoConfig2-20
ISP 6RD RG RA
Router Solicitation and
Router Advertisement
Router Advertisement
sent to the All-IPv6 Nodes multicast

ff02::1
Router Lifetime: 1800 secondes

Dont modify the Reachable
Timer and the Retrans timer
Prefix Option:
2a01:e35:2f26:d340::/64
On-Link Bit Flag Set
Autonomous Bit Flag Set
Valid Lifetime: 86400 sec
Preferred Lifetime: 86400 sec
DNS Servers Option:

2a01:e00::1
2a01:e00::2
MTU Option:
1480 bytes
Source Link Layer Address
Option
f4:ca:e5:44:10:ef
2011 Fred Bovy.
IPv6AutoConfig2-21
If no RA Received, clients run DHCPv6

DHCPv6
Client
DHCPv6
Server
DHCPv6 Relay!
Relay-Forward
Solicit
to All_DHCP_Servers (FF05::1:3)
Dst:All_DHCP_Relay_Agents_and_Servers (FF02::1:2)
Relayreply
Advertize
Request
Dst: Server Dst:All_DHCP_Relay_Agents_and_Servers
(FF02::1:2)
Src: Client Link-local address
Reply
Relay-Forward
to All_DHCP_Servers (FF05::1:3)
Relay-reply
Dst: Client Link-local address
Src: Server Link-local address
If no RA Received,
Autoconfiguration ends here !
2011 Fred Bovy.
IPv6AutoConfig2-22
DO NOT SUPPRESS the RA on LAN intf to force DHCPv6

By default the RA are enabled on a LAN interface and disabled on a
Serial Point to Point.
RAs are very useful to provide many other important IPv6 parameters like a
default route, link MTU, the default Hop-Limit or the Neighbor Unreachability
(NUD) parameters and more.
If no RA is received, the client tries DHCPv6 and Exits Autoconfiguration!
For the clients to use DHCPv6:

Set the Managed Addr Config and Other Config flags.
IPv6 is not IPv4
Suppressing the RA will not convert IPv6 to IPv4
DHCPv6
2011 Fred Bovy.
cannot provide a default route !

IPv6AutoConfig2-23
Client is looping on the prefixes lists

to autoconfigure new Addresses
A
Yes
Do not initialize
the stateless
address
NA
Received ?
Take the first

prefix information
No
Yes
On-Link Flag
=1?
Add the prefix to

the list
Initialise the
Stateless
address
No
Autonomous
Flag = 1 ?
No
Other prefixes to
process
No
Yes
Yes
Derive the Stateless
Prefixe:[interface ID]
Go to next prefix
Send NS to the
derived address
2011 Fred Bovy.
IPv6AutoConfig2-24
IPv6 Interface is going Up!

1. Link-Local Address Validated, IPv6 Intf is UP!
2. A Router Solicitation (RS) message was sent and a Router
Advertizements (RA) was Received
3. Initialize and validate the default Parameters and other
Addresses derived from the Prefixes learned from the Router
Advertizement (RAs)
configurations ?
2011 Fred Bovy.
IPv6AutoConfig2-25
Router Advertisements (RA) information

The Router is a candidate for default Route?
The Lifetime timers is how long a Router will remain a valid next hop without any refresh.
If Lifetime = 0, the router cannot be used as a default route
if Lifetime > 0, the Link-local IPv6 Address must be used as a default next hop.
The RA also contains a Router Preference: Low, Medium or High.
The router MAC Address is also provided in the SLLA Option.
Other Important Configuration:

Hop Limit and MTU for the Link
Reachable Timer and Retransmit interval used by NUD
DNS Servers Addresses in the DNS Option (RFC6106)
A List of zero or more prefix(es)
Should we also use of DHCPv6 for more Autoconfig?

Managed and Other Config Flags
Warning: RFC6104. Rogue RA !!!

2011 Fred Bovy.
IPv6AutoConfig2-26
RA on Cisco Router - show ipv6 routers

hote#show ipv6 routers
Router FE80::2038:148E:B9DF:FD6D on FastEthernet0/0, last
update 2 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0,
MTU=1500
HomeAgentFlag=0, Preference=Medium
Reachable time 0 (unspecified), Retransmit time 0
(unspecified)
Prefix 2001::/64 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
IMPORTANT REMARKS:
The Router Lifetime applies only to the router's usefulness as a default router; it does not
apply to information contained in other message fields or options. Options that need time
limits for their information include their own lifetime fields.
A router which cant be used as a default router or shutting down sends a RA with Lifetime=0
(0) Unspecified does not mean that the parameter must set to zero but it means DO NOT CHANGE
whatever value which is preconfigured on the node
2011 Fred Bovy.
IPv6AutoConfig2-27
Client process the Optional RA Prefix(es) List

In each RA there may be a list of Prefixes which can
be used by SLAAC
Each Prefix comes with:
The Length of the Prefix
2 bits or Flags: the On-Link bit and the Autonomous bit
Both flags MUST be SET for the Prefix to be used by SLAAC
A full Stateless 128 bits address can be derived from the prefix adding an Interface ID
The 64 bits Interface ID can be built:
- From the MAC Address: EUI-64 format or
- With a Random Number if Privacy Extension is configured (RFC4941)
2 Timers: the Preferred Timers and the Valid Timers.

This is how long the addresses derived from the RA advertized prefix if learned from
SLAAC will remain in the Preferred and in the Valid States. These timers are also
managed when the addresses are allocated by a DHCPv6 Stateful Server.
The Timers can be reset by the periodic RA, in this case, the unsolicited RA transmission
interval must be set to refresh the SLAAC derived addreses before they get deprecated or
invalid. The Timers can also be refreshed by DHCPv6 protocol.
Statically configured IPv6 addresses have Infinite Preferred and Valid Timers.
2011 Fred Bovy.
IPv6AutoConfig2-28
Accept Prefixes from RA on Linux clients
2011 Fred Bovy.
IPv6AutoConfig2-29
The Client processes each Prefix of the List

The Prefix is selected for SLAAC if both On-Link and Autonomous bits
are set, then
Use EUI-64: Interface ID is derived from the MAC Address
00 90 59 02 E0 F9
O
R
00 90 59 FF FE 02 E0 F9
Mac Address 48 bit

X=1 Unique
X=0 Not Unique
000000X0
Use Privacy Extension (RFC4941): Interface ID is selected randomly

On Windows
netsh interface ipv6 set privacy=enabled
On Mac OS X
sysctl net.inet6.ip6.use_tempaddr=1
On Linux
sysctl net.ip6.conf.if.use_tempaddr=2
2011 Fred Bovy.
IPv6AutoConfig2-30
Client checks if DHCPv6 can be used

address
Set Hop Limit,

Reachable Time,
Retrans Timer, MTU
Send multicast NS.

Destination address
Yes
Prefix
Information
present ?
No
Yes
NA received ?
Stop
No
Managed
Address
Configuration
Flag = 1 ?
No
Other
Configuration
Flag = 1 ?
Send RS
No
RA Received ?
Yes
Yes
Use DHCPv6
No
Use DHCPv6
Stop
Yes
2011 Fred Bovy.
IPv6AutoConfig2-31
IPv6 Interface is Going Up!

1. Initialize and validate the Link-Local Address. IPv6 Intf Up!
2. Router Solicitation (RS) message Sent and the Router
Advertizements (RA) received
(RAs)
configurations ?
2011 Fred Bovy.
IPv6AutoConfig2-32
Clients check if DHCPv6 MUST be used

In each RA there are 2 flags to advertize the use of DHCPv6!
Managed Address Configuration Flag
The Managed Address or M flag tells the clients to use DHCPv6 to configure
IPv6 Address(es)
Actually when the M bit is set, DHCPv6 is used to request all the available
DHCPv6 configuration other information and the O is redundant
Cisco Interface config ipv6 nd managed-config-flag
Other Configuration Flag

The Other or O flag tells the clients to use DHCPv6 to configure everything but
the IPv6 addresses.
In this case the IPv6 Address(es) must be configured using SLAAC or manually
Cisco interface config ipv6 nd other-config-flag

DHCPv6 Cannot be used to configure a default route!
Some drafts exist but still no RFC!
2011 Fred Bovy.
IPv6AutoConfig2-33
IPv6 Autoconfiguration Modes

Stateless Address Autoconfiguration
NO DHCPv6, all the configuration is loaded with RA or or PPP
Statefull DHCPv6 Autoconfiguration

DHCPv6 provides addresses and other parameters (DNS, domaine
name, SIP)
The Managed and the Other Config flags are set
Stateless DHCPv6 Autoconfiguration

SLAAC is used for address autoconfiguration
DHCPv6 for the other informations (DNS, Domain Name)
DHCPv6 Prefix Delegation

The CPE which is a DHCPv6-PD Client receives a block of address (IPv6
Subnet) from the SP, the DHCPv6-PD Server. This block can be
subnetted to configure multiple LAN interfaces. The CPE DHCPv6-PD
Client can also be a DHCPv6 Stateless server for instance.
2011 Fred Bovy.
IPv6AutoConfig2-34
Stateless Address AutoConfig Signalisation

IPv6 routers signal the use of DHCPv6, if both
bit are not cleared (default) then DHCPv6 is not
used.
M flag Managed Adress Configuration is set when
address and network parameters configuration are available
from DHCPv6. Must be configured on the routers.
no ipv6 nd Managed-config-flag
O flag Other Statefull Configuration is set when Other
parameters configuration must be found from DHCPv6
no ipv6 nd Other-config-flag
2011 Fred Bovy.
IPv6AutoConfig2-35
Stateless Address AutoConfiguration

n RFC 4862, IPv6 Stateless Address Autoconfiguration
nRS/RA To request prefixes available to build addresses
nDAD to test the new addresses
nNO DHCPv6 Server required!
Autoconfiguration is configurable on Linux!
2011 Fred Bovy.
IPv6AutoConfig2-36
Stateful DHCPv6 Autoconfig Signalisation

IPv6 routers signal the use of DHCPv6. Not M
and O bits must be set in the RA.
M flag Managed Adress Configuration is set when
address and network parameters configuration are available
from DHCPv6. Must be configured on the routers.
ipv6 nd Managed-config-flag
O flag Other Statefull Configuration is set when Other
parameters configuration must be found from DHCPv6
ipv6 nd Other-config-flag
2011 Fred Bovy.
IPv6AutoConfig2-37
Statefull DHCPv6 Autoconfiguration
Address and
Other parameters
are configured
from DHCPv6
DHCPv6 with Rapid Commit

2011 Fred Bovy.
IPv6AutoConfig2-38
Stateless DHCPv6 Autoconfig Signalisation

IPv6 Routers signal the DHCPv6 utilization
M bit = 0 Managed Adress Configuration to use
SLAAC for address autoconfiguration
no ipv6 nd managed-config-flag
O bit = 1 Other Statefull Configuration to use
DHCPv6 for Other parameter configuration
ipv6 nd Other-config-flag
Address is configured by SLAAC

Other parameters are then requested to the
DHCPv6 Server
2011 Fred Bovy.
IPv6AutoConfig2-39
Stateless DHCPv6 Autoconfiguration
Address
configuration
from the prefix
received in the
RA (SLAAC)
Other parameters
are given by a
DHCPv6 Server
DHCPv6 with Rapid Commit

2011 Fred Bovy.
IPv6AutoConfig2-40
DHCP Prefix Delegation

DHCPv6 PD Server allocates a block of
addresses for the DHCPv6-PD Client
The block received by the client is then subnetted to
configure each interface
Frdric Bovy 41
2011 Fred Bovy.
IPv6AutoConfig2-41
DHCPv6-PD Client and DHCPv6 Stateless Server

PE DHCPv6-PD Server
ISP
DHCPv6-PD
Client
E1
CPE DHCPv6 Lite

Server
E0
DHCP Client
ISP Provisioning System
Host
DHCP Server
1. CPE Sends DHCP Solicit with

ORO = PD
3. RADIUS Responds with
Users Prefix(es)
2. PE Sends RADIUS Request

for the User
4. PE Sends DHCP REPLY with Prefix
Delegation Options
5. CPE Configures Addresses from
The Prefix on Its Downstream
Interfaces, and Sends an RA.
O-bit Is Set to On
7. CPE Sends a DHCP REPLY
Containing Request Options
AAA
2011 Fred Bovy.
DHCP
6. Host Configures
Addresses Based on
the Prefixes Received
in the RA. As the O-bit
Is on, It Sends a DHCP
Information-request
Message, with an
ORO = DNS
ND/DHCP
IPv6AutoConfig2-42
6RD Service Providers RG Autoconfig

6rd
6rd
IPv4 + IPv6
IPv4 + IPv6
Core
IPv4 + IPv6
IPv4 + IPv6
BR
RG
IPv4
RG=Residential Gateway, BR=Border Router

Native dual-stack IPv4/IPv6 in the home or office
Simple, stateless, automatic IPv6-in-IPv4 encap and decap functions
IPv6 traffic automatically follows IPv4 routing between CPE and BR
BRs placed at IPv6 edge, addressed via anycast for load-balancing and
resiliency
RG Config can be pushed via TR-69, DHCP Option 212, PPP IPCP
Standardized in RFC 5969
2011 Fred Bovy.
IPv6AutoConfig2-43
Autoconfigured Address Refreshment

2011 Fred Bovy.
IPv6AutoConfig2-44
Remember the Preferred state !

n This is the NORMAL state for an address in production.
Each address has the two timers constantly updated from the
system clock: Preferred and Valid
As long as the derived Address is refreshed with RA Prefixes or the
allocated address is reniewed by DHCPv6, the address state will
remain Preferred!
Valid
Tentative
Preferred
Deprecated
Invalid
Preferred Lifetime
Valid Lifetime
2011 Fred Bovy.
IPv6AutoConfig2-45
Autoconfigured addresses have a finite

Valid and Preferred Lifetime
When the Interface has been started and is used by IPv6,
each address which has been autoconfigured only has a
limited Preferred and Valid Lifetime.
Addresses derived from a Prefix advertized by a prefix
received in a RA must be refreshed by another RA
annoucing the same prefix with same or different
Preferred and Valid Lifetime
Addresses which are allocated by DHCPv6 also have
a Valid and a Preferred Lifetime which must also be reset
by DHCPv6 Reniew.
2011 Fred Bovy.
IPv6AutoConfig2-46
Refreshing the SLAAC Addresses Timers

An address which has been derived from a RA must
be refreshed by new RAs advertizing the same prefix
The RA Interval must be consistent with the Preferred
and the Valid Timers for the addresses to be refreshed
in time
ipv6
ipv6
ipv6
ipv6
ipv6
nd
nd
nd
nd
nd
ra-interval 200 seconds by default

ra-lifetime 1800 seconds or 30 minutes default
managed-config-flag
other-config-flag
prefix <prefix/mask> [Valid] [Preferred]
To Be used by SLAAC:
- The On-Link and Autonomous Bits Must be Set

- If Preferred Lifetime > Valid lifetime, ignore the Prefix
Information option.
A node MAY wish to LOG a system management ERROR in this case.
2011 Fred Bovy.
IPv6AutoConfig2-47
Update the Address Preferred and Valid Timers

The preferred lifetime of each address is reset to the
Preferred Lifetime in the received advertisement.
The Valid Lifetime depends on RemainingLifetime, the
remaining time to the valid lifetime expiration of the
previously autoconfigured address.
1. If the received Valid Lifetime is greater than 2 hours or greater than
RemainingLifetime, set the valid lifetime of the corresponding
address to the advertised Valid Lifetime.
2. If RemainingLifetime is less than or equal to 2 hours, ignore the
Prefix Information option with regards to the valid lifetime.
if SeND is used, the Advertizes Valid Lifetime is used to update Valid Lifetime.
3. Otherwise, reset the valid lifetime of the corresponding address to 2

hours.
2011 Fred Bovy.
IPv6AutoConfig2-48
SLAAC Prefix Refreshed and Timers Updated by RA

2100
1900
Unsolicited Periodic RA
1600
RA Interval default: 200 seconds

RA Lifetime default: 1800 seconds
1400
200s
Preferred and Valid Timers

at the Workstations
IPv6
Prefix: 2001:db8:4:1::/64
On-Link, Autonomous
Preferred:1800, Valid:2100
RA are sent every 200 seconds +/-jitter

Preferred: 1600-200 = 1400 seconds
Valid = 2100 - 200 = 1900 seconds
SLAAC Timers just Before receiving the RA:
Preferred: 1600-200 = 1400 seconds
Valid = 2100 - 200 = 1900 seconds
After receiving the RA:
Preferred is reset to 1600 seconds
Valid was 1900 seconds, RemainingLifetime= 1900
Received Valid = 2100 is greater than RemainingLifetime=1900
So Valid Lifetime is reset to Received Valid Lifetime = 2100
2001:db8:4:1::1/64
initial timers:
Preferred:1800, Valid: 2100
2001:db8:4:1::2/64
Preferred:1400, Valid:1900
Same Principle than other Workstation
Just before receiving RA

Preference:1400, Valid: 1900
After Receiving the RA
Preference: 1800, Valid: 2100
2011 Fred Bovy.
IPv6AutoConfig2-49
Theses Timers are also in DHCPv6 Addresses

Addresses are coded as DHCPv6 Options
IA Address Option (IADDR)
- The IA Address option is used to specify IPv6 addresses
associated with an IA_NA (Non Temporary) or an IA_TA
(Temporary).
- The IA Address (IADDR) option must be encapsulated in the
Options field of an IA_NA or IA_TA option.
- The Options field encapsulates those options that are
specific to this address.
preferred-lifetime
The preferred lifetime for the IPv6 address in the option, expressed in units of seconds.
valid-lifetime
The valid lifetime for the IPv6 address in the option, expressed in units of seconds.
2011 Fred Bovy.
IPv6AutoConfig2-50
Address Refreshed by DHCPv6-PD Renew
2011 Fred Bovy.
IPv6AutoConfig2-51
Renumbering
2011 Fred Bovy.
IPv6AutoConfig2-52
Principle of Renumbering for IPv6

Renumbering can be performed thanks to RA or DHCPv6
1. Old prefix is announced with Preferred Lifetime very
small or null and the new prefix with a normal
Preferred Lifetime
2. Hosts will have two prefixes
3. Addresses built from the old prefix will be deprecated
4. New connections use the new prefix
5. After some time, all the remaining connections will be
set on the new prefix
6. Router only announces the new prefix
7. Old prefix will be invalid
2011 Fred Bovy.
IPv6AutoConfig2-53
Renumbering Scenario using RA

Routers Configuration
Valid
interface Ethernet0
Preferred
ipv6 nd prefix 2001:db8:cafe:1::/64 43200 0

ipv6 nd prefix 2001:db8:cafe:2::/64 43200 43200
Host
Preferred address: 2001:db8:cafe:2:1:4567:9f0:1
Deprecated address: 2001:db8:cafe:1:4567:9f0:1
Preferred Prefix: 2001:db8:cafe:2::/64

Deprecated Prefix: 2001:db8:cafe:1::/64
RA
Frdric Bovy 54
2011 Fred Bovy.
IPv6AutoConfig2-54
Mobile IPv6: keep your home address everywhere

you go, keep always online and only logout when
you want to not when you move to another
location!
Autoconfiguration
2011 Fred Bovy.
IPv6AutoConfig2-55
Mobile IPv6 for dummies

Without Mobile IPv6, everytime you visit a new access
network, your network applications must be restarted
using the new socket because the IPv6 Source Address
has changed!
With Mobile IPv6, the mobile nodes (MN) can travel and
visit access networks but the applications still believe that
packets are originated from and sent to the Home
Network Address.
On the Home Network, the Router must be a Home Agent (HA).
At the begining it intercepts and forwards traffic from the Correspondant Node
(CN) to the Mobile Node (MN).
Once communication has started, it is possible to setup a direct tunnel
between the MN and the CN. This is Route Optimization.
New with IPv6, impossible with IPv4!
2011 Fred Bovy.
IPv6AutoConfig2-56
Why MIPv6 never restart any session?

The MN can roam from subnet to subnet getting a new IPv6 address for
each visited network but the same home network address is always
presented to the application! No need to restart any session
The CN always sends packets to the Home Network Address and
packets received by the CN are always originated from the Home
Network Address!...No Magic, this is managed by Mobile IPv6 at the
Network Layer so it is transparent for the Transport and Application
layers
2011 Fred Bovy.
IPv6AutoConfig2-57
Mobile IPv6 is supported on Linux and Free BSD

For MAC OS X check KAME Free BSD
KAME Mobile IPv6 How To
http://www.kame.net/newsletter/20031007/
Linux
Project NATISBAD
The KAME project ported to Linux
http://natisbad.org/MIPv6/#racoon
Windows
Very limited support with Windows 7
Only CN Mode w/o Route Optimization
netsh interface ipv6 set mobility correspondentnode=enabled
2011 Fred Bovy.
IPv6AutoConfig2-58
Most Important Terminology

Home Agent
The router which forward the traffic to the Mobile Node (MN)
when the us is at home!
Mobile Node
The roaming user node.
Home Address
All the packets from the Mobile Node (MN) received by the
Corresponding Node (CN) come from this source address.
All the packets sent to the Mobile Node (MN) from the
Corresponding Node (CN) are sent to this destination
address.
Home Link
The link where the mobile node is permanently attached.
Care-Of-Address
The temporary address on the visited network.
Correspondant Node The fixed node (not mobile) communicating with the Mobile
Node (MN).
2011 Fred Bovy.
IPv6AutoConfig2-59
Mobile Node visits a new access network

MN must acquire its Care-of-Address (CoA)
Autoconfiguration with SLAAC or DHCPv6as usual!
Mobile Node
acquires its Care of
Address from SLAAC
or DHCPv6
2011 Fred Bovy.
IPv6AutoConfig2-60
Mobile Node (MN) initializes its new location

The Mobile Node (MN) registers its CoA with the Home Agent
The Home Agent is Automatically discovered using an Anycast Reserved address.
MIPv6 Signaling uses an IPv6 Mobility Option in an IPSec ESP

protected tunnel (
)
An IPv6 in IPv6 IPSec Tunnel is setup between the Mobile Node
and the Home Agent
1
2
Mobile Node
2011 Fred Bovy.
IPv6AutoConfig2-61
Why the Applications dont need to restart

their Transport Connection (i.e TCP)?
HA
Mobile Node
Out Src
Out Dst
In Src
In Dst
MN IPv6
CoA
HA IPv6
@
MN IPv6
Home @
CN IPv6
@
Out Src
Out Dst
In Src
In Dst
HA IPv6 @
MN IPv6
CoA
CN IPv6
@
MN IPv6
Home @
2011 Fred Bovy.
1) The HA replaces the COA

src addr with the the MN
IPv6 Home Address.
2) The HA replaces the HA

dst addr with the the MN
IPv6 Home Address
Src @
Dst @
MN IPv6
Home @
CN IPv6
@
Src @
Dst @
CN IPv6
@
MN IPv6
Home @
IPv6AutoConfig2-62
Can we build a direct tunnel to bypass the HA?

1. The Corresponding Node (CN) must support Mobile IPv6 with
Route Optimization
2. The Mobile Node (MN) initiates this by sending a Binding
Update to the Corresponding Node (CN)
3. The Corresponding Node (CN) sends Keygen Tokens to the
Mobile Node (MN) at both its CoA and its Home Address.
If the MN receives both, it has proven its identity to the CN!
It receives a Binding Ack and the Tunnel setup!
ing
Bind
te
Upda
k
g Ac
in
Bind
2011 Fred Bovy.
Mobile Node
MN proves to the CN that it

receives the Keygen Tokens
IPv6AutoConfig2-63
Why the CN Application receives packets of the MN

originated from the MN Home Network Address?
The CN replaces the MN IPv6

CoA with the IPv6 Home @
from the Destination Option:
Datagram comes from the MN
Mobile Node
2011 Fred Bovy.
Dst Opt
Src @
Dst @
MN IPv6
Home @
MN IPv6
CoA
CN IPv6
@
IPv6AutoConfig2-64
Why the MN Application receives a packet with

the Home Network Addr as the dst Addr?
Mobile Node
The MN replaces the MN IPv6 CoA with the MN IPv6 Home @ from the Routing Option:
Datagram is sent to the MN Home @
2011 Fred Bovy.
Src @
Dst @
Routing
CN IPv6
@
MN IPv6
CoA
MN IPv6
Home @
IPv6AutoConfig2-65
Mobile IPv6 Applications

Proxy Mobile IPv6 (PMIPv6) for LTE and 4G
Mobile Router or Nemo
RFC3963: NEMO Basic Support Protocol
A router is moving with all its networks and connected hosts
RFC5555: Mobile IPv6 Support for Dual Stack Hosts and
Routers
UMIP Project on Linux
http://natisbad.org/MIPv6/#umip
Ad Hoc dynamic mobile networks or Manet

Nodes discover their neighbors dynamically and join the
network
Wireless Sensors Networks (6LoWPAN)

2011 Fred Bovy.
IPv6AutoConfig2-66
Proxy Mobile IPv6 introduced with LTE

Local
Mobility
Anchor
(LMA1)
1.
The MN enters the PMIPv6

domain and attach to an
access-link.
2.
The MAG verifies the MN

Identity and Authorizations.
3.
If OK, the MAG helps the MN

to get all the configuration:
address, default gateway,
4.
The MN considers the

PMIPv6 domain as a link
Mobile
Access
Gateway
(MAG1)
Mobile Node
MN1
Authentication
The LMA provides the

Mobile IPv6 HA function
IPv6 Network
Mobile
Access
Gateway
(MAG2)
Local
Mobility
Anchor
(LMA2)
Mobile
Access
Gateway
(MAG3)
Mobile Node
MN2
To offload the Mobile IPv6 Signaling and IPSec Protection

complexity from the Smartphones to a Network device
2011 Fred Bovy.
IPv6AutoConfig2-67
Proxy MIPv6 converts ND requests to MIPv6 Signaling

1.
The MN sends a RS (Router Solicitation) to the MAG.
2.
For updating the LMA about the MN location, the MAG sends a
PBU (Proxy Binding Update) to the MNs LMA.
3.
The LMA sends a PBA (Proxy Binding Acknowledgement)

including the MN home network prefixes. It creates the Binding
Cache entry and sets up its endpoint of the bi-directional tunnel
to the MAG.
4.
The MAG sends a RA: Router Advertisement

to the MN. The MAG can emulate
the MNs Home Link
5.
PBU
Mobile
Access
Gateway
(MAG1)
PBA including the MN home network

prefixe(s)
Mobile Node
MN1
RS
RA
2011 Fred Bovy.
The LMA provides the

Mobile IPv6 HA function
The MN can be configured

using SLAAC or DHCPv6
n PBA/PBU Signaling must be

protected with IPSec !
n Data Protection is Optional
Local
Mobility
Anchor
(LMA1)
4
IPv6AutoConfig2-68
The Mobile Router: Nemo

Mobile Router can receive a block of addresses from DHCPv6-PD
The Mobile Router Can be a Smartphone to provide access Internet
via 4G to local nodes with WiFi or Bluetooth access.
Home
Agent
Corresponding
node
IPv6 Internet
Home Network
WLAN
3G Network
NEMO
Router
Dual Stack avec DSMIPv6
Bluetooth or WiFi
2011 Fred Bovy.
IPv4
IPv6
IPv6AutoConfig2-69
Mobile Ad Hoc Networking: Manet

With MANET, the nodes discover automatically configure their
neighbors and build a dynamic Network
To manage the neighbors a node can use:
OSPFv3
EIGRP
Wireless
Uplink
What if these nodes have sensors?
2011 Fred Bovy.
IPv6AutoConfig2-70
Wireless Sensors Networks (6LoWPAN)

The Network of Sensors can be built dynamically
using Dynamic MANET On-demand for
6LoWPAN (DYMO-low).
Possible Applications:
Localized weather monitoring
Structural Health monitoring (Earthquake prone areas)
Battlefield troop detection, movement
Intelligent Transportation Systems (ITS)
Green app: Building environment management
Lights, HVAC, Security Access, smart power outlets, etc.
Building demo - ~20% MRC cost savings
2011 Fred Bovy.
IPv6AutoConfig2-71
Thank you for attending!

This concludes IPv6 Autoconfiguration In-depth Presentation
Fred Bovy
IPv6 Forum Gold Certified Engineer
IPv6 Forum Gold Certified Trainer
CISCO 15 years CCIE #3013
CISCO 18 years CCSI #33517 (before was #95003)
Meet me on
Twitter:
Skype:
Blog:
Email:
FredBovy
FredericBovy
http://www.fredbovy.com/Go46
fred@fredbovy.com

Ipv6 Clients Autoconfiguration: The Whole Process In-Depth Fully Explained!

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Ipv6 Clients Autoconfiguration: The Whole Process In-Depth Fully Explained!

Caricato da

Copyright:

Formati disponibili

IPv6 Clients

2011 Fred Bovy.

2011 Fred Bovy.

About the Author

20+ years experience with CISCO, TCP/IP

12+ years experience in MPLS

2011 Fred Bovy.

How Autoconfiguration is used:

Renumbering if a new prefix must be used for a site or a company

Roaming devices without Mobile IPv6

Autoconfigured is used to get addresses for each visited access network

Mobile IPv6: Mobile Routers (NEMO), MANET, Sensors (6LowPAN)

2011 Fred Bovy.

Autoconfiguration (SLAAC) on Linux!

To Enable Autoconfig use:

This is only about Stateless Address

Autoconfig Addresses in Tentative Mode

2011 Fred Bovy.

Autoconfig Address is in Preferred state

As long as the derived Address is refreshed with RA Prefixes or the

Autoconfig Address is in Deprecated state

Autoconfig Address is in Valid state

Autoconfig Address is in Invalid State

2011 Fred Bovy.

IPv6 Interface is going up

2011 Fred Bovy.

Client initializes the Link-Local Address

Set Hop Limit,

Send multicast NS.

Initialize the link-local

1. IPv6 Interface is going up

Initialization of the Link-Local Address

Workstation performs Duplicate Address Detection (DAD)

IF DAD Fails for the the Link-Local address

2011 Fred Bovy.

Ubuntu performing DAD (NS) Captured

IPv6 Router Solicitation

IPv6 Source address is ::

2011 Fred Bovy.

Client Send Request and get Autoconf parameters

Set Hop Limit,

Send multicast NS.

Initialize the link-local

2. IPv6 Intf is Going Up!

2011 Fred Bovy.

2. Clients request Autoconfig Information

If NO Response to the RS, then try a DHCPv6 Solicit

To Accept RA on Linux clients

To Accept the RA use:

2011 Fred Bovy.

sent to the All-IPv6 Nodes multicast

Router Lifetime: 1800 secondes

DNS Servers Option:

If no RA Received, clients run DHCPv6

DO NOT SUPPRESS the RA on LAN intf to force DHCPv6

For the clients to use DHCPv6:

cannot provide a default route !

Client is looping on the prefixes lists

Take the first

Add the prefix to

2011 Fred Bovy.

IPv6 Interface is going Up!

2011 Fred Bovy.