DHCPv6

Agenda

• DHCPv6
  • How it is different from DHCPv4
  • DHCPv6 and IPv6 auto configuration (SLAAC)
  • Stateful and stateless DHCPv6

DHCPv6

• From a birds-eye view, DHCPv6 works the same way as DHCPv4
  • In the details, it is all different
  • DHCPv6 is not an upgrade to DHCPv4, it is a protocol of its own

DHCPv6

• DHCPv6 Servers and Relay-Agents listen on Port 547 (UDPv6)
• DHCPv6 clients listen on Port 546 (UDPv6)

DHCPv6

• DHCPv6 is solely a Layer 3 protocol
  • A DHCPv6 client already has a working link-local IPv6 address when sending the first DHCPv6 request
  • No "low-level kernel trickery" required

DHCPv6 multicast

• DHCPv6 clients communicate using link-local multicast addresses
  • All-DHCP-Relay-Agents-and-Servers (ff02::1:2)
  • All-DHCP-Servers (ff05::1:3)

DHCPv6 vs v4

• DHCPv6 must be enabled in the router configuration (M-Flag or O-Flag)
• The Default-Gateway Address will be retrieved from a router and not from the DHCPv6 Server

DHCPv6 vs v4

• DHCPv6 Server can inform DHCPv6 clients about new configuration information on the server (Reconfigure Message)
  • This will trigger an immediate DHCPv6 request from the client
  • DHCP reconfigure must be enabled on the client and on the server
  • Note: DHCPv6 reconfigure is currently not implemented in Kea DHCP

DHCPv6 vs v4

• (most) DHCPv6 server are issuing IP Addresses randomly from the available address space.
  • Some DHCPv4 is issuing IP Addresses continuously
  • Kea-DHCP does use the iterative allocator by default (continuous addresses)
  • Alternatives in Kea-DHCP are: "random allocator" and "FLQ" (Free Lease Queue)
• The DHCPv6 scheme makes it harder to guess an IP Address or scan a network segment

DHCPv6 Packet format

• The DHCPv6 packet format is not based on BOOTP or DHCPv4
  • DHCPv6 options are using TLV (Type, Length, Value) format similar to DHCPv4
  • Type and Length are 16bit, for larger option space and variable length value data

DHCPv6 header

DHCPv6 communication (1)

DHCPv6 communication (1)

DHCPv6 communication (2)

DHCPv6 communication (2)

DHCPv6 communication (3)

DHCPv6 communication (3)

DHCPv6 communication (4)

DHCPv6 communication (4)

DHCPv6 communication (4)

DHCPv6 Client communication

DHCPv6 Client communication

DHCPv6 Client communication

DHCPv6 Client communication

DHCPv6 Client communication

DHCPv6 Client communication

DHCPv6 Client communication

DHCPv6 Client communication

DHCPv6 Client communication

DHCPv6 Client communication

IPv6 Auto-configuration

• IPv6 nodes can configure a working IPv6 address without the help of an external source
  • No DHCP
  • No manual provisioning of hosts
  • This is called "Stateless automatic address configuration" (SLAAC)

IPv6 Auto-configuration

• IPv6 Auto-configuration is triggered by Router Advertisement (RA)Messages
• Router send their subnet prefix information into the local connected links

Router Advertisement (RA) messages

• RA messages from router contain
  • Local prefix(es)
  • Routers link-level address
  • Lifetime of router
  • Router priority
  • Flags: M flag and O flag
  • Maximum Transmission Unit (MTU)

DHCPv6 RFCs

• DHCPv6 is defined in¹
  • RFC 8415 - Dynamic Host Configuration Protocol for IPv6 (DHCPv6) https://datatracker.ietf.org/doc/rfc8415/ (November 2018)

DHCPv6 and SLAAC (1)

DHCPv6 and SLAAC (2)

DHCPv6 and SLAAC (3)

DHCPv6 and SLAAC (4)

DHCPv6 and SLAAC (5)

DHCPv6 and SLAAC (6)

DHCPv6 and SLAAC (7)

DHCPv6 and SLAAC (8)

DHCPv6 and SLAAC (9)

DHCPv6 and SLAAC (10)

DHCPv6 and SLAAC (11)

DHCPv6 and SLAAC (12)

DHCPv6 and SLAAC (13)

DHCPv6 - stateless vs. stateful

• There are two different ways to get an IPv6 address for a IPv6 enabled device
  • Stateless configuration
  • Stateful configuration

DHCPv6 - stateless vs. stateful

• Stateless configuration
  • The IPv6 address will be determined without a DHCP Server (IPv6 auto-configuration)
• Stateful configuration
  • The IPv6 address will be received from a DHCPv6 Server
• In both cases additional configuration parameters (DNS Server etc) can be retrieved by DHCPv6

DHCPv6 Options - Rapid Commit

• Option: Rapid Commit
• Value: 14
• Function: used by a client to signal that "rapid commit" is possible. On "rapid commit", a DHCPv6 server answers on a "SOLICIT" message directly with a "REPLY" message

DHCPv6 Rapit Commit

DHCPv6 Rapit Commit

Rapid Commit

• "rapid commit" speeds up the process of joining a network
• With "rapid commit" there is no information for the DHCPv6 server if the client is using the advertised IPv6 address
  • The DHCPv6 server must reserve the IPv6 address for the full lease time
    • This (temporary) squandering of IPv6 addresses is usually not a problem because of the large size of IPv6 subnets (/64 prefixes)

Prefix Delegation

• A DHCPv6 server can distribute whole networks (prefixes) to DHCPv6 clients (Router, DSL-CPEs, downstream DHCPv6 server)
  • A DHCPv6 server in the headquarter distributes networks to a network in a subsidiary
  • A DHCPv6 server at an ISCP distributes IPv6-Networks to customers CPE (DSL-Router), which in turn will give out IPv6 prefixes for stateless autoconfiguration

Prefix Delegation