[c-nsp] ipv6

Jay Ford jay-ford at uiowa.edu
Wed Jun 5 17:48:09 EDT 2013


On Wed, 5 Jun 2013, Aaron wrote:
> I understand that routers do something about automatic address assignment (I
> believe known as SAA).  This is not DHCPv6.... but rather simply the router
> telling the hosts it's prefix and the hosts assign the host portion to that.
> Question:  would/did you all go that route for end station addressing OR did
> you do dhcpv6 ?  if so, why one over the other?

You're referring to SLAAC (stateless address autoconfiguration).  The router
sends an RA (router advertisement) which contains the /64 prefix for the net
(& other useful stuff).  The client calculates an address within that prefix,
verifying availability via DAD (duplicate address detection).  The RA & DAD
are part of ND (neighbor discovery) which is the approximate replacement for
ARP, via ICMPv6.

We started with SLAAC for dynamic devices & continue to do so, along with
plain old static configuration for static devices.  In our case, we figure if
a device warranted a static IPv4 address it probably warrants a static IPv6
address.  There are other schools of thought on that.  Some devices will only
do SLAAC, & it's a nice bootstrapping method, so you probably need it no
matter what else you do.

We added DHCPv6 on some of our nets, but that prompted some crazy behavior by
broken devices (mostly HP printers), so we stopped expanding that.  Also,
DHCPv6 as a service (from ISC, anyway) needs some work.  It does function,
but the logging is lacking & there are a few other annoying aspects.

Note that dynamic devices can't run strictly on SLAAC or DHCPv6 with only
IPv6, because SLAAC doesn't convey DNS resolvers & DHCPv6 doesn't convey the
router.  If the device does DNS via IPv4, then SLAAC is sufficient for IPv6.
Also, you can combine SLAAC & DHCPv6 by using SLAAC for addressing & DHCPv6
for "other information" like DNS resolvers.

Keep in mind that unlike IPv4 where you get 1 address by some method & thus
the methods are mutually exclusive, in IPv6 you can get addresses by multiple
methods so the methods are not mutually exclusive.  For example, if you
configure a static address but don't disable SLAAC, you'll also still have a
SLAAC address.  If you then enable DHCPv6, you'll probably get yet another
address.  With temporal/privacy addressing games done by Windows & some other
OSes, you might cycle through yet more addresses.  Great fun!

Jay


More information about the cisco-nsp mailing list