Category: IPv6

IPv6 Implementation beyond theory & How playing with RA messages may be issue-istic

Some of these things I read in books and some of them took me few days of troubleshooting and sweating to get to them so I give them for free here to save you fellow networker some time:

SLAAC

The mighty SLAAC is the preferred method of IPv6 allocation, but is it so mighty? Or it only seems to be mighty and magic? Your computers or mobile phones in order to use SLAAC must be convinced to do so by the router RA message. That message includes the A flag set beside the prefix and all other info. That kind of RA message will tell the device receiving the RA that he needs to make the “A” autoconfiguration on his interface using EUI-64 method.

But that’s not all.

RA messages will need to have also the O flag set. With the O flag end hosts will tell the router that they will use DHCP but only for the “O” other options. In the first place that other option will be DNS server IPv6 address which is not possible to get from router RA messages. Why? I’m sure that’s the most frequent IPv6 question. The fellows who made the RFC 4861 documents didn’t put that option inside RA Router Advertisement Message Format.

I did try to find a reason why not. Maybe the only partially reasonable answer is that DNS is a hierarchical system that needs to be centralised inside a network architecture and routers as devices that are running routing processes are distributed system (at least before we see SDN in real life). So the answer will be that is not okay to put allocation of DNS address rule on a system that is not centralised. It means that if you need to change DNS in a network with a lot of routers that are sending RA messages on their local subnets you would need to change the config on all routers one by one. That is the best answer that I did find until now, but this sounds more like an excuse that a real reason for this decision. If you put all the info together with the answer that fellows from RFC 4861 did actually make the wrong decision is in existence of fairly new RFC 6106 that proposes addition od DNS IPv6 address allocation in RA message.

IPv6 RA Router Advertisement and all the flags inside

I can say at the beginning that more and more fellows are visiting this blog. Finally networking knowledge project did succeed to get some fans from out there so I felt the need to thank you all for visiting this place. As you can see here from the blog post list I didn’t follow this movement myself these days. I actually didn’t come here for some time now. My last few weeks were very intense. One of the reasons was my learning sessions that took me at least few hour a day and the most interesting reason was my new assignment at work. I got an assignment to carry out and even more interesting to secure IPv6 in our company for a whole network segment. At least one segment for now, but it was a nice thing to get me into IPv6 deep dive learning. And I make the last step of the learning like this:

What is better than document the networking job that you did until is fresh in your head. So I write it down for the future implementations but rather than put it into my notepad I do it here on my blog, so next time is easier to search for it and something even better than that, you can use it too.

RA - router advertisement message format from RFC 4861

RA – router advertisement message format from RFC 4861

This time I will write about some of the most important things in IPv6 networking that you needed to know before you go on and carry out IPv6 implementation. RA router advertisements and some strange special bits in the RA packet header that are configuration option flags. Good thing is that there are only a few of them, four to be precise. The bad thing is that at first, I needed a couple of days to stop mixing them up.

What’s that % sign after ipconfig IPv6 address?

I see a % sign after my IPv6 address?!

Zone IDs After Link-local Addresses? What the hell is that?

If that is what you see with “ipconfig” on Windows machine with IPv6 enabled, this article is for you.

IPv6 address with % sign is called Link-Local IPv6 address. IPv6 addressing is done n this way. An address exists on every computer NIC that has network part same for all computers in the world. That part is called network identifier and is written fe80:0000:0000:0000 or to be short fe80::

If you have one network card (NIC) inside your computer, everything is working fine and your computer can speak IPv6 to all others in the local network.

On the other side!

If you are one of those guys (strange networking guys who run strange labs on their big PCs), having more NICs inserted in their machine? In that case, your PC will have two or more network interfaces and every one of them will have the same network identifier fe80:0000:0000:0000. If you go back to networking fundamentals, you will remember that a host (or router) with more interfaces cannot have two of them with IP addressing from the same subnet.

Why?

If you want to ping the address fe80::5c9f:bc10:bb38:63ec from your computer and your computer has two NICs with addresses fe80::1111:1111:a000:0001 and fe80::5555:5555:5555:1111. Out of what interface will the ping exit the computer? Hm, on both? Only on random one? This is not going to work.

IPv6 – SLAAC Stateless Address Autoconfiguration

As you will see here, there are two kinds of IPv6 address autoconfiguration. One of them is the old and well know way to automatically configure IP address from IPv4 world, DHCP. The other way to make the autoconfiguration in IPv6 world in a new, and really interesting way, as it leaves the hosts the ability to make the autoconfiguration by themselves without the need to communicate to anybody else on the network.

IPv6 is meant for various purposes but one main purpose it serves is that it makes the life of the network administrators easier, especially when it comes to dealing with vast address space provided by IPv6. IPv6 address number is fairly bigger than IPv4. In order to make things work out of the box, automatic address configuration was created.

ipv6

As a result, an IPv6 host can configure for itself complete or part of the address settings automatically, which depends on the type and method it uses for autoconfiguration. The method types include:

  • Stateful autoconfiguration
  • Stateless autoconfiguration using EUI-64 addressing process (SLAAC)

IPv6 – SLAAC EUI-64 Address Format

UPDATE on 22 Mar 2018:
Article is correctly describing what is SLAAC and why is needed and describes how SLAAC uses RFC 2373 to generate interface IPv6 address. The thing is that today RFC 7217 describes an enhanced new way of SLAAC algorithm to improve user security and protect hosts from attacks. Details are available here in my new article about SLAAC.

Stateless autoconfiguration or SLAAC

SLAAC is a method in which the host or router interface is assigned a 64-bit prefix, and then the last 64 bits of its address are derived by the host or router with help of EUI-64 process which is described in next few lines. SLAAC uses NDP protocol to work.ipv6

As the format of the EUI-64 format is seen quite frequently, covering its details seems important too.