To start off, my dhcp-server is a simple 3825ISR router in these examples for both the server and client software =C3825-ADVENTERPRISEK9-M), Version 15.1(4)M4
Okay so let's get to work. The order of task are simple;
1st we build a pool;
ipv6 dhcp pool myip6pool
address prefix 2001:111::/64
dns-server 2001:200::1
dns-server 2001:200::2
domain-name hyperfeed.net
sip address 2001:333::1
sip address 2001:333::2
sntp address 2001:222::111
sntp address 2001:222::112
information refresh 1
!
2nd we validate the pool
router3825#show ipv6 dhcp pool
DHCPv6 pool: myip6pool
Address allocation prefix: 2001:111::/64 valid 172800 preferred 86400 (0 in use, 0 conflicts)
DNS server: 2001:200::1
DNS server: 2001:200::2
Domain name: hyperfeed.net
SIP server address: 2001:333::1
SIP server address: 2001:333::2
SNTP server address: 2001:222::111
SNTP server address: 2001:222::112
Information refresh: 86400
Active clients: 0
router3825#
3rd we apply the pool to the interface. This is opposite the classic ipv4 method, where the dhcp-server configuration is globally
!
interface GigabitEthernet0/1
ipv6 address 2001:111::1/64
ipv6 enable
ipv6 nd dad attempts 3
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 nd router-preference High
ipv6 dhcp server myip6pool
end
key points to take away here that we need to apply; The managed and other config-flags has to be set under our interface ipv6 neighbordiscovery settings. Now that we set the server side up let's look at the client. The client setup is simple as 1 -2- 3
1st we enable ipv6 and set the address to be dhcp
config t
int gi 0/1
description "yet another cisco router being a ipv6 dhcp-client"
ipv6 enable
ipv6 address dhcp
end
2nd
And here's how the client looks;
cisco3825#show ipv6 interface gi0/1
GigabitEthernet0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::221:D8FF:FE63:E11
No Virtual link-local address(es):
Global unicast address(es):
2001:111::349D:B08F:6170:3D6, subnet is 2001:111::349D:B08F:6170:3D6/128
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF63:E11
FF02::1:FF70:3D6
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
cisco3825#show ipv6 interface gi0/1 prefix
IPv6 Prefix Advertisements GigabitEthernet0/1
Codes: A - Address, P - Prefix-Advertisement, O - Pool
U - Per-user prefix, D - Default
N - Not advertised, C - Calendar
PD default [LA] Valid lifetime 2592000, preferred lifetime 604800
AD 2001:111::349D:B08F:6170:3D6/128 [LA] Valid lifetime 2592000, preferred lifetime 604800
cisco3825#
cisco3825#sh run int gi 0/1
Building configuration...
Current configuration : 125 bytes
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
media-type rj45
ipv6 address dhcp
ipv6 enable
end
and here's the dhcp6server binding on the DHCP server
router3825#show ipv6 dhcp binding
Client: FE80::221:D8FF:FE63:E11
DUID: 000300010021D8630E10
Username : unassigned
IA NA: IA ID 0x00030001, T1 43200, T2 69120
Address: 2001:111::349D:B08F:6170:3D6
preferred lifetime 86400, valid lifetime 172800
expires at Jan 04 2013 02:05 AM (172611 seconds)
router3825#
Okay let's looking at some debugging on the cisco console. You might want to understand what's happening between the 2.
config t
logging console
do debug ipv6 dhcp detail
!
!
!
default int gi 0/1
shut
!
ipv6 enable
ipv6 address dhcp
no shut
!
*Jan 2 02:20:47.319: IPv6 DHCP: Unconfiguring DNS server 2001:200::1
*Jan 2 02:20:47.319: IPv6 DHCP: Unconfiguring DNS server 2001:200::2
*Jan 2 02:20:47.319: IPv6 DHCP: Unconfiguring domain name hyperfeed.net
*Jan 2 02:20:47.319: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not sent
*Jan 2 02:20:47.319: IPv6 DHCP: DHCPv6 address changes state from OPEN to RELEASE (ADDR_SHUTDOWN) on GigabitEthernet0/1
*Jan 2 02:20:48.407: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not sent
*Jan 2 02:20:49.491: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not sent
*Jan 2 02:20:51.567: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not sent
*Jan 2 02:20:55.467: IPv6 DHCP: DHCPv6 address changes state from RELEASE to IDLE (ADDR_TIMEOUT) on GigabitEthernet0/1
and are you ready :)
cisco3825(config)#default interface gi 0/1
GigabitEthernet0/1: Setting default media-type to RJ45
Interface GigabitEthernet0/1 set to default configuration
cisco3825(config)#
*Jan 2 02:38:36.115: IPv6 DHCP: Unconfiguring DNS server 2001:200::1
*Jan 2 02:38:36.115: IPv6 DHCP: Unconfiguring DNS server 2001:200::2
*Jan 2 02:38:36.115: IPv6 DHCP: Unconfiguring domain name hyperfeed.net
*Jan 2 02:38:36.115: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not sent
*Jan 2 02:38:36.115: IPv6 DHCP: DHCPv6 address changes state from OPEN to RELEASE (ADDR_SHUTDOWN) on GigabitEthernet0/1
*Jan 2 02:38:37.067: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not senti
*Jan 2 02:38:38.127: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not sent
% Ambiguous command: "i"
cisco3825(config)#int
*Jan 2 02:38:40.119: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not sentgi 0/1
cisco3825(config-if)#ipv6
*Jan 2 02:38:43.983: IPv6 DHCP: DHCPv6 address changes state from RELEASE to IDLE (ADDR_TIMEOUT) on GigabitEthernet0/1 ad
dress dhcp
cisco3825(config-if)#
*Jan 2 02:38:51.111: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not sent
*Jan 2 02:38:52.219: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not sent
*Jan 2 02:38:54.315: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not sent
cisco3825(config-if)#
*Jan 2 02:38:58.179: IPv6 DHCP: IPv6 not ready on GigabitEthernet0/1, message not sentipv6 en
cisco3825(config-if)#
*Jan 2 02:39:03.951: IPv6 DHCP: Sending SOLICIT to FF02::1:2 on GigabitEthernet0/1
*Jan 2 02:39:03.951: IPv6 DHCP: detailed packet contents
*Jan 2 02:39:03.951: src FE80::221:D8FF:FE63:E11
*Jan 2 02:39:03.951: dst FF02::1:2 (GigabitEthernet0/1)
*Jan 2 02:39:03.951: type SOLICIT(1), xid 16496220
*Jan 2 02:39:03.951: option ELAPSED-TIME(8), len 2
*Jan 2 02:39:03.951: elapsed-time 0
*Jan 2 02:39:03.951: option CLIENTID(1), len 10
*Jan 2 02:39:03.951: 000300010021D8630E10
*Jan 2 02:39:03.951: option ORO(6), len 4
*Jan 2 02:39:03.951: DNS-SERVERS,DOMAIN-LIST
*Jan 2 02:39:03.951: option IA-NA(3), len 12
*Jan 2 02:39:03.951: IAID 0x00030001, T1 0, T2 0
*Jan 2 02:39:03.951: IPv6 DHCP: Received ADVERTISE from FE80::21D:70FF:FE39:7F01 on GigabitEthernet0/1
*Jan 2 02:39:03.951: IPv6 DHCP: detailed packet contents
*Jan 2 02:39:03.951: src FE80::21D:70FF:FE39:7F01 (GigabitEthernet0/1)
*Jan 2 02:39:03.951: dst FE80::221:D8FF:FE63:E11 (GigabitEthernet0/1)
*Jan 2 02:39:03.951: type ADVERTISE(2), xid 16496220
*Jan 2 02:39:03.951: option SERVERID(2), len 10
*Jan 2 02:39:03.951: 00030001001D70397F00
*Jan 2 02:39:03.951: option CLIENTID(1), len 10
*Jan 2 02:39:03.951: 000300010021D8630E10
*Jan 2 02:39:03.951: option IA-NA(3), len 40
*Jan 2 02:39:03.951: IAID 0x00030001, T1 43200, T2 69120
*Jan 2 02:39:03.951: option IAADDR(5), len 24
*Jan 2 02:39:03.951: IPv6 address 2001:111::79E7:8A77:46FC:9F8D
*Jan 2 02:39:03.951: preferred 86400, valid 172800
*Jan 2 02:39:03.951: option DNS-SERVERS(23), len 32
*Jan 2 02:39:03.951: 2001:200::1
*Jan 2 02:39:03.951: 2001:200::2
*Jan 2 02:39:03.951: option DOMAIN-LIST(24), len 15
*Jan 2 02:39:03.951: hyperfeed.net
*Jan 2 02:39:03.951: option SIP-ADDRESS(22), len 32
*Jan 2 02:39:03.951: 2001:333::1
*Jan 2 02:39:03.951: 2001:333::2
*Jan 2 02:39:03.951: option SNTP-ADDRESS(31), len 32
*Jan 2 02:39:03.951: 2001:222::111
*Jan 2 02:39:03.951: 2001:222::112
*Jan 2 02:39:03.951: IPv6 DHCP: Adding server FE80::21D:70FF:FE39:7F01
*Jan 2 02:39:05.075: IPv6 DHCP: Sending REQUEST to FF02::1:2 on GigabitEthernet0/1
*Jan 2 02:39:05.075: IPv6 DHCP: detailed packet contents
*Jan 2 02:39:05.075: src FE80::221:D8FF:FE63:E11
*Jan 2 02:39:05.075: dst FF02::1:2 (GigabitEthernet0/1)
*Jan 2 02:39:05.075: type REQUEST(3), xid 16511105
*Jan 2 02:39:05.075: option ELAPSED-TIME(8), len 2
*Jan 2 02:39:05.075: elapsed-time 0
*Jan 2 02:39:05.075: option CLIENTID(1), len 10
*Jan 2 02:39:05.075: 000300010021D8630E10
*Jan 2 02:39:05.075: option ORO(6), len 4
*Jan 2 02:39:05.075: DNS-SERVERS,DOMAIN-LIST
*Jan 2 02:39:05.075: option SERVERID(2), len 10
*Jan 2 02:39:05.075: 00030001001D70397F00
*Jan 2 02:39:05.075: option IA-NA(3), len 40
*Jan 2 02:39:05.075: IAID 0x00030001, T1 0, T2 0
*Jan 2 02:39:05.075: option IAADDR(5), len 24
*Jan 2 02:39:05.075: IPv6 address 2001:111::79E7:8A77:46FC:9F8D
*Jan 2 02:39:05.075: preferred 86400, valid 172800
*Jan 2 02:39:05.075: IPv6 DHCP: DHCPv6 address changes state from SOLICIT to REQUEST (ADDR_ADVERTISE_RECEIVED) on Gigabit
Ethernet0/1
*Jan 2 02:39:05.075: IPv6 DHCP: Received REPLY from FE80::21D:70FF:FE39:7F01 on GigabitEthernet0/1
*Jan 2 02:39:05.075: IPv6 DHCP: detailed packet contents
*Jan 2 02:39:05.075: src FE80::21D:70FF:FE39:7F01 (GigabitEthernet0/1)
*Jan 2 02:39:05.075: dst FE80::221:D8FF:FE63:E11 (GigabitEthernet0/1)
*Jan 2 02:39:05.075: type REPLY(7), xid 16511105
*Jan 2 02:39:05.075: option SERVERID(2), len 10
*Jan 2 02:39:05.075: 00030001001D70397F00
*Jan 2 02:39:05.075: option CLIENTID(1), len 10
*Jan 2 02:39:05.075: 000300010021D8630E10
*Jan 2 02:39:05.075: option IA-NA(3), len 40
*Jan 2 02:39:05.075: IAID 0x00030001, T1 43200, T2 69120
*Jan 2 02:39:05.075: option IAADDR(5), len 24
*Jan 2 02:39:05.075: IPv6 address 2001:111::79E7:8A77:46FC:9F8D
*Jan 2 02:39:05.075: preferred 86400, valid 172800
*Jan 2 02:39:05.075: option DNS-SERVERS(23), len 32
*Jan 2 02:39:05.075: 2001:200::1
*Jan 2 02:39:05.075: 2001:200::2
*Jan 2 02:39:05.075: option DOMAIN-LIST(24), len 15
*Jan 2 02:39:05.075: hyperfeed.net
*Jan 2 02:39:05.075: option SIP-ADDRESS(22), len 32
*Jan 2 02:39:05.075: 2001:333::1
*Jan 2 02:39:05.075: 2001:333::2
*Jan 2 02:39:05.075: option SNTP-ADDRESS(31), len 32
*Jan 2 02:39:05.075: 2001:222::111
*Jan 2 02:39:05.075: 2001:222::112
*Jan 2 02:39:05.075: IPv6 DHCP: Processing options
*Jan 2 02:39:05.075: IPv6 DHCP: Adding address 2001:111::79E7:8A77:46FC:9F8D/128 to GigabitEthernet0/1
*Jan 2 02:39:05.075: IPv6 DHCP: T1 set to expire in 43200 seconds
*Jan 2 02:39:05.075: IPv6 DHCP: T2 set to expire in 69120 seconds
*Jan 2 02:39:05.075: IPv6 DHCP: Configuring DNS server 2001:200::1
*Jan 2 02:39:05.075: IPv6 DHCP: Configuring DNS server 2001:200::2
*Jan 2 02:39:05.075: IPv6 DHCP: Configuring domain name hyperfeed.net
*Jan 2 02:39:05.075: IPv6 DHCP: DHCPv6 address changes state from REQUEST to OPEN (ADDR_REPLY_RECEIVED) on GigabitEtherne
t0/1
cisco3825(config-if)#
NOTE: and we can validate our address with issuing another "show ipv6 interface cmd"
One last point I would like to make everyone aware about. The managed and other flags that we configured are hints , and NOT 100% enforcement for the clients selections & address methods (with SLAAC or DHCP). Here's why, the same cisco IOS client that I'm showing in this example, is not configured for SLAAC ( autoconfig )
cisco3825(config-if)#int gi 0/1
cisco3825(config-if)#ipv6 en
cisco3825(config-if)#ipv6 enable
cisco3825(config-if)#ipv6 address autoconfig
cisco3825(config-if)#
Okay it still sent a local dhcp solicitation request for other information to be configured and if a local DHCPv6 server is present, it will provide those details;
( look here )
*Jan 2 02:40:53.819: IPv6 DHCP: Sending INFORMATION-REQUEST to FF02::1:2 on GigabitEthernet0/1
*Jan 2 02:40:53.819: IPv6 DHCP: detailed packet contents
*Jan 2 02:40:53.819: src FE80::221:D8FF:FE63:E11
*Jan 2 02:40:53.819: dst FF02::1:2 (GigabitEthernet0/1)
*Jan 2 02:40:53.819: type INFORMATION-REQUEST(11), xid 16619851
*Jan 2 02:40:53.819: option ELAPSED-TIME(8), len 2
*Jan 2 02:40:53.819: elapsed-time 0
*Jan 2 02:40:53.819: option CLIENTID(1), len 10
*Jan 2 02:40:53.819: 000300010021D8630E10
*Jan 2 02:40:53.819: option ORO(6), len 6
*Jan 2 02:40:53.819: DNS-SERVERS,DOMAIN-LIST,INFO-REFRESH
*Jan 2 02:40:53.819: IPv6 DHCP: DHCPv6 changes state from IDLE to INFORMATION-REQUEST (STATELESS) on GigabitEthernet0/1
*Jan 2 02:40:53.819: IPv6 DHCP: Received REPLY from FE80::21D:70FF:FE39:7F01 on GigabitEthernet0/1
*Jan 2 02:40:53.819: IPv6 DHCP: detailed packet contents
*Jan 2 02:40:53.819: src FE80::21D:70FF:FE39:7F01 (GigabitEthernet0/1)
*Jan 2 02:40:53.819: dst FE80::221:D8FF:FE63:E11 (GigabitEthernet0/1)
*Jan 2 02:40:53.819: type REPLY(7), xid 16619851
*Jan 2 02:40:53.819: option SERVERID(2), len 10
*Jan 2 02:40:53.819: 00030001001D70397F00
*Jan 2 02:40:53.819: option CLIENTID(1), len 10
*Jan 2 02:40:53.819: 000300010021D8630E10
*Jan 2 02:40:53.819: option DNS-SERVERS(23), len 32
*Jan 2 02:40:53.819: 2001:200::1
*Jan 2 02:40:53.819: 2001:200::2
*Jan 2 02:40:53.819: option DOMAIN-LIST(24), len 15
*Jan 2 02:40:53.819: hyperfeed.net
*Jan 2 02:40:53.819: option SIP-ADDRESS(22), len 32
*Jan 2 02:40:53.819: 2001:333::1
*Jan 2 02:40:53.819: 2001:333::2
*Jan 2 02:40:53.819: option SNTP-ADDRESS(31), len 32
*Jan 2 02:40:53.819: 2001:222::111
*Jan 2 02:40:53.819: 2001:222::112
*Jan 2 02:40:53.819: option INFO-REFRESH(32), len 4
*Jan 2 02:40:53.819: 86400
*Jan 2 02:40:53.819: IPv6 DHCP: Adding server FE80::21D:70FF:FE39:7F01
*Jan 2 02:40:53.819: IPv6 DHCP: Processing options
*Jan 2 02:40:53.819: IPv6 DHCP: Configuring DNS server 2001:200::1
*Jan 2 02:40:53.819: IPv6 DHCP: Configuring DNS server 2001:200::2
*Jan 2 02:40:53.819: IPv6 DHCP: Configuring domain name hyperfeed.net
*Jan 2 02:40:53.819: IPv6 DHCP: DHCPv6 changes state from INFORMATION-REQUEST to IDLE (REPLY_RECEIVED) on GigabitEthernet
0/1
show ipv6 int gi 0/1
GigabitEthernet0/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::221:D8FF:FE63:E11
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
2001:111::221:D8FF:FE63:E11, subnet is 2001:111::/64 [EUI/CAL/PRE]
valid lifetime 2591983 preferred lifetime 604783
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF63:E11
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
So the client still autoconfig its ipv6 address, using it's 64bit address obtained from it's mac_address, & it also found the local prefix offered via DHCP server route_advertisement
Last,
here's my macbook setup for autoconf, this is what the DHCPv6 server sees;
router3825#debug ipv6 dhcp det
IPv6 DHCP debugging is on (detailed)
router3825#
*Jan 2 03:15:38.751: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
*Jan 2 03:15:40.755: IPv6 DHCP: Add routes, pool myip6pool, idb GigabitEthernet0/1
==========macbook========
kenfelix1$ ifconfig en0 inet6
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::21f:5bff:feea:afa%en0 prefixlen 64 scopeid 0x4
inet6 2001:111::21f:5bff:feea:afa prefixlen 64 autoconf
Notice nothing :;
That's right the mac does not send any solicit messages to the dhcpv6 server. But it still picks up the ipv6 address via autoconf ( SLAAC ). It never sent any type of solicitation for any other DHCPv6 information. Btw this is MACOSX 10.6.8, maybe Lion is different.
Keypoints to take away from this all;
- ipv6 offers both stateless ( SLAAC ) and statefull ( DHCPv6 ) address assignments the latter can also provide other non ipv6_address information ( e.g dns/,ntp/sip/wins servers, domain search list, domain-name,etc….)
- DHCPv6 is not widely use in ALL OSes
- A host can still compute his EUI address regardless if a DHCPv6 server is or is-not currently present
- DHCPv6 uses the host link-local-address and ipv6 multicast for solicitations towards a DHCPv6 server
- Cisco DHCPv6 server is simple and straight forward to deploy
- show ipv6 dhcp pool cmd will show you dhcpv6 pool information
- rapid-commit reduce the overhead with server/client solicit and replies
- clear ipv6 dhcp binding cmd will allow you to flush dhcpv6 binding in the same fashion as ipv4
- not all IOS codeset have DHCPv6 server support YMMV so check the software features navigator
- not all IOS codeset have the ability to DHCPv6 assign an address to it's interfaces
- Rogue DHCPv6 server protection as far as my last checkup, is lacking in all most ALL router/l3-switches
- By default, cisco ipv6 router interfaces precipitate in RouteAdvertisements with no special configs options required outside of enabling ipv6 on the interface(s)
- SLAAC is the most popular means of address followed by static and lastly DHCPv6 from my experience and engagement of ipv6 over the last ten+ years
Once again, I hoped that you found this information helpful and useful in the near future.
Ken Felix
Freelance Network & Security Professional (ipv4 to ipv6 migration specialist )
kfelix @ hyperfeed dot com
No comments:
Post a Comment