Re: IPv6 fc00::/7 — Unique local addresses

[Ray Soucy <rps () maine edu>]

Also,

Keep in mind that DHCPv6 uses a DUID for host identification and not a
MAC address.

Here is an example ISC DHCPd configuration for an IPv6 network without
open pool allocation (it will only respond for hosts in the config).

# subnet6 for each network
subnet6 FD00:1234:5678:9ABC::/64 { option dhcp6.name-servers
FD00:1234:5678:9ABC::2, FD00:1234:5678:9ABC::3; }

# host for each host
host soucy-desktop.domain.net { host-identifier option dhcp6.client-id
00:01:00:01:11:ee:71:12:00:1a:a0:da:ba:7f; fixed-address6
FD00:1234:5678:9ABC::A; }

I believe the new version of ISC DHCPd has added code to be able to
determine the MAC address instead of using a DUID, but I haven't
tested it personally.

On Thu, Oct 21, 2010 at 3:59 PM, Ray Soucy <rps () maine edu> wrote:
> I think you're misunderstanding how DHCPv6 works.  Don't think of it
> like DHCP that you're used to.
>
> DHCPv6 requires an IPv6 router advertisement to work.  There are three
> flags of interest in a router advertisement.
>
> One of them is the "A" (autonomous) flag which is enabled by default
> in almost every implementation I've seen.  This is what signals a host
> that it is permitted to use stateless configuration with the prefix.
>
> There are also "M" (managed) and "O" other flags.  The "M" flag being
> set signals the host that it should start a DHCPv6 client and make a
> request for an address, the "O" flag signals that the host should ask
> for "other" or additional configuration information through DHCPv6
> (e.g. DNS servers).
>
> None of the flags are exclusive, so you can enable DHCPv6 by setting
> the M flag, but unless you disable the A flag, hosts will still use
> stateless configuration (in addition to DHCPv6 and receive two
> addresses)
>
> If you want a DHCPv6-only environment, you simply disable the A flag
> on the router advertisement.  This will stop hosts from using
> stateless with the advertised prefix.
>
> The default gateway for the network is learned through the router
> advertisement, not through DHCPv6, which is why it doesn't exist in
> DHCPv6.
>
> Example IOS configuration:
>
> interface Vlan123
>  description Test IPv6 Network
>  ipv6 address FD00:1234:5678:9ABC::1/64
>  no ipv6 unreachables
>  ipv6 nd prefix default 2592000 604800 no-autoconfig
>  ipv6 nd managed-config-flag
>  ipv6 nd other-config-flag
>  ipv6 nd router-preference High
>  no ipv6 redirects
>  ipv6 verify unicast source reachable-via rx
>  ipv6 eigrp 123
>  ipv6 dhcp relay destination FD00:1234:5678:9ABC::2
>  ipv6 dhcp relay destination FD00:1234:5678:9ABC::3
>
> The "ipv6 nd prefix ... no-autoconfig" statement is what you're
> looking for.  You need to type out timers to be able to get to it.
> The values shown are just the Cisco defaults.
>
>
>
> On Thu, Oct 21, 2010 at 3:43 PM, Luca Tosolini <bit.gossip () chello nl> wrote:
> > On Thu, 2010-10-21 at 14:19 -0400, Ray Soucy wrote:
> >
> > > We've decided to disable SLAAC (State-Less Address Auto-Configuration)
> > > on almost all our IPv6 networks and use DHCPv6 exclusively.  This
> > > allows us to only respond with DHCPv6 to the hosts we want to get an
> > > IPv6 address instead of enabling it network-wide and crossing your
> > > fingers.  The disadvantage here is that DHCPv6 client support is still
> > > limited (OS X has none for example).   The argument is that IPv6 isn't
> > > mission critical yet, so we're waiting to see if vendors will come
> > > around and include DHCPv6 client support in the future.
> >
> > Ray,
> > how do you convey the default-router information with DHCPv6 only. AFAIK
> > there is no such field in DHCPv6...
> >
> > Luca.
>
>
>
> --
> Ray Soucy
>
> Epic Communications Specialist
>
> Phone: +1 (207) 561-3526
>
> Networkmaine, a Unit of the University of Maine System
> http://www.networkmaine.net/



-- 
Ray Soucy

Epic Communications Specialist

Phone: +1 (207) 561-3526

Networkmaine, a Unit of the University of Maine System
http://www.networkmaine.net/