SLAAC with Stateless DHCP

As discussed in my previous post, we can use SLAAC to auto assign ip address based on the prefix advertised in the RA. However with SLAAC you only get the IPv6 address and the gateway and still need to depend on DHCP for the DNS server, domain name and the other options. This is called Stateless DHCP as it does not track the client mac and the ip (No dhcp binding table is formed).

Please refer the the previous post on how SLAAC works and how to configure it.

http://lets-start-to-learn.blogspot.in/2014/10/ipv6-slaac-gns3-example.html


In this post we'll build upon the previous post and will add Stateless DHCP to it to provide DNS server ip and the domain name to the host devices.

Since GNS3 VPCS was not giving options related to DNS I have created a loopback adapter on my laptop and will be using it to replicate a host machine shown in the topology as a Cloud.

Please refer to my previous posts on how to create a loopback adapter and how to use it in GNS3 as a host machine.


http://lets-start-to-learn.blogspot.in/2014/10/creating-loopback-adapter-on-windows.html


http://lets-start-to-learn.blogspot.in/2014/10/using-vpcs-in-gns3-to-replicate-host.html


Following is the Topology I am using:

I have created an IPv6 DHCP pool on the R1 to provide only DNS Server ip and Domain name:


R1#show running-config | sec ipv6 dhcp

ipv6 dhcp pool Stateless_DHCP
 dns-server 2000:1000::1
 domain-name Test.com
 ipv6 dhcp server Stateless_DHCP

I am using the above dhcp pool just for vlan 10 and following configuration would be required on the vlan 10 SVI :

interface Vlan10

 no ip address

 ipv6 address 2000:1000::1/64

 ipv6 enable

 ipv6 nd other-config-flag

 ipv6 dhcp server Stateless_DHCP

On the R2 the interface fa0/4 is mapped to vlan 10.

R2#show runn int fa 0/4

Building configuration...

Current configuration : 60 bytes

!

interface FastEthernet0/4

 switchport access vlan 10

end

I had to play with Spanning tree (The Fa 0/4 port was getting into blocked state) before the loopback adapter on my lab could get the ipv6 address and the dhcp configuration.

Ethernet adapter Local Area Connection 3:

   Connection-specific DNS Suffix  . : Test.com

   Description . . . . . . . . . . . : Microsoft Loopback Adapter

   Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2000:1000::651c:9aca:97a6:3a7e(Preferred)

   Temporary IPv6 Address. . . . . . : 2000:1000::8c84:1cb9:4268:7fd0(Preferred)

   Link-local IPv6 Address . . . . . : fe80::651c:9aca:97a6:3a7e%17(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.10.11(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Default Gateway . . . . . . . . . : fe80::ce00:29ff:feb8:0%17

   DHCPv6 IAID . . . . . . . . . . . : 503447628

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-EE-19-AD-00-21-CC-C6-CF-CF

   DNS Servers . . . . . . . . . . . : 2000:1000::1

   NetBIOS over Tcpip. . . . . . . . : Enabled

   Connection-specific DNS Suffix Search List :

                                       Test.com

You will also notice that once you configured the IPv6 dhcp scope on the R1 it also joined to some additional group addresses related to dhcpv6

R1#show ipv6 interface

Vlan10 is up, line protocol is up

  IPv6 is enabled, link-local address is FE80::CE00:29FF:FEB8:0

  Global unicast address(es):

    2000:1000::1, subnet is 2000:1000::/64

  Joined group address(es):

    FF02::1

    FF02::2

    FF02::1:2

    FF02::1:FF00:1

    FF02::1:FFB8:0

    FF05::1:3

ff02::1:2 All DHCP servers and relay agents on the local network segment (defined in RFC 3315)

ff05::1:3 All DHCP servers on the local network site (defined in RFC 3315)

With DHCPv6 there are very interesting, new terms used and implemented in the way how the DHCPv6 will assign ip addresses to the client devices.The DHCPv6 uses UDP port number 546 for clients and port number 547 for servers.
In IPv6 you had the concept of client identified which was the physical mac address of the client device requesting for the DHCP, with IPv6  we have something called a host identifier, named DUID – Device UID – and a set of interface identifiers. The RFC defines a DUID this way:
A DHCP Unique IDentifier for a DHCP participant; each DHCP client and server has exactly one DUID.
Also each interface has an ID, called IAID – Interface Association Identifier – that is a binding between the interface and one or several IP addresses. Each allocation in the DHCPv6 server is identified by a DUID and a IAID.
If you notices the IPv6 details from the host machine in the above topology it also has a DUID and IAID:

 DHCPv6 IAID . . . . . . . . . . . : 503447628

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-EE-19-AD-00-21-CC-C6-CF-CF

You can check the DUID on the Router using the command: show ipv6 dhcp.

R1#show ipv6 dhcp
This device's DHCPv6 unique identifier(DUID): 00030001CC0029B8F000

At the moment there are three types of DUID defined:
1) Link-layer address plus time (DUID-LLT)
2) Vendor-assigned unique ID based on Enterprise Number
3) Link-layer address (DUID-LL)

Cisco uses a structure based on DUID-LLT (link-layer address plus time). The device uses the MAC address from the lowest numbered interface to form the DUID.

The type of DUID-LLT consists of:

• Two octet type field containing the value 1

• Two octet hardware type code. The hardware type MUST be a valid hardware type assigned by the IANA as described in RFC 826. Ethernet uses hardware type 1 and 48-bit MAC address of the device as the link-layer address.

• Four octets containing a time value

• Link-layer address of any one network interface that is connected to the DHCP device at the time that the DUID is generated. The time value is the time that the DUID is generated, represented in seconds since midnight (UTC), January 1, 2000, modulo 2^32.

Lets follow the wireshark capture collected on the PC.

1. The R1 sends out a RA in the Packet 313.

2. The host sends out a Multicast Listener Report to the IP destination address of FF02::16, to which all MLDv2-capable multicast routers listen.

Refer to the RFC:   http://tools.ietf.org/html/rfc3810

Here once the host machine has got an RA it has assigned itself and ip address as : 2000:1000::8c84:1cb9:4268:7fd0, and as we know once the device gets a link local address or the Global IPv6 address it also makes itself as the member of the related solicited node multicast group (for both it's link-local and global address). Here the host machine is sending out the multicast listerner report indicating its interest for the solicited node multicast address associated with its Global ipv6 address.

The solicited node multicast address is generated by adding last 24 bits of the link-local/ Global ipv6 address to the prefix : ff02::1:ff00:0/104.

Solicited-Node multicast addresses are used in Neighbor Discovery Protocol for obtaining the layer 2 link-layer addresses of other nodes. For our host the solicited node multicast address becomes:

ff02::1:ff00:0/104 + 68:7fd0 = ff02::1:ff68:7fd0

Please refer to the Wiki page:

http://en.wikipedia.org/wiki/Solicited-node_multicast_address

3. The host machine sends out a network solicitation to the Router at its solicited node multicast address. Nodes send neighbor solicitations to request the link-layer address of a target node while also providing their own link-layer address to the target.

4. The Router sends neighbor advertisements in response to neighbor solicitations and sends unsolicited neighbor advertisements in order to propagate new information quickly.

5. The host sends out a dhcp information request to All dhcp server address ff02::1:2.

6. The server sends out a reply to the host device link local address:

Hope this was helpful :)