Configuring DHCPv6 and SLAAC in IPv6 networks

In some cases, a combination of both methods is possible, allowing the advantages of each to be used and creating flexible and scalable networks.

IPv6 is the next-generation protocol designed to address the limitations of IPv4. Its main features are:

• Expanded address space: 128-bit addresses allow for a huge range of unique IP addresses.

• Improved security: built-in IPsec support provides more reliable data protection.

• Efficiency and performance: optimized packet header and improved routing.

• Address autoconfiguration: simplifies the process of setting up devices on the network.

The main automatic configuration tools in IPv6 networks are DHCPv6 and SLAAC:

• SLAAC (Stateless address autoconfiguration): allows devices to generate their own IPv6 addresses based on prefixes announced by routers. Suitable for networks where minimal administrator intervention is required.

• DHCPv6 (Dynamic host configuration protocol for IPv6): centralized control over the distribution of addresses and additional network parameters. Preferred in environments where strict control over the address space and client settings is required.

In some cases, a combination of both methods is possible.

Preparation for setup

Measure seven times, cut once. Proper preparation will save a lot of time and nerves in the future.

Equipment:

• Router with IPv6 support: it can be a commercial router from Cisco, Juniper, Mikrotik, or even an old PC with two network cards and Linux on board. The main thing is IPv6 support and the ability to configure DHCPv6 and SLAAC.

• Client devices: computers, laptops, or virtual machines with IPv6 support.

Software:

• Operating system with IPv6 support: modern versions of Windows, Linux, and macOS already support IPv6 "out of the box."

• DHCPv6 server software: for example, isc-dhcp-server for Linux or built-in DHCP services in commercial routers.

• Radvd daemon: for sending Router Advertisement messages when configuring SLAAC on Linux routers.

• Diagnostic and monitoring tools: ping6, traceroute6, tcpdump, Wireshark — all of these will be useful for debugging and checking the functionality of the settings.

Before implementing new settings in the production network, it is recommended to create a test environment.

Use a separate switch or VLAN to segment the test network. If you are using virtual machines, set up a virtual switch to isolate traffic.

If you are using a Linux server as a router:

1. Enable IPv6 packet forwarding:

   echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
   sudo sysctl -p

2. Install the radvd daemon for SLAAC:

   sudo apt-get install radvd

Install the DHCPv6 server:

sudo apt-get install isc-dhcp-server

Client devices should have automatic IPv6 address configuration enabled. This is usually set by default, but it's good to check.

Use ping6 to check device availability:

ping6 -c 4 2001:db8:1::1

Tools Used

1. ISC DHCP Server

One of the most popular DHCP servers with IPv6 support.

Configuration /etc/dhcp/dhcpd.conf:

default-lease-time 600;
max-lease-time 7200;
log-facility local7;

subnet6 2001:db8:1::/64 {
    range6 2001:db8:1::100 2001:db8:1::ffff;
    option dhcp6.name-servers 2001:db8::53;
    option dhcp6.domain-search "example.com";
}

Start the server:

sudo service isc-dhcp-server restart

2. Radvd

Used to send Router Advertisement messages in IPv6 networks, necessary for SLAAC.

Configuration /etc/radvd.conf:

interface eth0
{
    AdvSendAdvert on;
    MinRtrAdvInterval 30;
    MaxRtrAdvInterval 100;
    prefix 2001:db8:1::/64
    {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr on;
    };
};

Start the daemon:

sudo service radvd restart

Diagnostic Tools

• ping6: Check node availability via IPv6.

  ping6 google.com

• traceroute6: Trace the route to a node.

  traceroute6 google.com

• tcpdump: Capture traffic for analysis.

  sudo tcpdump -i eth0 -n -vv ip6

• Wireshark: A graphical tool for detailed network traffic analysis.

Client Device Configuration

Linux:

Configure the network interface for automatic IPv6 configuration.

File /etc/network/interfaces (Debian/Ubuntu):

auto eth0
iface eth0 inet6 auto

Windows:

Open the command prompt with administrator rights and enter:

netsh interface ipv6 set interface "Ethernet" routerdiscovery=enable

macOS:

IPv6 is usually enabled by default

Configuring DHCPv6 and SLAAC on Linux

Configuring DHCPv6

DHCPv6 allows centralized management of IPv6 address distribution and additional network parameters.

Install the DHCP server with IPv6 support:

sudo apt install isc-dhcp-server -y

Configure the DHCPv6 server:

Configuration file

Open the file /etc/dhcp/dhcpd.conf for editing:

sudo nano /etc/dhcp/dhcpd.conf

Configuration example

# Enable logging
log-facility local7;

# Define global parameters
default-lease-time 600;
max-lease-time 7200;

# Define the subnet for DHCPv6
subnet6 2001:db8:1::/64 {
  range6 2001:db8:1::100 2001:db8:1::FFFF;
  option dhcp6.name-servers 2001:db8:1::53;
  option dhcp6.domain-search "example.com";
}

subnet6: Defines the IPv6 subnet.

range6: Specifies the range of IPv6 addresses to be issued.

option dhcp6.name-servers: Specifies the DNS servers.

option dhcp6.domain-search: Specifies the domain names for search.

Specify the interface on which the DHCPv6 server will operate. Open the file /etc/default/isc-dhcp-server:

sudo nano /etc/default/isc-dhcp-server

Find the line INTERFACESv6 and specify the desired interface:

INTERFACESv6="eth0"

For proper IPv6 operation, packet forwarding needs to be enabled:

echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Restart the service and add it to autostart:

sudo systemctl restart isc-dhcp-server
sudo systemctl enable isc-dhcp-server

Check the status:

sudo systemctl status isc-dhcp-server

Make sure that DHCPv6 ports are not blocked:

sudo ip6tables -A INPUT -p udp --dport 546 -j ACCEPT
sudo ip6tables -A INPUT -p udp --dport 547 -j ACCEPT

On the client machine, open the file /etc/network/interfaces:

sudo nano /etc/network/interfaces

Add or edit the following lines:

auto eth0
iface eth0 inet6 dhcp

Restart the network interface:

sudo ifdown eth0 && sudo ifup eth0

On the client, check if it has received an IPv6 address:

ip -6 addr show eth0

An address from the range specified in range6 should appear.

Try to ping the server:

ping6 2001:db8:1::1

Check the logs on the server:

sudo tail -f /var/log/syslog | grep dhcpd

Use tcpdump to monitor DHCPv6 traffic:

sudo tcpdump -i eth0 port 546 or port 547 -n -vv

Configuring SLAAC

SLAAC allows devices to configure their own IPv6 addresses based on prefixes advertised by routers.

Install the radvd daemon, which will send router advertisement messages:

sudo apt install radvd -y

Edit the file /etc/radvd.conf:

sudo nano /etc/radvd.conf

Example configuration

interface eth0
{
    AdvSendAdvert on;
    MinRtrAdvInterval 3;
    MaxRtrAdvInterval 10;
    AdvManagedFlag off;
    AdvOtherConfigFlag off;
    prefix 2001:db8:1::/64
    {
        AdvOnLink on;
        AdvAutonomous on;
        AdvValidLifetime 86400;
        AdvPreferredLifetime 14400;
    };
    RDNSS 2001:db8:1::53
    {
        AdvRDNSSLifetime 3600;
    };
    DNSSL example.com
    {
        AdvDNSSLLifetime 3600;
    };
};

• AdvSendAdvert: Enables sending RA messages.

• AdvManagedFlag: Indicates whether to use DHCPv6 for addresses (off).

• AdvOtherConfigFlag: Indicates whether to use DHCPv6 for other options (off).

Enable IPv6 packet forwarding

If not done earlier:

echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Restart the service and add it to autostart:

sudo systemctl restart radvd
sudo systemctl enable radvd

Check the status:

sudo systemctl status radvd

On client machines, ensure the interface is set to automatic configuration:

sudo nano /etc/network/interfaces

Add or edit:

auto eth0
iface eth0 inet6 auto

Restart the interface:

sudo ifdown eth0 && sudo ifup eth0

On the client, check the obtained IPv6 addresses:

ip -6 addr show eth0

You should see an address starting with 2001:db8:1::, which was automatically generated.

Ensure the routes are set correctly:

ip -6 route show

There should be a default route through your router.

Check the logs on the server:

sudo tail -f /var/log/syslog | grep radvd

Use tcpdump to monitor RA messages:

sudo tcpdump -i eth0 icmp6 -n -vv

To enhance privacy, enable Privacy Extensions on clients:

echo "net.ipv6.conf.all.use_tempaddr=2" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Restart the interface:

sudo ifdown eth0 && sudo ifup eth0

Now the client will have temporary IPv6 addresses.

If you need to use SLAAC for addresses and DHCPv6 for additional options:

On the Radvd server

Enable the AdvOtherConfigFlag:

AdvOtherConfigFlag on;

On the DHCPv6 server

Configuring the server to provide only additional options without issuing addresses. In dhcpd.conf we remove the range6 section and leave only the necessary options:

option dhcp6.name-servers 2001:db8:1::53;
option dhcp6.domain-search "example.com";

Good luck with the setup and stable operation of your network!

ISIS and IPv6: is it really a new routing protocol again?

We will discuss it in an open lesson today (September 18) in the evening. As a result of the lesson, we will analyze the basics of implementing IPv6 support in the ISIS routing protocol, and also practically implement a network with IPv6 and ISIS support. Sign up for the lesson at the link.