Implementing DHCPv6 on an IPv6 network



Similar documents
IPv6 Addressing and Subnetting

Joe Davies. Principal Writer Windows Server Information Experience. Presented at: Seattle Windows Networking User Group June 1, 2011

Basic IPv6 WAN and LAN Configuration

IPv6 in Axis Video Products

Dedication Preface 1. The Age of IPv6 1.1 INTRODUCTION 1.2 PROTOCOL STACK 1.3 CONCLUSIONS 2. Protocol Architecture 2.1 INTRODUCTION 2.

IPv6 Trace Analysis using Wireshark Nalini Elkins, CEO Inside Products, Inc.

3GPP TS V6.3.0 ( )

IPv6 Associated Protocols

Chapter 36 Dynamic Host Configuration Protocol for IPv6 (DHCP6)

Discovering IPv6 with Wireshark. presented by Rolf Leutert

IPv6 Functionality. Jeff Doyle IPv6 Solutions Manager

IPv6 Fundamentals: A Straightforward Approach

Neighbour Discovery in IPv6

About Me. Work at Jumping Bean. Developer & Trainer Contact Info: mark@jumpingbean.co.za

Step-by-Step Guide for Setting Up IPv6 in a Test Lab

IPv6 Addressing. Awareness Objective. IPv6 Address Format & Basic Rules. Understanding the IPv6 Address Components

Tomás P. de Miguel DIT-UPM. dit UPM

IPv6 Autoconfiguration Best Practice Document

Introduction to IP v6

Mobile IP. Bheemarjuna Reddy Tamma IIT Hyderabad. Source: Slides of Charlie Perkins and Geert Heijenk on Mobile IP

IPv6.marceln.org.

Types of IPv4 addresses in Internet

Getting started with IPv6 on Linux

Chapter 3 Configuring Basic IPv6 Connectivity

IPv6 Infrastructure Security

Mobility Management in DECT/IPv6 Networks

ICS 351: Today's plan

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

IPv6 Infrastructure Security Jeffrey L Carrell Network Conversions Network Security Consultant, IPv6 SME/Trainer

Variable length subnetting

Efficient Addressing. Outline. Addressing Subnetting Supernetting CS 640 1

GB-OS Version 6.2. Configuring IPv6. Tel: Fax Web:

Scaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1

IP and Mobility. Requirements to a Mobile IP. Terminology in Mobile IP

OS IPv6 Behavior in Conflicting Environments

2. What is the maximum value of each octet in an IP address? A. 28 B. 255 C. 256 D. None of the above

Domain Name Auto-Registration for Plugged-in IPv6 Nodes. <draft-kitamura-ipv6-name-auto-reg-00.txt>

Personal Firewall Default Rules and Components

HOST AUTO CONFIGURATION (BOOTP, DHCP)

Wireless Networks: Network Protocols/Mobile IP

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

6 Mobility Management

Date 07/05/ :20:22. CENTREL Solutions. Author. Version Product XIA Configuration Server [ ]

IPv6 for SMB s: Easy or Hard?

Computer Networks. Introduc)on to Naming, Addressing, and Rou)ng. Week 09. College of Information Science and Engineering Ritsumeikan University

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Chapter 3 LAN Configuration

Firewalls und IPv6 worauf Sie achten müssen!

Transport and Network Layer

IPv6 Hardening Guide for Windows Servers

Services. Vyatta System. REFERENCE GUIDE DHCP DHCPv6 DNS Web Caching LLDP VYATTA, INC.

Security Assessment of Neighbor Discovery for IPv6

Aculab digital network access cards

TR-296 IPv6 Transition Mechanisms Test Plan

Deploying IPv6 for Service Providers. Benoit Lourdelet IPv6 Product Manager, NSSTG

IPv6 Addressing. How is an IPv6 address represented. Classifications of IPv6 addresses Reserved Multicast addresses. represented in Hexadecimal

Dynamic Host Configuration Protocol for IPv6

IPv6 for AT&T Broadband

About the Technical Reviewers

IPv6 Network Security.

IPv6 Advantages. Yanick Pouffary.

BASIC FIREWALL SERVICES

TCP/IP works on 3 types of services (cont.): TCP/IP protocols are divided into three categories:

IP addressing. Interface: Connection between host, router and physical link. IP address: 32-bit identifier for host, router interface

Dynamic Autoconfiguration in 4G Networks: Problem Statement and Preliminary Solution

Exam : Title : TS: Windows Server 2008 Network Infrastructure, Configuring Ver :

Telematics. 9th Tutorial - IP Model, IPv6, Routing

IPv6 Virtual Labs: How to & Lessons s Learned. IPv6 Virtual Labs:

PART IV. Network Layer

ProCurve Networking IPv6 The Next Generation of Networking

ERserver. iseries. Networking TCP/IP setup

Use MAC-Forced Forwarding with DHCP Snooping to Create Enhanced Private VLANs

Internet Engineering Task Force (IETF) Request for Comments: 6422 Updates: 3315 Category: Standards Track ISSN: December 2011

Detecting rogue systems

IPv6 READY. Conformance Test Scenario CE Router. Technical Document. Revision 1.0.0

Mobility on IPv6 Networks

ETSI TS V8.9.0 ( )

NAT Traversal for VoIP. Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University

IPv6 for Cisco IOS Software, File 2 of 3: Configuring

IPv6 Diagnostic and Troubleshooting

Windows 7 Resource Kit

Introduction to Mobile IPv6

Technology Brief IPv6 White Paper.

Connecting to and Setting Up a Network

Use Domain Name System and IP Version 6

Configure DHCP features benefits Differences BOOTP DHCP operation configuring verifying troubleshooting Configure N AT NAT features operation

Recent advances in IPv6 insecurities Marc van Hauser Heuse Deepsec 2010, Vienna Marc Heuse

SSVVP SIP School VVoIP Professional Certification

We Are HERE! Subne\ng

IPv6 INFRASTRUCTURE SECURITY WORKSHOP SESSION 10 BUILDING IPv6 INFRASTRUCTURE NETWORK SECURITY

How to Install and Configure the DHCP Service in Windows Server 2008 R2

Review: Lecture 1 - Internet History

Configuring IP Addressing and Services

Transcription:

Implementing DHCPv6 on an IPv6 network Benjamin Long benlong@iol.unh.edu 8-11-2009

Implementing DHCPv6 on an IPv6 network 2 Table of Contents DHCPv6 Overview...3 Terms used by DHCPv6...3 DHCPv6 Message Exchange Process...5 Implementing the DHCPv6 Server...5 Network Implementations and Requirements...5 Server Configuration...6 Address Pools...6 Access Control(optional)...7 Preference...7 Rapid Commit (optional)...7 Unicast (optional)...7 DNS options (optional)...8 SIP domain options (optional)...8 Information only exchange...8 Implementing the Client...8 Client Configuration...8 Relay Agent implementation...9 Relay Agent Server Configuration...10 Relay Agent Configuration...10 Cascading Relay Agent Configuration...10 References...11

Implementing DHCPv6 on an IPv6 network 3 DHCPv6 Overview While Internet Protocol Version Six (IPv6) is capable of handling address auto-configuration, it is often an ineffective replacement for Dynamic Host Configuration Protocol (DHCP) in more complex networks for the distribution of other information. DHCP is used in current Internet Protocol Version Four (IPv4) networks to distribute addresses and other information. The most commonly distributed information is Domain Name Service (DNS) configurations. IPv6 auto-configuration only handles addressing configuration. Dynamic Host Configuration Protocol Version Six (DHCPv6) was designed to handle the the automatic configuration of addressing, DNS information and is further capable of distributing other information to be covered further in this document. A minimum of two types of devices need to be configured on an IPv6 network to successfully implement DHCPv6: the server and the client devices. Additionally, depending on your network configuration and needs, you may need to configure a relay agent. Terms used by DHCPv6 DHCPv6 Unique Identifier (DUID): All DHCPv6 devices identify themselves using a DUID. There are several methods for generating a DUID, but it is most often generated using the Media Access Control (MAC) address. Global (address scope): Global addresses are used for communication outside the local network. Lease: Addresses assigned by DHCPv6 are also assigned with a lease time as two values (T1 and T2). The lease time governs the duration the client device is able to use the address for and how often it should attempt to renew the lease. T1 defines when the client should begin attempting to renew the lease from the server that assigned the lease. After time T2 the the client attempts

Implementing DHCPv6 on an IPv6 network 4 to find any available servers to renew its lease from. Link (referring to a network): Functionally equivalent to a subnet in IPv4. Devices that are on link with each other can communicate without a router to route the traffic. Link-Local (address scope): Link-local addresses are used only for communication with other devices on the same link. These addresses are never routed. They are also generated automatically by IPv6 devices when they are brought online. The link-local unicast prefix is fe80::/64 and the link-local multicast prefix is ff02::/64. Multicast: Multicast addresses are destined for multiple nodes on a network, specifically the nodes that have joined the multicast group that corresponds to a multicast address. The All_DHCP_Relay_Agents_and_Servers address is ff02::1:2 (a link-local multicast address) and the All_DHCP_Servers address is ff05::1:3. Prefix: IPv6 addresses are composed of a prefix and a link identifier which are equivalent to the network and host bits of an IPv4 address respectively. Prefixes are commonly recorded as <prefix>::/<prefix length>. For example: 3000::/64. Session Initiation Protocol (SIP): SIP is used primarily for Voice over Internet Protocol (VoIP) to make calls to other clients. Unicast: Unicast addresses are destined for a single node on a network. Valid Lifetime: The maximum amount of time that an address can be used for. The lease time should always be set lower than the valid lifetime or client will not be able to communicate with other off link devices periodically. DHCPv6 Message Exchange Process The DHCPv6 message exchange process consists of four steps during initialization. DHCPv6

Implementing DHCPv6 on an IPv6 network 5 and IPv6 auto-configuration interact in beneficial way as well. When a client is first brought online, it performs IPv6 auto-configuration to generate its link-local address. The client then sends a Router Solicitation message to the all IPv6 routers multicast address. If DHCPv6 is in use on the network, the router then replies with a Router Advertisement message with the Managed Address Configuration Flag set. At this point the client sends a DHCPv6 Solicit message to the All_DHCP_Relay_Agents_and_Servers address to probe for any available DHCPv6 servers. The servers that receive the Solicit message reply with an Advertise message containing configuration information available from that server. The client selects a server and transmits a Request message to the server, to confirm the configuration information. The server responds with a Reply message to the client confirming the information the client should bind to its interface. Implementing the DHCPv6 Server The DHCPv6 server is the most important and configuration intensive device on the network for DHCPv6 implementation. The server controls the configuration options that are available, as well the the lease time information. Network Implementations and Requirements For a network to implement DHCPv6 a network designer should be aware of a few requirements and restrictions. Because the DHCPv6 message exchange process occurs on a link-local scope, the server must have an interface located on the same link as the client devices, or a relay agent must be used to bridge between networks. For the purpose of this section, it is assumed that the clients and server are on the same link; for situations where the server is off-link, refer to section IV covering DHCPv6 relay agents.

Implementing DHCPv6 on an IPv6 network 6 For DHCPv6 to occur automatically when client devices are brought online, the router for the DHCPv6 network should be configured to set the Managed Address Configuration bit in outgoing Router Advertisements. If non-address information is also available over DHCPv6, set the Other Configuration Flag to indicate this to the clients. DHCPv6 is capable of distributing additional information (such as DNS and SIP) while still using IPv6 address auto-configuration. To use this method, configure the router to set only the Other Config Flag (and not the Managed Config flag). When a client receives this option, it still configures its global address using the prefix provided in the Router Advertisement message, but the client also sends a DHCPv6 Information-Request message to all the DHCPv6 servers. Servers reply with a Reply message providing the configuration information from the server configuration file. Server Configuration To function effectively, the server will need to be configured with an address pool, timing information, and any other information that needs to be distributed across the network. Refer to the documentation available for your implementation for how to configure each option. Address Pools The server needs to be configured with addresses to be distributed to DHCPv6 clients. This is done through address pools which are used to define address ranges that can be distributed, as well as lease times (T1 and T2), as well as valid and preferred lifetimes for that address. You may also be able to use address pools to control what clients are allowed addresses by pool which can be useful for dividing your network into trusted and untrusted networks. Access Control(optional) You can set access control on your DHCPv6 server to only allow access to address pools to specifically listed. Access control is typically done using client DUID, but may vary from

Implementing DHCPv6 on an IPv6 network 7 implementation to implementation. Common options include banning a specific DUID or range of DUIDs from an address pool as well as restricting access to only to a specific DUID or range of DUIDs. Preference Preference is a value between zero and 255 that clients use to determine which server to use in the case where they receive multiple DHCPv6 Advertise messages. A client will pick the server that has the highest preference value. If a client receives an Advertise message with a preference of 255 it will immediately continue the DHCPv6 message exchange process with the sending server without waiting the normal amount of time. Rapid Commit (optional) Rapid commit shortens the DHCPv6 message exchange to two messages instead of the normal four. Both the server and the client must be configured to allow rapid commit. Rapid commit is useful in networks under heavy load. Unicast (optional) A server can be configured to send a unicast option in its Advertise messages. Clients that support this option can then complete the message exchange using unicast instead of multicast. The unicast option is useful for reducing traffic in networks as multicast packets must be processed by multiple nodes. DNS options (optional) The DNS server option (also known as a DNS Recursive Name Server option) is used to inform clients of DNS server addresses. The address or addresses of the DNS server must be statically configured in the DHCPv6 server configuration. The domain option (also known as a domain search

Implementing DHCPv6 on an IPv6 network 8 list option) is used to inform clients of the domain name the client is a member of. The domain option allows clients to refer to other devices with just their device name; without this option, clients must refer to other devices by their full domain name. SIP domain options (optional) DHCPv6 can be configured to distribute SIP information in the same manner as DNS information. SIP has server and domain information that can be provided. Information only exchange (optional) Servers can be configured to only provide non-address configuration information (such as DNS and SIP) information to clients. In this case the server will reply only to Information-Request messages. Implementing the Client Setting up the clients is relatively easy. There are several implementations available, and you typically won't have to do much configuration. Many systems that support IPv6 will come with DHCPv6 client software already installed. Client Configuration The client has very little configuration involved. You may have to configure which interfaces the client should run DHCPv6 on (usually the only interface the device has) as well as what type of address to request. If you want to use rapid commit or unicast DHCPv6, you should set the flags in the configuration accordingly. You can also configure the client to request a specific set of options (DNS and SIP for example). You can also force the client to use the information only message exchange process instead of the full DHCPv6 message exchange process. Forcing an information only exchange can be useful if the client uses a statically configured IPv6 address in a DHCPv6 managed network.

Implementing DHCPv6 on an IPv6 network 9 Relay Agent implementation Relay agents are used in networks that have multiple links because the DHCPv6 message exchange occurs using link-local multicast addresses. To have a single server cover multiple links, relay agents are placed in each link. The relay agents accept the clients messages and forward them to the servers by encapsulating them in a Relay-Forward messages sent to the DHCPv6 server. The server then replies to the relay agent with a Relay-Reply message containing the reply to the encapsulated packet in the Relay-Forward. Both the relay agent and server must be specifically configured to handle this network configuration. In some very large networks you may need to implement cascading relay agents to cover the entire network with a single server. A cascade relay agent accepts a Relay-Forward or Relay-Reply messages, encapsulates them in new Relay-Forward messages or decapsulating them into smaller Relay-Reply messages respectively before forwarding them to the next node. The client side Relay- Agent must be configured to decapsulate the packet and forward the servers response. Relay Agent Server Configuration The server must be configured to accept and decapsulate incoming Relay-Forward messages and to encapsulate outgoing messages in Relay-Reply messages. The specific configuration requirements for performing this task vary from implementation to implementation, refer to your implementation's documentation for details on configuring the server for this role. You must also configure the server to distribute information as covered under the server section of this document. Relay Agent Configuration The relay agent must be configured to know which interface it is receiving client requests from and which interface it is sending Relay-Forward messages out. These interfaces may be the same

Implementing DHCPv6 on an IPv6 network 10 interface but this configuration only makes sense if you instruct the relay agent to also use the an address larger than link-local to get to the DHCPv6 server (such as the server's global address). The relay agent may also need be configured with an interface identifier to uniquely identify the receiving interface to the server. Relay agents may be configured to send and receive messages on specific unicast addresses which is primarily used for cascading relays. Relay agent's listening on client networks should be listening for client multicast messages. Cascading Relay Agent Configuration When using cascading relay agents you must still configure the same items as a normal relay agent, however there are additional steps that you must take. To minimize traffic load you should consider configuring the relay agents to transmit traffic to each other using unicast addresses where available. You have to ensure that each cascade node is configured to accept incoming Relay-Forward messages and forward them toward the server.

Implementing DHCPv6 on an IPv6 network 11 References RFC 3315, "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)" RFC 3646, "DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6)" RFC 3736, "Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6"

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information