Monday, November 23, 2015


IPv6 Router Advertisements

by Craig Miller

IPv6  The Network is in control

Router Advertisement
The authors of IPv6 wanted to learn from the IPv4 mistakes, and one key issue (at the time) was statically assigned addresses (DHCP hadn't been invented yet). As I have written in a previous post, SLAAC (Stateless Address AutoConfig) was a huge step forward in end nodes being able to get an address auto-magically.

End station (host, nodes, machines, etc) addressing is controlled by the Router Advertisements (RAs). In this article, I will delve into RAs a bit more, and explain how one can configure RAs to give you the result you are looking for.

RA Bits

Not surprisingly, RAs are sent by routers. The RA is a Type 134 ICMPv6 message (IANA ICMPv6 assign numbers). The individual interfaces on your router must be configured to send RAs when IPv6 is enabled. The RA has several flags (bit fields) which can be set or unset. The important ones for addressing are the A, M, and O bits. These control how the end station will get an address. Jeff Carrell summarized it well in a 2012 presentation.
AutoConfiguration Options

I had this slide up on my cube wall for years, and gave a copy to anyone who seemed remotely interested in IPv6.

Simplifying the RA Bits

L bit

Let's start with the easy one. The L bit (or link bit) as you can see it is always on, and has no bearing on how an end station gets an address. 'Nuff said.

A bit

The next one to tackle is the A bit, this is the one that controls whether SLAAC is used by the end station.

M bit

The M bit is the Managed bit, which tells the end station to initiate DHCPv6 client request (RFC 3315). Unlike DHCPv4, IPv6 clients should NOT initiate a DHCPv6 request unless the M bit is set (not all clients respect this).

O bit

The Other bit, is a combination bit of sorts. The ideas is that SLAAC or manual may not provide all the information and end station may need, such as location of DNS and NTP servers. By setting the O bit, the network administrator is asking the end station to do a DHCPv6 for the options, but NOT for an address.

As you can see from Jeff's slide (above) the O bit is used with either the A bit (SLAAC provides the address) or the M bit (where DHCPv6  provides the address)

But wait, there's more 

RAs also advertise one or more prefixes for the link. Remember in What's with all those IPv6 Addresses end stations can have many IPv6 addresses. They can also have addresses in different subnets (on the same link). This would be useful for an address transition (from one address to another).

Since DNS is so useful (you were memorizing all those IPv6 addresses, right?), Recursive Domain Name Server Serivce (RDNSS) is useful (RFC 6106).

Lastly, for now, when the end station hear's the RA, and it assigns the default route next hop, as the link-local address of the router. By looking at the route table of the end station, you can see the default route:
$ ip -6 route
default via fe80::224:95ff:fef1:8ca dev mlan0  proto ra  metric 1024  expires 1608sec

There are other things in the RA, router lifetime, reachability, etc, which I may cover in a later post. But these are the important addressing bits.

RA Implementation Isues

This how it is supposed to work. The RFC's specify the ideal. But then it falls upon the developers to implement the ideal, and sometimes they fall short. When non-obvious combinations of RA bits (or flags) are set, non-obvious behaviours occur. Although the following RFC memo (it was only a draft, and has no number) is now expired, it still contains some good info about implementations of Windows 7, MacOS X 10.7 (aka Lion), and Ubuntu 12.04. It is well worth a read if you want to see how the OSs have really been implemented.

RA Troubleshooting

Want to see what your router is advertising?  You could fire up wireshark (or tcpdump) and wait, and wait, and wait for the router to send an RA (the configurable time is usually from every few minutes to much longer). Or you could issue a RS (Router Solicitation) and see the look at the RA that comes back.

The easiest way to do this is to use the linux utility rdisc6 (on Ubuntu, part of the ndisc6 package). This will do all the work, and show the results in a fairly human readable form.
$ rdisc6 eth0
Soliciting ff02::2 (ff02::2) on eth0...

Hop limit                 :           64 (      0x40)
Stateful address conf.    :           No   <--- M bit
Stateful other conf.      :           No   <--- O bit
Router preference         :       medium
Router lifetime           :         1800 (0x00000708) seconds
Reachable time            :  unspecified (0x00000000)
Retransmit time           :  unspecified (0x00000000)
 Source link-layer address: 00:24:95:F1:08:CA
 MTU                      :         1280 bytes (valid)
 Prefix                   : 2001:470:1d:584::/64
  Valid time              :         7200 (0x00001c20) seconds
  Pref. time              :         1800 (0x00000708) seconds
 Prefix                   : 2607:c000:815e:c400::/64
  Valid time              :         7200 (0x00001c20) seconds
  Pref. time              :         1800 (0x00000708) seconds
 Route                    : 2607:c000:815e:c400::/56
  Route preference        :       medium
  Route lifetime          :         7200 (0x00001c20) seconds
 Recursive DNS server     : 2001:470:1d:584::1
  DNS server lifetime     :         1800 (0x00000708) seconds
 from fe80::224:95ff:fef1:8ca

As you can see this router is advertising two prefixes into my network, and each of my hosts have five (5) IPv6 addresses (link-local, prefix 1 SLAAC, prefix 1 SLAAC/Temporary, prefix 2 SLAAC, prefix 2 SLAAC/Temporary).

Do not adjust your TV set, the RAs are in control

Knowing the RA bits, A, M, and O will help you control addressing on your IPv6 network. I have focused on the addressing components of the RA, but there is more  (home agent, reachability time, MTU size, etc), which can help you solve more challenging problems in your network. The RA is a useful tool to simplify your IPv6 network, hip-hip-hooRA for the RA.

No comments:

Post a Comment