IPv6 Router Advertisements
by Craig Miller
IPv6 The Network is in control
 |
| Router Advertisement |
End station (host, nodes, machines, etc) addressing is controlled by the Router Advertisements (RAs). In this article, I will delve into RAs a bit more, and explain how one can configure RAs to give you the result you are looking for.
RA Bits
Not surprisingly, RAs are sent by routers. The RA is a Type 134 ICMPv6 message (IANA ICMPv6 assign numbers). The individual interfaces on your router must be configured to send RAs when IPv6 is enabled. The RA has several flags (bit fields) which can be set or unset. The important ones for addressing are the A, M, and O bits. These control how the end station will get an address. Jeff Carrell summarized it well in a 2012 presentation.
I had this slide up on my cube wall for years, and gave a copy to anyone who seemed remotely interested in IPv6.
Simplifying the RA Bits
L bit
Let's start with the easy one. The L bit (or link bit) as you can see it is always on, and has no bearing on how an end station gets an address. 'Nuff said.
A bit
The next one to tackle is the A bit, this is the one that controls whether SLAAC is used by the end station.
M bit
The M bit is the Managed bit, which tells the end station to initiate DHCPv6 client request (RFC 3315). Unlike DHCPv4, IPv6 clients should NOT initiate a DHCPv6 request unless the M bit is set (not all clients respect this).
O bit
The Other bit, is a combination bit of sorts. The ideas is that SLAAC or manual may not provide all the information and end station may need, such as location of DNS and NTP servers. By setting the O bit, the network administrator is asking the end station to do a DHCPv6 for the options, but NOT for an address.
As you can see from Jeff's slide (above) the O bit is used with either the A bit (SLAAC provides the address) or the M bit (where DHCPv6 provides the address)
But wait, there's more
RAs also advertise one or more prefixes for the link. Remember in What's with all those IPv6 Addresses end stations can have many IPv6 addresses. They can also have addresses in different subnets (on the same link). This would be useful for an address transition (from one address to another).
Since DNS is so useful (you were memorizing all those IPv6 addresses, right?), Recursive Domain Name Server Serivce (RDNSS) is useful (RFC 6106).
Lastly, for now, when the end station hear's the RA, and it assigns the default route next hop, as the link-local address of the router. By looking at the route table of the end station, you can see the default route:
$ ip -6 route...
default via fe80::224:95ff:fef1:8ca dev mlan0 proto ra metric 1024 expires 1608sec
There are other things in the RA, router lifetime, reachability, etc, which I may cover in a later post. But these are the important addressing bits.
RA Implementation Isues
This how it is supposed to work. The RFC's specify the ideal. But then it falls upon the developers to implement the ideal, and sometimes they fall short. When non-obvious combinations of RA bits (or flags) are set, non-obvious behaviours occur. Although the following RFC memo (it was only a draft, and has no number) is now expired, it still contains some good info about implementations of Windows 7, MacOS X 10.7 (aka Lion), and Ubuntu 12.04. It is well worth a read if you want to see how the OSs have really been implemented.
You can find the memo at: https://tools.ietf.org/html/draft-liu-bonica-v6ops-dhcpv6-slaac-problem-00
RA Troubleshooting
Want to see what your router is advertising? You could fire up wireshark (or tcpdump) and wait, and wait, and wait for the router to send an RA (the configurable time is usually from every few minutes to much longer). Or you could issue a RS (Router Solicitation) and see the look at the RA that comes back.
The easiest way to do this is to use the linux utility rdisc6 (on Ubuntu, part of the ndisc6 package). This will do all the work, and show the results in a fairly human readable form.
$ rdisc6 eth0Soliciting ff02::2 (ff02::2) on eth0...
Hop limit : 64 ( 0x40)
Stateful address conf. : No <--- M bit
Stateful other conf. : No <--- O bit
Router preference : medium
Router lifetime : 1800 (0x00000708) seconds
Reachable time : unspecified (0x00000000)
Retransmit time : unspecified (0x00000000)
Source link-layer address: 00:24:95:F1:08:CA
MTU : 1280 bytes (valid)
Prefix : 2001:470:1d:584::/64
Valid time : 7200 (0x00001c20) seconds
Pref. time : 1800 (0x00000708) seconds
Prefix : 2607:c000:815e:c400::/64
Valid time : 7200 (0x00001c20) seconds
Pref. time : 1800 (0x00000708) seconds
Route : 2607:c000:815e:c400::/56
Route preference : medium
Route lifetime : 7200 (0x00001c20) seconds
Recursive DNS server : 2001:470:1d:584::1
DNS server lifetime : 1800 (0x00000708) seconds
from fe80::224:95ff:fef1:8ca
As you can see this router is advertising two prefixes into my network, and each of my hosts have five (5) IPv6 addresses (link-local, prefix 1 SLAAC, prefix 1 SLAAC/Temporary, prefix 2 SLAAC, prefix 2 SLAAC/Temporary).
Do not adjust your TV set, the RAs are in control
Knowing the RA bits, A, M, and O will help you control addressing on your IPv6 network. I have focused on the addressing components of the RA, but there is more (home agent, reachability time, MTU size, etc), which can help you solve more challenging problems in your network. The RA is a useful tool to simplify your IPv6 network, hip-hip-hooRA for the RA.
No comments:
Post a Comment