Monday, May 8, 2017

Windows 10 now runs in SLAAC Networks

by Craig Miller


Microsoft released the Creator Update last month (11 April 2017) with lots of interesting stuff. But the most interesting for IPv6 is support for the RDNSS field in the RA (Router Advertisement). The RDNSS field is the one that carries DNS server information in the RA.

In order to run an IPv6-only SLAAC-based network the host must need 2 things: an address, and the address of a DNS server. Without DNS, IPv4 or IPv6 is pretty useless these days.

Windows 10 and SLAAC Requirements


In order to see the new feature in action, the Windows 10 machine must:
  • Be in a IPv6-only network (no IPv4) 
  • Hear a RA (Router Advertisement) without the M-bit set (or DHCPv6 disabled). 
Of course, it would be good if your router was sending RDNSS in the RA. 

Windows 10 SLAAC-only Details


In this environment, the output of ipconfig is still a little misleading:
C:\Users\Craig>ipconfig /all

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Realtek PCIe GBE 
   ...
   DHCPv6 IAID . . . . . . . . . . . : 75761763
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-A3-2E-82-80-FA-5B-96-37-56
   DNS Servers . . . . . . . . . . . : fdf7:56a9:b7af:1101::1
   Connection-specific DNS Suffix Search List :
                                       lan

The DNS Server field is now showing my RDNSS address (the ULA address of my router) and DNSSL (DNS Search List)!

Another way to confirm the DNS servers that Windows 10 knows about is with a netsh command:
C:\Users\Craig>netsh int ipv6 show dnsservers

Configuration for interface "Ethernet"
    DNS servers configured through DHCP:  fdf7:56a9:b7af:1101::1
    Register with which suffix:           Primary only

Running a quick check to see if it can actually resolve an address using only RDNSS:
C:\Users\Craig>nslookup www.google.com
Server:  OpenWrt.lan
Address:  fdf7:56a9:b7af:1101::1

Non-authoritative answer:
Name:    www.google.com
Addresses:  2604:470:4001:806::2004
          172.217.29.164


Now it is possible to run simplified (SLAAC) networks


The fact that MS is now supporting SLAAC-only networks is a huge shift from their previous DHCPv6 only stance. Why is this important? Because there are use-cases for SLAAC-only networks, and now not only can you use your Android devices (which don’t do DHCPv6) but also your Windows 10 machines as well.

Windows continues to dominate the PC market with about 85%. Now with Windows 10 Creator Update, there is no excuse to not deploy IPv6 in your network now.



* adapted from my ipv6hawaii.org article
** Win10 details from André Lange, author of ip6neigh

4 comments:

  1. Hi!

    How did you configure the SLAAC? Like getting the DNS Server? Did you test it with like DHCP Pool within the router?
    Thanks

    ReplyDelete
    Replies
    1. No configuration is required (with the Creator's Update of Windows). However, DHCP must be disabled at the router (for both IPv4 and IPv6), since RFC 8106 states that DHCP DNS server information must be preferred over SLAAC

      Delete
    2. Thank you Craig! Newbie here... Correct me if I am wrong... I was able to get the DNS server on my Windows 10 when I added the RDNSS in the router.
      So, no M and O bit flags are set, No DHCP relay is configured... Does it mean SLAAC doesn't provide DNS? Just simply IPv6 address via EUI-64 and the link-local
      address of the router as the default gateway? So yes, it doesn't makes sense if I am using SLAAC without getting a DNS server...

      Delete
  2. Bill, contact me directly, and I'll be happy to answer your questions. You can find my contact info at http://ipv6hawaii.org

    ReplyDelete