Monday, May 8, 2017

Windows 10 now runs in SLAAC Networks

by Craig Miller


Microsoft released the Creator Update last month (11 April 2017) with lots of interesting stuff. But the most interesting for IPv6 is support for the RDNSS field in the RA (Router Advertisement). The RDNSS field is the one that carries DNS server information in the RA.

In order to run an IPv6-only SLAAC-based network the host must need 2 things: an address, and the address of a DNS server. Without DNS, IPv4 or IPv6 is pretty useless these days.

Windows 10 and SLAAC Requirements


In order to see the new feature in action, the Windows 10 machine must:
  • Be in a IPv6-only network (no IPv4) 
  • Hear a RA (Router Advertisement) without the M-bit set (or DHCPv6 disabled). 
Of course, it would be good if your router was sending RDNSS in the RA. 

Windows 10 SLAAC-only Details


In this environment, the output of ipconfig is still a little misleading:
C:\Users\Craig>ipconfig /all

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : lan
   Description . . . . . . . . . . . : Realtek PCIe GBE 
   ...
   DHCPv6 IAID . . . . . . . . . . . : 75761763
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-A3-2E-82-80-FA-5B-96-37-56
   DNS Servers . . . . . . . . . . . : fdf7:56a9:b7af:1101::1
   Connection-specific DNS Suffix Search List :
                                       lan

The DNS Server field is now showing my RDNSS address (the ULA address of my router) and DNSSL (DNS Search List)!

Another way to confirm the DNS servers that Windows 10 knows about is with a netsh command:
C:\Users\Craig>netsh int ipv6 show dnsservers

Configuration for interface "Ethernet"
    DNS servers configured through DHCP:  fdf7:56a9:b7af:1101::1
    Register with which suffix:           Primary only

Running a quick check to see if it can actually resolve an address using only RDNSS:
C:\Users\Craig>nslookup www.google.com
Server:  OpenWrt.lan
Address:  fdf7:56a9:b7af:1101::1

Non-authoritative answer:
Name:    www.google.com
Addresses:  2604:470:4001:806::2004
          172.217.29.164


Now it is possible to run simplified (SLAAC) networks


The fact that MS is now supporting SLAAC-only networks is a huge shift from their previous DHCPv6 only stance. Why is this important? Because there are use-cases for SLAAC-only networks, and now not only can you use your Android devices (which don’t do DHCPv6) but also your Windows 10 machines as well.

Windows continues to dominate the PC market with about 85%. Now with Windows 10 Creator Update, there is no excuse to not deploy IPv6 in your network now.



* adapted from my ipv6hawaii.org article
** Win10 details from André Lange, author of ip6neigh

6 comments:

  1. Hi!

    How did you configure the SLAAC? Like getting the DNS Server? Did you test it with like DHCP Pool within the router?
    Thanks

    ReplyDelete
    Replies
    1. No configuration is required (with the Creator's Update of Windows). However, DHCP must be disabled at the router (for both IPv4 and IPv6), since RFC 8106 states that DHCP DNS server information must be preferred over SLAAC

      Delete
    2. Thank you Craig! Newbie here... Correct me if I am wrong... I was able to get the DNS server on my Windows 10 when I added the RDNSS in the router.
      So, no M and O bit flags are set, No DHCP relay is configured... Does it mean SLAAC doesn't provide DNS? Just simply IPv6 address via EUI-64 and the link-local
      address of the router as the default gateway? So yes, it doesn't makes sense if I am using SLAAC without getting a DNS server...

      Delete
    3. Thank you Craig! Newbie here... Correct me if I am wrong... I was able to get the DNS server on my Windows 10 when I added the RDNSS in the router.
      So, no M and O bit flags are set, No DHCP relay is configured... Does it mean SLAAC doesn't provide DNS? Just simply IPv6 address via EUI-64 and the link-local
      address of the router as the default gateway? So yes, it doesn't makes sense if I am using SLAAC without getting a DNS server...

      Delete
  2. Hi Craig,

    I have follow up questions regarding IPv6. This maybe out of topic from your post but maybe you have some ideas...

    (1) I implemented Stateful DHCPv6 and the messages went thru (SARR) and clients are getting ip addresses and dhcpv6 options, no problem! Now, I read somewhere that when you are doing this setup, you need to set the M bit flag and this command "ipv6 nd managed-config-flag" should be set in the router so during the RA there will be M bit flag set to 1... But I didn't enable this on the router and everything looks good... Is it mandatory or is it just a polite way to say to the clients that "ok, I see the M bit set to 1 then I need to use DHCP to make a DHCP request"
    I am not really sure if I really need to update the router config with the M bit flag...

    (2) SLAAC - I tested this and I was getting the EUI-64 address no problem, but does SLAAC doesn't offer DNS just plain ipv6/link-local gateway of the router? For me, it doesn't makes sense when there is no DNS... I found that I can set the RDNSS from the router and the client was able to get a DNS which I feel happy about it...

    (3) Stateless DHCPv6 - This will still use SLAAC but then it needs additional parameters like DNS... I read somewhere that if you are doing this, you need to set the O bit flag...

    So If I enable the O bit flag in the router without configuring the RDNSS and without having a DHCP Pool in the router, How does a client gets the DHCP Option like DNS? Can this be combined with DHCP Relay??

    Many Thanks

    ReplyDelete
  3. Bill, contact me directly, and I'll be happy to answer your questions. You can find my contact info at http://ipv6hawaii.org

    ReplyDelete