Contenu connexe Similaire à IPv6 Autoconfig (20) IPv6 Autoconfig1. IPv6 Clients
Autoconfiguration
The whole process In-Depth fully explained!
Version 2.0
© 2011 Fred Bovy. IPv6AutoConfig—2-1
2. Presentation Objectives
This presentation gives an in-depth explanation of the IPv6
Autoconfiguration process. It covers all the possible combinations to
configure and to maintain automatically the IPv6 nodes using all the
possible options currently available.
This presentation focuses on IPv6 Autoconfiguration but it also introduces
the Mobile IPv6 based applications.
At the end of the presentation you will fully understand how the IPv6
nodes initially get configured and how the network configuration may
be changed over time if needed. You will also understand the benefits
of running Mobile IPv6.
And you will deserve a good coffee break!
© 2011 Fred Bovy. IPv6AutoConfig—2-2
3. About the Author
Fred Bovy
§ 15 years experience in IPv6
– IPv6 Forum Certified Gold Engineer
– IPv6 Forum Certified Gold Trainer
§ 20+ years experience with CISCO, TCP/IP
– 15 years CCIE #3013 (it was only R&S in 1997!)
– 18 years CCSI #33517 since 1994 (it was #95003)
– 7 years Cisco IOS IPv6 Software Engineer (NSSTG Group)
– 3 years Cisco Network Consultant (CA Group)
§ 12+ years experience in MPLS
Meet me on:
– Twitter: FredBovy
– Skype: FredericBovy
– Blogs: http://www.fredbovy.com/Go46/
– LinkedIn, owner of 3 IPv6 Groups
– Email me: fred@fredbovy.com
© 2011 Fred Bovy. IPv6AutoConfig—2-3
5. What is Autoconfiguration ?
§ With Autoconfiguration, a network node can
configure itself completely and modify its configuration
anytime needed.
Network Addresses, default route,
DNS and Others Servers addresses, domain name,
Dynamic DNS Updates
§ How Autoconfiguration is used:
For Offices or Campuses:
- Renumbering if a new prefix must be used for a site or a company
- For privacy, the Interface ID can be changed with a random value every day
- With Mobile IPv6 enabled, support the Mobile users. They keep using their office home addresses
while they are roaming.
Roaming devices without Mobile IPv6
- Autoconfigured is used to get addresses for each visited access network
- Application must be restarted each time as sockets are differents
- This is how MOST devices are currently operating !
Mobile IPv6: Mobile Routers (NEMO), MANET, Sensors (6LowPAN)
- The home Address is the only address known by the end-user Application
- A new Address (COA) acquired by Autoconfig is used for each visited network (Wifi, 3G)
- Because the home address is the same, the same socket is used, there is no interruption, no
need to restart the applications
© 2011 Fred Bovy. IPv6AutoConfig—2-5
6. Autoconfiguration (SLAAC) on Linux!
Autoconfiguration is Enabled by default on
most platforms but Linux !
For Linux use sysctl -w or add in the /etc/
sysctl.conf the following configuration:
To Enable Autoconfig use:
This is only about Stateless Address
Autoconfiguration (SLAAC) and has
nothing to do with Mobile IPv6.
We will introduce Mobile IPv6 later in
this presentation
© 2011 Fred Bovy. IPv6AutoConfig—2-6
7. Autoconfig Addresses in Tentative Mode
Autoconfiguration First Step is the Tentative Mode to verify the IPv6
Addresses which are configured or could be configured on the interface
IPV6 INTERFACE IS GOING UP…
§ First, the Link local address is generated and tested to enable the interface for IPv6
§ The Link Local address is verified with Duplicate Address Detection (DAD)
§ The Link-Local address MUST be valid or Autoconfig exits and the Interface is disabled for
IPv6
§ Once the Link-Local passed DAD, the IPv6 Interface is Up and other addresses are also
generated from the RA or allocated by DHCPv6 and validated by DAD
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2011 Fred Bovy. IPv6AutoConfig—2-7
8. Autoconfig Address is in Preferred state
n The « NORMAL » state for an address in production.
n The address verified by DAD can be used to send and receive unicast traffic.
n The address can be used for new connections or by existing one
n The Preferred Lifetime is determined by the field Preferred Lifetime included
in the RA Prefix Information or the Preferred-Lifetime Option in the DHCPv6
As long as the derived Address is refreshed with RA Prefixes or the
allocated address is reniewed by DHCPv6, the address state will
remain Preferred!
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2011 Fred Bovy. IPv6AutoConfig—2-8
9. Autoconfig Address is in Deprecated state
The Address was not refreshed by a RA or DHCPv6 for Preferred timer…
n Can be used for Renumbering, during the transition to a NEW prefix
n New connection SHOULD not use this address
n Existing communications SHOULD still be able to use this address as source.
« An implementation MAY prevent any new communication from
using a deprecated address, but system management MUST have
the ability to disable such a facility, and the facility
MUST be disabled by default. » RFC4862!
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2011 Fred Bovy. IPv6AutoConfig—2-9
10. Autoconfig Address is in Valid state
The address can be used to send and received unicast traffic
Valid state = Preferred + Deprecated
The Valid Lifetime is determined by the field Valid Lifetime
included in the RA Prefix Information or the Valid-Lifetime
Option in the DHCPv6 IA Address
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2011 Fred Bovy. IPv6AutoConfig—2-10
11. Autoconfig Address is in Invalid State
The address cannot be used to send or receive traffic
The address reaches the Invalid state when the Valid Lifetime has
expired
« An address (and its association with an interface) becomes
invalid when its valid lifetime expires. An invalid address MUST
NOT be used as a source address in outgoing communications and MUST
NOT be recognized as a destination on a receiving interface. »
RFC4862!
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2011 Fred Bovy. IPv6AutoConfig—2-11
12. IPv6 Interface is going up
IPv6 Autoconfiguration
© 2011 Fred Bovy. IPv6AutoConfig—2-12
13. Client initializes the Link-Local Address
Derive the link-local
address Set Hop Limit,
FE80::[Interface ID] Reachable Time,
Retrans Timer, MTU
Send multicast NS.
Destination address Prefix Yes
derived from the link- Information A
local present ?
No
Yes B
NA received ? Stop
Managed
Address Yes
No Configuration
Flag = 1 ?
Initialize the link-local
No
Other Yes
Send RS Configuration Use DHCPv6
Flag = 1 ?
No No
RA Received ? Use DHCPv6
Stop
Yes
© 2011 Fred Bovy. IPv6AutoConfig—2-13
14. 1. IPv6 Interface is going up
1. Initialize and check the Link-Local Address
2. Send a Router Solicitation (RS) message to get the
Autoconfiguration info from the Router Advertizements (RA)
3. Initialize and validate default Parameters and other Addresses
derived from the Prefixes learned from the Router Advertizement
(RAs)
4. Check if DHCPv6 must be used for Addresses ? Other
configurations ?
fe80::202:b3ff:fe1e:8329
To A’s Solicited node address FF02::1:FF1E:8329
© 2011 Fred Bovy. IPv6AutoConfig—2-14
15. Initialization of the Link-Local Address
Workstation picks up a link-local address
§ i.e. fe80::202:b3ff:fe1e:8329 EUI-64
§ Using prefix fe80::/10 and build the 64 bit Interface ID from EUI-64 format
§ May be generated Cryptographically if SeND CGA is used (RFC3972)
Workstation performs Duplicate Address Detection (DAD)
§ Sends NS to its own Neighbor Solicited Node Multicast Address !
– FF02::1:FF00:0/104 + last 24 bits = ff02::1:ff1:8329
§ Expect no answer or the address is a duplicated (DUP)
IF DAD Fails for the the Link-Local address
the IPv6 Intf is disabled ! 3 attempts if CGA(RFC3972)
© 2011 Fred Bovy. IPv6AutoConfig—2-15
16. Ubuntu performing DAD (NS) Captured
IPv6 Neighbor Solicitation
IPv6 Router Solicitation
message to the All-Routers
ff02::2
IPv6 Source address is ::
Neighbor
Solicitation
Dst address is the solicited
node multicast address:
ff02::1:ff30:3386
© 2011 Fred Bovy. IPv6AutoConfig—2-16
17. Client Send Request and get Autoconf parameters
Derive the link-local
address Set Hop Limit,
FE80::[Interface ID] Reachable Time,
Retrans Timer, MTU
Send multicast NS.
Destination address Prefix Yes
derived from the link- Information A
local present ?
No
Yes B
NA received ? Stop
Managed
Address Yes
No Configuration
Flag = 1 ?
Initialize the link-local
No
Other Yes
Send RS Configuration Use DHCPv6
Flag = 1 ?
No No
RA Received ? Use DHCPv6
Stop
Yes
© 2011 Fred Bovy. IPv6AutoConfig—2-17
18. 2. IPv6 Intf is Going Up!
1. Link-Local Address initialized and unique !
2. Send a Router Solicitation (RS) message to get the
Autoconfiguration info from the Router Advertizements (RA)
3. Initialize and validate default Parameters and other Addresses
derived from the Prefixes learned from the Router Advertizement
(RAs)
4. if Check DHCPv6 must be used for Addresses ? Other
conffigurations ?
© 2011 Fred Bovy. IPv6AutoConfig—2-18
19. 2. Clients request Autoconfig Information
The client issues a Router Solicitation (RS) using its link-local as
source Address to the all-routers multicast destination address to
request all the parameters needed for autoconfiguration:
§ The default Hop Limit, the Link MTU, a default route…
§ The Prefixes to used for autoconfiguration
§ DHCPv6 must be used and what for? Addresses or Other Configurations?
If NO Response to the RS, then try a DHCPv6 Solicit
No Router
and EXIT Autoconfig!!!
All-Routers: FF02::2
© 2011 Fred Bovy. IPv6AutoConfig—2-19
20. To Accept RA on Linux clients
For Linux, it must be configured with sysctl command or
editing the /etc/sysctl.conf file.
Use sysctl -w or add in the /etc/sysctl.conf the
following config:
To Accept the RA use:
© 2011 Fred Bovy. IPv6AutoConfig—2-20
21. ISP 6RD RG RA
Router Solicitation and
Router Advertisement
Router Advertisement
sent to the All-IPv6 Nodes multicast
ff02::1
Router Lifetime: 1800 secondes
Don’t modify the Reachable
Timer and the Retrans timer
Prefix Option:
2a01:e35:2f26:d340::/64
On-Link Bit Flag Set
Autonomous Bit Flag Set
Valid Lifetime: 86400 sec
Preferred Lifetime: 86400 sec
DNS Servers Option:
2a01:e00::1
2a01:e00::2
MTU Option:
1480 bytes
Source Link Layer Address
Option
f4:ca:e5:44:10:ef
© 2011 Fred Bovy. IPv6AutoConfig—2-21
22. If no RA Received, clients run DHCPv6
DHCPv6 DHCPv6
Client Server
DHCPv6 Relay!
Relay-Forward
Solicit to All_DHCP_Servers (FF05::1:3)
Dst:All_DHCP_Relay_Agents_and_Servers (FF02::1:2)
Relay-
Advertize reply
Request
Dst: Server Dst:All_DHCP_Relay_Agents_and_Servers
(FF02::1:2)
Relay-Forward
Src: Client Link-local address to All_DHCP_Servers (FF05::1:3)
Relay-reply
Dst: Client Link-local address
Reply Src: Server Link-local address
If no RA Received,
Autoconfiguration ends here !
© 2011 Fred Bovy. IPv6AutoConfig—2-22
23. DO NOT SUPPRESS the RA on LAN intf to force DHCPv6
By default the RA are enabled on a LAN interface and disabled on a
Serial Point to Point.
RAs are very useful to provide many other important IPv6 parameters like a
default route, link MTU, the default Hop-Limit or the Neighbor Unreachability
(NUD) parameters and more.
If no RA is received, the client tries DHCPv6 and Exits Autoconfiguration!
For the clients to use DHCPv6:
Set the Managed Addr Config and Other Config flags.
IPv6 is not IPv4
Suppressing the RA will not convert IPv6 to IPv4
DHCPv6 cannot provide a default route !
© 2011 Fred Bovy. IPv6AutoConfig—2-23
24. Client is looping on the prefixes lists
to autoconfigure new Addresses
A
Yes
Do not initialize
NA
the stateless
Take the first Received ?
address
prefix information
No
Initialise the
Yes Stateless
On-Link Flag Add the prefix to address
=1? the list
No
No No
Autonomous Other prefixes to
process B
Flag = 1 ?
Yes
Yes
Derive the Stateless
Prefixe:[interface ID]
Go to next prefix
Send NS to the
derived address
© 2011 Fred Bovy. IPv6AutoConfig—2-24
25. IPv6 Interface is going Up!
1. Link-Local Address Validated, IPv6 Intf is UP!
2. A Router Solicitation (RS) message was sent and a Router
Advertizements (RA) was Received
3. Initialize and validate the default Parameters and other
Addresses derived from the Prefixes learned from the Router
Advertizement (RAs)
4. Check if DHCPv6 must be used for Addresses ? Other
configurations ?
© 2011 Fred Bovy. IPv6AutoConfig—2-25
26. Router Advertisements (RA) information
§ The Router is a candidate for default Route?
The Lifetime timers is how long a Router will remain a valid next hop without any refresh.
If Lifetime = 0, the router cannot be used as a default route
if Lifetime > 0, the Link-local IPv6 Address must be used as a default next hop.
The RA also contains a Router Preference: Low, Medium or High.
The router MAC Address is also provided in the SLLA Option.
§ Other Important Configuration:
Hop Limit and MTU for the Link
Reachable Timer and Retransmit interval used by NUD
DNS Servers Addresses in the DNS Option (RFC6106)
A List of zero or more prefix(es)
§ Should we also use of DHCPv6 for more Autoconfig?
Managed and Other Config Flags
Warning: RFC6104. Rogue RA !!!
© 2011 Fred Bovy. IPv6AutoConfig—2-26
27. RA on Cisco Router - show ipv6 routers
hote#show ipv6 routers
Router FE80::2038:148E:B9DF:FD6D on FastEthernet0/0, last
update 2 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0,
MTU=1500
HomeAgentFlag=0, Preference=Medium
Reachable time 0 (unspecified), Retransmit time 0
(unspecified)
Prefix 2001::/64 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
IMPORTANT REMARKS:
The Router Lifetime applies only to the router's usefulness as a default router; it does not
apply to information contained in other message fields or options. Options that need time
limits for their information include their own lifetime fields.
A router which can’t be used as a default router or shutting down sends a RA with Lifetime=0
(0) Unspecified does not mean that the parameter must set to zero but it means « DO NOT CHANGE »
whatever value which is preconfigured on the node
© 2011 Fred Bovy. IPv6AutoConfig—2-27
28. Client process the Optional RA Prefix(es) List
In each RA there may be a list of Prefixes which can
be used by SLAAC
Each Prefix comes with:
§ The Length of the Prefix
§ 2 bits or Flags: the On-Link bit and the Autonomous bit
– Both flags MUST be SET for the Prefix to be used by SLAAC
A full Stateless 128 bits address can be derived from the prefix adding an Interface ID
– The 64 bits Interface ID can be built:
- From the MAC Address: EUI-64 format or
- With a Random Number if Privacy Extension is configured (RFC4941)
§ 2 Timers: the Preferred Timers and the Valid Timers.
– This is how long the addresses derived from the RA advertized prefix if learned from
SLAAC will remain in the Preferred and in the Valid States. These timers are also
managed when the addresses are allocated by a DHCPv6 Stateful Server.
– The Timers can be reset by the periodic RA, in this case, the unsolicited RA transmission
interval must be set to refresh the SLAAC derived addreses before they get deprecated or
invalid. The Timers can also be refreshed by DHCPv6 protocol.
– Statically configured IPv6 addresses have Infinite Preferred and Valid Timers.
© 2011 Fred Bovy. IPv6AutoConfig—2-28
30. The Client processes each Prefix of the List
The Prefix is selected for SLAAC if both On-Link and Autonomous bits
are set, then
Use EUI-64: Interface ID is derived from the MAC Address
00 90 59 02 E0 F9
O 00 90 59 FF FE 02 E0 F9
Mac Address 48 bit
X=1 Unique
R 000000X0
X=0 Not Unique
Use Privacy Extension (RFC4941): Interface ID is selected randomly
On Windows
netsh interface ipv6 set privacy=enabled
On Mac OS X
sysctl net.inet6.ip6.use_tempaddr=1
On Linux
sysctl net.ip6.conf.if.use_tempaddr=2
© 2011 Fred Bovy. IPv6AutoConfig—2-30
31. Client checks if DHCPv6 can be used
Derive the link-local
address Set Hop Limit,
FE80::[Interface ID] Reachable Time,
Retrans Timer, MTU
Send multicast NS.
Destination address Prefix Yes
derived from the link- Information A
local present ?
No
Yes B
NA received ? Stop
Managed
Address Yes
No Configuration
Flag = 1 ?
Initialize the link-local
No
Other Yes
Send RS Configuration Use DHCPv6
Flag = 1 ?
No No
RA Received ? Use DHCPv6
Stop
Yes
© 2011 Fred Bovy. IPv6AutoConfig—2-31
32. IPv6 Interface is Going Up!
1. Initialize and validate the Link-Local Address. IPv6 Intf Up!
2. Router Solicitation (RS) message Sent and the Router
Advertizements (RA) received
3. Initialize and validate default Parameters and other Addresses
derived from the Prefixes learned from the Router Advertizement
(RAs)
4. Check if DHCPv6 must be used for Addresses ? Other
configurations ?
© 2011 Fred Bovy. IPv6AutoConfig—2-32
33. Clients check if DHCPv6 MUST be used
In each RA there are 2 flags to advertize the use of DHCPv6!
Managed Address Configuration Flag
The Managed Address or M flag tells the clients to use DHCPv6 to configure
IPv6 Address(es)
Actually when the M bit is set, DHCPv6 is used to request all the available
DHCPv6 configuration other information and the O is redundant
Cisco Interface config « ipv6 nd managed-config-flag »
Other Configuration Flag
The Other or O flag tells the clients to use DHCPv6 to configure everything but
the IPv6 addresses.
In this case the IPv6 Address(es) must be configured using SLAAC or manually
Cisco interface config « ipv6 nd other-config-flag »
DHCPv6 Cannot be used to configure a default route!
Some drafts exist but still no RFC!
© 2011 Fred Bovy. IPv6AutoConfig—2-33
34. IPv6 Autoconfiguration Modes
Stateless Address Autoconfiguration
§ NO DHCPv6, all the configuration is loaded with RA or or PPP
Statefull DHCPv6 Autoconfiguration
§ DHCPv6 provides addresses and other parameters (DNS, domaine
name, SIP…)
§ The Managed and the Other Config flags are set
Stateless DHCPv6 Autoconfiguration
§ SLAAC is used for address autoconfiguration
§ DHCPv6 for the other informations (DNS, Domain Name)
DHCPv6 Prefix Delegation
§ The CPE which is a DHCPv6-PD Client receives a block of address (IPv6
Subnet) from the SP, the DHCPv6-PD Server. This block can be
subnetted to configure multiple LAN interfaces. The CPE DHCPv6-PD
Client can also be a DHCPv6 Stateless server for instance.
© 2011 Fred Bovy. IPv6AutoConfig—2-34
35. Stateless Address AutoConfig Signalisation
IPv6 routers signal the use of DHCPv6, if both
bit are not cleared (default) then DHCPv6 is not
used.
§ M flag « Managed Adress Configuration » is set when
address and network parameters configuration are available
from DHCPv6. Must be configured on the routers.
– no ipv6 nd Managed-config-flag
§ O flag « Other Statefull Configuration » is set when Other
parameters configuration must be found from DHCPv6
– no ipv6 nd Other-config-flag
© 2011 Fred Bovy. IPv6AutoConfig—2-35
36. Stateless Address AutoConfiguration
n RFC 4862, IPv6 Stateless Address Autoconfiguration
n RS/RA To request prefixes available to build addresses
n DAD to test the new addresses
n NO DHCPv6 Server required!
Autoconfiguration is configurable on Linux!
© 2011 Fred Bovy. IPv6AutoConfig—2-36
37. Stateful DHCPv6 Autoconfig Signalisation
IPv6 routers signal the use of DHCPv6. Not M
and O bits must be set in the RA.
§ M flag « Managed Adress Configuration » is set when
address and network parameters configuration are available
from DHCPv6. Must be configured on the routers.
ipv6 nd Managed-config-flag
§ O flag « Other Statefull Configuration » is set when Other
parameters configuration must be found from DHCPv6
ipv6 nd Other-config-flag
© 2011 Fred Bovy. IPv6AutoConfig—2-37
39. Stateless DHCPv6 Autoconfig Signalisation
IPv6 Routers signal the DHCPv6 utilization
§ M bit = 0 « Managed Adress Configuration » to use
SLAAC for address autoconfiguration
no ipv6 nd managed-config-flag
§ O bit = 1 « Other Statefull Configuration » to use
DHCPv6 for Other parameter configuration
ipv6 nd Other-config-flag
Address is configured by SLAAC
Other parameters are then requested to the
DHCPv6 Server
© 2011 Fred Bovy. IPv6AutoConfig—2-39
41. DHCP Prefix Delegation
DHCPv6 PD Server allocates a block of
addresses for the DHCPv6-PD Client
The block received by the client is then subnetted to
configure each interface
© Frédéric Bovy 41
© 2011 Fred Bovy. IPv6AutoConfig—2-41
42. DHCPv6-PD Client and DHCPv6 Stateless Server
Host
PE DHCPv6-PD Server DHCPv6-PD CPE DHCPv6 Lite
Client Server
ISP E1 E0
DHCP Client DHCP Server
ISP Provisioning System
1. CPE Sends DHCP Solicit with
ORO = PD
3. RADIUS Responds with 2. PE Sends RADIUS Request
User’s Prefix(es) for the User
4. PE Sends DHCP REPLY with Prefix
Delegation Options
6. Host Configures
5. CPE Configures Addresses from Addresses Based on
The Prefix on Its Downstream the Prefixes Received
Interfaces, and Sends an RA. in the RA. As the O-bit
O-bit Is Set to On Is on, It Sends a DHCP
Information-request
Message, with an
7. CPE Sends a DHCP REPLY
ORO = DNS
Containing Request Options
AAA DHCP ND/DHCP
© 2011 Fred Bovy. IPv6AutoConfig—2-42
43. 6RD Service Providers RG Autoconfig
6rd 6rd
IPv4 + IPv6
IPv4 + IPv6 IPv4 + IPv6
Core
IPv4 + IPv6
BR
RG
IPv4
• RG=Residential Gateway, BR=Border Router
• Native dual-stack IPv4/IPv6 in the home or office
• Simple, stateless, automatic IPv6-in-IPv4 encap and decap functions
• IPv6 traffic automatically follows IPv4 routing between CPE and BR
• BRs placed at IPv6 edge, addressed via anycast for load-balancing and
resiliency
• RG Config can be pushed via TR-69, DHCP Option 212, PPP IPCP
• Standardized in RFC 5969
© 2011 Fred Bovy. IPv6AutoConfig—2-43
45. Remember the Preferred state !
n This is the « NORMAL » state for an address in production.
Each address has the two timers constantly updated from the
system clock: Preferred and Valid
As long as the derived Address is refreshed with RA Prefixes or the
allocated address is reniewed by DHCPv6, the address state will
remain Preferred!
Valid
Tentative Preferred Deprecated Invalid
Preferred Lifetime
Valid Lifetime
© 2011 Fred Bovy. IPv6AutoConfig—2-45
46. Autoconfigured addresses have a finite
Valid and Preferred Lifetime
When the Interface has been started and is used by IPv6,
each address which has been autoconfigured only has a
limited Preferred and Valid Lifetime.
• Addresses derived from a Prefix advertized by a prefix
received in a RA must be refreshed by another RA
annoucing the same prefix with same or different
Preferred and Valid Lifetime
• Addresses which are allocated by DHCPv6 also have
a Valid and a Preferred Lifetime which must also be reset
by DHCPv6 Reniew.
© 2011 Fred Bovy. IPv6AutoConfig—2-46
47. Refreshing the SLAAC Addresses Timers
• An address which has been derived from a RA must
be refreshed by new RAs advertizing the same prefix
• The RA Interval must be consistent with the Preferred
and the Valid Timers for the addresses to be refreshed
in time
ipv6 nd ra-interval 200 seconds by default
ipv6 nd ra-lifetime 1800 seconds or 30 minutes default
ipv6 nd managed-config-flag
ipv6 nd other-config-flag
ipv6 nd prefix <prefix/mask> [Valid] [Preferred]
• To Be used by SLAAC:
- The On-Link and Autonomous Bits Must be Set
- If Preferred Lifetime > Valid lifetime, ignore the Prefix
Information option.
A node MAY wish to LOG a system management ERROR in this case….
© 2011 Fred Bovy. IPv6AutoConfig—2-47
48. Update the Address Preferred and Valid Timers
The preferred lifetime of each address is reset to the
Preferred Lifetime in the received advertisement.
The Valid Lifetime depends on RemainingLifetime, the
remaining time to the valid lifetime expiration of the
previously autoconfigured address.
1. If the received Valid Lifetime is greater than 2 hours or greater than
RemainingLifetime, set the valid lifetime of the corresponding
address to the advertised Valid Lifetime.
2. If RemainingLifetime is less than or equal to 2 hours, ignore the
Prefix Information option with regards to the valid lifetime.
if SeND is used, the Advertizes Valid Lifetime is used to update Valid Lifetime.
3. Otherwise, reset the valid lifetime of the corresponding address to 2
hours.
© 2011 Fred Bovy. IPv6AutoConfig—2-48
49. SLAAC Prefix Refreshed and Timers Updated by RA
2100
1900
Unsolicited Periodic RA
1600 RA Interval default: 200 seconds
RA Lifetime default: 1800 seconds
1400
Prefix: 2001:db8:4:1::/64
200s IPv6
On-Link, Autonomous
Preferred and Valid Timers Preferred:1800, Valid:2100
at the Workstations
RA are sent every 200 seconds +/-jitter
Preferred: 1600-200 = 1400 seconds
Valid = 2100 - 200 = 1900 seconds
SLAAC Timers just Before receiving the RA:
Preferred: 1600-200 = 1400 seconds
Valid = 2100 - 200 = 1900 seconds
After receiving the RA: 2001:db8:4:1::1/64 2001:db8:4:1::2/64
Preferred is reset to 1600 seconds initial timers: Preferred:1400, Valid:1900
Valid was 1900 seconds, RemainingLifetime= 1900 Preferred:1800, Valid: 2100
Received Valid = 2100 is greater than RemainingLifetime=1900 Same Principle than other Workstation
Just before receiving RA
So Valid Lifetime is reset to Received Valid Lifetime = 2100 Preference:1400, Valid: 1900
After Receiving the RA
Preference: 1800, Valid: 2100
© 2011 Fred Bovy. IPv6AutoConfig—2-49
50. Theses Timers are also in DHCPv6 Addresses
Addresses are coded as DHCPv6 Options
• IA Address Option (IADDR)
- The IA Address option is used to specify IPv6 addresses
associated with an IA_NA (Non Temporary) or an IA_TA
(Temporary).
- The IA Address (IADDR) option must be encapsulated in the
Options field of an IA_NA or IA_TA option.
- The Options field encapsulates those options that are
specific to this address.
preferred-lifetime
The preferred lifetime for the IPv6 address in the option, expressed in units of seconds.
valid-lifetime
The valid lifetime for the IPv6 address in the option, expressed in units of seconds.
© 2011 Fred Bovy. IPv6AutoConfig—2-50
52. Renumbering
IPv6 Autoconfiguration
© 2011 Fred Bovy. IPv6AutoConfig—2-52
53. Principle of Renumbering for IPv6
Renumbering can be performed thanks to RA or DHCPv6
1. Old prefix is announced with Preferred Lifetime very
small or null and the new prefix with a normal
Preferred Lifetime
2. Hosts will have two prefixes
3. Addresses built from the old prefix will be deprecated
4. New connections use the new prefix
5. After some time, all the remaining connections will be
set on the new prefix
6. Router only announces the new prefix
7. Old prefix will be invalid
© 2011 Fred Bovy. IPv6AutoConfig—2-53
54. Renumbering Scenario using RA
Routers Configuration Valid
interface Ethernet0
ipv6 nd prefix 2001:db8:cafe:1::/64 43200 0 Preferred
ipv6 nd prefix 2001:db8:cafe:2::/64 43200 43200
Host
Preferred address: 2001:db8:cafe:2:1:4567:9f0:1
Deprecated address: 2001:db8:cafe:1:4567:9f0:1
Preferred Prefix: 2001:db8:cafe:2::/64
Deprecated Prefix: 2001:db8:cafe:1::/64
RA
© Frédéric Bovy 54
© 2011 Fred Bovy. IPv6AutoConfig—2-54
55. Mobile IPv6: keep your home address everywhere
you go, keep always online and only logout when
you want to not when you move to another
location!
Autoconfiguration
© 2011 Fred Bovy. IPv6AutoConfig—2-55
56. Mobile IPv6 for dummies…
Without Mobile IPv6, everytime you visit a new access
network, your network applications must be restarted
using the new socket because the IPv6 Source Address
has changed!
With Mobile IPv6, the mobile nodes (MN) can travel and
visit access networks but the applications still believe that
packets are originated from and sent to the Home
Network Address.
On the Home Network, the Router must be a Home Agent (HA).
At the begining it intercepts and forwards traffic from the Correspondant Node
(CN) to the Mobile Node (MN).
Once communication has started, it is possible to setup a direct tunnel
between the MN and the CN. This is Route Optimization.
New with IPv6, impossible with IPv4!
© 2011 Fred Bovy. IPv6AutoConfig—2-56
57. Why MIPv6 never restart any session?
§ The MN can roam from subnet to subnet getting a new IPv6 address for
each visited network but the same home network address is always
presented to the application! No need to restart any session
§ The CN always sends packets to the Home Network Address and
packets received by the CN are always originated from the Home
Network Address!...No Magic, this is managed by Mobile IPv6 at the
Network Layer so it is transparent for the Transport and Application
layers
© 2011 Fred Bovy. IPv6AutoConfig—2-57
58. Mobile IPv6 is supported on Linux and Free BSD
§ For MAC OS X check KAME Free BSD
– KAME Mobile IPv6 How To
§ http://www.kame.net/newsletter/20031007/
§ Linux
– Project NATISBAD
– The KAME project ported to Linux
§ http://natisbad.org/MIPv6/#racoon
§ Windows
– Very limited support with Windows 7
– Only CN Mode w/o Route Optimization
netsh interface ipv6 set mobility correspondentnode=enabled
© 2011 Fred Bovy. IPv6AutoConfig—2-58
59. Most Important Terminology
Home Agent The router which forward the traffic to the Mobile Node (MN)
when the us is at home!
Mobile Node The roaming user node.
Home Address All the packets from the Mobile Node (MN) received by the
Corresponding Node (CN) come from this source address.
All the packets sent to the Mobile Node (MN) from the
Corresponding Node (CN) are sent to this destination
address.
Home Link The link where the mobile node is permanently attached.
Care-Of-Address The temporary address on the visited network.
Correspondant Node The fixed node (not mobile) communicating with the Mobile
Node (MN).
© 2011 Fred Bovy. IPv6AutoConfig—2-59
60. Mobile Node visits a new access network
§ MN must acquire its Care-of-Address (CoA)
§ Autoconfiguration with SLAAC or DHCPv6…as usual!
Mobile Node
acquires its Care of
Address from SLAAC
or DHCPv6
© 2011 Fred Bovy. IPv6AutoConfig—2-60
61. Mobile Node (MN) initializes its new location
§ The Mobile Node (MN) registers its CoA with the Home Agent
The Home Agent is Automatically discovered using an Anycast Reserved address.
§ MIPv6 Signaling uses an IPv6 Mobility Option in an IPSec ESP
protected tunnel ( )
§ An IPv6 in IPv6 IPSec Tunnel is setup between the Mobile Node
and the Home Agent
1
2
Mobile Node
© 2011 Fred Bovy. IPv6AutoConfig—2-61
62. Why the Applications don’t need to restart
their Transport Connection (i.e TCP)?
HA
Mobile Node
Out Src Out Dst In Src In Dst Src @ Dst @
1) The HA replaces the COA
MN IPv6 HA IPv6 MN IPv6 CN IPv6 src addr with the the MN MN IPv6 CN IPv6
CoA @ Home @ @ IPv6 Home Address. Home @ @
Out Src Out Dst In Src In Dst Src @ Dst @
2) The HA replaces the HA
MN IPv6 CN IPv6 MN IPv6 dst addr with the the MN CN IPv6 MN IPv6
HA IPv6 @
CoA @ Home @ IPv6 Home Address @ Home @
© 2011 Fred Bovy. IPv6AutoConfig—2-62
63. Can we build a direct tunnel to bypass the HA?
1. The Corresponding Node (CN) must support Mobile IPv6 with
Route Optimization
2. The Mobile Node (MN) initiates this by sending a Binding
Update to the Corresponding Node (CN)
3. The Corresponding Node (CN) sends Keygen Tokens to the
Mobile Node (MN) at both its CoA and its Home Address.
If the MN receives both, it has proven its identity to the CN!
It receives a Binding Ack and the Tunnel setup!
te
Upda
Bin ding
in g Ac
k MN proves to the CN that it
Bind
receives the Keygen Tokens
© 2011 Fred Bovy. Mobile Node IPv6AutoConfig—2-63
64. Why the CN Application receives packets of the MN
originated from the MN Home Network Address?
The CN replaces the MN IPv6
Mobile Node CoA with the IPv6 Home @
from the Destination Option:
Datagram comes from the MN
Dst Opt Src @ Dst @
MN IPv6 MN IPv6 CN IPv6
Home @ CoA @
© 2011 Fred Bovy. IPv6AutoConfig—2-64
65. Why the MN Application receives a packet with
the Home Network Addr as the dst Addr?
Mobile Node
The MN replaces the MN IPv6 CoA with the MN IPv6 Home @ from the Routing Option:
Datagram is sent to the MN Home @
Src @ Dst @ Routing
CN IPv6 MN IPv6 MN IPv6
@ CoA Home @
© 2011 Fred Bovy. IPv6AutoConfig—2-65
66. Mobile IPv6 Applications
§ Proxy Mobile IPv6 (PMIPv6) for LTE and 4G
§ Mobile Router or Nemo
– RFC3963: NEMO Basic Support Protocol
– A router is moving with all its networks and connected hosts
– RFC5555: Mobile IPv6 Support for Dual Stack Hosts and
Routers
– UMIP Project on Linux
– http://natisbad.org/MIPv6/#umip
§ Ad Hoc dynamic mobile networks or Manet
– Nodes discover their neighbors dynamically and join the
network
§ Wireless Sensors Networks (6LoWPAN)
© 2011 Fred Bovy. IPv6AutoConfig—2-66
67. Proxy Mobile IPv6 introduced with LTE
The LMA provides the
Local
Mobile IPv6 HA function
1. The MN enters the PMIPv6 Mobility Local
Mobility
domain and attach to an Anchor
Anchor
(LMA1)
access-link. (LMA2)
2. The MAG verifies the MN
Identity and Authorizations.
3. If OK, the MAG helps the MN
to get all the configuration:
address, default gateway,… Mobile Mobile
IPv6 Network
4. The MN considers the Access
Gateway
Access
Gateway
PMIPv6 domain as a link (MAG1)
Mobile
Access (MAG3)
Gateway
(MAG2)
Mobile Node
MN1
Mobile Node
Authentication MN2
To offload the Mobile IPv6 Signaling and IPSec Protection
complexity from the Smartphones to a Network device
© 2011 Fred Bovy. IPv6AutoConfig—2-67
68. Proxy MIPv6 converts ND requests to MIPv6 Signaling
1. The MN sends a RS (Router Solicitation) to the MAG.
2. For updating the LMA about the MN location, the MAG sends a
PBU (Proxy Binding Update) to the MN’s LMA. Local The LMA provides the
Mobility Mobile IPv6 HA function
3. The LMA sends a PBA (Proxy Binding Acknowledgement) Anchor
including the MN home network prefixes. It creates the Binding (LMA1)
Cache entry and sets up its endpoint of the bi-directional tunnel
to the MAG.
4. The MAG sends a RA: Router Advertisement
2
PBU
to the MN. The MAG can emulate
the MN’s Home Link PBA including the MN home network
Mobile prefixe(s)
5. The MN can be configured Access
Gateway
using SLAAC or DHCPv6 (MAG1) 3
n PBA/PBU Signaling must be Mobile Node
MN1
protected with IPSec !
n Data Protection is Optional
RS
1
RA
4
© 2011 Fred Bovy. IPv6AutoConfig—2-68
69. The Mobile Router: Nemo
§ Mobile Router can receive a block of addresses from DHCPv6-PD
§ The Mobile Router Can be a Smartphone to provide access Internet
via 4G to local nodes with WiFi or Bluetooth access.
Home
Agent
Corresponding
Home Network IPv6 Internet node
WLAN
3G Network
NEMO
Router Dual Stack avec DSMIPv6
Bluetooth or WiFi
IPv4 IPv6
© 2011 Fred Bovy. IPv6AutoConfig—2-69
70. Mobile Ad Hoc Networking: Manet
With MANET, the nodes discover automatically configure their
neighbors and build a dynamic Network
To manage the neighbors a node can use:
– OSPFv3
Wireless
– EIGRP Uplink
What if these nodes have sensors?
© 2011 Fred Bovy. IPv6AutoConfig—2-70
71. Wireless Sensors Networks (6LoWPAN)
The Network of Sensors can be built dynamically
using Dynamic MANET On-demand for
6LoWPAN (DYMO-low).
Possible Applications:
• Localized weather monitoring
• Structural Health monitoring (Earthquake prone areas)
• Battlefield troop detection, movement
• Intelligent Transportation Systems (ITS)
• Green app: Building environment management
– Lights, HVAC, Security Access, smart power outlets, etc.
– Building demo - ~20% MRC cost savings
© 2011 Fred Bovy. IPv6AutoConfig—2-71
72. Thank you for attending!
This concludes IPv6 Autoconfiguration In-depth Presentation
Fred Bovy
IPv6 Forum Gold Certified Engineer
IPv6 Forum Gold Certified Trainer
CISCO 15 years CCIE #3013
CISCO 18 years CCSI #33517 (before was #95003)
Meet me on
Twitter: FredBovy
Skype: FredericBovy
Blog: http://www.fredbovy.com/Go46
Email: fred@fredbovy.com