Configuring DHCPv6 and SLAAC in IPv6 Networks

IPv6 is a next-generation protocol designed to address the limitations of IPv4. Its main features are:

• Extended address space: 128-bit addresses allow for a huge range of unique IP addresses.

• Improved security: Built-in IPsec support provides more reliable data protection.

• Efficiency and productivity: optimized packet header and improved routing.

• Autoconfiguration of addresses: simplifies the process of setting up devices on the network.

The main tools for automatic configuration in IPv6 networks are DHCPv6 and SLAAC:

• SLAAC (Stateless address autoconfiguration): Allows devices to generate their own IPv6 addresses based on prefixes advertised by routers. Suitable for networks that require minimal administrator intervention.

• DHCPv6 (Dynamic host configuration protocol for IPv6): centralized control over the distribution of addresses and additional network parameters. Preferred in environments where strict control over address space and client settings is required.

In some cases it is possible combination of both methods.

Preparing for setup

Measure twice, cut once. Proper preparation will save you a lot of time and nerves later.

Equipment:

• IPv6 enabled router: it can be a commercial router from Cisco, Juniper, Mikrotik or even an old PC with two network cards and Linux on board. The main thing is IPv6 support and the ability to configure DHCPv6 and SLAAC.

• Client devices: computers, laptops or virtual machines with IPv6 support.

Software:

• Operating system with IPv6 support: Modern versions of Windows, Linux and macOS already support IPv6 out of the box.

• DHCPv6 Server Software: For example, isc-dhcp-server for Linux or built-in DHCP services in commercial routers.

• Demon Radvd: for sending Router Advertisement messages when configuring SLAAC on Linux routers.

• Diagnostic and monitoring tools: ping6, traceroute6, tcpdump, Wireshark — all this will be useful for debugging and checking the functionality of the settings.

Before implementing new settings on a production network, it is recommended to create a test environment.

Use a separate switch or VLAN to segment your test network. If you are using virtual machines, set up a virtual switch to isolate traffic.

If you are using a Linux server as a router:

1. Enable IPv6 packet forwarding:

   echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
   sudo sysctl -p

2. Installing the radvd daemon for SLAAC:

   sudo apt-get install radvd

Let's install a DHCPv6 server:

sudo apt-get install isc-dhcp-server

Automatic IPv6 configuration must be enabled on client devices. This is usually the default setting, but it's a good idea to check.

We useping6 To check the availability of devices:

ping6 -c 4 2001:db8:1::1

Tools used

1. ISC DHCP Server

One of the most popular DHCP servers with IPv6 support.

Setting /etc/dhcp/dhcpd.conf:

default-lease-time 600;
max-lease-time 7200;
log-facility local7;

subnet6 2001:db8:1::/64 {
    range6 2001:db8:1::100 2001:db8:1::ffff;
    option dhcp6.name-servers 2001:db8::53;
    option dhcp6.domain-search "example.com";
}

Server startup:

sudo service isc-dhcp-server restart

2. Radvd

Used to send Router Advertisement messages in IPv6 networks, required for SLAAC.

Setting /etc/radvd.conf:

interface eth0
{
    AdvSendAdvert on;
    MinRtrAdvInterval 30;
    MaxRtrAdvInterval 100;
    prefix 2001:db8:1::/64
    {
        AdvOnLink on;
        AdvAutonomous on;
        AdvRouterAddr on;
    };
};

Starting the daemon:

sudo service radvd restart

Diagnostic tools

• ping6: Checking the availability of nodes via IPv6.

  ping6 google.com

• traceroute6: Trace the route to the node.

  traceroute6 google.com

• tcpdump: Capture traffic for analysis.

  sudo tcpdump -i eth0 -n -vv ip6

• Wireshark: A graphical tool for detailed analysis of network traffic.

Setting up client devices

Linux:

Configuring the network interface for automatic IPv6 configuration.

File /etc/network/interfaces (Debian/Ubuntu):

auto eth0
iface eth0 inet6 auto

Windows:

Open the command line with administrator rights and enter:

netsh interface ipv6 set interface "Ethernet" routerdiscovery=enable

macOS:

IPv6 is usually enabled by default.

Setting up DHCPv6 and SLAAC on Linux

Configuring DHCPv6

DHCPv6 allows you to centrally manage the distribution of IPv6 addresses and additional network parameters.

Installing a DHCP server with IPv6 support:

sudo apt install isc-dhcp-server -y

Configuring a DHCPv6 server:

Configuration file

Open the file /etc/dhcp/dhcpd.conf for editing:

sudo nano /etc/dhcp/dhcpd.conf

Configuration example

# Включаем логирование
log-facility local7;

# Определяем глобальные параметры
default-lease-time 600;
max-lease-time 7200;

# Определяем подсеть для DHCPv6
subnet6 2001:db8:1::/64 {
  range6 2001:db8:1::100 2001:db8:1::FFFF;
  option dhcp6.name-servers 2001:db8:1::53;
  option dhcp6.domain-search "example.com";
}

subnet6: Defines an IPv6 subnet.

range6: Specifies the range of IPv6 addresses to issue.

option dhcp6.name-servers: Specifies DNS servers.

option dhcp6.domain-search: Specifies the domain names to search for.

Specify on which interface the DHCPv6 server will operate. Open the file /etc/default/isc-dhcp-server:

sudo nano /etc/default/isc-dhcp-server

Find the line INTERFACESv6 and specify the required interface:

INTERFACESv6="eth0"

For IPv6 to work correctly, you need to enable packet forwarding:

echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Restart the service and add it to startup:

sudo systemctl restart isc-dhcp-server
sudo systemctl enable isc-dhcp-server

Checking the status:

sudo systemctl status isc-dhcp-server

Make sure that DHCPv6 ports are not blocked:

sudo ip6tables -A INPUT -p udp --dport 546 -j ACCEPT
sudo ip6tables -A INPUT -p udp --dport 547 -j ACCEPT

On the client machine, open the file /etc/network/interfaces:

sudo nano /etc/network/interfaces

Add or edit the following lines:

auto eth0
iface eth0 inet6 dhcp

Restart the network interface:

sudo ifdown eth0 && sudo ifup eth0

On the client, we check whether it has received an IPv6 address:

ip -6 addr show eth0

An address from the range specified in should appear. range6.

Let's try to ping the server:

ping6 2001:db8:1::1

Checking the logs on the server:

sudo tail -f /var/log/syslog | grep dhcpd

We use tcpdump to monitor DHCPv6 traffic:

sudo tcpdump -i eth0 port 546 or port 547 -n -vv

Setting up SLAAC

SLAAC allows devices to configure their own IPv6 addresses based on prefixes advertised by routers.

Installing the daemon radvdwhich will send router advertisement messages:

sudo apt install radvd -y

Editing the file /etc/radvd.conf:

sudo nano /etc/radvd.conf

Configuration example

interface eth0
{
    AdvSendAdvert on;
    MinRtrAdvInterval 3;
    MaxRtrAdvInterval 10;
    AdvManagedFlag off;
    AdvOtherConfigFlag off;
    prefix 2001:db8:1::/64
    {
        AdvOnLink on;
        AdvAutonomous on;
        AdvValidLifetime 86400;
        AdvPreferredLifetime 14400;
    };
    RDNSS 2001:db8:1::53
    {
        AdvRDNSSLifetime 3600;
    };
    DNSSL example.com
    {
        AdvDNSSLLifetime 3600;
    };
};

• AdvSendAdvert: Enables sending of RA messages.

• AdvManagedFlag: Specifies whether to use DHCPv6 for addresses (disabled).

• AdvOtherConfigFlag: Specifies whether to use DHCPv6 for other options (disabled).

• prefix: Specifies the network prefix.

• RDNSS: Specifies DNS servers.

• DNSSL: Specifies the search domain suffixes.

Enable IPv6 packet forwarding

If you haven't done this before:

echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Restart the service and add it to startup:

sudo systemctl restart radvd
sudo systemctl enable radvd

Checking the status:

sudo systemctl status radvd

On client machines, we make sure that the interface is set to automatic configuration:

sudo nano /etc/network/interfaces

Add or edit:

auto eth0
iface eth0 inet6 auto

Restart the interface:

sudo ifdown eth0 && sudo ifup eth0

On the client, we check the received IPv6 addresses:

ip -6 addr show eth0

Need to see an address starting with 2001:db8:1::which was automatically generated.

Let's make sure that the routes are configured correctly:

ip -6 route show

There should be a default route through your router.

Checking the logs on the server:

sudo tail -f /var/log/syslog | grep radvd

We use tcpdump to monitor RA messages:

sudo tcpdump -i eth0 icmp6 -n -vv

To enhance privacy, you can enable Privacy Extensions on clients:

echo "net.ipv6.conf.all.use_tempaddr=2" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p

Restart the interface:

sudo ifdown eth0 && sudo ifup eth0

The client will now have temporary IPv6 addresses.

If you want to use SLAAC for addresses and DHCPv6 for additional options:

On the Radvd server

Turn on the flag AdvOtherConfigFlag:

AdvOtherConfigFlag on;

On the DHCPv6 server

We configure the server so that it provides only additional options without issuing addresses. dhcpd.conf remove section range6 and leave only the necessary options:

option dhcp6.name-servers 2001:db8:1::53;
option dhcp6.domain-search "example.com";

Have a good setup and stable operation of your network!

ISIS and IPv6: Another New Routing Protocol?

We will discuss this in an open lesson today (September 18) in the evening. As a result of the lesson, we will analyze the basics of implementing IPv6 support in the ISIS routing protocol, and also implement a network with IPv6 and ISIS support in practice. Sign up for the lesson using the link.