Configuring DHCPv6 and SLAAC in IPv6 Networks
IPv6 is a next-generation protocol designed to address the limitations of IPv4. Its main features are:
Extended address space: 128-bit addresses allow for a huge range of unique IP addresses.
Improved security: Built-in IPsec support provides more reliable data protection.
Efficiency and productivity: optimized packet header and improved routing.
Autoconfiguration of addresses: simplifies the process of setting up devices on the network.
The main tools for automatic configuration in IPv6 networks are DHCPv6 and SLAAC:
SLAAC (Stateless address autoconfiguration): Allows devices to generate their own IPv6 addresses based on prefixes advertised by routers. Suitable for networks that require minimal administrator intervention.
DHCPv6 (Dynamic host configuration protocol for IPv6): centralized control over the distribution of addresses and additional network parameters. Preferred in environments where strict control over address space and client settings is required.
In some cases it is possible combination of both methods.
Preparing for setup
Measure twice, cut once. Proper preparation will save you a lot of time and nerves later.
Equipment:
IPv6 enabled router: it can be a commercial router from Cisco, Juniper, Mikrotik or even an old PC with two network cards and Linux on board. The main thing is IPv6 support and the ability to configure DHCPv6 and SLAAC.
Client devices: computers, laptops or virtual machines with IPv6 support.
Software:
Operating system with IPv6 support: Modern versions of Windows, Linux and macOS already support IPv6 out of the box.
DHCPv6 Server Software: For example,
isc-dhcp-server
for Linux or built-in DHCP services in commercial routers.Demon Radvd: for sending Router Advertisement messages when configuring SLAAC on Linux routers.
Diagnostic and monitoring tools:
ping6
,traceroute6
,tcpdump
,Wireshark
— all this will be useful for debugging and checking the functionality of the settings.
Before implementing new settings on a production network, it is recommended to create a test environment.
Use a separate switch or VLAN to segment your test network. If you are using virtual machines, set up a virtual switch to isolate traffic.
If you are using a Linux server as a router:
Enable IPv6 packet forwarding:
echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf sudo sysctl -p
Installing the radvd daemon for SLAAC:
sudo apt-get install radvd
Let's install a DHCPv6 server:
sudo apt-get install isc-dhcp-server
Automatic IPv6 configuration must be enabled on client devices. This is usually the default setting, but it's a good idea to check.
We useping6
To check the availability of devices:
ping6 -c 4 2001:db8:1::1
Tools used
1. ISC DHCP Server
One of the most popular DHCP servers with IPv6 support.
Setting /etc/dhcp/dhcpd.conf
:
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet6 2001:db8:1::/64 {
range6 2001:db8:1::100 2001:db8:1::ffff;
option dhcp6.name-servers 2001:db8::53;
option dhcp6.domain-search "example.com";
}
Server startup:
sudo service isc-dhcp-server restart
2. Radvd
Used to send Router Advertisement messages in IPv6 networks, required for SLAAC.
Setting /etc/radvd.conf
:
interface eth0
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:db8:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
Starting the daemon:
sudo service radvd restart
Diagnostic tools
ping6: Checking the availability of nodes via IPv6.
ping6 google.com
traceroute6: Trace the route to the node.
traceroute6 google.com
tcpdump: Capture traffic for analysis.
sudo tcpdump -i eth0 -n -vv ip6
Wireshark: A graphical tool for detailed analysis of network traffic.
Setting up client devices
Linux:
Configuring the network interface for automatic IPv6 configuration.
File /etc/network/interfaces
(Debian/Ubuntu):
auto eth0
iface eth0 inet6 auto
Windows:
Open the command line with administrator rights and enter:
netsh interface ipv6 set interface "Ethernet" routerdiscovery=enable
macOS:
IPv6 is usually enabled by default.
Setting up DHCPv6 and SLAAC on Linux
Configuring DHCPv6
DHCPv6 allows you to centrally manage the distribution of IPv6 addresses and additional network parameters.
Installing a DHCP server with IPv6 support:
sudo apt install isc-dhcp-server -y
Configuring a DHCPv6 server:
Configuration file
Open the file /etc/dhcp/dhcpd.conf
for editing:
sudo nano /etc/dhcp/dhcpd.conf
Configuration example
# Включаем логирование
log-facility local7;
# Определяем глобальные параметры
default-lease-time 600;
max-lease-time 7200;
# Определяем подсеть для DHCPv6
subnet6 2001:db8:1::/64 {
range6 2001:db8:1::100 2001:db8:1::FFFF;
option dhcp6.name-servers 2001:db8:1::53;
option dhcp6.domain-search "example.com";
}
subnet6: Defines an IPv6 subnet.
range6: Specifies the range of IPv6 addresses to issue.
option dhcp6.name-servers: Specifies DNS servers.
option dhcp6.domain-search: Specifies the domain names to search for.
Specify on which interface the DHCPv6 server will operate. Open the file /etc/default/isc-dhcp-server
:
sudo nano /etc/default/isc-dhcp-server
Find the line INTERFACESv6
and specify the required interface:
INTERFACESv6="eth0"
For IPv6 to work correctly, you need to enable packet forwarding:
echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
Restart the service and add it to startup:
sudo systemctl restart isc-dhcp-server
sudo systemctl enable isc-dhcp-server
Checking the status:
sudo systemctl status isc-dhcp-server
Make sure that DHCPv6 ports are not blocked:
sudo ip6tables -A INPUT -p udp --dport 546 -j ACCEPT
sudo ip6tables -A INPUT -p udp --dport 547 -j ACCEPT
On the client machine, open the file /etc/network/interfaces
:
sudo nano /etc/network/interfaces
Add or edit the following lines:
auto eth0
iface eth0 inet6 dhcp
Restart the network interface:
sudo ifdown eth0 && sudo ifup eth0
On the client, we check whether it has received an IPv6 address:
ip -6 addr show eth0
An address from the range specified in should appear. range6
.
Let's try to ping the server:
ping6 2001:db8:1::1
Checking the logs on the server:
sudo tail -f /var/log/syslog | grep dhcpd
We use tcpdump
to monitor DHCPv6 traffic:
sudo tcpdump -i eth0 port 546 or port 547 -n -vv
Setting up SLAAC
SLAAC allows devices to configure their own IPv6 addresses based on prefixes advertised by routers.
Installing the daemon radvd
which will send router advertisement messages:
sudo apt install radvd -y
Editing the file /etc/radvd.conf
:
sudo nano /etc/radvd.conf
Configuration example
interface eth0
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvManagedFlag off;
AdvOtherConfigFlag off;
prefix 2001:db8:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
};
RDNSS 2001:db8:1::53
{
AdvRDNSSLifetime 3600;
};
DNSSL example.com
{
AdvDNSSLLifetime 3600;
};
};
AdvSendAdvert: Enables sending of RA messages.
AdvManagedFlag: Specifies whether to use DHCPv6 for addresses (disabled).
AdvOtherConfigFlag: Specifies whether to use DHCPv6 for other options (disabled).
prefix: Specifies the network prefix.
RDNSS: Specifies DNS servers.
DNSSL: Specifies the search domain suffixes.
Enable IPv6 packet forwarding
If you haven't done this before:
echo "net.ipv6.conf.all.forwarding=1" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
Restart the service and add it to startup:
sudo systemctl restart radvd
sudo systemctl enable radvd
Checking the status:
sudo systemctl status radvd
On client machines, we make sure that the interface is set to automatic configuration:
sudo nano /etc/network/interfaces
Add or edit:
auto eth0
iface eth0 inet6 auto
Restart the interface:
sudo ifdown eth0 && sudo ifup eth0
On the client, we check the received IPv6 addresses:
ip -6 addr show eth0
Need to see an address starting with 2001:db8:1::
which was automatically generated.
Let's make sure that the routes are configured correctly:
ip -6 route show
There should be a default route through your router.
Checking the logs on the server:
sudo tail -f /var/log/syslog | grep radvd
We use tcpdump
to monitor RA messages:
sudo tcpdump -i eth0 icmp6 -n -vv
To enhance privacy, you can enable Privacy Extensions on clients:
echo "net.ipv6.conf.all.use_tempaddr=2" | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
Restart the interface:
sudo ifdown eth0 && sudo ifup eth0
The client will now have temporary IPv6 addresses.
If you want to use SLAAC for addresses and DHCPv6 for additional options:
On the Radvd server
Turn on the flag AdvOtherConfigFlag
:
AdvOtherConfigFlag on;
On the DHCPv6 server
We configure the server so that it provides only additional options without issuing addresses. dhcpd.conf
remove section range6
and leave only the necessary options:
option dhcp6.name-servers 2001:db8:1::53;
option dhcp6.domain-search "example.com";
Have a good setup and stable operation of your network!
ISIS and IPv6: Another New Routing Protocol?
We will discuss this in an open lesson today (September 18) in the evening. As a result of the lesson, we will analyze the basics of implementing IPv6 support in the ISIS routing protocol, and also implement a network with IPv6 and ISIS support in practice. Sign up for the lesson using the link.