Explanation of the IPv6 address assignment using Ethernet. More...
Explanation of the IPv6 address assignment using Ethernet.
The Network library maintains several IPv6 addresses for the Ethernet network interface:
- Static Address
is used to communicate globally over internet. It is configured manually or via DHCPv6 in stateful mode.
- Dynamic Address
is configured by a Stateless Address Autoconfiguration and also used to communicate globally.
- Link-local Address
is automatically configured from the interface MAC address. The scope of a link-local address is the intercommunication between hosts on the local area network. The link-local address allows IPv6 hosts to communicate when there is no router and no DHCPv6 server available on the local area network (LAN).
The IPv6 addresses for the Ethernet network interface are assigned in several ways:
- Static IPv6
The IPv6 address, subnet prefix length and default gateway are configuredmanually in the system configuration file. However, it is possible to change the IPv6 address atruntime. The static configuration specifies also a primary and optional secondary DNS server. To make use of the static IPv6 configuration, you need to disable DHCP for IPv6.
- Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
This mode is mostly used. It requires a centralized DHCPv6 server in the local area network (LAN). There are two methods of DHCPv6:
Only extended information, such as primary and optional secondary DNS server, is obtained from a DHCPv6 server. IPv6 address is not assigned, so the IPv6 address from the Ethernet configuration is set for a Static address of Ethernet interface.
DHCPv6 server maintains a database of leased IPv6 addresses, and assigns to the client an unused IPv6address. The DHCPv6 server specifies also a primary and optional secondary DNS server. The DNSserver is used to resolve the IP address for a known host name.
- IPv6 Stateless Address Autoconfiguration (SLAAC)
This mode is always used and configures a Dynamic Address. SLAAC provides the ability to address a host based on a network prefix that is advertised from a local network router via Router Advertisements (RA).
End-host address assignment options for IPv6 networks
Overview of the different ways IPv6 end-host address assignment can be configured.
Address Types and ScopeFirst, we need a quick understanding of the different address types in IPv6 which are referred to as "scope".
- Global scope addresses are the ones we most used to, the regular globally reachable address and often registered in DNS. For UW-Madison, our global prefix is 2607:f388::/32.
- Link-Local scope is used within a particular subnet only and are not routable at all. They start with the IPv6 prefix fe80::/64. In IPv4, these are most similar to 169.254.x.x addresses hosts use if they do not have global addresses, however in IPv6 they are always configured.
- Loopback is the how a host can refer to itself, similar to 127.0.0.1 in IPv4. The IPv6 address is ::1/128 and is also called Host Scope.
- Multicast can be used both with link-local, site-local, and global scope. This is how, for example, nodes on a given lan can find each other. Multicast addresses are in the range ff00::/8. More on IPv6 Multicast addresses.
- Broadcast is not used in IPv6 in favor of Multicast.
- Site-Local scope is specific to an enterprise. However as an addressing range, it has been deprecated since 2004. Documentation that referrers to it or the range fec0::/10 is out of date.
- Uniform Local Addressing to some degree replaces site-local. ULA is similar to RFC 1918 address in IPv4, but with some differences. ULA is relatively new, and there still is an amount of churn in the standards bodies about how the addresses should be used. UW Network Services discourages the use ULA at this time.
Now, we can discuss how hosts can be assigned Global scope addresses.
Stateless AutoconfigurationThis is one of the most common mechanisms used for IPv6 address assignment. A host listens (or solicits) for messages from the router about what network prefix the host is on. The host then takes the network prefix, and appends its mac address in a modified form (by inserting FF:FE in the middle, and setting the 7th bit to a 1) and uses that as the global scope address. This is typically the default on Unixes (OS X, Linux, BSD, Solaris, etc).
Prefix announced by router: 2607:f388:f:100::/64
Host mac address: 00:0C:29:4A:7C:B0
Autoconfigured address: 2607:f388:f:100:20c:29ff:fe4a:7cb0/64
Stateless Autoconfiguration w/ Privacy ExtensionsOne of the issues with the above method is that mac addresses are typically unique globally. If a host moved between subnets (or from UW to a user's home) the network prefix portion of the address would be different, but the lower 64 bits of the address would remain the same. This global uniqueness is then a privacy concern because a machine would potentially be recognizable regardless of where it connected to the internet.
To combat this, a host can still take the network prefix announced by the router, but then generate a random identifier to use for the host portions of the address. To take things further, the host can change the lower bits periodically to help stay anonymous.
This is the default behavior on some Microsoft platforms, and particularly annoying in enterprise environments. However, it can be disabled using the registry or commands:netsh interface ipv6 set privacy state=disabled store=persistent netsh interface ipv6 set global randomizeidentifiers=disabled store=persistent
Static ConfigurationPerhaps the most obvious mechanism for giving a host a global scope address is to assign one and statically configure on the host. However, some hosts may still also automatically configure dynamic addresses unless configured not to. This is particularly annoying for servers or for where firewalling is used. Example: IPv6 static address configuration for linux hosts. Also, see the note near the bottom of this page on disabling autoconfiguration.
Stateless Autoconfiguration w/ stateless DHCPv6After using one of the above mechanisms for address assignment, the typical next step is to configure DNS servers for the host to use. This can be done via a lightweight DHCPv6 server who's only job is to hand out options, but not keep track of address assignments. This can be used with Microsoft operating systems newer than XP. The routers on the network must be configured to announce to clients that stateless DHCP service is available. Stateless DHCPv6 clients are not included as part of OS X.
Stateless Autoconfiguration w/ DNS Advertisement (RFC 5006)A new way to assign DNS servers in IPv6 is to have the routers announce them out to the network along with the prefix. UW's routers currently can not send this option, and client support for RFC 5006 nearly non-existent.
Stateful DHCPv6Networks can be configured to only use DHCP for addressing and options. This is very similar to how DHCP is typically used on IPv4 networks. Some differences are that the network's routers must be configured to tell the clients to use statefull DHCP, and support for identifying a host based on its mac addresses across a relay may be problematic (match on the DUID instead). Stateful DHCPv6 clients are not included as part of OS X.
If you use stateful DHCPv6 for all hosts on a lan, it is possible to turn off autoconfiguration. See the note near the bottom of this page.