4.3 Dynamic Addressing for IPv6 GUAs Flashcards
For the GUA, a device obtains the address dynamically through Internet Control Message Protocol version 6 (ICMPv6) messages. IPv6 routers periodically send out ICMPv6 RA messages, every 200 seconds, to all IPv6-enabled devices on the network. An RA message will also be sent in response to a host sending an ICMPv6 RS message, which is a request for an RA message. Both messages are shown in the figure.
To enable a router as an IPv6 router, the ipv6 unicast-routing global configuration command must be used.
Method 1: SLAAC
SLAAC is a method that allows a device to create its own GUA without the services of DHCPv6. Using SLAAC, devices rely on the ICMPv6 RA messages of the local router to obtain the necessary information.
By default, the RA message suggests that the receiving device use the information in the RA message to create its own IPv6 GUA and all other necessary information. The services of a DHCPv6 server are not required.
SLAAC is stateless, which means there is no central server (for example, a stateful DHCPv6 server) allocating GUAs and keeping a list of devices and their addresses. With SLAAC, the client device uses the information in the RA message to create its own GUA.
the two parts of the address are created as follows:
Prefix - This is advertised in the RA message.
Interface ID - This uses the EUI-64 process or by generating a random 64-bit number, depending on the device operating system.
The router sends an RA message with the prefix for the local link.
The PC uses SLAAC to obtain a prefix from the RA message and creates its own Interface ID.
Method 2: SLAAC and Stateless DHCPv6
A router interface can be configured to send a router advertisement using SLAAC and stateless DHCPv6.
As shown in the figure, with this method, the RA message suggests devices use the following:
SLAAC to create its own IPv6 GUA
The router LLA, which is the RA source IPv6 address, as the default gateway address
A stateless DHCPv6 server to obtain other information such as a DNS server address and a domain name
Note: A stateless DHCPv6 server distributes DNS server addresses and domain names. It does not allocate GUAs.
The PC sends an RS to all IPv6 routers, “I need addressing information.”
The router sends an RA message to all IPv6 nodes with Method 2 (SLAAC and DHCPv6) specified. “Here is your prefix, prefix-length, and default gateway information. But you will need to get DNS information from a DHCPv6 server.”
The PC sends a DHCPv6 Solicit message to all DHCPv6 servers. “I used SLAAC to create my IPv6 address and get my default gateway address, but I need other information from a stateless DHCPv6 server.”
Method 3: Stateful DHCPv6
A router interface can be configured to send an RA using stateful DHCPv6 only.
Stateful DHCPv6 is similar to DHCP for IPv4. A device can automatically receive its addressing information including a GUA, prefix length, and the addresses of DNS servers from a stateful DHCPv6 server.
As shown in the figure, with this method, the RA message suggests devices use the following:
The router LLA, which is the RA source IPv6 address, for the default gateway address.
A stateful DHCPv6 server to obtain a GUA, DNS server address, domain name and other necessary information.
The PC sends an RS to all IPv6 routers, “I need addressing information.”
The router sends an RA message to all IPv6 nodes with Method 3 (Stateful DHCPv6) specified, “I am your default gateway, but you need to ask a stateful DHCPv6 server for your IPv6 address and other addressing information.”
The PC sends a DHCPv6 Solicit message to all DHCPv6 servers, “I received my default gateway address from the RA message, but I need an IPv6 address and all other addressing information from a stateful DHCPv6 server.”
A stateful DHCPv6 server allocates and maintains a list of which device receives which IPv6 address. DHCP for IPv4 is stateful.
Note: The default gateway address can only be obtained dynamically from the RA message. The stateless or stateful DHCPv6 server does not provide the default gateway address.
EUI-64 Process vs. Randomly Generated
When the RA message is either SLAAC or SLAAC with stateless DHCPv6, the client must generate its own interface ID. The client knows the prefix portion of the address from the RA message, but must create its own interface ID. The interface ID can be created using the EUI-64 process or a randomly generated 64-bit number
The router sends an RA message.
The PC uses the prefix in the RA message and uses either EUI-64 or a random 64-bit number to generate an interface ID.
EUI-64 Process
IEEE defined the Extended Unique Identifier (EUI) or modified EUI-64 process. This process uses the 48-bit Ethernet MAC address of a client, and inserts another 16 bits in the middle of the 48-bit MAC address to create a 64-bit interface ID.
Ethernet MAC addresses are usually represented in hexadecimal and are made up of two parts:
Organizationally Unique Identifier (OUI) - The OUI is a 24-bit (6 hexadecimal digits) vendor code assigned by IEEE.
Device Identifier - The device identifier is a unique 24-bit (6 hexadecimal digits) value within a common OUI.
An EUI-64 interface ID is represented in binary and is made up of three parts:
24-bit OUI from the client MAC address, but the 7th bit (the Universally/Locally (U/L) bit) is reversed. This means that if the 7th bit is a 0, it becomes a 1, and vice versa.
The inserted 16-bit value fffe (in hexadecimal).
24-bit device identifier from the client MAC address.
Randomly Generated Interface IDs
Depending upon the operating system, a device may use a randomly generated interface ID instead of using the MAC address and the EUI-64 process.
After the interface ID is established, either through the EUI-64 process or through random generation, it can be combined with an IPv6 prefix in the RA message to create a GUA
Note: To ensure the uniqueness of any IPv6 unicast address, the client may use a process known as duplicate address detection (DAD). This is similar to an ARP request for its own address. If there is no reply, then the address is unique.
Dynamic LLAs
All IPv6 devices must have an IPv6 LLA. Like IPv6 GUAs, you can also create LLAs dynamically. Regardless of how you create your LLAs (and your GUAs), it is important that you verify all IPv6 address configuration. This topic explains dynamically generated LLAs and IPv6 configuration verification.
Dynamic LLAs on Cisco Routers
Cisco routers automatically create an IPv6 LLA whenever a GUA is assigned to the interface. By default, Cisco IOS routers use EUI-64 to generate the interface ID for all LLAs on IPv6 interfaces. For serial interfaces, the router will use the MAC address of an Ethernet interface. Recall that an LLA must be unique only on that link or network. However, a drawback to using the dynamically assigned LLA is its long interface ID, which makes it challenging to identify and remember assigned addresses.
Dynamic LLAs on Windows
Operating systems, such as Windows, will typically use the same method for both a SLAAC-created GUA and a dynamically assigned LLA.
show ipv6 interface brief
The show ipv6 interface brief command displays the IPv6 address of the Ethernet interfaces. EUI-64 uses this MAC address to generate the interface ID for the LLA. Additionally, the show ipv6 interface brief command displays abbreviated output for each of the interfaces. The [up/up] output on the same line as the interface indicates the Layer 1/Layer 2 interface state. This is the same as the Status and Protocol columns in the equivalent IPv4 command.
Notice that each interface has two IPv6 addresses. The second address for each interface is the GUA that was configured. The first address, the one that begins with fe80, is the link-local unicast address for the interface. Recall that the LLA is automatically added to the interface when a GUA is assigned.
Also, notice that the R1 Serial 0/1/0 LLA is the same as its GigabitEthernet 0/0/0 interface. Serial interfaces do not have Ethernet MAC addresses, so Cisco IOS uses the MAC address of the first available Ethernet interface. This is possible because link-local interfaces only have to be unique on that link.
show ipv6 route
The show ipv6 route command can be used to verify that IPv6 networks and specific IPv6 interface addresses have been installed in the IPv6 routing table. The show ipv6 route command will only display IPv6 networks, not IPv4 networks.
Within the route table, a C next to a route indicates that this is a directly connected network. When the router interface is configured with a GUA and is in the “up/up” state, the IPv6 prefix and prefix length is added to the IPv6 routing table as a connected route.
Note: The L indicates a local route, the specific IPv6 address assigned to the interface. This is not an LLA. LLAs are not included in the routing table of the router because they are not routable addresses.
The IPv6 GUA configured on the interface is also installed in the routing table as a local route. The local route has a /128 prefix. Local routes are used by the routing table to efficiently process packets with a destination address of the router interface address.
Ping
The ping command for IPv6 is identical to the command used with IPv4, except that an IPv6 address is used.
When pinging an LLA from a router, Cisco IOS will prompt the user for the exit interface. Because the destination LLA can be on one or more of its links or networks, the router needs to know which interface to send the ping to.
