IPv6 Stateless Autoconfiguration
IPv6 Stateless Autoconfiguration
Autoconfiguration is performed on multicast-enabled links only and begins when a multicast-enabled interface is enabled (during system startup or manually). Nodes (both, hosts and routers) begin the process by generating a link-local address for the interface. It is formed by appending the interface identifier to well-known link-local prefix FE80 :: 0. The interface identifier replaces the right-most zeroes of the link-local prefix.
Before the link-local address can be assigned to the interface, the node performs the Duplicate Address Detection mechanism to see if any other node is using the same link-local address on the link. It does this by sending a Neighbor Solicitation message with target address as the "tentative" address and destination address as the solicited-node multicast address corresponding to this tentative address. If a node responds with a Neighbor Advertisement message with tentative address as the target address, the address is a duplicate address and must not be used. Hence, manual configuration is required.
Once the node verifies that its tentative address is unique on the link, it assigns that link-local address to the interface. At this stage, it has IP-connectivity to other neighbors on this link.
The autoconfiguration on the routers stop at this stage, further tasks are performed only by the hosts. The routers will need manual configuration (or stateful configuration) to receive site-local or global addresses.
The next phase involves obtaining Router Advertisements from routers if any routers are present on the link. If no routers are present, a stateful configuration is required. If routers are present, the Router Advertisements notify what sort of configurations the hosts need to do.
The routers periodically sent Router Advertisements. However, if a host requires RA messages immediately, it sends a Router Solicitation message to "all routers on this link" FF02 :: 1 multicast address.
Each RA message contains an "M" and "O" flags. "M" is Managed Address Configuration flag indicating whether the host should use stateful autoconfiguration (if any). "O" is Other Stateful Configuration flag which indicates whether hosts should use stateful autoconfiguration for any other information (excluding addresses).
A host processes the stateless and stateful autoconfiguration independently.
RA messages may also contain Prefix-Information option which contain stateless address autoconfiguration to generate site-local and global addresses. Global and site-local addresses are formed by appending the interface identifier to a prefix of appropriate length. A host is not required to perform a duplicate address detection for site-local and global addresses if the duplicate address duplication mechanism for link-local address was successful.
Autoconfigured Address States-
When an autoconfigured address is in Tentative state, it is in the process of being verified for Duplicate Address Detection (DAD). An address in valid state can be used for sending and receiving unicast traffic. The valid state includes the Preferred and Deprecated states. An address in Preferred state can be used for unlimited communication. The address in Deprecated state should not be used for new communication; however existing communications can continue to use this address. No communication is possible in Invalid state i.e. after the Valid Lifetime expires.
The router connected to the host or the DHCPv6 server provides Preferred lifetimes and Valid lifetimes (Valid lifetime should be equal or greater than Preferred lifetime) for an address prefix. The address enters Deprecated state once it exceeds the Preferred lifetime without receiving RA messages from the router or renew messages from the DHCPv6 server. The link-local address has infinite Preferred and Valid lifetimes.
Consider the following-
A Windows Vista PC with IPv6 enabled (by default) is connected to a Cisco router via Ethernet interface.
The Router Fa0/0 is configured as follows-
Router(config)# ipv6 unicast-routing
Router(config)# interface fa 0/0
Router(config-if)# ipv6 enable
Router(config-if)# ipv6 nd prefix 2001:ABAB::/48 2000 2000 <--- Optional (on-link and autoconfig by default)
Router(config-if)# ipv6 nd managed-config-flag <--- Optional
Router(config-if)# ipv6 nd other-config-flag <--- Optional
Router(config-if)# no shutdown
The debug ipv6 nd command shows the following output. When the Router receives RS message from the host before its link-local address is assigned, it creates an entry for the host in its Neighbor Cache with INCOMPLETE state and then immediately puts the state to STALE and performs the DAD mechanism.
When the interface Fa0/0 comes up, the Router first performs DAD by sending NS message with its "tentative" address as the target address. Once DAD mechanism is unique, the link-local address is assigned to the interface. The Windows Vista is configured to send RS messages by default and the router receives them on Fa 0/0. So the router sends RA message with the configured information like Prefix-information, M and O flags, and Valid and Preferred Lifetimes.
Router#
*Mar 1 02:44:29.009: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Mar 1 02:44:29.034: ICMPv6-ND: Received RS on FastEthernet0/0 from FE80::222:19FF:FEDF:9252
*Mar 1 02:44:29.034: ICMPv6-ND: DELETE -> INCMP: FE80::222:19FF:FEDF:9252
*Mar 1 02:44:29.034: ICMPv6-ND: INCMP -> STALE: FE80::222:19FF:FEDF:9252
Router#
*Mar 1 02:44:30.011: ICMPv6-ND: Sending NS for FE80::211:92FF:FEEC:B255 on FastEthernet0/0
Router#
*Mar 1 02:44:30.011: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Mar 1 02:44:31.013: ICMPv6-ND: DAD: FE80::211:92FF:FEEC:B255 is unique.
*Mar 1 02:44:31.013: ICMPv6-ND: Sending NA for FE80::211:92FF:FEEC:B255 on FastEthernet0/0
*Mar 1 02:44:31.013: ICMPv6-ND: Address FE80::211:92FF:FEEC:B255/10 is up on FastEthernet0/0
Router#
*Mar 1 02:44:33.152: ICMPv6-ND: Received RS on FastEthernet0/0 from FE80::222:19FF:FEDF:9252
*Mar 1 02:44:33.152: ICMPv6-ND: Sending RA to FF02::1 on FastEthernet0/0
*Mar 1 02:44:33.152: ICMPv6-ND: Managed address configuration
*Mar 1 02:44:33.152: ICMPv6-ND: Other stateful configuration
*Mar 1 02:44:33.152: ICMPv6-ND: MTU = 1500
*Mar 1 02:44:33.152: ICMPv6-ND: prefix = 2001:ABAB::/48 onlink autoconfig rtr-address
*Mar 1 02:44:33.156: ICMPv6-ND: 2000/2000 (valid/preferred)
Router#
*Mar 1 02:44:37.379: ICMPv6-ND: Received NS for FE80::211:92FF:FEEC:B255 on FastEthernet0/0 from FE80::222:19FF:FEDF:9252
*Mar 1 02:44:37.383: ICMPv6-ND: Sending NA for FE80::211:92FF:FEEC:B255 on FastEthernet0/0
*Mar 1 02:44:37.383: ICMPv6-ND: STALE -> DELAY: FE80::222:19FF:FEDF:9252
Router#
*Mar 1 02:44:42.383: ICMPv6-ND: DELAY -> PROBE: FE80::222:19FF:FEDF:9252
*Mar 1 02:44:42.383: ICMPv6-ND: Sending NS for FE80::222:19FF:FEDF:9252 on FastEthernet0/0
*Mar 1 02:44:42.383: ICMPv6-ND: Received NA for FE80::222:19FF:FEDF:9252 on FastEthernet0/0 from FE80::222:19FF:FEDF:9252
*Mar 1 02:44:42.383: ICMPv6-ND: PROBE -> REACH: FE80::222:19FF:FEDF:9252
Router#
*Mar 1 02:45:12.385: ICMPv6-ND: REACH -> STALE: FE80::222:19FF:FEDF:9252
By default, a Windows Vista PC generates a random interface identifier. However, this behaviour can be disabled using the following command from command prompt-
netsh interface ipv6 set global randomizeĀidentifiers=disabled
The following output is taken from the Windows Vista PC with the default behaviour enabled. The IPv6 address of the form ipv6address%ZoneID indicates the link-local address fe80::7c0c:5e11:ffdb:2973 (link-local address starts with FE80::) and ZoneID of the interface to which the address is assigned %11 (the interface index of the LAN interface).
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::7c0c:5e11:ffdb:2973%11
Autoconfiguration IPv4 Address. . : 169.254.41.115
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : fe80::211:92ff:feec:b255%11
Unless manually configured, the ZoneID is the interface index for link-local addresses. For Site-local addresses, the ZoneID is the site number. The ZoneID is not required for Global addresses.
When disabled, IPv6 uses EUI-64 format interface identifiers. Two octets 0xFF and 0xFE indicates EUI-64 format interface identifier.
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::222:19ff:fedf:9252%11
Autoconfiguration IPv4 Address. . : 169.254.41.115
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : fe80::211:92ff:feec:b255%11
The netsh interface ipv6 show interface command displays list of IPv6 interfaces, interface index, interface metric, link MTU, state and interface name.
C:\Windows\system32>netsh interface ipv6 show interface
Idx Met MTU State Name
--- --- ----- ----------- -------------------
1 50 4294967295 connected Loopback Pseudo-Interface 1
12 25 1500 connected Wireless Network Connection
19 50 1280 disconnected Local Area Connection* 6
10 10 1280 connected Local Area Connection* 7
11 20 1500 connected Local Area Connection
18 50 1280 disconnected Local Area Connection* 11
16 50 1280 disconnected Local Area Connection* 13
14 50 1500 disconnected Bluetooth Network Connection
21 50 1280 disconnected Local Area Connection* 14
20 20 1280 disconnected Local Area Connection 3
The netsh interface ipv6 show address command displays IPv6 addresses assigned per interface, their address types, DAD state (preferred or deprecated), and Preferred and Valid Lifetimes.
C:\Windows\system32>netsh interface ipv6 show address
Interface 1: Loopback Pseudo-Interface 1
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Preferred infinite infinite ::1
Interface 12: Wireless Network Connection
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Preferred infinite infinite fe80::222:fbff:fe19:8d3a%12
Interface 10: Local Area Connection* 7
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Public Preferred infinite infinite 2001:0:cf2e:3096:1ceb:3ea:840c:ca
Other Preferred infinite infinite fe80::1ceb:3ea:840c:ca9c%10
Interface 11: Local Area Connection
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Preferred infinite infinite fe80::222:19ff:fedf:9252%11
Interface 18: Local Area Connection* 11
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Deprecated infinite infinite fe80::5efe:169.254.41.115%18
Interface 16: Local Area Connection* 13
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Deprecated infinite infinite fe80::5efe:192.168.1.2%16
Interface 14: Bluetooth Network Connection
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Deprecated infinite infinite fe80::223:4dff:feea:4148%14
Interface 20: Local Area Connection 3
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Other Deprecated infinite infinite fe80::50:f2ff:fe00:1%20
The following output shows the MAC address of Fa 0/0 interface on the router which is used to create EUI-64 format interface identifier for link-local address.
Router# show interface fa 0/0 | include Hardware
Hardware is PQUICC_FEC, address is 0011.92ec.b255 (bia 0011.92ec.b255)
Router# show ipv6 interface
FastEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::211:92FF:FEEC:B255
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::2
FF02::1:FFEC:B255
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds
ND advertised reachable time is 0 milliseconds
ND advertised retransmit interval is 0 milliseconds
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
Hosts use DHCP to obtain routable addresses.
Hosts use DHCP to obtain other configuration.
The following command shows the Neighbor Cache and their state. It shows the neighbors connected to the link. In this case, the Windows Vista PC is connected to Fa0/0. The link-layer address is the MAC address of Windows Vista PC.
Router# show ipv6 neighbor
IPv6 Address Age Link-layer Addr State Interface
FE80::222:19FF:FEDF:9252 6 0022.19df.9252 STALE Fa0/0
When the Router attempts to ping the Windows Vista PC's link-local address fe80::222:19ff:fedf:9252, the Router queries its Neighbor Cache. The entry state is STALE. Since the packet is forwarded based on the STALE entry, the state is changed to DELAY state. Since, it cannot verify the "forward-progress" using ICMP packet (as PING/ICMP runs directly over IP), the state changes to PROBE and a NS message is sent to the neighbor. Once an NA message is received, the state is changed to REACH.
Router# ping fe80::222:19ff:fedf:9252
Output Interface: fastethernet0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FE80::222:19FF:FEDF:9252, timeout is 2 seconds:
Packet sent with a source address of FE80::211:92FF:FEEC:B255
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms
*Mar 1 02:25:00.378: ICMPv6: Sending echo request to FE80::222:19FF:FEDF:9252
*Mar 1 02:25:00.378: ICMPv6-ND: STALE -> DELAY: FE80::222:19FF:FEDF:9252
*Mar 1 02:25:00.382: ICMPv6: Received ICMPv6 packet from FE80::222:19FF:FEDF:9252, type 135
*Mar 1 02:25:00.382: ICMPv6-ND: Received NS for FE80::211:92FF:FEEC:B255 on FastEthernet0/0 from FE80::222:19FF:FEDF:9252
*Mar 1 02:25:00.382: ICMPv6-ND: Sending NA for FE80::211:92FF:FEEC:B255 on FastEthernet0/0
*Mar 1 02:25:00.382: ICMPv6: Received echo reply from FE80::222:19FF:FEDF:9252
*Mar 1 02:25:00.386: ICMPv6: Sending echo request to FE80::222:19FF:FEDF:9252
Router#
*Mar 1 02:25:00.386: ICMPv6: Received echo reply from FE80::222:19FF:FEDF:9252
*Mar 1 02:25:00.386: ICMPv6: Sending echo request to FE80::222:19FF:FEDF:9252
*Mar 1 02:25:00.390: ICMPv6: Received echo reply from FE80::222:19FF:FEDF:9252
*Mar 1 02:25:00.390: ICMPv6: Sending echo request to FE80::222:19FF:FEDF:9252
*Mar 1 02:25:00.394: ICMPv6: Received echo reply from FE80::222:19FF:FEDF:9252
*Mar 1 02:25:00.394: ICMPv6: Sending echo request to FE80::222:19FF:FEDF:9252
*Mar 1 02:25:00.394: ICMPv6: Received echo reply from FE80::222:19FF:FEDF:9252
Router#
*Mar 1 02:25:05.378: ICMPv6-ND: DELAY -> PROBE: FE80::222:19FF:FEDF:9252
*Mar 1 02:25:05.378: ICMPv6-ND: Sending NS for FE80::222:19FF:FEDF:9252 on FastEthernet0/0
*Mar 1 02:25:05.378: ICMPv6: Received ICMPv6 packet from FE80::222:19FF:FEDF:9252, type 136
*Mar 1 02:25:05.378: ICMPv6-ND: Received NA for FE80::222:19FF:FEDF:9252 on FastEthernet0/0 from FE80::222:19FF:FEDF:9252
*Mar 1 02:25:05.378: ICMPv6-ND: PROBE -> REACH: FE80::222:19FF:FEDF:9252
Router# show ipv6 neighbor
IPv6 Address Age Link-layer Addr State Interface
FE80::222:19FF:FEDF:9252 0 0022.19df.9252 REACH Fa0/0
Further reading:
1. RFC 2462: IPv6 Stateless Address Autoconfiguration http://www.faqs.org/ftp/rfc/pdf/rfc2462.txt.pdf
2. http://technet.microsoft.com/en-us/library/bb726952.aspx
3. http://207.46.16.252/en-us/magazine/2007.08.cableguy.aspx