Stateless address auto-configuration (SLAAC) is a feature that enables IPv6 nodes to auto-generate globally unique addresses (GUA) using Route Advertisements messages sent by a router attached to the local segment. However, SLAAC does not provide DNS and Domain name information. To resolve this problem, the router that is sending the RA messages sets a special flag called O-flag to 1 (O comes from other information). This tells the nodes on the segment that they can contact a stateless DCHPv6 server and get the DNS and Domain name information.
Stateless DHCPv6 is used by nodes to obtain other information, such as a DNS server list and a domain name, that does not require the maintenance of any dynamic state for individual nodes. A node that uses stateless DHCPv6 must have obtained its IPv6 addresses through some other mechanism usually SLAAC. It is defined in RFC 3736 "Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6".
Typical dynamic addressing design in IPv6 is to use SLAAC for generating a global unicast address (GUA) and Stateless DHCPv6 for providing DNS and Domain name. Let's look at the example shown in figure 1 and follow the steps PC1 would take to obtain all info it needs.
Figure 1. Stateless DHCPv6 Operations
At this point, PC1 has a globally unique IPv6 address and a Default Gateway. This means that it has everything it needs to be able to communicate with nodes outside its local network including on the Internet. However, PC1 does not have a DNS server and Domain name, therefore services that require URL-to-IP resolution won't work. Because the O-flag in the Router Advertisement message was set to 1, PC1 knows that there is a stateless DHCPv6 service and it can obtain DNS and domain name from there.
Implementing SLAAC with stateless DHCPv6 using Cisco routers requires the following steps:
For this example, we are going to use the topology shown in figure 2. Router 1 is going to send RAs on the segment and Router 2 will act as a stateless DHCP server and provide DNS information. At the end of the example, if everything is successfully configured, PC1 should have a global IPv6 address, a default gateway, DNS server, and domain name configured.
Figure 2. SLAAC with Stateless DHCPv6 Example Topology
The first thing we need to configure is to enable the IPv6 unicast routing. If not enabled, the router won't send Router Advertisement messages.
Router1(config)#ipv6 unicast-routing
After the IPv6 routing process is enabled, we need to configure a link-local and a global unicast address on the interface that is attached to the link. Using our example topology, that would be interface GigabitEthernet0/0.
Router1(config)#interface GigabitEthernet 0/0
Router1(config-if)#ipv6 enable
Router1(config-if)#ipv6 address FE80::1 link-local
Router1(config-if)#ipv6 address 2001:1234:A:B::1/64
Once the interface is configured with LLA and GUA addresses and enabled, the router starts advertising its presence on the link. The A flag, which tells the hosts that they can use SLAAC, is set to 1 by default and does not need to be configured. However, by default, the Other Configuration flag is set to 0. To tell the hosts to use Stateless DHCPv6 for other information, we need to set the O-flag to 1. This is done using the ipv6 nd other-config-flag command.
Router1(config-if)#ipv6 nd ?
advertisement-interval Send an advertisement interval option in RA's
autoconfig Automatic Configuration
cache Cache entry
dad Duplicate Address Detection
destination-guard Query destination-guard switch table
managed-config-flag Hosts should use DHCP for address config
na Neighbor Advertisement control
ns-interval Set advertised NS retransmission interval
nud Neighbor Unreachability Detection
other-config-flag Hosts should use DHCP for non-address config
prefix Configure IPv6 Routing Prefix Advertisement
ra Router Advertisement control
reachable-time Set advertised reachability time
router-preference Set default router preference value
secured Configure SEND
Router1(config-if)#ipv6 nd other-config-flag
Router1(config-if)#end
Router1#
Let's look at the output of show ipv6 interface GigabitEthernet 0/0 command to verify the change in the RA message.
Router1#show ipv6 interface GigabitEthernet 0/0
GigabitEthernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::1
No Virtual link-local address(es):
Global unicast address(es):
2001:1234:A:B::1, subnet is 2001:1234:A:B::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
Hosts use DHCP to obtain other configuration.
The last two lines of the output of show ipv6 interface gig0/0 indicate how hosts will obtain their addressing information:
If we look at a Wireshark capture of the Router Advertisement message, we can see that the O-flag is actually set to 1.
Ethernet II, Src: 50:00:00:01:00:00, Dst: 33:33:00:00:00:01
Internet Protocol Version 6, Src: fe80::1, Dst: ff02::1
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0x9b18 (correct)
(Checksum Status: Good)
Cur hop limit: 64
Flags: 0x40, Other configuration, Prf (Default Router Preference): Medium
0... .... = Managed address configuration: Not set
.1.. .... = Other configuration: Set
..0. .... = Home Agent: Not set
...0 0... = Prf (Default Router Preference): Medium (0)
.... .0.. = Proxy: Not set
.... ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Source link-layer address : 50:00:00:01:00:00)
ICMPv6 Option (MTU : 1500)
ICMPv6 Option (Prefix information : 2001:1234:a:b::/64)
At this point, PC1 has a global unicast address auto-configured using SLAAC.
Configuring a Cisco router to act as a stateless DHCP server is very straightforward. There are two basic steps:
Let's configure step 1. The first command ipv6 dhcp pool [pool name] creates a DHCPv6 pool and enters into the pool configuration mode. There we define the DNS servers and the domain name and that's it.
Router2(config)#ipv6 dhcp pool DNS-SERVER-LIST
Router2(config-dhcpv6)#dns-server 2001:CAFE::1
Router2(config-dhcpv6)#dns-server 2001:CAFE::2
Router2(config-dhcpv6)#domain-name xyz.com
Router2(config-dhcpv6)#end
Router2#
In the second step, we enable the DHCPv6 pool on the router's interface attached to the link. With the ipv6 nd ra suppress all command we stop Router 2 from sending Router Advertisements because Router 1 is responsible for the SLAAC configuration and Router 2 is only acting as a stateless DHCP server.
Router2(config)#interface GigabitEthernet 0/0
Router2(config-if)#ipv6 dhcp server DNS-SERVER-LIST
Router2(config-if)#ipv6 nd ra suppress all
Router2(config-if)#end
After the above configuration is set, we can see that Router 2 responds to the DHCPv6 SOLICIT message from PC1. Below you can see Wireshark captures of all messages. Note that the DCHPv6 Solicit message is sent to the all-dhcpv6 servers multicast group FF02::1:2.
Frame 179: 151 bytes on wire (1208 bits), 151 bytes captured (1208 bits) on interface 0
Ethernet II, Src: 70:07:12:34:56:78 (70:07:12:34:56:78), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: fe80::7207:12ff:fe34:5678, Dst: ff02::1:2
User Datagram Protocol, Src Port: 546, Dst Port: 547
DHCPv6
Message type: Solicit (1)
Transaction ID: 0x4a9f6f
Elapsed time
Client Identifier
Identity Association for Non-temporary Address
Fully Qualified Domain Name
Vendor Class
Option Request
Upon receiving the solicit message from PC1, Router 2 responds with DHCPv6 ADVERTISE. Note that this message is sent to the link-local address of PC1 and is unicast.
Frame 180: 117 bytes on wire (936 bits), 117 bytes captured (936 bits) on interface 0
Ethernet II, Src: 50:00:00:05:00:00 (50:00:00:05:00:00), Dst: 70:07:12:34:56:78 (70:07:12:34:56:78)
Internet Protocol Version 6, Src: fe80::2, Dst: fe80::7207:12ff:fe34:5678
User Datagram Protocol, Src Port: 547, Dst Port: 546
DHCPv6
Message type: Advertise (2)
Transaction ID: 0x4a9f6f
Server Identifier
Client Identifier
Status code
Option: Status code (13)
Length: 15
Value: 00024e4f41444452532d415641494c
Status Code: NoAddrAvail (2)
Status Message: NOADDRS-AVAIL
After PC1 has discovered that there is a Stateless DHCPv6 server attached to the local segment, it sends the actual request for other information as a DCHPv6 INFORMATION-REQUEST. Note that this message is again sent to the all-dhcpv6 servers multicast group.
Frame 196: 120 bytes on wire (960 bits), 120 bytes captured (960 bits) on interface 0
Ethernet II, Src: 70:07:12:34:56:78 (70:07:12:34:56:78), Dst: IPv6mcast_01:00:02 (33:33:00:01:00:02)
Internet Protocol Version 6, Src: fe80::7207:12ff:fe34:5678, Dst: ff02::1:2
User Datagram Protocol, Src Port: 546, Dst Port: 547
DHCPv6
Message type: Information-request (11)
Transaction ID: 0xfa46f2
Elapsed time
Client Identifier
Vendor Class
Option Request
Option: Option Request (6)
Length: 8
Value: 0011001700180020
Requested Option code: Vendor-specific Information (17)
Requested Option code: DNS recursive name server (23)
Requested Option code: Domain Search List (24)
Requested Option code: Lifetime (32)
Upon receiving the DCHPv6 INFORMATION-REQUEST, Router 2 responds with the requested information. Note that the response is unicast as is sent to PC1's link-local address.
Frame 197: 147 bytes on wire (1176 bits), 147 bytes captured (1176 bits) on interface 0
Ethernet II, Src: 50:00:00:05:00:00 (50:00:00:05:00:00), Dst: 70:07:12:34:56:78 (70:07:12:34:56:78)
Internet Protocol Version 6, Src: fe80::2, Dst: fe80::7207:12ff:fe34:5678
User Datagram Protocol, Src Port: 547, Dst Port: 546
DHCPv6
Message type: Reply (7)
Transaction ID: 0xfa46f2
Server Identifier
Client Identifier
DNS recursive name server
Option: DNS recursive name server (23)
Length: 32
Value: 2001cafe0000000000000000000000012001cafe00000000...
1 DNS server address: 2001:cafe::1
2 DNS server address: 2001:cafe::2
Domain Search List
Option: Domain Search List (24)
Length: 9
Value: 0378797a03636f6d00
DNS Domain Search List
Domain Search List FQDN: xyz.com
Upon receipt of the DCHPv6 REPLY, PC1 sets the DNS settings to the provided addresses. We can verify that be looking at the Network Connection Details of PC1.
Figure 3. PC1 IPv6 network status
By default, a client and a DHCPv6 server exchange four messages (SOLICIT, ADVERTISE, REQUEST, and REPLY) before the client gets the requested information. The rapid-commit option reduces this communication to two messages - SOLICIT and REPLY.
The client sends the initial DHCPv6 SOLICIT message with the rapid-commit option set. This tells the server that it wants to speed up the exchange. If the DHCPv6 server is enabled for rapid-commit, it response directly with a DHCPv6 REPLY message, skipping ADVERTISE and INFORMATION-REQUEST. If the DHCP server is not enabled for rapid-commit, it responds with an ADVERTISE message and the process continues with the normal four messages exchange.
The configuration of the rapid-commit option is pretty basic and straightforward. You include the rapid-commit keyword in the ipv6 dhcp server [poolname] rapid-commit command.
Router2(config)#interface GigabitEthernet0/0
Router2(config-if)#ipv6 dhcp server DNS-SERVER-LIST ?
allow-hint Allow hint from client
preference Preference
rapid-commit Enable Rapid-Commit
Router2(config-if)#ipv6 dhcp server DNS-SERVER-LIST rapid-commit
Router2(config-if)#end