Cisco DHCPv6 Server Configuration

I cannot help but notice

ipv6 DHCP interface FastEthernet 0/0

And show interface brief dont seem to give you any information about the prefix on the client.

Is there a command to determine what prefix was assigned to my client?

Hello Patrick

That’s a good question. Looking at the output of the show ipv6 dhcp interface FastEthernet 0/0 command in the lesson, you can see that it displays a /128 prefix like so:

 Configuration parameters:
      IA NA: IA ID 0x00030001, T1 43200, T2 69120
        Address: 2001:1111:1111:1111:255A:E159:32AF:5E42/128
                preferred lifetime 86400, valid lifetime 172800
                expires at Jul 19 2014 08:30 PM (172750 seconds)
      DNS server: 2001:4860:4860::8888
      Domain name: NETWORKLESSONS.LOCAL

I also tried to lab this up in CML, and found that the output of the above command is a little different:

R1#show ipv6 interface gi 0/1
GigabitEthernet0/1 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::5054:FF:FE0A:8FA6 
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:1111:1111:1111:AD88:B915:BE2A:969, subnet is 2001:1111:1111:1111:AD88:B915:BE2A:969/128 
  Joined group address(es):
    FF02::1
    FF02::1:FF0A:8FA6
    FF02::1:FF2A:969
  MTU is 1500 bytes
!>-- output omitted--<

Again, however, the subnet is indicated as /128. I tried all of the above with the fully DHCPv6 learned address as well as with the SLAAC learned address, and it seems that the result is the same. I always get an indicator of /128 rather than the expected /64 that is offered by the DHCPv6 server.

Looking at the debugs, I see that the DHCP server sends a /64 address:

*Aug 14 08:27:25.877: IPv6 DHCP: Sending ADVERTISE to FE80::5054:FF:FE0A:8FA6 on GigabitEthernet0/1
*Aug 14 08:27:26.986: IPv6 DHCP: Received REQUEST from FE80::5054:FF:FE0A:8FA6 on GigabitEthernet0/1
*Aug 14 08:27:26.987: IPv6 DHCP: Using interface pool STATEFUL
*Aug 14 08:27:26.987: IPv6 DHCP: Looking up pool 2001:1111:1111:1111::/64 entry with username '0003000152540004ED3B00030001'
*Aug 14 08:27:26.988: IPv6 DHCP: Poolentry for user found
*Aug 14 08:27:26.988: IPv6 DHCP: Found address 2001:1111:1111:1111:E5A8:CA6A:9088:C670 in binding for FE80::5054:FF:FE0A:8FA6, IAID 00030001
*Aug 14 08:27:26.988: IPv6 DHCP: Updating binding address entry for address 2001:1111:1111:1111:E5A8:CA6A:9088:C670
*Aug 14 08:27:26.988: IPv6 DHCP: Setting timer on 2001:1111:1111:1111:E5A8:CA6A:9088:C670 for 172800 seconds
*Aug 14 08:27:26.989: IPv6 DHCP: SAS retured Null falling to link local

… but the client receives a /128 prefix:

*Aug 14 08:27:29.295: IPv6 DHCP: Received REPLY from FE80::5054:FF:FE0D:7AC7 on GigabitEthernet0/1
*Aug 14 08:27:29.295: IPv6 DHCP: Processing options
*Aug 14 08:27:29.295: IPv6 DHCP: Adding address 2001:1111:1111:1111:E5A8:CA6A:9088:C670/128 to GigabitEthernet0/1

Even when I look up the routing table, I see the route of the directly connected network as /128.

However, because we are still able to ping the interface of the DHCPv6 server, this means that the prefix understood by the router cannot be /128. If it was, it would assume the destination address is outside of the local subnet, and would look for a default router, which is not configured.

So to answer your question, I’m not sure. For some reason, all indications in the client, whether using DHCPv6 or autoconfig, seem to show a /128 prefix, but the routing seems to be operating correctly. Let me pass this one by @ReneMolenaar as well to see his opinion. Will get back to you shortly! In the meantime…

I hope this has been helpful!

Laz

Hello again Patrick

After having a chat with Rene, I have a bit more info to share with you on this topic. The DHCPv6 server knows that the particular host requires a /64 prefix since that is already configured locally in the DHCP configuration. So the DHCPv6 server will generate the last 64 bits of the address for the client. These last 64 bits are generated randomly. Once that is done, it will send this address to the host along with additional information such as DNS server. However, within the DHCPv6 messages, we don’t find the information of the prefix of /64. The DHCPv6 server will just inform the host of the 128 bit address without any prefix information. That’s why we see a /128 in all of the show output on the router.

The prefix is defined not by DHCPv6, but by the router advertisements (RAs) from NDP.

So the client learns its /128 IPv6 address from the DHCP server and learns about its prefix of /64 from the RA. In order to find the prefix that has been assigned to a particular address learned via DHCPv6, we need to take a look at the information about the IPv6 router (default gateway) that NDP has arranged for us. To do this we can use the show ipv6 routers command. Below, I’ve done this in the lab topology I had set up:

R1#show ipv6 routers
Router FE80::5054:FF:FE0D:7AC7 on GigabitEthernet0/1, last update 0 min
  Hops 64, Lifetime 1800 sec, AddrFlag=1, OtherFlag=0, MTU=1500
  HomeAgentFlag=0, Preference=Medium
  Reachable time 0 (unspecified), Retransmit time 0 (unspecified)
  Prefix 2001:1111:1111:1111::/64 onlink
    Valid lifetime 14400, preferred lifetime 14400
R1#

Here you can see clearly what the prefix is.

I find it strange that the interface and the routing table don’t indicate the /64 prefix for this particular address. When I configure the IPv6 address statically, I see the prefix in both the show ipv6 interface command as well as in the routing table.

In any case, it’s good to know how this information is displayed within an IOS router so we can find it when we need it.

I hope this has been helpful!

Laz

Hello!

Going back to the /128 thing again. So a stateful DHCP server provides only a /128 address while the prefix information is learned from the NDP messages, specifically RAs.

What I just don’t understand is why isn’t the prefix (in my example, 2001:DB8:1:1::/64) being installed into the RIB?


obrázok

The client obtained its IPv6 from the stateful DHCP server (a /128 one) but it didn’t install the /64 prefix information from the RAs into the RIB? Or is this just a bug with virtual environmetnts or something? Because this causes the host to send all packets destined to H2, to the default gateway first which is also the DHCP server in my scenario.

obrázok

Thank you in advance.

Kind regards,
David

Hello David!

The fact that the routing table and the IP address on the interface show /128 as the prefix was not such a problem if routing were to take place correctly. But in your case packets are being incorrectly sent to the default gateway rather than directly to H2. Try to issue the show ipv6 routers command on H1 as I did in my previous post to see what prefix is actually being received from the local router. Is it /64? Try it and let us know before we continue troubleshooting.

I hope this has been helpful!

Laz

DHCPV6(config)#ipv6 dhcp pool STATEFUL
DHCPV6(config-dhcpv6)#address prefix 2001:1111:1111:1111::/64
DHCPV6(config-dhcpv6)#dns-server 2001:4860:4860::8888
DHCPV6(config-dhcpv6)#domain-name NETWORKLESSONS.LOCAL
DHCPV6(config)#interface FastEthernet 0/0
DHCPV6(config-if)#ipv6 address 2001:1111:1111:1111::1/64
DHCPV6(config-if)#ipv6 dhcp server STATEFUL
DHCPV6(config-if)#ipv6 nd managed-config-flag
DHCPV6(config-if)#ipv6 nd prefix 2001:1111:1111:1111::/64 14400 14400 no-autoconfig

Totally lost here. The above is taken from the DHCPv6 Server config lesson. It’s regarding configuration of a Stateful DHCPv6 server.

  1. Don’t global unicast prefixes need to come from an ISP to ensure they are unique? If so, why would there be a need to manually configure one anywhere? Shouldn’t a router already have this prefix from the ISP?
  2. What happens if you accidentally type in the wrong global unicast prefix and it doesn’t match what the ISP assigned you? Couldn’t this risk address collision?
  3. Assuming you are getting the prefix from the ISP, why are you manually assigning an IPv6 address to this interface? Can’t it just get one as a DHCPv6 client or use SLAAC from the ISP-provided prefix?
  4. Why are you manually typing in the 2001:1111:1111:111::/64 prefix in the ipv6 nd prefix command? You already assigned an address to the interface. Couldn’t you just use the default parameter? Cisco NetAcad does this.
  5. What’s with the 4-hour lifespans on that prefix? What would happen when those 14,400 seconds expire?

Sorry for all the questions. This topic has me completely stumped.

Hello CJ

If we’re talking about a single IPv6 address that is assigned to the external interface of the edge router, then that will often be assigned directly by the ISP using their own DHCP server. Alternatively, you may assign it as a static address on the interface of the router. However, if you as an organization are provided with a block of global unicast IPv6 addresses by your ISP to use for your own Internet-facing services, (i.e. web server, email, VPN service etc…) then you must manage them yourself. So it is conceivable that you are given the 2001:1111:1111:1111::/64 prefix by the ISP, but you are using your own DHCP server to assign them to the hosts you choose.

ISPs will typically have safeguards against such errors. They will typically only accept packets from your network that have an acceptable source IPv6 address. So if you were to use a different address that already exists on the Internet, the ISP would be able to identify it and filter it out.

The DHCP server itself must have an IP address assigned to it, and this will typically be static. If the ISP has given us a block of global unicast addresses, then it is likely that the DHCP server itself will also be assigned one of those addresses. This however is not mandatory, as the DHCP server may be assigned an internal IPv6 address.

It is possible to issue the following command:

DHCPV6(config-if)#ipv6 nd prefix default

This will cause the prefix of the interface itself to be used for DHCP. However, you do not need to be confined only to this prefix. The DHCP server can assign DHCP addresses with prefixes other than that assigned to the specific server interface.

The lifetime parameters of the ipv6 nd command are part of the fundamental operation of the ND protocol. The command as shown in this Cisco IOS command reference documentaiton indicates two parameters: the preferred lifetime and the valid lifetime. I have create a NetworkLessons note on the topic for more detail.

I hope this has been helpful!

Laz