Mastering IPv6 SLAAC Concepts and Configuration
With a wider scale implementation of IPv6 in most companies either in progress or soon to be in progress, it’s becoming even more important for engineers to have IPv6 skills. Unfortunately, the slow roll out of IPv6 over the last decade has made a number of engineers avoid learning the topic in any great detail as the majority of companies didn’t require the skills. With the progress in IPv6 implementation, this is no longer true, and many engineers need to become up to date with these skills in short order. Continuing the series covering the most essential IPv6 skills, how they operate, and how they can be used in a working environment, this article in particular covers IPv6 Stateless Address Autoconfiguration, or SLAAC, as it is commonly referenced.
Like IPv4, there are a number of different ways that a host can be addressed in IPv6; the two most common in IPv4 are static addressing and dynamic address configuration via the Dynamic Host Configuration Protocol (DHCP). Often the reason that engineers use DHCP is that it not only provides a method of dynamically assigning addresses, it also provides a way to assign the host devices other service information like DNS servers, domain names, and a number of different custom information.
To perform address configuration on IPv6 there are a couple of familiar methods and a few additional methods, including: static addressing, static addressing with DHCPv6 (stateless), dynamic addressing via DHCPv6 (Stateful), SLAAC alone, or SLAAC with DHCPv6 (Stateless). IPv6 static addressing works exactly the same as IPv4 static addressing so there is no mystery there. IPv6 does, however, provide two different ways of implementing DHCP, either stateful (e.g., when an IPv4 DHCP server tracks the addresses that are given out) and stateless. Stateless DHCP does not track what information is given out to clients and does not give out IPv6 addresses; instead, it provides the extra information that most people relate with typical DHCP assignment, e.g., DNS server information. Stateless DHCP is then matched up with another mechanism (such as Static addressing or SLAAC) for IPv6 address assignment.
SLAAC provides the ability to address a host based on a network prefix that is advertised from a local network router via Router Advertisements (RA). RA messages are sent by default by most IPV6 routers; these messages are sent out periodically by the router and include information including:
- One or more IPv6 prefixes (Link-local scope)
- Prefix lifetime information
- Flag information
- Default device information (Default router to use and its lifetime)
SLAAC is implemented on the IPv6 client by listening for these local RA’s and then taking the prefix that is advertised to form a unique address that can be used on the network. For this to work, the prefix that is advertised must advertise a prefix length of 64 bits (i.e., /64); SLAAC will then dynamically form a host identifier that is 64 bits long and will be suffixed to the end of the advertised prefix to form an IPv6 address. Originally, the host identifier was formed using the EUI-64 rules (the same that are used to form link local addresses) and many devices still use this method. However, some Microsoft operating systems by default do not use this original method. Instead, they take advantage of some additional privacy extensions that were defined in RFC4941.
To give an idea as to how this works, the example topology shown in Figure 1 is used.
Figure 1: SLAAC Example
If the hosts (H1-H4) shown in Figure 1 were using the EUI-64 method of host identification, the IPv6 addresses created using SLAAC would be:
- H1 – 2000:1234:5678::12FF:FE34:5678
- H2 – 2000:1234:5678::EBFF:FEA4:C1AE
- H3 – 2000:1234:5678::BAFF:FE24:C4AE
- H4 – 2000:1234:5678::84FF:FE67:AEFC
To be thorough, the EUI-64 process will be outlined for H1 as follows:
The prefix 2000:1234:5678::/64 will be learned from R1’s RA messages and will be the initial prefix.
The client identifier would then be created from the MAC address that is assigned to H1, in this case 0200:1234:5678. The first step of EUI-64 conversion is to split the MAC address in half and place FF:FE in the middle, which results in 0200:12FF:FE34:5678. Then the seventh bit will be flipped, in this case the first 8 bits is 00000010 (0x02). Next, the seventh bit is flipped and the bit becomes 0, resulting in 00000000 (0x00); this gives a final host identifier result of 0000:12FF:FE34:5678. When the prefix and the host identifier are brought together, it results in an IPv6 address that is used for H1 of 2000:1234:5678:0000:0000:12FF:FE34:5678, which can be shortened to 2000:1234:5678::12FF:FE34:5678.