Well-known IPv6 multicast addresses
Source address is always unicast
| Address (HEX) | Address DEC | Description |
|---|---|---|
| ff02::1 | 1 | All nodes |
| ff02::2 | 2 | All Routers |
| ff02::5 | 5 | OSPFv3 All SPF routers |
| ff02::6 | 6 | OSPFv3 All DR routers |
| ff02::8 | 8 | IS-IS for IPv6 routers |
| ff02::9 | 9 | RIP routers |
| ff02::a | 10 | EIGRP routers |
| ff02::d | 13 | PIM routers |
| ff02::16 | 22 | MLDv2 reports (defined in RFC 3810) |
| ff05::1:3 | 3 | All IPv6 DHCP servers (rfc3315) |
Router Advertisement(ICMPv6 type 134): Advertisements are sent periodically, every 200 seconds (cisco). They are also sent immediately as a response to a Router Solicitation message originated by an end host.
Router Solicitation(ICMPv6 type 133): Sent upon an interface of a node being enabled (FF02::2).
Redirect(ICMPv6 type 137): tells hosts that a better on-link router exists for a given destination address.
Neighbor Solicitation(ICMPv6 type 135): (The 3 D’s)
Discover the link layer address of a neighbor (MAC address resolution) replaces the use of ARP requests and replies in IPv4. Detect the presence of duplicate IPv6 addresses.
Determine the reachability of a neighbor.
Neighbor Advertisement(ICMPv6 type 136): NA sent in response to Neighbor Solicitations (NS) or sent by a neighbor to announce a change in its link layer address. Neighbor cache is also updated.
Host auto-configuration:
Generation of a link-local IPv6 (Either manually or automatically)
Duplicate address detection (DAD) NS sent to solicited node multicast address. Those that match the last 24 bits of their IPv6 address.
Router Discovery: Function to discover routers on its local link and prefix lists.
RS message is sent. All routers respond in turn with a Router Advertisement (RA).
Router Advertisement messages contain data to used by a host in the auto-configuration process.
• A router’s link layer address
• Routers lifetime (how long a host is able to keep using this router until subsequent update)
• Flags used to determine the process by which the host’s global unicast address is created
• Periodical timer values used in the Address Resolution and Neighbor Unreachability Detection
• Global prefixes that should be cached in the host’s prefix list
Upon receipt of an RA, the host updates the relevant fields, router list, neighbor cache, and prefix list.
Host now has all the relevant information (on-link routers,on-link prefixes, etc) to create a Modified EUI-64 interface identifier using its own MAC address. This gets appended to the prefixes acquired from the RA message generating a set of unique global IPv6 addresses, one for each global prefix.
This process is known as stateless address auto-configuration, or SLAAC for short.
General Prefix’s can be used as an alias for a number of short-cuts for example ACL’s and IPv6 addressing.
ipv6 general-prefix CCIE1 2001:DB8:CAFE:1::/64
ipv6 general-prefix CCIE2 2001:DB8:CAFE:2::/64
ipv6 general-prefix CCIE 2001:DB8:CAFE::/48
interface x/x
ipv6 address CCIE1 ::1/64
interface x/x
ipv6 address CCIE ::1:0:0:0:110/64 or 0:0:0:1::110/64 or 0:0:0:1:0:0:0:110/64
Where we say match the first 48 bits (1) repersents our subnet (next 16 bits) then we are left with the 64 bits for the interface identifer.
If you enter the following ipv6 address CCIE 0:0:0:1:0:0:0:110/64 then the cli will convert it as per the rules.
ipv6 address CCIE ::1:0:0:0:110/64
Why is it written like this (because the RFC says truncate the first set of leading zeroes vs the second set)
The above are all examples of manual/static configuration.
Now let’s take a look at static + EUI-64 configuration example.
int x/x
ipv6 address 2001:DB8:CC1E:2::/64 eui-64
sh ipv6 int x/x
2001:DB8:CC1E:2:A8BB:CCFF:FE00:1000, subnet is 2001:DB8:CC1E:2::/64 [EUI]
The last 64 bits are derived from our MAC address (48 bits) plus the insertion of FFFE and the flipping of the Universal/Local (U/L) bit. The U/L bit is the seventh bit of the first byte and is used to determine whether the address is universally or locally administered. Globally unique addresses assigned by the IEEE originally have this bit set to zero, indicating global uniqueness. Locally created addresses, such as those used for virtual interfaces or a MAC address manually configured by an administrator, will have this bit set to one.
R1(config-if)#do sh int eth0/0
Ethernet0/0 is up, line protocol is up
Hardware is AmdP2, address is aabb.cc00.1000 (bia aabb.cc00.1000)
Neighbor States
The “show ipv6 neighbor ” (command displays the reachability state) which can be one of five possible values.
INCOMPLETE:
Address resolution is in progress and the link-layer address of the neighbor has not yet been determined.
REACHABLE:
Roughly speaking, the neighbor is known to have been reachable recently (within tens of seconds ago).
STALE:
The neighbor is no longer known to be reachable but until traffic is sent to the neighbor, no attempt should be made to verify its reachability. i.e no IPv6 packets have been received. If we ping the neighbor we will see the state change from stale to delay to reachable.
DELAY:
The neighbor is no longer known to be reachable, and traffic has recently been sent to the neighbor.Rather than probe the neighbor immediately, however, delay sending probes for a short while in order to give upper layer protocols a chance to provide reachability confirmation.
PROBE:
The neighbor is no longer known to be reachable, and unicast Neighbor Solicitation probes are being sent to verify reachability.
DHCPv6
We have a couple options when it comes to using DHCPv6, Stateless and Stateful.
Stateless will use the RA for it’s address and default gateway but will get all other information like DNS or Domain name from a DHCPv6 server.
Stateful with get it’s default gateway from the RA, but all other information will come from the DHCPv6 server.
FLAGS
(O Flag) Other Configuration Flag by default this is set to “0”
When set to “1” use me for your address but get other information from DHCPv6 server.
(M Flag) Managed Configuration Flag by default this is set to “0”
When set to “1” Get ALL of your information from a DHCPv6 server except your default gateway.
(A Flag) Autonomous address-configuration by default is set to “1”
Tells a host that they can create an address for themselves by combining the prefix in the RA with an interface identifier. Will see a Temporary IPv6 Address assigned to a host as well.
ipconfig /all
IPv6 Address. . . . . . . . . . . : fdc4:72f:55ba:2500:e1c6:bc8e:8bb4:8f24
Temporary IPv6 Address. . . . . . : fdc4:72f:55ba:2500:2127:91fd:8c00:406c <–(set to 1)
(L Flag) On-Link FLAG
OPTIONS
Option1: (O Flag = 0, M Flag =0) SLAAC
Hosts use stateless autoconfig for addresses.
[su_tabs class=”my-custom-tabs”]
[su_tab title=”SERVER#”]
interface x/x
no ip address
ipv6 address 2001:DB8:CC1E:1::/64 eui-64
[/su_tab]
[su_tab title=”CLIENT#”]
int x/x
ipv6 address autoconfig
[/su_tab][/su_tabs]
Verify Configuration…
CLIENT(config-if)#do sh ipv6 int eth0/0
Ethernet0/0 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:1000
No Virtual link-local address(es):
Stateless address autoconfig enabled
Global unicast address(es):
2001:DB8:CC1E:1:A8BB:CCFF:FE00:1000, subnet is 2001:DB8:CC1E:1::/64 [EUI/CAL/PRE]
valid lifetime 2591980 preferred lifetime 604780
Option2: (O Flag = 1, M Flag =0) Stateless DHCPv6
Use me for your address but get other information from DHCPv6 server
SERVER#
int x/x
ipv6 nd other-config-flag (sets O flag to “1”)
and
CLIENT#
int x/x
ipv6 address autoconfig
Howto: configure a router as a stateless DHCPv6 Server
Example:
ipv6 dhcp pool IPV6_STATELESS
dns-server 2001:db8:cafe:9::9
domain-name www.example.com
Verify Configuration…
SERVER#
sh ip int x/x
Hosts use stateless autoconfig for addresses.
Hosts use DHCP to obtain other configuration.
CLIENT#
show ipv6 dhcp interface
Ethernet0/0 is in client mode
Prefix State is IDLE (0)
Information refresh timer expires in 23:56:21
Address State is IDLE
List of known servers:
Reachable via address: FE80::A8BB:CCFF:FE00:2000
DUID: 00030001AABBCC002000
Preference: 0
Configuration parameters:
DNS server: 2001:DB8:CAFE:9::9 <—–
Domain name: www.example.com <—–
Information refresh time: 0
Prefix Rapid-Commit: disabled
Address Rapid-Commit: disabled
Option3: (O Flag = 0, M Flag =1) Statelfull DHCPv6
Statefull DHCPv6 All Information (Address + DNS, Domain Name, etc) except default gateway. Default gateway from RA.
SERVER#
int x/x
ipv6 nd managed-config-flag (set M flag to”1″ ) talk to a stateful DHCPv6 Server
(optional) ipv6 nd prefix <PREFIX/LENGTH> no-autoconfig (clear the A flag and set to “0”) Temporary IPv6 Address will be suppressed and not be obtained by SLAAC.
ipv6 dhcp pool IPV6_STATEFULL
dns-server 2001:db8:cafe:9::9
domain-name www.example2.com
address prefix 2001:db8:cafe:9::/64 <- dont do this as address might overlap
address prefix 2001:db8:cafe:9:F00D::/80
Note: With IPv6 we SPECIFICALLY INCLUDE addresses to be assigned (ALL OTHERS ARE EXCLUDED)
so in the above example, we DONT EXCLUDED ANYTHING a /64 might overlap, but DAD should do its job (but DAD is now optional).
CLIENT#
interface Ethernet0/0
no ip address
ipv6 address dhcp
end
Verify Configuration…
#SERVER
sh ipv6 int x/x
Hosts use DHCP to obtain routable addresses. <—
CLIENT#sh ipv6 dhcp interface
Ethernet0/0 is in client mode
Prefix State is IDLE
Address State is OPEN
Renew for address will be sent in 11:57:55
List of known servers:
Reachable via address: FE80::A8BB:CCFF:FE00:2000
DUID: 00030001AABBCC002000
Preference: 0
Configuration parameters:
IA NA: IA ID 0x00030001, T1 43200, T2 69120
Address: 2001:DB8:CAFE:9:F00D:87B8:83EA:CB77/128
preferred lifetime 86400, valid lifetime 172800
expires at Aug 08 2017 06:50 PM (172675 seconds)
DNS server: 2001:DB8:CAFE:9::9
Domain name: www.example2.com
Information refresh time: 0
Prefix Rapid-Commit: disabled
Address Rapid-Commit: disabled
NOTE:
By default Serial Links suppresses periodic RA messages.
interface Serial1/0
no ip address
ipv6 address 2001:DB8:F00D:1::1/64
serial restart-delay 0
sh ipv6 int S1/0
ND RAs are suppressed (periodic)
interface Serial1/0
no ip address
ipv6 address 2001:DB8:F00D:1::1/64
ipv6 nd ra suppress all
serial restart-delay 0
The “all” keyword suppresses periodic and solicited RA messages.
sh ipv6 int S1/0
ND RAs are suppressed (all)