IPv6

DHCPv6

DNS

Implementing DHCP for IPv6

http://tools.ietf.org/html/rfc3315

DHCPv6 and DNS 3

Methods for Autoconfiguration in IPv6

One of the many enhancements introduced in IPv6 is an overall strategy for easier administration of IP devices, including host configuration.

Two basic methods defined for autoconfiguration of IPv6 hosts:

Stateless Autoconfiguration A method defined to allow a host to configure itself without

help from any other device. Problem: it does not supply a DNS server address.

“Stateful” Autoconfiguration A technique where configuration information is provided to

a host by a server.

DHCPv6 and DNS 4

Protocols and Addressing

The operation of DHCPv6 is similar to that of DHCPv4, but the protocol itself has been completely rewritten.

It is not based on the older DHCP or on BOOTP, except in conceptual terms.

It still uses UDP but uses new port numbers, a new message format, and restructured options.

DHCPv6 is not compatible with DHCPv4 or BOOTP.

DHCPv6 and DNS 5

DHCP Message Exchanges

DHCP servers receive messages from clients using a reserved, link-scoped multicast address.

A DHCP client transmits most messages to this reserved multicast address, so that the client need not be configured with the address or addresses of DHCP servers.

Two basic client/server message exchanges used in DHCPv6: Four-message exchange Two-message exchange

DHCPv6 and DNS 6

DHCP Message Exchanges- Four Message Exchange

When a client needs to obtain an IPv6 address and other parameters Client sends a Solicit message

Similar to the regular DHCP address allocation process: The client sends a multicast Solicit message to all-DHCP-Agent

Multicast address (FF02::1:2) to find a DHCPv6 server and ask for a lease.

Any server that can fulfill the client's request responds to it with an Advertise message.

The client chooses one of the servers and sends a Request message to it asking to confirm the offered address and other parameters.

The server responds with a Reply message to finalize the process.

DHCPv6 and DNS 7

DHCP Message Exchanges – Two-message exchange

When a DHCP client does not need to have a DHCP server assign it IP addresses, the client can obtain configuration information such as a list of available DNS servers or NTP servers through a single message and reply exchanged with a DHCP server.

To obtain configuration information the client first sends an Information-Request message to the All_DHCP_Relay_Agents_and_Servers multicast address.

Servers respond with a Reply message containing the configuration information for the client.

DHCPv6 and DNS 8

DHCPv6 Operations

DHCPv6 and DNS 9

DHCPv6 Multicast Addresses

All_DHCP_Relay_Agents_and_Servers (FF02::1:2) A link-scoped multicast address used by a client to communicate

with neighboring (i.e., on-link) relay agents and servers. All servers and relay agents are members of this multicast group.

All_DHCP_Servers (FF05::1:3) A site-scoped multicast address used by a relay agent to

communicate with servers, either because the relay agent wants to send messages to all servers or because it does not know the unicast addresses of the servers.

Note that in order for a relay agent to use this address, it must have an address of sufficient scope to be reachable by the servers.

All servers within the site are members of this multicast group.

DHCPv6 and DNS 10

DHCPv6 UDP Ports

Clients listen for DHCP messages on UDP port 546.

Servers and relay agents listen for DHCP messages on UDP port 547.

DHCPv6 and DNS 11

DHCPv6 Basic Message Format & Types

SOLICIT ADVERTISE REQUEST CONFIRM RENEW REBIND REPLY

RELEASE DECLINE RECONFIGURE INFORMATION-REQUEST RELAY-FORW RELAY-REPL

DHCPv6 and DNS 12

DHCPv6 Option Format & Base Options

Client Identifier Server Identifier Identity Association for Non-

temporary Addresses Identity Association for

Temporary Addresses IA Address Option Request Preference Elapsed Time Relay Message

Authentication Server Unicast Status Code Rapid Commit User Class Vendor Class Vendor-specific Information Interface-Id Reconfigure Message Reconfigure Accept

DHCPv6 and DNS 13

Differences between DHCP for IPv4 and IPv6

Hosts always have a link local address that can be used in requests (in IPv4 0.0.0.0 is used as source address)

Uses special multicast addresses for relay agents and servers No compatibility with BOOTP, since no BOOTP support on IPv6. Simplified two-message exchange for simple configuration cases A client can request multiple IPv6 addresses Client can send multiple unrelated requests to the same or

different servers There is a reconfigure message where servers can tell clients to

reconfigure. This feature is optional.

Domain Name System (DNS)

Paul Mockapetris invented the DNS in 1983.

DHCPv6 and DNS 15

How important is the DNS?

Getting the IP address of the remote endpoint is necessary for every communication between TCP/IP applications

Humans are unable to memorize millions of IP addresses (specially IPv6 addresses)

To a larger extent: DNS provides applications with several types of resources (domain name servers, mail exchangers, reverse lookups, …) they need DNS design hierarchy distribution redundancy

DHCPv6 and DNS 16

Approximate geographical position of all

DNS root name servers in February 2007

http://www.icann.org/maps/board-staff.htm

http://www.icann.org/maps/root-servers.htm

DHCPv6 and DNS 17

TLDs and IPv6

One of IANA’s functions is the DNS Top-Level Delegations (TLDs)

Changes in TLDs (e.gccTLDs) has to be approved and activated by IANA

Introduction of IPv6-capable name servers at ccTLDs level has to be made through IANA

DHCPv6 and DNS 18

DNS Lookup

DHCPv6 and DNS 19

DN structure

Resource Record (RRs): Data records stored by name servers. Types of RRs:

Start of Authority (SOA) Marks the beginning of a DNS zone

Name Servers (NS) Doma name of a server in a DNS zone

Canonical Names (CNAMEs) Aliases for FQDN

Pointer (PTR) Aliase for another location in the domain name space.

Resolver Host resovling a Ip address-to-name mapping

DHCPv6 and DNS 20

DNS Lookup

DHCPv6 and DNS 21

DNS for IPv6

To expand the functionality of DNS to IPv6, three aspects to be considered:

1. Define a new record to store the 128-bit IPv6 address

2. Define IPv6 equivalent for in-addr.arpa.com domain for IPv4 PTR

3. Define changes to Query messages and method of transporting them between Resolver and NS

DHCPv6 and DNS 22

The ‘Quad A’ Record(AAAA)

Similar to ‘A’ Resource Record for IPv4 (RFC3596) Holds the IPv6 Record for a host Entered into zone file in standard representation Backward compatible with (most) non-IPv6 aware

resolvers (ignored RR type)

DHCPv6 and DNS 23

Configuring AAAA record on Cisco IOS

Configuring router to query DNSv6 server

DHCPv6 and DNS 24

Reverse DNS lookup Reverse DNS lookups for IPv6 addresses use similarly the

special domain ip6.arpa which is special Top-Level Domain (TLD).

An IPv6 address is represented as a name in the ip6.arpa domain by a sequence of nibbles in reverse order, represented as hexadecimal digits, separated by dots with the suffix .ip6.arpa.

DHCPv6 and DNS 25

DNS software changes

BIND 8 – AAAA Resource records, no native IPv6 transport (patch available)

BIND 9 – All currently defined IPv6 record types, native IPv6 transport

djbns – AAAA RR only, IPv6 transport only with patch

NSD – as per BIND 9

DHCPv6 and DNS 26

IPv6 DNS and root servers

DNS root servers are critical resources! 13 roots «around»the world (#10 in the US) Not all the 13 servers already have IPv6 enabled and globally

reachable via IPv6. Need for (mirror) root servers to be installed in other locations (EU,

Asia, Africa, …) New technique : anycastDNS server

To build a clone from the master/primary server Containing the same information (files) Using the same IP address

Such anycastservers have already begun to be installed : F root server: Ottawa, Paris(Renater), Hongkong, Lisbon (FCCN)… Look at http://www.root-servers.org for the complete and updated

list.

DHCPv6 and DNS 27

DNS IPv6-capable software

BIND (Resolver& Server) http://www.isc.org/products/BIND/ BIND 9 (avoid older versions)

On Unix distributions ResolverLibrary (+ (adapted) BIND)

NSD (authoritative server only) http://www.nlnetlabs.nl/nsd/

•Microsoft Windows (Resolver& Server)

DHCPv6 and DNS 28

DNSv6 Operational Requirements & Recommendations

The target today IS NOT the transition from an IPv4-only to an IPv6-only environment How to get there?

Start by testing DNSv6 on a small network and get your own conclusion that DNSv6 is harmless, but remember: The server (host) must support IPv6 And DNS server software must support IPv6

Deploy DNSv6 in an incremental fashion on existing networks

DO NOT BREAK something that works fine (production IPv4 DNS)!

DHCPv6 and DNS 29

Host Name-to-Address Mappings Configuration Example

ipv6 host cisco-sj 3FFE:700:20:1::12ipv6 host cisco-hq 2002:C01F:768::1 3FFE:700:20:1::22ip domain-list csi.comip domain-list telecomprog.eduip domain-list merit.eduip name-server 3FFE:C00::250:8BFF:FEE8:F800 3FFE:80A0:0:F004::1ip domain-lookup

Defines two static host name-to-address mappings in the host name cache Establishes a domain list with several alternate domain names to complete

unqualified host names, Specifies host 3FFE:C00::250:8BFF:FEE8:F800 and host

3FFE:80A0:0:F004::1 as the name servers, and re enables the DNS service

Q & A