DHCPV6-PDIN 10 MINUTES

Fred Bovy EIRL. IPv6 For Life! (c) 2012

PREREQUISITES:IPv6 and DHCP Basic knowledge

1(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

HI! MY NAME IS FRED

Fred Bovy EIRL. IPv6 For Life!15 years ccie #301318 years ccsi #33517 (former #95003)IPv6 Forum Gold Certified EngineerIPv6 Forum Gold Certified TrainerIPv6 Forum Gold Security Certified TrainerG6 Association MemberEmail: fred@fredbovy.comWeb: http://www.fredbovy.comWicki: http://www.fredbovy.com/MediaWikiTwitter: http://twitter.com/#!/FredBovySkype: FredericBovyMobile: +33 676 198 206

2(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

WHY SHOULD WE USE DHCP-PD?

Easier and More Flexiblefor provisioning

Customer prefixes can be stored on a RADIUS Server which tells the DHCPv6 Server which

prefix to assign and be loaded when the client reboot its CPE or toggle its interface!

3(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

WHO SHOULD USE DHCP-PD?

Large Enterprises or SPsTo Connect

Customers, Branch or Home Offices

With DHCP-PD, Enterprises may have their /48 prefix(es) allocated on a RADIUS Servers and Some other may use a pool of /56 to /64 prefixes for the Home Offices

4(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

WHEN SHOULD WE USE DHCP-PD?

You can use it righ now?Most Vendors are Ready!

With DHCP-PD, Enterprises may have their /48 prefix(es) allocated on a RADIUS Servers of SPs and Some other may use a pool of /56 to /64 prefixes for the Home OfficesAlso apply for Large Enterprises

5(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

THE BIG PICTURE

6(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

2ND BLOCK BLOCK 2001:DB8:678:1000::/56

7

IPv6Internet

2001:341f::1:57/64

IPv6 Private Network2001:db8:658::/48

2001:db8:678:1::/568 bits for Subnets

2001:db8:678:10::/642001:db8:678:11::/64...

DHCPv6-PD Client

DHCP-PD Server

Relay_forward (Solicit IA_PD)

Request IA_PDReply IA_PD

First Block2001:db8:678::/56

Home Network2001:db8:678::/64

IPv6Internet

IPv6Internet

AS 6102001:610::/32

AS 4132001:413::/32

AS 341F2001:341F::/32

FTTH

P2P LL Address

DHCPv6 Relqy

SOLI

CIT

IA_P

D

Relay_Reply(Advertise IA_PD)

Advertise IA_PD

REPLY IA_PD

Requ

est I

A_PD

DHCPv6-PD Client is called the Requesting RouterDHCPv6-PD Server is called the Delegating Router

(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

DHCP-PD

8(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

IDENTITY ASSOCIATION FOR PREFIX DELEGATION

IA_PD optionOption_IA_PD option-length

IAID (4 Octets)

T1

T2

OPTION_IAPREFIX option-length

preferred-lifetime

valid-lifetimeprefix-length

IPprefix-options

IPv6 prefix(16 octets)

IA_PD Prefix option

IP_PD-options

+ =

IA_PD optionOption_IA_PD option-length

IAID (4 Octets)

T1

T2

OPTION_IAPREFIX option-length

preferred-lifetime

valid-lifetime

prefix-length

IPprefix-options

IPv6 prefix(16 octets)

IA_PD Prefix option

IA_PD-options

9(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

The DHCPv6 PD clients configure its interface facing the Clients and start sending RA with valid Parameters and Prefix. It is used by the Client for Autoconfiguration (SLAAC)

DHCPv6 Client

IPv6Internet

DHCP-PD Relay

2001:341f::1:57/64

2001:341f::/32

Router Advertisement M-bit=0, O-bit=0SLLA=fe80::1MTU=1500, Hop Limit=64, H-bit=0 (not a Home Agent), O-bit=0, M-bit=0 (No DHCPv6)Router Lifetime=3600Retransmit Time=0 (unspeci!ed), Reachability Timer=0 (unspeci!ed)Pre!xList2001:db8:678:1000::/64Preferred Lifetime = 620Valid Lifetime = 3600Autonomous bit=1, On-Link bit=1

2001:db8:678:1001::1/64 (SLAAC)

DHCPv6-PD Client

DHCP-PD Server2001:db8:678:1000:/56

RA

The Workstation received the and c,on!gure various parameters from the RA Received: MTU, Hop Limit, no change on the NUD Parameters which are unspeci!ed. It also receives a Pre!x which has the SLAAC bits on and a non null Valid Timer

The Router con!gure one interface with a /64 pre!x from the block received and start transmitting RA

10(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

11

VALID

Preferred Deprecated

Preferred Lifetime

Valid Lifetime

Tent Invalid

T1

T2(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

12

RELIABILITY

• RT Retransmission timeout

• IRT Initial retransmission time

• MRC Maximum retransmission count

• MRT Maximum retransmission time

• MRD Maximum retransmission duration

• RAND Randomization factor the application itself.

(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

DHCPv6 Client

IPv6Internet

DHCP-PD Relay

2001:db8:678:0:1::547

Reniew 2001:db8:678:1000:/56 Block

2001:db8:678:1000::1/64 (SLAAC)

DHCPv6-PD ClientUse LL for the p2p Link Address to SP

IPv6 Private Network

2001:db8:678:1000:/56

2001:db8:678:1100::/568 bits for Subnets

2001:db8:678:1300::/568 bits for Subnets

2001:db8:678:1200::/568 bits for Subnets

First Subnet 2001:db8:678::/64

2001:db8:678:1030::/642001:db8:678:31:1031::/64

2001:db8:678:1020::/642001:db8:678:1021::/64...

2001:db8:678:1010::/642001:db8:678:1011::/64...

Reply 2001:db8:678:1000:/56 Block1

2When T1 Expires

Each Client has 2 Timers set for each address except the Temporary.When T1 Expires, the client must RENEW its address with its DHCP ServerWhen T2 Expires, it must REBIND with Any Existing Server

13(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

DHCP-PD CLIENT CONFIG

14

IPv6Internet

DHCP-PD Relay

2001:341f::1:57/64

2001:341f::/32

First Subnet 2001:db8:678::/64

Router Advertisement Pre!x-List

2001:db8:678::/64M=0, O=0

2001:db8:678::1/64 (SLAAC)

2001:db8:678:1::/562001:db8:678:2::/562001:db8:679:3::/56

DHCPv6-PD Client

DHCP-PD Server

DHCPv6 Client

IPv6Internet

DHCP-PD Relay

2001:341f::1:57/64

2001:341f::/32

First Subnet 2001:db8:678::/64

Router Advertisement Pre!x-List

2001:db8:678::/64M=0, O=1

2001:db8:678::1/64 (SLAAC)

2001:db8:678:1::/562001:db8:678:2::/562001:db8:679:3::/56

DHCPv6-PD Client

DHCP-PD Server

DHCPv6 Client

IPv6Internet

DHCP-PD Relay

2001:341f::1:57/64

2001:341f::/32

First Subnet 2001:db8:678::/64

Router Advertisement Pre!x-List

2001:db8:678::/64M=1, O=1

2001:db8:678::1 (DHCPv6)

2001:db8:678:1::/562001:db8:678:2::/562001:db8:679:3::/56

DHCPv6-PD Client

DHCP-PD Server

2001:db8:678:1::/48

Addresses, parameters (hop Limit, MTU) de-fault Route from RA.Then DHCPv6 for SIP Server and DNS Server Addresses!

ALL from RAParameters (hop Limit, MTU), Pre!xes, default route, DNS Server Addresses...

Parameters (hop Limit, MTU) default Route from RAThen DHCPv6 for SIP Server and DNS Server Ad-dresses!

SLAAC

Stateless DHCPv6

StatefulDHCPv6

Setting the O bit is not useful here as the Managed bit (M-bit) takes all DHCP can give... But it is a best practice that I recommend in case of a bad implementation!

DHCPv6-Lite Server

DHCPv6 Server

Irrelevant for DHCP-PD!

The Most Powerful as with DHCP you can provide

many information

The Best if you don’t need special config

Wednesday, June 27, 12

This is the process from connection beginning to the end.When everything is OK!

15

DHCPv6 Client

IPv6Internet

DHCP-PD Relay

2001:341f::1:57/64

2001:341f::/322001:db8:678::1/64

(SLAAC)

DHCPv6-PD ClientMay Use LL for the p2p Link Address

DHCP-PD Server2001:db8:678::/48

Solicit IA_PD with ORO= PD to Dest ff02::1:2 Relay-Forward[Solicit IA_PD]

Relay-Reply[Advertize IA_PD with Delegation Options]

Advertise IA_PD with Delegation Options

1 2

3

5

4

6

Reniew IA_PD 2001:db8:678::/48 Block

Reply IA_PD 2001:db8:678::/48 Block

9When T1 Expires

Release Block

Release IA_PD 2001:db8:678::/48 Block

Reply IA_PD 2001:db8:678::/48 Block Status=OK Client DUID Server DUID

14

11

Relay-reply[Relay IA_PD 2001:db8:678::/48 Block]

Relay-Forward [Request IA_PD]

8 7 Request IA_PD

INITIALISATIO

N

10 Relay-Forward [Renew IA_PD]

Reply IA_PD 2001:db8:678::/48 Block

Relay-forward [Release IA_PD 2001:db8:678::/48 Block]

Relay-Forward (Reply IA_PD 2001:db8:678::/48 Block) 12

15

Relay-Reply [Release IA_PD 200...........]15

RA after 8

(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

In this case, the Server has been reconfigured to specify a new Prefix. The old one may be advertized with a 0 for the Preferred Lifetime and one day for the Valid Lifetime...

16

DHCPv6 Client

IPv6Internet

DHCP-PD Relay

2001:341f::1:57/64

2001:341f::/322001:db8:777f:5A01::1/64 (SLAAC)

DHCPv6-PD Client

DHCP-PD Server2001:db8:78FA::/48

Reniew (IA_PD 2001:db8:::/48)

Recon!gure MSG Option=RENEW

RARelay-Forward(Recon!gure MSG Option=RENEW)

Reniew (IA_PD 2001:db8:678::/48)

Reply MSG IA_PD 2001:db8:777f:5A00/56Relay_Forward (Reply IA_PD 2001:db8:777F:5A00/56)

(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

MOST IMPORTANT DHCPV6 RFCIPv6 Prefix Options for DHCPv6http://tools.ietf.org/html/rfc3633http://tools.ietf.org/html/rfc6603See RFC3633 IANA Considerations IANA has assigned option codes to:

OPTION_IA_PD (25) OPTION_IAPREFIX (26)

from the option-code space as defined in section 24.3, "DHCP Options" of RFC 3315.

IANA has assigned status code 6 to:

! Delegating router has no prefixes available to assign to the IAPD(s)

from the status-code space as defined in section 24.4, "Status Codes of RFC 3315.

Dynamic Host Configuration Protocol for IPv6 (DHCPv6)http://tools.ietf.org/html/rfc3315

Stateless DHCP Service for IPv6http://tools.ietf.org/html/rfc3736

DNS Configuration Options for DHCPv6http://tools.ietf.org/html/rfc3646

I

17(C) 2012 Fred Bovy EIRL. IPv6 For Life

Wednesday, June 27, 12

18

Wednesday, June 27, 12