PLNOG 4: Jens Link - IPv6 Address Assignment Considerations
0 likes41 views
The document discusses different methods for assigning IPv6 addresses, including static configuration, stateless autoconfiguration (SLAC), and DHCPv6. Static configuration is recommended for servers and routers to avoid changing addresses when hardware is replaced. SLAC allows clients to select addresses but has limitations like no automatic DNS entry. DHCPv6 can be used to transfer additional information to clients like DNS servers, but does not provide routing information like in IPv4. Considerations are given for implementing each method and influencing address assignment.
PLNOG 4: Jens Link - IPv6 Address Assignment Considerations
- 1. IPv6 - Address Assignment Considerations Jens Link jenslink@quux.de PLNOG4 2010, Warsaw Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 1 / 16
- 2. Overview 1 Static Configuration 2 Stateless Auto Configuration 3 DCHPv6 Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 2 / 16
- 3. Warning This talk is not on how to split your /32, /48, /56 Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 3 / 16
- 4. Static Configuration (I) Necessary for Router Interfaces Recommended for Servers, Switches, Printers as well Do you want your important services to change addresses when you replace the hardware and restoring the backup? Yes there is DNS, but you’ll have to update this. Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 4 / 16
- 5. Static Configuration (II) IOS interface FastEthernet0 !... ipv6 address 2001:DB8:FFFF:FFFF::1/64 Linux (Debian) root#cat /etc/network/interfaces ... iface eth0 inet6 static address 2001:DB8:FFFF:FFFF:0002:B387:786F:2 netmask 64 gateway 2001:DB8:FFFF:FFFF:0002:B387:786F:1 Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 5 / 16
- 6. Stateless Auto Configuration (I) With SLAC the Client selects an interface ID, e.g. it’s Ethernet MAC generates a link-local address checks via DAD if Address is unique asks routers for prefix (via multicast) listens to prefix announcements during runtime Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 6 / 16
- 7. Stateless Auto Configuration (I) SLAC is great for Client only networks Guest networks, e.g. in conferences, ... Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 7 / 16
- 8. DAD? Duplicate Address Detection Client send a ICMP Message Type 135 to ’::’ If address is already in use there will be an answer to FF02::1 Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 8 / 16
- 9. Stateless Auto Configuration (II) Problems with SLAC: No automatic entry into DNS Announcing a DNS Server to the client via RA (RFC5007) is relatively new (read: might not be supported by your OS) Everybody gets an IPv6 address Answers to DAD request can be faked (e.g. http://freeworld.thc.org/thc-ipv6/) Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 9 / 16
- 10. Stateless Auto Configuration (III) Why “Everybody gets an IPv6 address” might be a bad idea: Consider a large Server hosting company Many Servers, many different Administrators Most of these Administrators don’t no what they are doing They might have a packet filter for IPv4 They most probably will have a default Linux setup with IPv6 enabled Congratulations: You just created a nice back door into your customers setup Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 10 / 16
- 11. Stateless Auto Configuration (IV) There are some ways to influence SLAC IOS router(config-if)#ipv6 nd ? advertisement-interval Send an advertisement interval option in RA’s dad Duplicate Address Detection managed-config-flag Hosts should use DHCP for address config ns-interval Set advertised NS retransmission interval nud Neighbor Unreachability Detection other-config-flag Hosts should use DHCP for non-address config prefix Configure IPv6 Routing Prefix Advertisement ra Router Advertisement control reachable-time Set advertised reachability time To disable SLAC on the router you must use something like this: ipv6 nd prefix 2001:db8::/64 no-autoconfig Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 11 / 16
- 12. DHCPv6 (I) The same as in IPv4 but: different ports (Client: 546/UDP, Server/Relay: 547/UDP) no routing informations to the client can be used to only transfer additional informations to clients (read: no addresses) There is no default way to create a MAC - IPv6 binding (AFAIK) “Static” assignment is done by a setting a cookie on the client Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 12 / 16
- 13. DHCPv6 (II) Client Config (ISC DHCP) # Client configuration file example for DHCPv6 # The client side command to enable rapid-commit (2 packet ##send dhcp6.rapid-commit; # name-servers and domain-search are requested by default. # here is the way to request sip-servers-addresses too also request dhcp6.sip-servers-addresses; # Likely to be useful: the script path script "/usr/local/etc/dhclient-script"; Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 13 / 16
- 14. DHCPv6 (III) Server Config (ISC DHCP) default-lease-time 2592000; preferred-lifetime 604800; option dhcp6.name-servers 2001:db8:ffff:100:200:ff:fe00:3f3 option dhcp6.domain-search "test.example.com","example.com" Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 14 / 16
- 15. Literatur Benedikt Stockebrand IPv6 in Practice A Unixer’s Guide to the Next Generation Internet ISBN 978-3540245247 Ciprian Popoviciu, Eric Levy-Abegnoli, Patrick Grossetete Deploying IPv6 Networks 1-58-705210-5 UpTimes 03/2007 (Proceedings ECAI6 2007) ISBN 978-3865412287 Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 15 / 16
- 16. Contact eMail jenslink@quux.de Jabber jenslink@guug.de PGP Fingerprint D9FF E215 6686 6194 FFC8 A135 19CF A676 DB85 EF91 Jens Link (jenslink@quux.de) IPv6 - Address Assignment Considerations 16 / 16