IPv6 Automatic Configuration (SARR)

IPv6 Automatic Configuration (SARR)


In this video from iTFreeTraining, I will look in detail at the process that IPv6 devices use to automatically obtain network configuration. So, let’s get started.

Download the PDF handout:

DORA and SARR
0:10 If you have seen our previous videos on DHCP, you will remember us comparing the IPv4 and IPv6 messages used to obtain an IP Address. The process each protocol uses looks very similar, but we will see that there is more involved with IPv6. Before I look at each message, I will first look at what IPv6 is trying to achieve.

Objectives of IPv6
0:33 One of the main objectives of IPv6 was to eliminate the need for broadcasts. When DHCP is used with IPv4, at least two broadcasts are sent over the network to configure each device.
The next objective was for a device to be able to configure themselves independently. That is, to configure themselves without requiring a DHCP server. With more and more devices being added to the internet every day – this includes devices that are mobile and thus change networks regularly – there is a need for a device to be able to configure its networking easily.
On small networks an administrator may not want to deploy a fully functioning DHCP server. IPv6 allows devices to independently configure themselves. This means the IP Address of each device does not need to be recorded, something which traditionally a DHCP server would do. This makes adding and removing devices from the network a lot simpler, easier to manage and more plug and play.
Lastly, the objective of IPv6 is just like IPv4, which is to have devices on the network where manual configuration is not required. This reduces the amount of work that an administrator needs to perform and reduces the chance of errors when configuring devices on the network.

Stateless vs Stateful
1:54 Before I get started looking at the process, I will first have a quick look at stateless and stateful. IPv6 supports network configuration using these two different methods. Stateful is when IP Addresses are allocated to devices and a record is kept of which IP Addresses are allocated to which devices. The advantage of this is that an administrator can look at these records at any time and be able to tell what devices are on the network and what IP Addresses those devices are using.
In contrast, stateless does not record which IP Addresses are allocated to which devices. The advantage of this is that no storage is required and stateless is easier to implement. This generally makes stateless a good choice for routers since it uses less resources and software to operate.
IPv6 supports stateless and stateful, but in contrast IPv4 supports stateful only. We will see how, regardless of whether stateless or stateful is used, the process of configuring a device is much the same.

Link-local Address Allocation
3:01 I will now start looking at the process of configuring a device. Remember that one of the goals of IPv6 is to remove the need for broadcasts. To do this, the device starts the process by generating itself a Link-local address. It will use this address to communicate with other devices on the local network. This will be either randomly generated or based on the MAC address. In this case, I will use a simple Link-local address to make it easier to understand what is going on.
The next step is to test the Link-local IP Address to see if it is unique on the network. Until this is done, the device cannot use that IP Address. Testing the IP Address to ensure it is unique is a simple process, all the device needs to do is send a message to the IP Address that it wants to test. If another device on the network is using that IP Address, it will respond back that the IP Address is in use. Since the device does not have a source IP Address, the response will be returned on the multicast address of all nodes. This is the IPv6 equivalent of a broadcast. This should be very rare, but if it does happen, the device will need to choose a different Link-local IP Address to use.
If the device does not receive a response back, the device now has an IP Address that it will use as a Link-local IP Address. Remember that Link-local IP Addresses can only be used on the local network. The next step is to obtain an IP Address that can be used on local and remote networks.

Solicit Message
4:37 On an IPv6 network, router advertisements are periodically sent over the network. As we will see later in the video, these messages are used to create a valid IP Address that can be used to access local and remote networks. If the device does not wish to wait for the next router advertisement message, the device can send a solicit message which requests a router advertisement message to be sent.
A Solicit message is sent from the device to the multicast group of all routers. Routers and DHCP servers will be part of this group and thus get the message. Other devices on the network will not.

Advertise message
5:18 The next message type that I will look at is the Advertise message. This message is sent from a DHCP server or a router. Since the device has requested it, the Advertise message will be sent directly to that device. The Advertise message also contains the network prefix. This is what tells the device which network it is on. More on that in a moment.
The next important piece of information is the server DUID. This is essentially a number that uniquely identifies the server. If there are multiple IPv6 routers and servers on the network, it is possible for the device to receive multiple advertisement messages. As we will see in a moment, the DUID is used by the device to identify which DHCP server or router it wants to use.
The message also contains two flags. These two flags determine if the device will use stateful or stateless to configure itself. Let’s have a look at the different options.

Stateless Only (SLAAC)
6:19 First I will look at Stateless, otherwise known as SLAAC. This stands for Stateless Address Auto Configuration. The flags in the router advertisement determine how the device will be configured. The first flag is the Managed Address Configuration flag, otherwise known as the M bit. For the first example I will configure this to zero. A zero value essentially means stateless configuration (or SLAAC) will be used.
The second flag is the Other Configuration flag, otherwise known as the O bit, I will set this to zero as well. More on this bit in a moment.
When both bits are zero, the device will configure itself using stateless only. So how does a device get a valid IPv6 Address using stateless only? The first part of the IPv6 address, the network interface, is obtained in the router advertisement. Essentially the device copies the network prefix contained in the router advertisement.
The second part of the address, the interface ID, is generated by the device. This is done either randomly or from the MAC address. Windows operating systems will randomize the interface ID, Linux based systems will generally use the MAC address to create the interface ID.
The problem with this method of configuration is that only the IP Address is configured, no extra network configuration is performed. The most noticeable missing configuration is DNS. The Internet Engineering Task Force has published a “request for comments” which defines how DNS configuration can be added to the router advertisement. However, keep in mind that this requires the device to support it. Windows does not support this feature while Linux does.
When both bits are set to zero, this is where the configuration of the device ends. No more DHCP messages are sent on the network. However, it is possible to use stateless and have additional network options configured which I will look at next.

Stateless with Options
8:26 If you want to use stateless but configure additional options, this is done by once again setting the Manage Address Configuration bit to zero. Setting the Manage Address Configuration bit to zero indicates that stateless will be used. However, this time the Other Configuration bit will be set to one.
When this configuration is used, the device will obtain additional options from a DHCP server. IP Address configuration is the same as before. However, since stateless is being used, the IP Address is not recorded. Since the IP Address is not recorded, this reduces the complexity. Given this is a simpler deployment of DHCP, this is sometimes referred to as DHCP lite. This gives you the advantage of using stateless and still allows additional options to be configured.

Stafeful
9:18 The next option that can be configured is stateful. This is when the Managed Address Configuration bit is set to one. When stateful mode is configured, the device obtains an IP Address from the DHCP server rather than generating its own. This is done using the request message which I will look at next. Just as with stateless, additional options like DNS are obtained from a DHCP server. There has been a lot mentioned in this video already, so let’s do a quick review of what has been covered so far, before moving on.

Review
9:52 When a device on the network attempts to automatically configure itself, it first allocates itself a Link-local address. Once it checks that the IP Address is not already in use on the network, it is free to use that IP Address to communicate on the local network. This eliminates the need to use broadcasts.
The device can then wait to receive a router advertisement. These are sent periodically over the network. In most cases, the device will not want to wait until the next router advertisement is sent over the network so it will send a Solicit message over the network.
The Solicit message is a multicast message that is sent to all routers on the network. The Solicit message requests that a router advertisement be sent to the device. The device will then wait for the router advertisement message to arrive.
The device will now have a router advertisement, either because it waited for one or it requested one. The next step is to look at the flags or bits in the router advertisement. The first one is the Managed Address Configuration or M bit. This bit essentially determines if the device will be configured as stateful or stateless. If the M bit is set to zero, the device will use stateless and will configure itself with an IP Address. The IP Address will either be random or based on the MAC Address.
The device now has an IP Address that can be used on local and remote networks. Remember also that it is stateless so the device’s IP Address is not recorded anywhere. This is different from stateful in that here the IP Address of each device is recorded on the DHCP server.
For a device to be able to find resources on the network, it needs to be configured with DNS servers. To do this, the second flag, Other Configuration otherwise known as the O bit is checked. If the O bit is set to zero, device configuration stops. The device will have a valid IP Address but no additional configuration like DNS servers. For the device to obtain additional configuration, it needs to send out the next message type, the Request message.
The Request message is the next message type that I will look at. You can see that we get to the Request message if stateful is used or stateless with the O bit set to one. You can also see that if stateless is used, the device will configure itself an IP Address that is not recorded. If stateful is used, a complete IP Address will not be generated. In order to have a complete IP Address, stateful needs to be allocated one. This takes us to the next message, the request message.

Request Message
12:33 The next step is for the device to send a Request message to a DHCP server. Just to recap, the Request message is only sent when stateful mode is used, or stateless mode is used with the Other Configuration bit set to one.
The Request message is sent to a DHCP server asking for an IP Address when stateful is used. If stateless is being used with the O bit set to one, it will ask for DHCP options. This is what makes it possible for a device like a router to provide DHCP options but not provide a full IP Address.
In this case, I will consider that the device is sending the request to a DHCP server. However, if you look at the Request message, the destination is configured as the multicast address of all routers. This means that all routers and DHCP servers will receive this message. DHCP servers will join the routers multicast group and thus receive router messages.
It is possible for a device to receive multiple advertisements from multiple DHCP servers and routers on the network. The device will decide which DHCP server or router it wants to communicate with. This is done by using the server’s DUID in the request message. Since the Request message will go to all DHCP servers and routers, the device whose DUID matches will process the request message. All other devices will drop the Request message.
Further down, notice that if stateful is used, an IP Address will be requested. If stateless is being used, an IP Address will not be requested as the device has generated an IP address for itself. At the bottom, notice that additional configuration has been requested. The device is free to request any configuration that it wants; however, this is considered to be a suggestion and the DHCP server will return the configuration it thinks is appropriate.

Reply Message
14:34 The last message that I will look at is the Reply message. This is sent to inform the device that it can use that IP Address. The Reply message also contains additional DHCP options like DNS servers. This is sent directly from the server or router to the device using Link-local addresses. Once the device receives this message, it is free to start using the IP Address and the rest of the configuration.

In The Real World
15:01 Let’s consider what this means in the real world. Stateless was designed with the idea of it running on a router. Given that it does not record which IP Addresses each device is using, it requires less resources to run.
Running in pure stateless mode means additional options like network configuration will not be configured on the device. Generally, one of the most important network configuration is DNS servers so the device can find other devices on the network. Thus, stateless can be configured to supply additional options to the device. The router still does not record the IP Addresses and thus reduces the amount of resources required.
Stateful was designed with the aim of it running on a server. A server has more resources than a router so keeping track of all the allocated IP Addresses and providing an interface to access the data is not an issue.
The question is, can a server run stateless? The answer is, yes it can. You can also run it with stateless and supply additional options. The next question is, can a router run stateful? The answer is, yes it can. For example, there are Cisco routers on the market that support full IPv6 stateful DHCP.
The point to be taken here is that in the real world, your choice of whether you deploy stateful or stateless will be determined by your needs and the hardware that you have to deploy on your network. There has been a lot covered in this video so I will now perform a summary of the main points.

Summary
16:40 With DHCP for IPv6, the objectives were to eliminate the need for broadcasts on the network. This was achieved by using multicasts. IPv6 can also operate in stateful and stateless modes. The fundamental difference between the two is that stateless does not keep a record of which devices are using which IP Addresses.

Summary
17:03 To start the process, the device allocates itself a Link-local address. This will allow communication on the local network only, eliminating the need for broadcasts. On Windows, the Link-local address is randomly generated and on Linux it is generated from the MAC Address. Whichever method is used, once a duplicate check is performed to make sure the address is not already in use, it is good to go.

Summary
17:28 IPv6 DHCP sends these four messages on the network in order to configure a device. These messages are referred to as SARR. These are the Solicit, Advertise, Request and Reply messages.

Summary
17:44 The Solicit message is sent on the network to request a router advertisement. If the device has already received a router advertisement, it does not need to send a Solicit message. Router advertisements are sent periodically over the network. The Solicit message is sent using multicast to all routers and DHCP servers on the network.

Summary
18:04 The Advertise message, essentially the router advertisement, contains several pieces of data. It contains the network prefix, the M bit, O bit and the server DUID. Having the network prefix in the router advisement means that the device can configure itself using stateless.

Summary
18:23 The M and O bits determine how the IP Address will be assigned to the device. If the M bit is zero the device will use stateless, and the device will generate its own IP Address that will not be recorded. If the O bit is set to 1, the device will obtain additional options. If the M bit is set to 1, the device will be allocated an IP Address that will be recorded.

Summary
18:46 A Request message will be sent in all cases, unless the M and O bits are both set to zero. The Request message asks for additional configuration and an IP Address when stateful is being used. Since the device may have received multiple router advertisements, the Request message contains the DUID of the DHCP server the device wants to respond to. This prevents multiple servers from responding back to the same device.

Summary
19:16 The last message that is sent is the Reply message. This message informs the device that it may use the IP Address when stateful is being used. The Reply message also contains any additional network configuration for the device to use. For example, DNS servers.
This concludes this video on how IPv6 automatically allocates IP Addresses. I hope you have enjoyed this video and found it useful. For more videos from us, please see our YouTube channel or web page. Until the next video, thanks for watching.

References
“IPv6 Stateless Address Autoconfiguration” https://tools.ietf.org/html/rfc2462
“Dynamic Host Configuration Protocol for IPv6 (DHCPv6)” https://tools.ietf.org/html/rfc3315
“DHCPv6 – Understanding of address configuration in automatic mode and installation of DHCPv6 Server” https://blogs.technet.microsoft.com/teamdhcp/2009/03/03/dhcpv6-understanding-of-address-configuration-in-automatic-mode-and-installation-of-dhcpv6-server/
“DHCPv6” https://en.wikipedia.org/wiki/DHCPv6
“IPv4 DHCP Vs IPv6 DHCPv6” http://packetpushers.net/ipv4-dhcp-vs-ipv6-dhcpv6/
“Dynamic address assignment in IPv6 using SLAAC and DHCP” https://supportforums.cisco.com/document/97586/dynamic-address-assignment-ipv6-using-slaac-and-dhcp
“Comparison of IPv6 support in operating systems” https://en.wikipedia.org/wiki/Comparison_of_IPv6_support_in_operating_systems
 

Credits
Trainer: Austin Mason http://ITFreeTraining.com
Voice Talent: HP Lewis http://hplewis.com
Quality Assurance: Brett Batson http://www.pbb-proofreading.uk