Menu
Index

Contact
Atom Feed
Comments Atom Feed

Similar Articles

2011-10-31 17:27
ICMPv6 Firewalling Quick Reference (crib sheet)

Recent Articles

2019-07-28 16:35
git http with Nginx via Flask wsgi application (git4nginx)
2018-05-15 16:48
Raspberry Pi Camera, IR Lights and more
2017-04-23 14:21
Raspberry Pi SD Card Test
2017-04-07 10:54
DNS Firewall (blackhole malicious, like Pi-hole) with bind9
2017-03-28 13:07
Kubernetes to learn Part 4

Glen Pitt-Pladdy :: Blog

IPv6 autoconfiguration with Dibbler (DHCPv6) and radvd

In my quest to IPv6 up everything in sight, I couldn't find any clear documentation on how to setup a DHCPv6 based network so here is what I learned.

IPv6 brings many benefits, not least the enormous number of addresses, but it is also not without it's warts....

IPv6 Autoconfiguration

One of the new features of IPv6 is built in autoconfiguration. There are two basic approaches: Stateless via Route Advertising (routers multicast the routes and address ranges allowing devices chose their own address from the pool) and Stateful via DHCPv6 (the server manages the addresses and configuration).

On the face of it this may sound good, but there are some catches:

  • Stateless (RA) autoconfiguration can't be used to force a device to the same address (ie. static address) on the network
  • Stateless (RA) autoconfiguration can't be used to hand out additional configuration (NTP servers, SIP, NIS, domains etc.)
  • Stateful (DHCPv6) autoconfiguration (strictly speaking) can't hand out routes

The consequence of this is that to get a fully featured network with autoconfiguration requires both Route Advertising and DHCPv6.

DHCPv6 with Dibbler

To hand out everything other than the route information we use a DHCPv6 server. I am using Dibbler which is one of the many available, but the basic idea is the same for others.

The example config provided with Dibbler is a good place to start. My  only change in the main section is to set:

log-mode full

This gives full date & time in the log file. The main stuff is in the interface spec for each network it serves on. Most stuff in the example config can go if like me you are running a simple fully routed network.

iface "eth0" {
# also ranges can be defines, instead of exact values
 t1 1800-2000
 t2 2700-3000
 prefered-lifetime 3600
 valid-lifetime 7200
# static address
  class {
  accept-only fe80::XXXX:XXXX:XXXX:XXXX
  pool 2001:XXXX:XXXX:XXXX:XXXX::XXXX
 }
# assign addresses from this pool
 class {
  pool 2001:XXXX:XXXX:XXXX:XXXX::XXXX/120
 }
# provide DNS server location to the clients
 option dns-server 2001:XXXX:XXXX:XXXX:XXXX::XXXX
# provide their domain name
  option domain somedomain.com
}

That's about all there is to it. This provides a basic example with DNS and assigning a domain name. Additionally you can add various things like NTP, time zone, SIP etc.

As pointed out earlier, this does not give any routing information to the client so as-is it is local network only.

Route Advertising with radvd

Since DHCPv6 can't hand out routing information (yeah, I know it's weird after DHCPv4 doing everything, but that's the way it is in the IPv6 world), Route Advertising is needed to be able to do anything beyond the local network.

With Linux (and probably other Unix style systems) the standard tool for this is radvd. Typically clients would be allowed to choose their own addresses out of a pool, but if we are using DHCPv6 then we need to tell clients they are to use DHCPv6 by setting the AdvManagedFlag option.

Additionally, if we want to stop them autonomously configuring addresses, we need to unset the AdvAutonomous option.

If like me you have some interfaces which are not up all the time (eg. turn off the switch when not in use) then the IgnoreIfMissing option will take care of this. Without this my radvd dies with high CPU usage when interfaces go up and down.

An example config to work with the above DHCPv6 config would be:

interface eth0 {
   AdvSendAdvert on;
   AdvManagedFlag on;
   IgnoreIfMissing on;
   prefix 2001:XXXX:XXXX:XXXX:XXXX::XXXX/64
   {
      AdvAutonomous off;
   };
};

That should be all that is needed to get a basic IPv6 network running on DHCPv6. 

Now to hook up the devices...

My initial impression with Ubuntu desktop machines (Karmic & Lucid) are that their IPv6 is broken. Not only are there reports of IPv6 causing problems on IPv4 only networks, but my experience is that apart from local-link, it doesn't actually work on IPv6 networks either! I have tried dumping network traffic with Wireshark and they simply appear not to be doing the right stuff. It appears that the DHCP client shipped with Ubuntu is not DHCPv6 capable even if the GUI gives options for IPv6 - for that dhcp4-client would be needed, but there is not much sign of movement upstream.

I have had success with installing dibbler-client on Ubuntu machines which does DHCPv6 independent of the GUI configuration. If you want it to be strictly compliant then you will need to add the strict-rfc-no-routing option to the config. Apart from that it seems to work for both Karmic and Lucid.

Windows Vista works right out the box - no need to change any settings or anything, although it does generate a different local-link layer address for it's self to Linux so be aware of this if you are dual-booting.

Likewise, some devices do IPv6 without any effort at all....

Nokia 5800 XpressMusic IPv6

To test you can either hit this site from a browser and should see the red "using IPv6" in the top left corner, or http://ipv6.google.com/ is a pure IPv6 site (only resolves with IPv6), and is a useful address to ping or visit in a browser.
This is a bunch of random thoughts, ideas and other nonsense, and is not intended to be taken seriously. I'm experimenting and mostly have no idea what I am doing with most of this so it should be taken with cuation and at your own risk. Intrustive technologies are minimised where possible. For the purposes of reducing abuse and other risks hCaptcha is used and has it's own policies linked from the widget.