DHCPv6 OPERATIONAL ISSUES Tom Coffeen 4/7/2016

Similar documents
DHCPv6 Overview 1. DHCPv6 Server Configuration 1

DHCPv6 (RFC3315 RFC4361)

IPv6 Protocol & Structure. npnog Dec, 2017 Chitwan, NEPAL

Introduction to IPv6 - II

IPv6 Protocol Architecture

IPv6 It starts TODAY!

IPv6 Client IP Address Learning

DHCPv6 Based IPv6 Access Services

Multi-requirement Extensions for DHCPv6 (draft-ren-dhc-mredhcpv6-00)

Configuring IPv6 First-Hop Security

Implementing DHCP for IPv6

OSI Data Link & Network Layer

Analyze and Verify Ouput of "debug dhcp ipv6 packets" in ASR9k

IPv6 Associated Protocols. Athanassios Liakopoulos 6DEPLOY IPv6 Training, Skopje, June 2011

IPv6 Security (Theory vs Practice) APRICOT 14 Manila, Philippines. Merike Kaeo

IPv6 and IPv4: Twins or Distant Relatives

But we ve always done it this

Don't have the plaid polyester leisure suit of IPv6 networks! Paul Ebersman, IPv6 Evangelist NANOG56, Dallas, TX (21-24 Oct 2012)

Rocky Mountain IPv6 Summit April 9, 2008

Implementing DHCP for IPv6

Internet Protocol v6.

Chapter 7: IP Addressing CCENT Routing and Switching Introduction to Networks v6.0

Learning/Playing with IPv6 at home. Keith Garner, Gradebook Team Lead

IPv6 Neighbor Discovery

MCSA Guide to Networking with Windows Server 2016, Exam

Introduction to IPv6

IETF Update about IPv6

Patrick Grossetete Cisco Systems Cisco IOS IPv6 Product Manager 2003, Cisco Systems, Inc. All rights reserved.

Internet Engineering Task Force (IETF) Obsoletes: 3315, 3633, 3736, 4242, 7083, 7283, 7550 B. Volz

OSI Data Link & Network Layer

Network Management. IPv6 Bootcamp. Zhiyi Huang University of Otago

TCP/IP Protocol Suite

TD#RNG#2# B.Stévant#

IPv6 Access Services: DHCPv6 Relay Agent

IPv6 Autoconfiguration. Stateless and Stateful. Rabat, Maroc Mars 2007

IPv6 Implementation Best Practices For Service Providers

DHCP and DDNS Services

Tutorial: IPv6 Technology Overview Part II

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

OSI Data Link & Network Layer

IPv6 Feature Facts

Step 2. Manual configuration of global unicast and link-local addresses

IPv4/v6 Considerations Ralph Droms Cisco Systems

DNS, DHCP and Auto- Configuration. IPv6 Training Day 18 th September 2012 Philip Smith APNIC

IPv6 Access Services: DHCPv6 Prefix Delegation

IPv6 Neighbor Discovery

IPv6: Problems above Layer 3 Paul Ebersman, IPv6 PLNOG10, Warsaw, 28 Feb 2013

CSEP 561 Internetworking. David Wetherall

Setup. Grab a vncviewer like: Or

IPv6 Neighbor Discovery

Workshop on Scientific Applications for the Internet of Things (IoT) March

Implementing DHCP for IPv6

IPv6 deployment for Enterprise/Sysadmins Paul NAv6 Summit 2013, Denver, Apr 2013

IPv6 Community Wifi. Unique IPv6 Prefix per Host. IPv6 Enhanced Subscriber Access for WLAN Access Gunter Van de Velde Public.

Configuration Examples for DHCP, on page 37 Configuration Examples for DHCP Client, on page 38 Additional References for DHCP, on page 38

The Netwok Layer IPv4 and IPv6 Part 2

Operation Manual IPv6 H3C S3610&S5510 Series Ethernet Switches Table of Contents. Table of Contents

ODL Summit Bangalore - Nov 2016 IPv6 Design in OpenDaylight

IPv6 Address Planning

Comcast IPv6 Trials NANOG50 John Jason Brzozowski

MBC. Auto. Address. Networks. Mesh. uto- configuration for Wireless. Keecheon Kim. Konkuk University Seoul, Korea

Radware ADC. IPV6 RFCs and Compliance

DHCPv6 Options Support

A Near Term Solution for Home IP networking (HIPnet)

Avaya Networking IPv6 Using Fabric Connect to ease IPv6 Deployment. Ed Koehler Director DSE Ron Senna SE Avaya Networking Solutions Architecture

CSCI-1680 Network Layer:

IPv6: Are we there yet? NANOG 58 New Orleans Paul Ebersman IPv6

Chapter 5 Lab 5-2 DHCP INSTRUCTOR VERSION

IPv6 Security Safe, Secure, and Supported.

Implementing the Dynamic Host Configuration Protocol

Configuring IPv6 for Gigabit Ethernet Interfaces

IPv6 Technical Challenges

IPv6 Neighbor Discovery

Yasuo Kashimura Senior Manager, Japan, APAC IPCC Alcatel-lucent

IPv6 Neighbor Discovery

Charles Perkins Nokia Research Center 2 July Mobility Support in IPv6 <draft-ietf-mobileip-ipv6-14.txt> Status of This Memo

IPv6 address configuration and local operation

CS 356: Computer Network Architectures. Lecture 15: DHCP, NAT, and IPv6. [PD] chapter 3.2.7, 3.2.9, 4.1.3, 4.3.3

Planning for Information Network

Best Current Operational Practice for operators: choose. Jordi Palet

There are more layers than just layer 3 Paul Ebersman, IPv6 NANOG57, Orlando, FL (04-06 Feb 2013)

Internet Engineering Task Force INTERNET DRAFT. C. Perkins Nokia Research Center R. Droms(ed.) Cisco Systems 1 March 2001

IPv6. Internet Technologies and Applications

Foreword xxiii Preface xxvii IPv6 Rationale and Features

CCNA 2 (v v6.0) Chapter 10 Exam Answers % Full

Configuring DHCP. About DHCP Snooping, page 2 About the DHCPv6 Relay Agent, page 8

It's the economy, stupid: the transition from IPv4 to IPv6

Advanced Computer Networking. CYBR 230 Jeff Shafer University of the Pacific. IPv6

COSC4377. TCP vs UDP Example Statistics

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

IPv6 Access Services: DHCPv6 Prefix Delegation

ISO 9001:2008. Pankaj Kumar Dir, TEC, DOT

Internet Engineering Task Force INTERNET DRAFT. C. Perkins Nokia Research Center R. Droms(ed.) Cisco Systems 15 April 2001

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Internet Engineering Task Force (IETF) Request for Comments: ISC S. Krishnan Ericsson I. Farrer Deutsche Telekom AG August 2014

Agenda. DHCP Overview DHCP Basic. DHCP Additional. DHCP Relay DHCP Snooping DHCP Server. DHCP Security SAVI ND Snooping

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

HPE FlexFabric 5940 Switch Series

Configuring IPv6 basics

Internet Protocol Version 6: advanced features. The innovative aspects of IPv6

Transcription:

1 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved. DHCPv6 OPERATIONAL ISSUES Tom Coffeen 4/7/2016

ABOUT THE PRESENTER Tom Coffeen IPv6 Evangelist Infoblox @ipv6tom tom@ipv6.works 2 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

IPv6 STATISTICS 3 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

US INTERNET TRAFFIC TO GOOGLE VIA IPv6! 25% US Population: 323M US Internet penetration: 70% Number of Internet Users: 226M Percentage of IPv6 Users: 25% 18% of US population uses IPv6: 57 Million IPv6 users 4 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

US IPv6 NETWORK OPERATOR STATS! Comcast 44%! T-Mobile 49%! AT&T 56%! Verizon 70%! Source: http://www.worldipv6launch.org/measurements/! 5 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

2016: IPv4 AS HISTORIC? https://tools.ietf.org/html/draft-howard-sunset4-v4historic-00 "IPv4 has been superseded by IPv6, and is therefore Historic." "The term does not indicate that the practice is harmful, but that there will be no further development in IPv4, and therefore those using the old version are advised to transition to the newer version." "The term IP, without address family specified, is assumed to mean IPv6. 6 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

WORLDWIDE IPv6 BY 2018 >50%! A similar estimate has worldwide Internet traffic to Google over IPv6 at greater than 50% by 2018. 7 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

A BRIEF DHCPv6 REVIEW 8 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

COMPARING DHCPv4 WITH DHCPv6 Characteristic DHCPv4 DHCPv6 Address type used for server discovery/solicitation Broadcast Multicast Default gateway Obtained from server Provided by RA DHCP transaction acronym DORA (Discovery, Offer, Request, Acknowledgement) Host Identifier MAC address DUID SARR (Solicit, Advertise, Request, Reply) Source Address/Port 0.0.0.0, 68 (UDP) link-local, 546 (UDP) Destination Address/Port 255.255.255.255, 67 (UDP) ff02::1:2, 547 (UDP) 9 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

THE DHCP UNIQUE IDENTIFIER (DUID) Used by DHCPv6 instead of the MAC address to identify clients and servers One, unique DUID per client One, unique DUID per server Variable in length Set at boot time (persistent across reboots) 10 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

THE IDENTITY ASSOCIATION (IA) Used by the DHCPv6 server to identify, group, and manage sets of related, assigned IPv6 addresses Client interfaces have multiple IPv6 addresses One IA is assigned per interface Since IPv6 addresses can be temporary or nontemporary, separate IAs are created for each category IA_NA for non-temporary addresses IA_TA for temporary addresses 11 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

STATEFUL VS. STATELESS DHCPv6 Characteristic Stateful DHCPv6 Stateless DHCPv6 IPv6 Address via DHCPv6 server via SLAAC Additional DHCP options (DNS servers, domain-search list, etc) via DHCPv6 server via DHCPv6 server Default gateway Provided by RA Provided by RA 12 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 IN ACTION IPv6 Host A has a valid (tested with DAD) link-local address (derived from its MAC address) 1 Host A Ethernet MAC: 89-4B-3E-86-5E-DB Link-local IPv6 address: fe80::894b:3eff:fe86:5edb 13 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 IN ACTION DHCPv6 Solicit Source: fe80::894b:3eff:fe86:5edb Destination: ff02::1:2 IPv6 Host A sends a DHCPv6 Solicit to the linklocal scope all-dhcp-servers multicast address 2 DHCPv6 Server Host A 14 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 IN ACTION DHCPv6 Server DHCPv6 Advertisement Source: link-local of server interface Destination: fe80::894b:3eff:fe86:5edb A listening DHCPv6 server responds with a unicast DHCPv6 Advertisement addressed to the link-local address of the soliciting client 3 Host A 15 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 IN ACTION DHCPv6 Request Source: fe80::894b:3eff:fe86:5edb Destination: link-local of Router A 4 Host A unicasts a DHCPv6 Request to the server DHCPv6 Server Host A 16 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 IN ACTION DHCPv6 Server DHCPv6 Reply Source: link-local of server interface Destination: fe80::894b:3eff:fe86:5edb The DHCPv6 server responds with a unicast DHCPv6 Reply containing the IPv6 address and any additional network configuration options 5 Host A 17 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 IN ACTION DHCPv6 Reply information DHCPv6 Server IPv6 Address DNS servers Domain-search list Host A Global Unicast Address: 2001:db8:21:12::100 Link-local IPv6 address: fe80::894b:3eff:fe86:5edb IPv6 Host A configures an IPv6 address and other network parameters from the information provided in the DHCPv6 Reply 6 18 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 PREFIX DELEGATION /56 allocation: /64 assignment 2001:db8:1:aaa1:1e55:70ff:d2fe:a1e2 Home user ISP DHCPv6 Server ISP CMTS 2001:db8:1:aa00::/56 Cable modem/router 2001:db8:1:aaa1::/64 19 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 PREFIX DELEGATION (HOMENET) /48 allocation: /60 assignment ISP DHCPv6 Server ISP CMTS Cable modem/router Home network 2001:db8:1::/48 2001:db8:1:aaa0::/60 2001:db8:1:aaa1::/64 Internet 2001:db8:1:aaa2::/64 Utilities 2001:db8:1:aaa3::/64 Security Etc 20 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

THE DHCPv6 CONTEXT 21 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 ENVIRONMENTS Corporate LAN environments When additional administrative control is needed Wherever DHCPv4 is deployed today* Where Prefix Delegation (PD) is needed Stateless DHCPv6 might be used where the clients do not support Stateful DHCPv6 22 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

MANAGING DHCPv6 23 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

IPv6 AUTO-ADDRESSING FLAG SETTINGS Auto-address Configuration Method ICMPv6 RA (Type 134) A Flag M Flag O Flag SLAAC 1 0 0 Stateless DHCPv6 1 0 1 Resulting IPv6 Addresses Configured Link-local, IPv6, Temporary IPv6 Link-local, IPv6, Temporary IPv6 Additional Configuration Options (DNS servers, domain search list, etc.) Manual (unless client supports RFC 6106/RDNSS) DHCPv6 Stateful DHCPv6 0 1 N/R Link-local, DHCPv6 DHCPv6 24 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

IPv6 AUTOADDRESSING: STRANGE BEHAVIOR Host State Input Behavior Host has not acquired any addresses Host has not acquired any addresses Host has acquired address from DHCPv6 only Host has acquired address from SLAAC only No RA RA with M=0, O=1 RA with M=0 RA with M=1 Some popular OSes acquire DHCPv6 addresses. Some popular OSes acquire other info from DHCPv6 addresses. Others do so only if A=1. Some OSes release DHCPv6 immediately. Some release upon expiry. Some OSes release DHCPv6 immediately. Some release only if SLAAC address expires and can t be refreshed. 25 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 CLIENTS: STRANGE BEHAVIOR Scenario! OS X! Windows 7/8/10! A=0, M=0, O=0, DHCPv6 present! No address! DHCPv6! 26 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 RELAY Custom provisioning of DHCPv6 info for a particular client or client type or circuit ID Classes can now be created based on DHCPv6 relay-provided options (rather than just client-provided options) 27 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

28 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved. DHCPv6 RELAY

DHCPv6 FAILOVER Often repeated that it s not needed (unless you re doing PD) No proprietary implementation (yet ) Many enterprises are insisting on it: We do it this way in IPv4 and we want to be able to do it the same way in IPv6. Existing RFCs RFC 6853 DHCPv6 Redundancy Deployment Considerations RFC 7031 DHCPv6 Failover Requirements New Draft DHCPv6 Failover Protocol https://tools.ietf.org/html/draft-ietf-dhc-dhcpv6-failover-protocol-01 29 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

FAILOVER WORKAROUND: SPLIT PREFIXES Lease DB Over time, uneven distribution of leases Server 1 Server 2 Server n+1 Client 1 Client 2 Client n+1 Server 1 Prefix = 2001:db8:1:1::/64 Pool = 2001:db8:1:1:0000::/65 Pref = 255 Server 2 Prefix = 2001:db8:1:1::/64 Pool = 2001:db8:1:1:8000::/65 Pref = 0 Server n+1 Prefix = 2001:db8:1:1::/64 Pool = <varies> Pref = <0-255> RFC 6853 - DHCPv6 Redundancy Considerations 30 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

FIRST-HOP SECURITY: DHCPv6 GUARD Trusted DHCPv6 Server DHCPv6 relay Rogue DHCPv6 Server DHCPv6 Solicit Destination: ff02::1:2 Target 31 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

FIRST-HOP SECURITY: DHCPv6 GUARD Trusted DHCPv6 Server DHCPv6 relay Rogue DHCPv6 Server DHCPv6 Advertisement Server preference = 0 (default) 2001:db8:1::3f Target DHCPv6 Advertisement Server preference = 255 (must prefer) fc00:a:b:c:d::666 32 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

FIRST-HOP SECURITY: DHCPv6 GUARD Trusted DHCPv6 Server Switch with IPv6 FHS enabled (DHCPv6 Guard) DHCPv6 relay Rogue DHCPv6 Server DHCPv6 Advertisement Server preference = 0 (default) 2001:db8:1::3f Target DHCPv6 Advertisement Server preference = 255 (must prefer) 33 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

ADDRESS PLANNING FOR DHCPv6 Rules of address planning generally shouldn t change regardless of which autoaddressing method used (i.e., stateful or stateless DHCPv6 or SLAAC) /48 per site /64 per VLAN How the /48 is carved up within the site depends on the topological complexity (or lack of it) in the site 34 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DHCPv6 FOR ANDROID! Pros It s a DHCPv6 client for Android! http://forum.xda-developers.com/android/apps-games/appdhcpv6-client-t3176443 Cons Requires root i.e., not manageable for enterprise deployments 35 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

DDI WITH IPv6 General IPv4/IPv6 feature parity! DHCPv6 (Stateful and stateless)! DNS queries! DNS responses over v6! AAAA records! IPAM/DHCP networks/ ranges! Fixed addresses! Hosts dual stack! IPv6 NetMap! IPv6 Discovery! GUI/API/SNMP! Gateway discovery! RIR allocation and updates! Transition technology! DNS64(NAT64)! 36 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

IPv6 Address Planning, O Reilly Media, 2015 For IT network architects, engineers, and administrators! Comprehensive overview and current best-practices for designing, deploying, and maintaining an effective IPv6 addressing plan! 37 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved.

38 2016 2013 Infoblox Inc. All Inc. Rights All Reserved. Rights Reserved. Q&A

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback