Sources:
- https://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/ipv6.pdf
- https://supportforums.cisco.com/t5/network-infrastructure-documents/stateful-dhcpv6-relay-configuration-example/ta-p/3149338
- https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_dhcp/configuration/xe-3s/dhcp-xe-3s-book/ip6-dhcp-rel-agent-xe.pdf
DHCPv6
In Stateful DHCP the address assignment is centrally managed and clients must obtain configuration information such as address autoconfiguration and neighbor discovery that is not available through protocols.DHCPv6 can be implemented in two ways : Rapid-Commit and Normal Commit mode.
- Rapid-Commit mode , the DHCP client obtain configuration parameters from the server through a rapid two message exchange (solicit and reply).
- Normal-Commit mode, the DHCP client uses four message exchanges (solicit, advertise, request and reply). By default normal-commit is used.
In order to use the rapid-commit option, it has to be enabled by both client and server so that it uses two-message exchange.
Relay Agent
A DHCPv6 relay agent, which may reside on the client’s link, is used to relay messages between the client and the server. The DHCPv6 relay agent operation is transparent to the client. A DHCPv6 client locates a DHCPv6 server using a reserved, link-scoped multicast address.
DHCPv6 pool configuration can contain operational information:
- Prefix delegation information, which could include:
A prefix pool name and associated preferred and valid lifetimes
A list of available prefixes for a particular client and associated preferred and valid lifetimes
- A list of IPv6 addresses of DNS servers
- A domain search list, which is a string containing domain names for DNS resolution
DHCPv6 ports:
546 (UDP) client
547 (UDP) server and relay agent
Multicast addresses:
FF02::1:2, All DHCP relay agents and servers.
FF05::1:3, All DHCP servers.
DHCPv6 uses UDP port number 546 for clients and port number 547 for servers.
Server's link-local fe80::0011:22ff:fe33:5566
Client's link-local fe80::aabb:ccff:fedd:eeff
1) DHCPv6 client sends a Solicit from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547
2) DHCPv6 server replies with an Advertise from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546
3) DHCPv6 client replies with a Request from [fe80::aabb:ccff:fedd:eeff]:546 for [ff02::1:2]:547
(Client messages are sent to the multicast address, per section 13 of RFC 3315)
4) DHCPv6 server finishes with a Reply from [fe80::0011:22ff:fe33:5566]:547 for [fe80::aabb:ccff:fedd:eeff]:546
Topology
 |
| DHCPv6 topology |
hostname SERVER
!
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool test
address prefix 2001:DB8:11::/64 lifetime infinite infinite
dns-server AAAA:BBBB:FE10::100
dns-server 2001:DB8::5
domain-name example.com
!
interface GigabitEthernet0/0
ipv6 address 2001:DB8:10::1/64
ipv6 dhcp server test
!
ipv6 route 2001:DB8:11::/64 2001:DB8:10:0:5203:FF:FE02:0 ! Static route to reach the clients, via Relay-Gi0/0 autoconfigured IPv6 address
!
hostname RELAY
!
ipv6 unicast-routing
ipv6 cef
!
interface GigabitEthernet0/0
ipv6 address autoconfig ! Enabling stateless-autoconfig configures IPv6 addr based on prefixes received in RA
ipv6 enable ! enable IPv6 on the interface and automatically generate the link-local address using the Modified EUI-64 interface ID
!
interface GigabitEthernet0/1
ipv6 address 2001:DB8:11::2/64
ipv6 enable
ipv6 dhcp relay destination 2001:DB8:10::1 GigabitEthernet0/0
!
hostname CLIENT-1
!
ipv6 unicast-routing
ipv6 cef
ipv6 nd route-owner ! inserts Neighbor Discovery-learned routes into the routing table with "ND" status and enables ND autoconfiguration behavior
!
interface GigabitEthernet0/0
ipv6 address dhcp rapid-commit ! DHCP client obtain configuration parameters from the server through a rapid two message exchange (solicit and reply)
ipv6 enable
ipv6 nd autoconfig prefix ! uses Neighbor Discovery to install all valid on-link prefixes from RAs received on the interface
ipv6 nd autoconfig default-route ! allow Neighbor Discovery to install a default route to the Neighbor Discovery-derived default router
!
Verify
SERVER#show ipv6 dhcp pool
DHCPv6 pool: test
Address allocation prefix: 2001:DB8:11::/64 valid 4294967295 preferred 4294967295 (1 in use, 0 conflicts)
DNS server: AAAA:BBBB:FE10::100
DNS server: 2001:DB8::5
Domain name: example.com
Active clients: 1
SERVER#
SERVER#sh ipv6 dhcp binding
Client: FE80::5203:FF:FE03:0
DUID: 00030001500300030000
Username : unassigned
VRF : default
IA NA: IA ID 0x00020001, T1 43200, T2 69120
Address: 2001:DB8:11:0:2877:6115:D2DA:68
preferred lifetime INFINITY, , valid lifetime INFINITY,
SERVER#
RELAY# show ipv6 dhcp interface
GigabitEthernet0/1 is in relay mode
Relay destinations:
2001:DB8:10::1
2001:DB8:10::1 via GigabitEthernet0/0
RELAY#
CLIENT-1# show ipv6 dhcp interface
GigabitEthernet0/0 is in client mode
Prefix State is IDLE
Address State is OPEN
Renew for address will be sent in 11:33:23
List of known servers:
Reachable via address: FE80::5203:FF:FE02:1
DUID: 00030001500300010000
Preference: 0
Configuration parameters:
IA NA: IA ID 0x00020001, T1 43200, T2 69120
Address: 2001:DB8:11:0:2877:6115:D2DA:68/128
preferred lifetime INFINITY, valid lifetime INFINITY
DNS server: AAAA:BBBB:FE10::100
DNS server: 2001:DB8::5
Domain name: example.com
Information refresh time: 0
Prefix Rapid-Commit: disabled
Address Rapid-Commit: enabled
CLIENT-1#
SERVERE# ping 2001:DB8:11:0:2877:6115:D2DA:68
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:11:0:2877:6115:D2DA:68, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/9 ms
SERVERE#
Wireshark
https://www.dropbox.com/s/pbdcjtnphjlgbj6/ccnp-rs-2017-dhcpv6.pcap.pcapng?dl=0
 |
| Click to expand |