IPv6 Autoconfiguration with SLAAC and NDP, how does it work?

Unlike the prehistoric IPv4 protocol which relies on DHCP servers to be able to communicate and do anything useful, the modern IPv6 protocol is much more self-sufficient and in tune with 2012.

Introducing IPv6 Stateless Address Autoconfiguration or SLAAC. Described in RFC 4862 SLAAC is a mechanism that:

“requires no manual configuration of hosts, minimal (if any) configuration of routers, and no additional servers. The stateless mechanism allows a host to generate its own addresses using a combination of locally available information and information advertised by routers”

In Apple terms; it’s like magic!

SLAAC relies on Neighbor Discovery Protocol (NDP) which provides a lot of cool features like looking for duplicate addresses, configuring a default route, locating other nodes on the link and so on. NDP is really just multicast and ICMPv6 with different message types.

The most common Multicast Addresses used by NDP is:

• All Nodes Addresses
  • FF02:0:0:0:0:0:0:1 or FF02::1
  • Used to reach all nodes on the link.
• All Routers Addresses
  • FF02:0:0:0:0:0:0:2 or FF02::2
  • Used to reach all routers on the link.
• Solicited-Node Address
  • FF02:0:0:0:0:1:FFXX:XXXX or FF02::1:FFXX:XXXX
  • XX:XXXX is the last 24 bits from the configured address, link-local or unicast.
  • Used to reach all nodes with the same configured address on the link.

And then we have the different ICMPv6 message types:

• Neighbor Solicitation (NS) – Type 135
  • Sent to FF02::1:FFXX:XXXX
  • A node use this address to verify that the tentative or “soon to be configured address” is not already in use by another node on the link.
• Neighbor Advertisement (NA) – Type 136
  • Sent to all nodes listening to FF02::1
  • Informs neighbors about the currently configured address.
• Router Solicitation (RS) – Type 133
  • Sent to all routers listening to FF02::2
  • Used by a node to locate default routers and request them to send a Router Advertisement.
• Router Advertisement (RA) – Type 134
  • Sent to all nodes listening to FF02::1.
  • Used by routers to advertise their presence and give information about which prefix is being used on the link.
• Redirect
  • Used by routers to inform hosts of a better first hop for a destination.

So to better understand how this all works together we’ll use the following topology:

The router has been configured as follows:

ipv6 unicast-routing
!
interface FastEthernet0/0
 ipv6 address 2001:DB8:1:1::1/64

By running “debug ipv6 nd” on the router interface we can see NDP in action:

ROUTER#debug ipv6 nd
*Mar  1 01:31:19.271: ICMPv6-ND: Sending NS for FE80::200:11FF:FE11:1111 on FastEthernet0/0
*Mar  1 01:31:20.275: ICMPv6-ND: DAD: FE80::200:11FF:FE11:1111 is unique.
*Mar  1 01:31:20.275: ICMPv6-ND: Sending NA for FE80::200:11FF:FE11:1111 on FastEthernet0/0
*Mar  1 01:31:20.275: ICMPv6-ND: Linklocal FE80::200:11FF:FE11:1111 on FastEthernet0/0, Up
*Mar  1 01:31:20.279: ICMPv6-ND: Request to send RA for FE80::200:11FF:FE11:1111
*Mar  1 01:31:20.279: ICMPv6-ND: Sending RA from FE80::200:11FF:FE11:1111 to FF02::1 on FastEthernet0/0
*Mar  1 01:31:20.279: ICMPv6-ND:     MTU = 1500
*Mar  1 01:31:20.283: ICMPv6-ND:     prefix = 2001:DB8:1:1::/64 onlink autoconfig
*Mar  1 01:31:20.283: ICMPv6-ND:             2592000/604800 (valid/preferred)
*Mar  1 01:31:20.283: ICMPv6-ND: Address FE80::200:11FF:FE11:1111/10 is up on FastEthernet0/0
*Mar  1 01:31:20.291: ICMPv6-ND: Sending NS for 2001:DB8:1:1::1 on FastEthernet0/0
*Mar  1 01:31:21.295: ICMPv6-ND: DAD: 2001:DB8:1:1::1 is unique.
*Mar  1 01:31:21.295: ICMPv6-ND: Sending NA for 2001:DB8:1:1::1 on FastEthernet0/0
*Mar  1 01:31:21.299: ICMPv6-ND: Address 2001:DB8:1:1::1/64 is up on FastEthernet0/0
*Mar  1 01:31:36.607: ICMPv6-ND: Request to send RA for FE80::200:11FF:FE11:1111
*Mar  1 01:31:36.607: ICMPv6-ND: Sending RA from FE80::200:11FF:FE11:1111 to FF02::1 on FastEthernet0/0
*Mar  1 01:31:36.607: ICMPv6-ND:     MTU = 1500
*Mar  1 01:31:36.611: ICMPv6-ND:     prefix = 2001:DB8:1:1::/64 onlink autoconfig
*Mar  1 01:31:36.611: ICMPv6-ND:             2592000/604800 (valid/preferred)
*Mar  1 01:31:52.999: ICMPv6-ND: Request to send RA for FE80::200:11FF:FE11:1111
*Mar  1 01:31:52.999: ICMPv6-ND: Sending RA from FE80::200:11FF:FE11:1111 to FF02::1 on FastEthernet0/0
*Mar  1 01:31:52.999: ICMPv6-ND:     MTU = 1500
*Mar  1 01:31:53.003: ICMPv6-ND:     prefix = 2001:DB8:1:1::/64 onlink autoconfig
*Mar  1 01:31:53.003: ICMPv6-ND:             2592000/604800 (valid/preferred)
*Mar  1 01:35:13.503: ICMPv6-ND: Request to send RA for FE80::200:11FF:FE11:1111
*Mar  1 01:35:13.503: ICMPv6-ND: Sending RA from FE80::200:11FF:FE11:1111 to FF02::1 on FastEthernet0/0
*Mar  1 01:35:13.503: ICMPv6-ND:     MTU = 1500
*Mar  1 01:35:13.503: ICMPv6-ND:     prefix = 2001:DB8:1:1::/64 onlink autoconfig
*Mar  1 01:35:13.507: ICMPv6-ND:             2592000/604800 (valid/preferred)

And the same events as seen in Wireshark:

So the following Neighbor Discovery events takes place:

1. Sending NS for FE80::200:11FF:FE11:1111 to FF02::1:FF11:111
   1. The router has generated a link-local address using EUI-64 and wants to know if it is available to use. Notice the unspecified source address.
2. Sending NA for FE80::200:11FF:FE11:1111 to FF02::1
   1. After waiting 1 second Duplicate Address Detection (DAD) concludes that the link-local address is available.
   2. The router informs all neighbors that it owns this address.
3. Sending RA from FE80::200:11FF:FE11:1111 to FF02::1
   1. The router starts sending Router Advertisement to inform all nodes about which prefix is being used etc.
4. Sending NS for 2001:DB8:1:1::1 to FF02::1:FF00:1
   1. The router has been assigned a global unicast address and wants to know if it is available. The source address is unspecified.
5. Sending NA for 2001:DB8:1:1::1 to FF02::1
   1. After waiting 1 second DAD concludes that the global unicast address is available.
   2. The router informs all neighbors that it owns this address.
6. Sending RA from FE80::200:11FF:FE11:1111 to FF02::1
   1. The second RA is sent after ~16 seconds.
7. Sending RA from FE80::200:11FF:FE11:1111 to FF02::1
   1. The third RA is sent after ~32 seconds.
8. Sending RA from FE80::200:11FF:FE11:1111 to FF02::1
   1. The fourth and following RAs are sent at 200 second intervals (default).
   2. Also notice that the router use it’s link-local address and not the global unicast address when sending RAs.

The whole process took around 5 seconds to complete. IPv6 is now running on the router, RAs is being sent at 200 second intervals and we have configured a global unicast address on the LAN interface.

Next step is to configure CLIENT_A. Setting up auto-configuration is done the same way as described earlier:

interface FastEthernet0/0
 ipv6 address autoconfig default

The default keyword tells the client to insert a default route based on the RA it receives.

So here is what happens on CLIENT_A:

CLIENT_A#debug ipv6 nd
*Mar  1 02:55:26.539: ICMPv6-ND: Sending NS for FE80::200:AAFF:FEAA:AAAA on FastEthernet0/0
*Mar  1 02:55:27.543: ICMPv6-ND: DAD: FE80::200:AAFF:FEAA:AAAA is unique.
*Mar  1 02:55:27.543: ICMPv6-ND: Sending NA for FE80::200:AAFF:FEAA:AAAA on FastEthernet0/0
*Mar  1 02:55:27.543: ICMPv6-ND: Linklocal FE80::200:AAFF:FEAA:AAAA on FastEthernet0/0, Up
*Mar  1 02:55:27.547: ICMPv6-ND: Address FE80::200:AAFF:FEAA:AAAA/10 is up on FastEthernet0/0
*Mar  1 02:55:30.543: ICMPv6-ND: Sending RS on FastEthernet0/0
*Mar  1 02:55:30.607: ICMPv6-ND: Received RA from FE80::200:11FF:FE11:1111 on FastEthernet0/0
*Mar  1 02:55:30.607: ICMPv6-ND: DELETE -> INCMP: FE80::200:11FF:FE11:1111
*Mar  1 02:55:30.607: ICMPv6-ND: Neighbour FE80::200:11FF:FE11:1111 on FastEthernet0/0 : LLA 0000.1111.1111
*Mar  1 02:55:30.611: ICMPv6-ND: INCMP -> STALE: FE80::200:11FF:FE11:1111
*Mar  1 02:55:30.611: ICMPv6-ND: Selected new default router FE80::200:11FF:FE11:1111 on FastEthernet0/0
*Mar  1 02:55:30.615: ICMPv6-ND: Prefix Information change for 2001:DB8:1:1::/64, 0x0 -> 0xE0
*Mar  1 02:55:30.615: ICMPv6-ND: Adding prefix 2001:DB8:1:1::/64 to FastEthernet0/0
*Mar  1 02:55:30.619: ICMPv6-ND: Sending NS for 2001:DB8:1:1:200:AAFF:FEAA:AAAA on FastEthernet0/0
*Mar  1 02:55:30.619: ICMPv6-ND: Autoconfiguring 2001:DB8:1:1:200:AAFF:FEAA:AAAA on FastEthernet0/0
*Mar  1 02:55:31.619: ICMPv6-ND: DAD: 2001:DB8:1:1:200:AAFF:FEAA:AAAA is unique.
*Mar  1 02:55:31.619: ICMPv6-ND: Sending NA for 2001:DB8:1:1:200:AAFF:FEAA:AAAA on FastEthernet0/0
*Mar  1 02:55:31.623: ICMPv6-ND: Address 2001:DB8:1:1:200:AAFF:FEAA:AAAA/64 is up on FastEthernet0/0

And the same events as seen in Wireshark:

The main NDP events can be summarized like this:

1. Sending NS for FE80::200:AAFF:FEAA:AAAA to FF02::1:FFAA:AAAA
   1. The client has generated a link-local address and wants to know if it’s available. The source address is unspecified.
2. Sending NA for FE80::200:AAFF:FEAA:AAAA to FF02::1
   1. Having received no replies the client informs all nodes that it owns this address.
3. Sending RS to FF02::2
   1. The client tries to locate a router.
4. Received RA from FE80::200:11FF:FE11:1111
   1. The router replies to all nodes with a Router Advertisement.
5. Sending NS for 2001:DB8:1:1:200:AAFF:FEAA:AAAA to FF02::1:FFAA:AAAA
   1. The client has auto-configured a global unicast address based on the received prefix. Wants to know if it is available to use. The source address is unspecified.
6. Sending NA for 2001:DB8:1:1:200:AAFF:FEAA:AAAA to FF02::1
   1. After waiting 1 second DAD concludes that the address in available.

And just as we saw earlier, the whole process takes 5 seconds to complete. All is good, the router and client can reach each other and an IPv6 default route is installed on the client.

Here’s how it all looks in the router:

ROUTER#show ipv6 interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::200:11FF:FE11:1111
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:DB8:1:1::1, subnet is 2001:DB8:1:1::/64
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FF00:1
    FF02::1:FF11:1111
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  ND advertised reachable time is 0 milliseconds
  ND advertised retransmit interval is 0 milliseconds
  ND router advertisements are sent every 200 seconds
  ND router advertisements live for 1800 seconds
  ND advertised default router preference is Medium
  Hosts use stateless autoconfig for addresses.

The output shows the link-local address generated using EUI-64, the global unicast address, the multicast addresses (all nodes, all routers, solicited-node address for both configured addresses), that DAD is enabled and RAs is being sent every 200 seconds.

CLIENT_A#show ipv6 interface fastethernet0/0
FastEthernet0/0 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::200:AAFF:FEAA:AAAA
  No Virtual link-local address(es):
  Global unicast address(es):
    2001:DB8:1:1:200:AAFF:FEAA:AAAA, subnet is 2001:DB8:1:1::/64 [EUI/CAL/PRE]
      valid lifetime 2591868 preferred lifetime 604668
  Joined group address(es):
    FF02::1
    FF02::2
    FF02::1:FFAA:AAAA
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds
  Hosts use stateless autoconfig for addresses.

The output show the link-local address and the global unicast address generated using EUI-64, the multicast addresses (all nodes, all routers and solicited-node address). The reason we’re seeing only one solicited-node address is that the last 24 bits on both the link-local and global unicast address are identical, “AA:AAAA”. And at the end we see DAD is enabled.

But what about DNS-servers and name resolution? That’s where DHCPv6 (RFC 3315) comes in or the proposed change to Router Advertisements to include DNS servers (RFC 6106). But that’s another story.

For more detailed information on IPv6 addressing, SLAAC and NDP have a look at the following RFCs:

It’s time to activate IPv6 on your routers!

If you’re looking for a tailor-made workshop or network analysis, check out my Consulting Services for more information.