Monday, April 02, 2012 10:21 AM
I am using DHCPv6 in my local LAN to configure IPv6 on to my client machines (windows) and gateway using router by using M bit 1 in RA. Everything is fine upto that. Whenever I run an script to send rogue RA into my LAN, client machines configure the ipv6 addresses according to that RA but remove IPv6 address taken from DHCPv6. I am bit surprised why the client (windows 7) removing IPv6 address taken from DHCPv6 from it stack. It should keep both the IPs as I could see both the gateways on client.
Secondly, Now I am running another script to kill that forge RA by sending RA with 0 lifetime to that prefix (with same source), In that case RA has been killed as interface unassigned that gateway but still client machine don't put IPv6 address on its interface provided by DHCPv6.
This shows Client machine prefers RA over DHCPv6.
Monday, April 02, 2012 10:20 PM
What you are experiencing is exactly how IPv6 Address Autoconfiguration is designed to operate...which is not how IPv4 operates...and what ALOT of folks are going to be really puzzled and concerned about.
IPv6 clients listen for RA's, and anytime they hear/see an RA, they act on how the flags are set, regardless of how they (client) are currently operating.
The 4 primary flags of configuration concern: (there are other variables too, lifetime timers, etc...see RFC's 4861, 4862 & 3315)
A on - use IPv6 prefix in RA to config SLAAC addr (network prefix + client derive host portion), or off - no IPv6 prefix advertised in RA means no SLAAC
L on - means router is on-link, or - off means router may be not on-link (Win7 assumes L on regardless of this flag, MAC OS Lion needs L on for DHCPv6)
M on - use DHCPv6, or off - don't use DHCPv6
O on - use other DHCPv6 config parms like DNS, or off - don't use DHCPv6 for other parms (but if M on, O doesn't really matter [RFC def])
When client Ethernet interface first initialize, they send up to 3 RS (Mcast to FF02::2) - not waiting for an RA to come around. If they hear an RA, they act on its config. If they don't hear an RA they will simply configure a Link-Local address.
Routers will send RAs periodically...it is a min/max setting in each router config.
When a client sees an RA with M on, they will send a DHCPv6 Solicit (Mcast to FF02::1:2) looking for DHCPv6 servers.
If the client has a DHCPv6 derived address, and receives an RA that has M off, the client will release that DHCPv6 derived address (just like you saw). If the client later receives an RA with M on, they send the DHCPv6 Solicit, etc, etc, etc.
For Stateful (DHCPv6) you want A=off, L=on, M=on L=on (L on or off doesn't really matter since M is on). The client will get its def g/w from the RA, and IPv6 addr from DHCPv6.
btw, in Win7, even if the config is for DHCPv6, it will not send the DHCPv6 Solicit until it has received an RA with M set to on. Again, this is not how DHCPv4 operates.
I am presenting on this exact topic at the 2012 North American IPv6 Summit in Denver next week. http://www.rmv6tf.org/IPv6Summit.htm
I also recently finished the chapter of the Guide to TCP/IP 4th edition that is all about this topic. The book will be available late summer 2012. This 4th edition update grew the 50pages of IPv6 content in the 3rd edition to over 400 pages, alot of new content!!
- Proposed As Answer by MGro Friday, June 15, 2012 7:00 PM