I am using DHCPv6 in my local LAN to configure IPv6 on to my client machines (windows) and gateway using router by using M bit 1 in RA. Everything is fine upto that. Whenever I run an script to send rogue RA into my LAN, client machines configure the ipv6 addresses according to that RA but remove IPv6 address taken from DHCPv6. I am bit surprised why the client (windows 7) removing IPv6 address taken from DHCPv6 from it stack. It should keep both the IPs as I could see both the gateways on client.
Secondly, Now I am running another script to kill that forge RA by sending RA with 0 lifetime to that prefix (with same source), In that case RA has been killed as interface unassigned that gateway but still client machine don't put IPv6 address on its interface provided by DHCPv6.
This shows Client machine prefers RA over DHCPv6.
What you are experiencing is exactly how IPv6 Address Autoconfiguration is designed to operate...which is not how IPv4 operates...and what ALOT of folks are going to be really puzzled and concerned about.
IPv6 clients listen for RA's, and anytime they hear/see an RA, they act on how the flags are set, regardless of how they (client) are currently operating.
The 4 primary flags of configuration concern: (there are other variables too, lifetime timers, etc...see RFC's 4861, 4862 & 3315)
A on - use IPv6 prefix in RA to config SLAAC addr (network prefix + client derive host portion), or off - no IPv6 prefix advertised in RA means no SLAAC
L on - means router is on-link, or - off means router may be not on-link (Win7 assumes L on regardless of this flag, MAC OS Lion needs L on for DHCPv6)
M on - use DHCPv6, or off - don't use DHCPv6
O on - use other DHCPv6 config parms like DNS, or off - don't use DHCPv6 for other parms (but if M on, O doesn't really matter [RFC def])
When client Ethernet interface first initialize, they send up to 3 RS (Mcast to FF02::2) - not waiting for an RA to come around. If they hear an RA, they act on its config. If they don't hear an RA they will simply configure a Link-Local address.
Routers will send RAs periodically...it is a min/max setting in each router config.
When a client sees an RA with M on, they will send a DHCPv6 Solicit (Mcast to FF02::1:2) looking for DHCPv6 servers.
If the client has a DHCPv6 derived address, and receives an RA that has M off, the client will release that DHCPv6 derived address (just like you saw). If the client later receives an RA with M on, they send the DHCPv6 Solicit, etc, etc, etc.
For Stateful (DHCPv6) you want A=off, L=on, M=on L=on (L on or off doesn't really matter since M is on). The client will get its def g/w from the RA, and IPv6 addr from DHCPv6.
btw, in Win7, even if the config is for DHCPv6, it will not send the DHCPv6 Solicit until it has received an RA with M set to on. Again, this is not how DHCPv4 operates.
I am presenting on this exact topic at the 2012 North American IPv6 Summit in Denver next week. http://www.rmv6tf.org/IPv6Summit.htm
I also recently finished the chapter of the Guide to TCP/IP 4th edition that is all about this topic. The book will be available late summer 2012. This 4th edition update grew the 50pages of IPv6 content in the 3rd edition to over 400 pages, alot of new content!!
- Proposed as answer by MGro Friday, June 15, 2012 7:00 PM
I will send off for your book, does it cover Server 2012 and IPAM?
Does a server send a RS too even if it has a static IPv6 address and a gateway and DNS servers configured manually?
Is there really no way to get rid of the FE80 Local Link addresses?
Replies after your Q's:
Q1 - your book, does it cover Server 2012 and IPAM?
A1 - no, but mostly W2K8-R2 and W2K12 operate about the same for IPv6
Q2 - Does a server send a RS too even if it has a static IPv6 address and a gateway and DNS servers configured manually?
A2 - no, but Windows server can be configured to be an IPv6 router, but I wouldn't recommend doing it, very little "tweaking" available.
Q3 - Is there really no way to get rid of the FE80 Local Link addresses?
A3 - No, that would break the foundation of IPv6 operations/standards.
Yes certainly helps. I just don't like the FE80s
My servers keep getting DHCP addresses as well as the fixed ones I have given them.
On one I could get rid of it with ipconfig /release6 but on another I can't.
It seems to me that it would be nice that DCs with DNS installed automatically don't go and get another IP address and publish it. I suppose it keeps us all employed :)