Show
DHCPv6 overviewIntroduction to DHCPv6The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) was designed based on IPv6 addressing scheme and is used for assigning IPv6 prefixes, IPv6 addresses, and other configuration parameters to hosts. Compared with other IPv6 address allocation methods (such as manual configuration and stateless address autoconfiguration), DHCPv6 can: · Record addresses assigned to hosts and assign addresses to specific hosts, thus facilitating network management. · Assign prefixes to devices, thus facilitating automatic configuration and management of the entire network. · Assign configuration parameters to hosts, such as the DNS server address or domain name. Basic conceptsDHCPv6 multicast addressesThe multicast address FF05::1:3 identifies all DHCPv6 servers on the site-local network. The multicast address FF02::1:2 identifies all DHCPv6 servers and relay agents on the link-local link. DUIDA DHCP unique identifier (DUID) uniquely identifies a DHCPv6 device (Relay agent, or server), and is used for authentication between DHCPv6 devices. Figure 1 Format of DUID-LL There are many types of DUID. Currently, the device only supports the DUID that is based on link-layer address (DUID-LL) defined in RFC 3315. The DUID-LL format is shown in Figure 1, where: · DUID type—The value 0x0003 indicates that the DUID type is DUID-LL. · Hardware type—The switch supports Ethernet as the hardware type with the value of 0x0001. · Link layer address—Its value is the bridge MAC address of the switch. IAIdentified by an IAID, an Identity Association (IA) provides a construct through which the obtained addresses, prefixes, and other configuration parameters assigned from a server to a client are managed. A client can maintain multiple IAs, each of which is configured on an interface to manage the addresses, prefixes, and other configuration parameters obtained by that interface. IAIDAn IAID uniquely identifies an IA. It is chosen by the client and must be unique among the IAIDs on the client. BindingThe DHCPv6 server uses bindings to record the configuration information assigned to DHCPv6 clients, including the IPv6 address/prefix, client DUID, IAID, valid lifetime, preferred lifetime, and lease expiration time. PDThe Prefix Delegation (PD) is the lease record created by the DHCPv6 server for each assigned prefix. The PD contains information such as the IPv6 prefix, client DUID, IAID, valid lifetime, preferred lifetime, lease expiration time, and the IPv6 address of the requesting client. DHCPv6 address/prefix assignmentA process of DHCPv6 address/prefix assignment involves two or four messages. The following describe the detailed processes. Rapid assignment involving two messagesFigure 2 Process of rapid assignment involving two messages 1. The DHCPv6 client sends out a Solicit message that contains a Rapid Commit option, requesting that rapid assignment of address/prefix and other configuration parameters should be preferred. 2. If the DHCPv6 server supports rapid assignment, it responds with a Reply message containing the assigned IPv6 address/prefix and other configuration parameters. If the DHCPv6 server does not support rapid assignment, “Assignment involving four messages” is implemented. Assignment involving four messagesFigure 3 shows the process of IPv6 address/prefix assignment involving four messages. Figure 3 Assignment involving four messages 1. The DHCPv6 client sends out a Solicit message, requesting an IPv6 address/prefix and other configuration parameters. 2. If the Solicit message does not contain a Rapid Commit option, or the DHCPv6 server does not support rapid assignment though a Rapid Commit option is contained, the DHCPv6 server responds with an Advertise message, informing the DHCPv6 client of the assignable address/prefix and other configuration parameters. 3. The DHCPv6 client may receive multiple Advertise messages offered by different DHCPv6 servers. It then selects an offer according to the receiving sequence and server priority, and sends a Request message to the selected server for the confirmation of assignment. 4. The DHCPv6 server sends a Reply message to the client, confirming that the address/prefix and other configuration parameters are assigned to the client. Address/prefix lease renewalThe IPv6 address/prefix assigned by the DHCPv6 server has a lease time, which depends on the valid lifetime. When the valid lifetime of the IPv6 address/prefix expires, the DHCPv6 client cannot use the IPv6 address/prefix any longer. To use the IPv6 address/prefix longer, the DHCPv6 client has to renew the lease time. Figure 4 Using the Renew message for address/prefix lease renewal As shown in Figure 4, at T1, the DHCPv6 client sends a Renew message to the DHCPv6 server to renew its address and prefix lease. The recommended value of T1 is half the preferred lifetime. Then the DHCPv6 server responds with a Reply message, informing that the lease is renewed or not. Figure 5 Using the Rebind message for address/prefix lease renewal As shown in Figure 5, if the DHCPv6 client receives no response from the DHCPv6 server after sending out a Renew message at T1, it multicasts a Rebind message to all DHCPv6 servers at T2 (that is, when 80% preferred lifetime expires). Then the DHCPv6 server responds with a Reply message, informing that the lease is renewed or not. If the DHCPv6 client receives no response from the DHCPv6 servers, the client stops using the address/prefix when the valid lifetime expires.
Protocols and standards· RFC 3736, Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6 · RFC 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPv6) · RFC 2462, IPv6 Stateless Address Autoconfiguration · RFC 3633, IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6 Configuring DHCPv6 server
Introduction to the DHCPv6 serverApplication environmentTo simplify IPv6 address management and network configuration, you can configure a DHCPv6 server to assign IPv6 addresses, IPv6 prefixes, and other configuration parameters to DHCPv6 clients. Figure 6 Typical DHCPv6 server application for prefix assignment As shown in Figure 6, the DHCPv6 client obtains an IPv6 prefix from the server, and sends an RA message containing the prefix information to the subnet where it resides, so that hosts on the subnet can automatically configure their IPv6 addresses by using the prefix.
DHCPv6 address poolA DHCPv6 address pool contains IPv6 addresses, IPv6 prefixes, and other configuration parameters which the DHCPv6 server assigns to DHCPv6 clients. A DHCPv6 address pool can contain the following items: · Static IPv6 prefix—Statically bound to a DHCPv6 client and can only be assigned to the client. · Prefix pool with a prefix range—The DHCPv6 server dynamically assigns an IPv6 prefix from the prefix pool to a DHCPv6 client. · Static IPv6 address—Statically bound to a DHCPv6 client and can only be assigned to the client. · IPv6subnet—The DHCPv6 server dynamically assigns an IPv6 address on the subnet to a DHCPv6 client. · DNS server address. · DHCPv6 client domain name. · SIP server address or domain name. · Address Family Transition Router (AFTR) address. Prefix selection processTo configure a DHCPv6 server to assign IPv6 prefixes to DHCPv6 clients, you must apply an address pool on the receiving interface of the DHCPv6 server. Upon receiving a request, the DHCPv6 server searches all the address pools for a static IPv6 prefix bound to the client. If a match is found in an address pool, the server assigns the client the IPv6 prefix and other configuration parameters in the address pool. If no match is found, the DHCPv6 server assigns an IPv6 prefix and other configuration parameters from the address pool applied on the receiving interface. Address selection processUpon receiving a request for an IPv6 address, the DHCPv6 server searches all the address pools for a static IPv6 address bound to the client. If a match is found in an address pool, the server assigns the IPv6 address and other configuration parameters in the address pool to the DHCPv6 client. If no match is found, the DHCPv6 server selects an address pool in the following order: 1. Selects the DHCPv6 address pool applied on the receiving interface. 2. If no DHCPv6 address pool is applied on the receiving interface, selects an address pool as follows. ¡ If the source IPv6 address of the request is a link-local address, the client is on the same link as the receiving interface, so the DHCPv6 server selects an address pool that maximally matches the earliest configured IPv6 address of the interface. ¡ If the DHCPv6 request is from a DHCPv6 relay agent, the DHCPv6 server selects an address pool that maximally matches the link address (which is the address of the DHCPv6 relay agent nearest to the DHCPv6 client) in the request. 3. Selects an IPv6 address and other configuration parameters from the address pool. DHCPv6 server configuration task listComplete the following tasks to configure the DHCPv6 server:
Configuration prerequisitesBefore configuring the DHCPv6 server, enable IPv6 by using the ipv6 command. For more information about the ipv6 command, see Layer 3—IP Services Command Reference. Enabling the DHCPv6 serverTo enable the DHCPv6 server:
Configuring the DHCPv6 server to assign IPv6 prefixes to DHCPv6 clientsUse either of the following methods to configure the DHCPv6 server to assign an IPv6 prefix to a DHCPv6 client: · Configure a static IPv6 prefix binding in an address pool: If you bind a DUID and an IAID toan IPv6 prefix, the DUID and IAID in a request must match those in the binding before the DHCPv6 server can assign the IPv6 prefix to the DHCPv6 client. If you only bind a DUID to an IPv6 prefix, the DUID in the request must match the DUID in the binding before the DHCPv6 server can assign the IPv6 prefix to the DHCPv6 client. · Apply a prefix pool to an address pool: The DHCPv6 server dynamically assigns an IPv6 prefix from the address pool to a DHCPv6 client. To configure the DHCPv6 server to assign an IPv6 prefix to a DHCPv6 client:
Configuring the DHCPv6 server to assign IPv6 addresses to DHCPv6 clientsUse either of the following methods to configure the DHCPv6 server to assign IPv6 addresses to DHCPv6 clients: · Configure a static IPv6 address binding in an address pool: If you bind a DUID and an IAID toan IPv6 address, the DUID and IAID in a request must match those in the binding before the DHCPv6 server can assign the IPv6 address to the DHCPv6 client. If you only bind a DUID to an IPv6 address, the DUID in a request must match the DUID in the binding before the DHCPv6 server can assign the IPv6 address to the DHCPv6 client. · Specify a subnetin an address pool: The DHCPv6 server dynamically assigns an IPv6 addresson the subnet to a DHCPv6 client. Configuration guidelinesWhen you configure the DHCPv6 server to assign IPv6 addresses to DHCPv6 clients, follow these guidelines: · You can configure multiple static IPv6 address bindings by using the static-bind address command repeatedly. · An IPv6 address can be bound to only one DHCPv6 client. You cannot use the static-bind address command to modify the DUID, IAID, preferred lifetime and valid lifetime of a static IPv6 address binding. To do so, you must remove the static binding first. · Only one subnet can be specified in an address pool. If you use the network command repeatedly in a DHCPv6 address pool, the new configuration overwrites the previous one. If the new configuration has the same subnet as but different preferred lifetime and valid lifetime from the previous configuration, the new preferred lifetime and valid lifetime are effective only to the IPv6 addresses not assigned to DHCPv6 clients. · You cannot use the network command to configure the same subnet in different address pools. Configuration procedureTo configure the DHCPv6 server to assign IPv6 addresses to DHCPv6 clients:
Configuring network parameters in a DHCPv6 address poolBesides IPv6 prefixes and IPv6 addresses, you can configure other network parameters in a DHCPv6 address pool, such as DNS server address, client domain name, SIP server address and domain name, and AFTR address. To configure network parameters in a DHCPv6 address pool:
Enabling the DHCPv6 server on an interfaceTo enable the DHCPv6 server to assign IPv6 prefixes to clients, you must apply an address pool when enabling the DHCP server on the interface. If you only need the DHCPv6 server to assign IPv6 addresses to clients, you do not need to apply an address pool. Configuration guidelinesWhen you enable the DHCPv6 server on an interface, follow these guidelines: · An interface cannot serve as a DHCPv6 server and DHCPv6 relay agent at the same time. · Do not enable DHCPv6 server and DHCPv6 client on the same interface. · Only one address pool can be applied to an interface. · A non-existing address pool can be applied to an interface, but the server cannot assign any prefix, address, or other configuration information from the address pool until the address pool is created. · You cannot modify the address pool applied to an interface or parameters such as the server priority by using the ipv6 dhcp server command. To do so, you must disable the DHCPv6 server on the interface first. Configuration procedureTo enable the DHCPv6 server on an interface:
Displaying and maintaining the DHCPv6 server
DHCPv6 server configuration exampleIPv6 prefix and network parameters assignment configuration exampleNetwork requirementsAs shown in Figure 7, the switch serves as a DHCPv6 server, and assigns the IPv6 prefix, DNS server address, domain name, SIP server address, and SIP server domain name to the DHCPv6 clients. The IPv6 address of the switch is 1::1/64. The switch assigns prefix 2001:0410:0201::/48 to the client whose DUID is 00030001CA0006A40000, and assigns prefixes ranging from 2001:0410::/48 to 2001:0410:FFFF::/48 (excluding 2001:0410:0201::/48) to other clients. The DNS server address is 2::2:3. The DHCPv6 clients reside in domain aaa.com. The SIP server address is 2:2::4, and the domain name of the SIP server is bbb.com. Configuration considerationsConfigure the DHCPv6 server as follows: · Enable IPv6 and DHCPv6 server. · Create a prefix pool containing prefix 2001:0410::/32 with the length of the assigned prefix being 48, so that the server assigns clients the prefixes ranging 2001:0410::/48 to 2001:0410:FFFF::/48. · Create an address pool. Configure a static prefix in the address pool and have the prefix pool referenced by the address pool. Configure other configuration parameters. · Apply the address pool to the interface through which the server is connected to the clients. · Enable the DHCPv6 server on the interface that connects to the clients and apply the address pool to the interface. Figure 7 Network diagram Configuration procedure# Enable IPv6 and DHCPv6 server. <Switch> system-view [Switch] ipv6 [Switch] ipv6 dhcp server enable # Configure the IPv6 address of VLAN-interface 2. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 address 1::1/64 [Switch-Vlan-interface2] quit # Create and configure prefix pool 1. [Switch] ipv6 dhcp prefix-pool 1 prefix 2001:0410::/32 assign-len 48 # Create address pool 1. [Switch] ipv6 dhcp pool 1 # Apply prefix pool 1 to address pool 1, and set the preferred lifetime to one day, the valid lifetime to three days. [Switch-dhcp6-pool-1] prefix-pool 1 preferred-lifetime 86400 valid-lifetime 259200 # Configure static prefix 2001:0410:0201::/48 in address pool 1, and set the client DUID as 00030001CA0006A40000, the preferred lifetime to one day, and the valid lifetime to three days. [Switch-dhcp6-pool-1] static-bind prefix 2001:0410:0201::/48 duid 00030001CA0006A40000 preferred-lifetime 86400 valid-lifetime 259200 # Configure the DNS server address as 2:2::3. [Switch-dhcp6-pool-1] dns-server 2:2::3 # Configure the domain name as aaa.com. [Switch-dhcp6-pool-1] domain-name aaa.com # Configure the SIP server address as 2:2::4, and the domain name of the SIP server as bbb.com. [Switch-dhcp6-pool-1] sip-server address 2:2::4 [Switch-dhcp6-pool-1] sip-server domain-name bbb.com [Switch-dhcp6-pool-1] quit # Enable the DHCPv6 server on VLAN-interface 2, apply address pool 1 to the interface, configure the address pool to support the desired prefix assignment and rapid prefix assignment, and set the precedence to the highest. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 dhcp server apply pool 1 allow-hint preference 255 rapid-commit Verifying the configuration# After the preceding configuration is complete, display the DHCPv6 server configuration information on VLAN-interface 2. [Switch-Vlan-interface2] display ipv6 dhcp server interface vlan-interface 2 Using pool: 1 Preference value: 255 Allow-hint: Enabled Rapid-commit: Enabled # Display the information of address pool 1. [Switch-Vlan-interface2] display ipv6 dhcp pool 1 Pool: 1 Static bindings: DUID: 00030001CA0006A40000 IAID: 0xA1A1A1A1 Prefix: 2001:410:201::/48 Preferred lifetime 86400, valid lifetime 2592000 Prefix pool: 1 Preferred lifetime 86400, valid lifetime 2592000 DNS server addresses: 2:2::3 Domain name: aaa.com SIP server addresses: 2:2::4 SIP server domain names: bbb.com # Display the information of prefix pool 1. [Switch-Vlan-interface2] display ipv6 dhcp prefix-pool 1 Prefix: 2001:410::/32 Assigned length: 48 Total prefix number: 65536 Available: 65535 In-use: 0 Static: 1 # After the client whose DUID is 00030001CA0006A40000 obtains an IPv6 prefix, display the prefix binding information on the DHCPv6 server. [Switch-Vlan-interface2] display ipv6 dhcp server pd-in-use all Total number = 1 Prefix Type Pool Expiration time 2001:410:201::/48 Static(C) 1 Jul 10 2011 19:45:01 # After the other client obtains an IPv6 prefix, display the prefix binding information on the DHCPv6 server. [Switch-Vlan-interface2] display ipv6 dhcp server pd-in-use all Total number = 2 Prefix Type Pool Expiration time 2001:410:201::/48 Static(C) 1 Jul 10 2011 19:45:01 2001:410::/48 Auto(C) 1 Jul 10 2011 20:44:05 Static IPv6 address assignment configuration exampleNetwork requirementsAs shown in Figure 8, the switch serves as a DHCPv6 server with IPv6 address 1::1/64. It assigns IPv6 address 1::A/124 to the client whose DUID is FF00010006498D3322000102030405, and assigns IPv6 address 1::B/124 to the client whose DUID is 00030001CA0006A40000. Configuration considerationsConfigure the following settings on the DHCPv6 server: · Enable IPv6 and DHCPv6 server. · Create a DHCPv6 address pool. Configure static IPv6 address bindings for the clients. · Enable the DHCPv6 server on the interface that connects to the clients. Figure 8 Network diagram Configuration procedure# Enable IPv6 and DHCPv6 server on the switch. <Switch> system-view [Switch] ipv6 [Switch] ipv6 dhcp server enable # Configure the IPv6 address of interface VLAN-interface 2. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 address 1::1/64 [Switch-Vlan-interface2] quit # Create address pool 1. [Router] ipv6 dhcp pool 1 # In address pool 1, bind IPv6 address 1::A/124 with the client whose DUID is FF00010006498D3322000102030405, and bind 1::B/124 with the client whose DUID is 00030001CA0006A40000. Set their preferred lifetime to one day and valid lifetime to three days. [Switch-dhcp6-pool-1] static-bind address 1::A/124 duid FF00010006498D3322000102030405 preferred-lifetime 86400 valid-lifetime 259200 [Switch-dhcp6-pool-1] static-bind address 1::B/124 duid 00030001CA0006A40000 preferred-lifetime 86400 valid-lifetime 259200 [Switch-dhcp6-pool-1] quit # Enable the DHCPv6 server on interface VLAN-interface 2, apply address pool 1 to the interface, configure the address pool to support desired address assignment and rapid address assignment, and set the precedence to the highest. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 dhcp server apply pool 1 allow-hint preference 255 rapid-commit Verifying the configuration# Display the DHCPv6 server configuration information on VLAN-interface 2. [Switch-Vlan-interface2] display ipv6 dhcp server Vlan-interface 2 Using pool: 1 Preference value: 255 Allow-hint: Enabled Rapid-commit: Enabled # Display the information of address pool 1. [Switch-Vlan-interface2] display ipv6 dhcp pool 1 Pool: 1 Static bindings: DUID: FF00010006498D3322000102030405 IAID: Not configured Address: 1::A/124 Preferred lifetime 86400, valid lifetime 2592000 DUID: 00030001CA0006A40000 IAID: Not configured Address: 1::B/124 Preferred lifetime 86400, valid lifetime 2592000 # After the clients have obtained IPv6 addresses, display the IPv6 address binding information on the DHCPv6 server. [Switch-Vlan-interface2] display ipv6 dhcp server ip-in-use address 1::A Pool: 1 Client: FE80::A8FF:A1E0:FE19:0 Type: Static(C) DUID: FF00010006498D3322000102030405 IAID: 0x1 Address: 1::A Preferred lifetime 604800, valid lifetime 2592000 Expires at Dec 23 2010 13:47:52 (2588194 seconds left) [Switch-Vlan-interface2] display ipv6 dhcp server ip-in-use address 1::B Pool: 1 Client: FE80::18FE:31EF:EE49:0 Type: Static(C) DUID: 00030001CA0006A40000 IAID: 0x1 Address: 1::B Preferred lifetime 604800, valid lifetime 2592000 Expires at Dec 23 2010 13:47:52 (2588194 seconds left) Dynamic IPv6 address assignment configurations exampleNetwork requirementsAs shown in Figure 9, the switch serves as the DHCPv6 server. It assigns IPv6 addresses on subnet 1:2::/32 to clients Host A and Host B, and assigns IPv6 addresses on subnet 1:3::/32 to clients Host C and Host D. Configuration considerationsConfigure the following settings on the DHCPv6 server: · Enable IPv6 and DHCPv6 server. · Configure IPv6 address 1:2::1/32 for interface VLAN-interface 2 that connects to Host A and Host B, and configure IPv6 address 1:3::1/32 for interface VLAN-interface 3 that connects to Host C and Host D. · Create DHCPv6 address pools, which contain subnets 1:2::/32 and 1:3::/32 respectively. · Enable the DHCPv6 server on the interfaces that connect to the clients. Figure 9 Network diagram Configuration procedure# Enable IPv6 and DHCPv6 server on the switch. <Switch> system-view [Switch] ipv6 [Switch] ipv6 dhcp server enable # Configure IPv6 addresses for interfaces VLAN-interface 2 and VLAN-interface 3. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 address 1:2::1/32 [Switch-Vlan-interface2] quit [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ipv6 address 1:3::1/32 [Switch-Vlan-interface3] quit # Create address pool 1, specify subnet 1:2::/32 in the address pool, and set the subnet preferred lifetime to one day and valid lifetime to three days. [Switch] ipv6 dhcp pool 1 [Switch -dhcp6-pool-1] network 1:2::/32 preferred-lifetime 86400 valid-lifetime 259200 [Switch -dhcp6-pool-1] quit # Create address pool 2, specify subnet 1:3::/32 in the address pool, and set the subnet preferred lifetime to one day and valid lifetime to three days. [Switch] ipv6 dhcp pool 2 [Switch -dhcp6-pool-2] network 1:3::/32 preferred-lifetime 86400 valid-lifetime 259200 [Switch -dhcp6-pool-2] quit # Enable the DHCPv6 server, desired address assignment and rapid address assignment on interface VLAN-interface 2, without applying any address pool. [Switch] interface vlan-interface 2 [Switch-Vlan-interface2] ipv6 dhcp server allow-hint rapid-commit [Switch-Vlan-interface2] quit # Enable the DHCPv6 server, desired address assignment and rapid address assignment on interface VLAN-interface 3, without applying any address pool. [Switch] interface vlan-interface 3 [Switch-Vlan-interface3] ipv6 dhcp server allow-hint rapid-commit [Switch-Vlan-interface3] quit Verifying the configuration# Display the DHCPv6 server configuration information on VLAN-interface 2 and VLAN-interface 3. [Switch] display ipv6 dhcp server interface Vlan-interface 2 Using pool: 1 Preference value: 0 Allow-hint: Enabled Rapid-commit: Enabled [Switch] display ipv6 dhcp server interface Vlan-interface 3 Preference value: 0 Allow-hint: Enabled Rapid-commit: Enabled # Display the information of address pool 1. [Switch] display ipv6 dhcp pool 1 Pool: 1 Network: 1:2::/32 Preferred lifetime 86400, valid lifetime 259200 # Display the information of address pool 2. [Switch] display ipv6 dhcp pool 2 Pool: 2 Network: 1:3::/32 Preferred lifetime 86400, valid lifetime 259200 # After Host A and Host B have obtained IPv6 addresses, display the IPv6 address binding information on the DHCPv6 server. [Switch] display ipv6 dhcp server ip-in-use Total number = 2 Address Type Pool Expiration time 1:2::2 Auto(C) 1 Jul 10 2011 19:45:01 1:2::3 Auto(C) 1 Jul 10 2011 19:45:01 # After Host C and Host D have obtained IPv6 addresses, display the IPv6 address binding information on the DHCPv6 server. [Switch] display ipv6 dhcp server ip-in-use Total number = 4 Address Type Pool Expiration time 1:2::2 Auto(C) 1 Jul 10 2011 19:45:01 1:2::3 Auto(C) 1 Jul 10 2011 19:45:01 1:3::2 Auto(C) 2 Jul 10 2011 19:47:01 1:3::3 Auto(C) 2 Jul 10 2011 19:47:01 Configuring DHCPv6 relay agentIntroduction to the DHCPv6 relay agentApplication environmentFigure 10 Typical DHCPv6 relay agent application A DHCPv6 client usually uses a multicast address to contact the DHCPv6 server on the local link to obtain an IPv6 address and other configuration parameters. As shown in Figure 10, if the DHCPv6 server resides on another subnet, the DHCPv6 client can contact the server via a DHCPv6 relay agent. Thus, you do not need to deploy a DHCPv6 server on each subnet. Operation of DHCPv6 relay agentFigure 11 DHCPv6 relay agent operation process Take the process of rapid assignment by using two messages as an example. Figure 11 shows how the DHCPv6 client obtains an IPv6 address and other network configuration parameters from the DHCPv6 server through the DHCPv6 relay agent. 1. The DHCPv6 client sends a Solicit message containing the Rapid Commit option to the multicast address FF02::1:2 of all the DHCPv6 servers and relay agents. 2. After receiving the Solicit message, the DHCPv6 relay agent encapsulates the message into the Relay Message option of a Relay-forward message, and sends the message to the DHCPv6 server. 3. After obtaining the Solicit message from the Relay-forward message, the DHCPv6 server selects an IPv6 address and other required parameters, and adds them to the reply which is encapsulated within the Relay Message option of a Relay-reply message. The DHCPv6 server then sends the Relay-reply message to the DHCPv6 relay agent. 4. The DHCPv6 relay agent obtains the reply from the Relay-reply message and sends the reply to the DHCPv6 client. Then the DHCPv6 client uses the IPv6 address and other network parameters assigned by the DHCPv6 server to perform network configuration. Configuring the DHCPv6 relay agentUpon receiving a request from a DHCPv6 client, the interface that operates as a DHCPv6 relay agent encapsulates the request into a Relay-forward message and forwards the message to the specified DHCPv6 server, which then assigns an IPv6 address and other configuration parameters to the DHCPv6 client. Configuration prerequisitesBefore configuring DHCPv6 relay agent, you need to use the ipv6 command to enable IPv6. For more information about the ipv6 command, see the chapter “IPv6 basics configuration.” Configuration guidelinesWhen you configure the DHCPv6 relay agent, follow these guidelines: · Executing the ipv6 dhcp relay server-address command repeatedly can specify multiple DHCPv6 servers. Up to eight DHCP servers can be specified for an interface. After receiving requests from DHCPv6 clients, the DHCPv6 relay agent forwards the requests to all specified DHCPv6 servers. · If the DHCPv6 server address is a link-local address or link-scoped multicast address on the local link, you need to specify an outgoing interface using the interface keyword in the ipv6 dhcp relay server-address command; otherwise, DHCPv6 packets may fail to be forwarded to the DHCPv6 server. · Removing all the specified DHCPv6 server addresses from an interface disables DHCPv6 relay agent on the interface. · Do not enable the DHCPv6 relay agent and DHCPv6 client on the same interface. Configuration procedureTo configure the DHCPv6 relay agent:
Displaying and maintaining the DHCPv6 relay agent
DHCPv6 relay agent configuration example
Network requirementsAs shown in Figure 12, the network address prefix of DHCPv6 clients is 1::/64, and the IPv6 address of the DHCPv6 server is 2::2/64. The DHCPv6 client and server need to communicate via a DHCPv6 relay agent (Switch A). Switch A acts as the gateway of network 1::/64. It sends RA messages to notify the hosts to obtain IPv6 addresses and other configuration parameters through DHCPv6. For more information about RA messages, see the chapter “IPv6 basics configuration.” Figure 12 DHCPv6 relay agent configuration Configuration procedure1. Configure Switch A as a DHCPv6 relay agent: # Enable the IPv6 packet forwarding function. <SwitchA> system-view [SwitchA] ipv6 # Configure the IPv6 addresses of VLAN-interface 2 and VLAN-interface 3 respectively. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address 2::1 64 [SwitchA-Vlan-interface2] quit [SwitchA] interface vlan-interface 3 [SwitchA-Vlan-interface3] ipv6 address 1::1 64 # Enable DHCP relay agent and specify the DHCPv6 server address on VLAN-interface 3. [SwitchA-Vlan-interface3] ipv6 dhcp relay server-address 2::2 2. Configure Switch A as a gateway: # Enable Switch A to send RA messages and set the M and O flags. [SwitchA-Vlan-interface3] undo ipv6 nd ra halt [SwitchA-Vlan-interface3] ipv6 nd autoconfig managed-address-flag [SwitchA-Vlan-interface3] ipv6 nd autoconfig other-flag 3. Verify the configuration: # After completing the configurations, display DHCPv6 server address information on Switch A. [SwitchA-Vlan-interface3] display ipv6 dhcp relay server-address all Interface: Vlan3 Server address(es) Output Interface 2::2 # Display packet statistics on the DHCPv6 relay agent. [SwitchA-Vlan-interface3] display ipv6 dhcp relay statistics Packets dropped : 0 Error : 0 Excess of rate limit : 0 Packets received : 14 SOLICIT : 0 REQUEST : 0 CONFIRM : 0 RENEW : 0 REBIND : 0 RELEASE : 0 DECLINE : 0 INFORMATION-REQUEST : 7 RELAY-FORWARD : 0 RELAY-REPLY : 7 Packets sent : 14 ADVERTISE : 0 RECONFIGURE : 0 REPLY : 7 RELAY-FORWARD : 7 RELAY-REPLY : 0 Configuring DHCPv6 snooping
DHCPv6 snooping overviewAs a DHCPv6 security feature, DHCPv6 snooping can implement the following: · Ensuring DHCPv6 clients to obtain IPv6 addresses from authorized DHCPv6 servers · Recording IP-to-MAC mappings of DHCPv6 clients Ensuring DHCPv6 clients to obtain IPv6 addresses from authorized DHCPv6 serversIf there is an unauthorized DHCPv6 server on a network, DHCPv6 clients may obtain invalid IPv6 addresses and network configuration parameters, and cannot communicate with other network devices. With DHCPv6 snooping, the ports of a switch can be configured as trusted or untrusted, ensuring the clients to obtain IPv6 addresses from authorized DHCPv6 servers. · Trusted—A trusted port forwards DHCPv6 messages normally. · Untrusted—An untrusted port discards the reply messages from any DHCPv6 server. Figure 13 Trusted and untrusted ports A DHCPv6 snooping device’s port that is connected to an authorized DHCPv6 server, DHCPv6 relay agent, or another DHCPv6 snooping device should be configured as a trusted port to forward reply messages from the authorized DHCPv6 server, whereas other ports are configured as untrusted so that the DHCPv6 client can obtain an IPv6 address from the authorized DHCPv6 server only. As shown in Figure 13, configure the port that connects to the DHCPv6 server as a trusted port, and other ports as untrusted. Recording IP-to-MAC mappings of DHCPv6 clientsDHCPv6 snooping reads DHCPv6 messages to create and update DHCPv6 snooping entries, including MAC addresses of clients, IPv6 addresses obtained by the clients, ports that connect to DHCPv6 clients, and VLANs to which the ports belong. You can use the display ipv6 dhcp snooping user-binding command to view the IPv6 address obtained by each client, so that you can manage and monitor the clients' IPv6 addresses. Enabling DHCPv6 snoopingTo allow clients to obtain IPv6 addresses from an authorized DHCPv6 server, enable DHCPv6 snooping globally and configure trusted and untrusted ports properly. At this point, clients can obtain IPv6 addresses from valid servers, but DHCPv6 snooping entries are not recorded. To record DHCPv6 snooping entries for a VLAN, enable DHCPv6 snooping for the VLAN. To enable DHCPv6 snooping:
Configuring a DHCPv6 snooping trusted portAfter enabling DHCPv6 snooping globally, you can specify trusted and untrusted ports for a VLAN as needed. A DHCPv6 snooping trusted port normally forwards DHCPv6 packets it receives. A DHCPv6 snooping untrusted port discards any DHCPv6 reply message received from a DHCPv6 server. Upon receiving a DHCPv6 request from a client in the VLAN, the DHCPv6 snooping device forwards the packet through trusted ports rather than any untrusted port in the VLAN, thus reducing network traffic. To configure a DHCPv6 snooping trusted port:
Configuring the maximum number of DHCPv6 snooping entries an interface can learnPerform this optional task to prevent an interface from learning too many DHCPv6 snooping entries and to save system resources. To configure the maximum number of DHCPv6 snooping entries an interface can learn:
Displaying and maintaining DHCPv6 snooping
DHCPv6 snooping configuration example
Network requirementsAs shown in Figure 14, Switch B connects to a DHCPv6 server (Switch A) through GigabitEthernet 3/0/1, a DHCPv6 client through GigabitEthernet 3/0/2, and another DHCPv6 client or an unauthorized DHCPv6 server through GigabitEthernet 3/0/3. These three interfaces belong to VLAN 2. Configure Switch B to do the following: · Forwarding DHCPv6 reply messages received on GigabitEthernet 3/0/1 only. · Recording the IP-to-MAC mappings for DHCPv6 clients. Figure 14 Network diagram Configuration procedure# Enable DHCPv6 snooping globally. <SwitchB> system-view [SwitchB] ipv6 dhcp snooping enable # Add GigabitEthernet 3/0/1, GigabitEthernet 3/0/2, and GigabitEthernet 3/0/3 to VLAN 2. [SwitchB] vlan 2 [SwitchB-vlan2] port gigabitethernet 3/0/1 gigabitethernet 3/0/2 gigabitethernet 3/0/3 # Enable DHCPv6 snooping for VLAN 2. [SwitchB-vlan2] ipv6 dhcp snooping vlan enable [SwitchB-vlan2] quit # Configure GigabitEthernet 3/0/1 as a DHCPv6 snooping trusted port. [SwitchB] interface gigabitethernet 3/0/1 [SwitchB-GigabitEthernet 3/0/1] ipv6 dhcp snooping trust # Verify the configuration. After the preceding configuration is complete, connect GigabitEthernet 3/0/2 to the DHCPv6 client, connect GigabitEthernet 3/0/1 to the DHCPv6 server (Switch A), and connect GigabitEthernet 3/0/3 to an unauthorized DHCPv6 server. The DHCPv6 client obtains an IPv6 address from Switch A, but cannot obtain any IPv6 address from the unauthorized DHCPv6 server. You can use the display ipv6 dhcp snooping user-binding command to view the DHCPv6 snooping entries on Switch B. What address is DHCPv6 solicit messages sent?IPv6 does not support broadcast packets, and therefore DHCPv6 clients use multicast IPv6 packets for communication. DHCPv6 clients use the multicast address FF02::1:2 to communicate with DHCPv6 relay agents and servers. DHCPv6 relay agents and servers use the multicast address FF05::1:3 to communicate with each other.
What is a DHCPv6 server?DHCPv6 is a method to assign IPv6 addresses automatically to network clients. When you enable IPv6 for a trusted or optional interface, you can enable the DHCPv6 server on the interface, to assign IPv6 addresses to clients that connect. Before you can enable the DHCPv6 server, you must enable IPv6 for the interface.
When DHCPv6 messages are sent from a server to client what port is used as the destination?DHCPv6 messages are sent over UDP. DHCPv6 messages from the server to the client use UDP destination port 546.
Which DHCPv6 messages go from the server to the client?DHCPv6 servers then send Advertise messages to the client to indicate that they are available. The client sends a Request message to a specific DHCPv6 server to request IP addresses and configuration parameters. The DHCPv6 server responds with a Reply message that contains the IP addresses and configuration parameters.
|