DHCPv6

Dynamic Host Configuration Protocol for IPv6 networks.

Introduction: A New Protocol for a New Internet

The transition from Internet Protocol version 4 (IPv4) to Internet Protocol version 6 (IPv6) represents one of the most significant evolutions in the history of the internet. IPv6 was designed to solve the critical issue of IPv4 address exhaustion, but it also introduced a host of new features and changed some fundamental networking concepts. One of the areas that saw a major redesign was host configuration.

In the IPv4 world, the Dynamic Host Configuration Protocol (DHCP) became the undisputed standard for automating the assignment of IP addresses, subnet masks, and other network parameters. It was a purely centralized system: a client device was completely dependent on a DHCP server to get online. IPv6, however, introduced a new, decentralized method for address assignment directly into its core protocol suite called . This fundamental shift meant that the role of DHCP had to be re-evaluated and adapted for the new IPv6 paradigm.

The result is , a protocol that is similar in name to its predecessor but operates very differently. It is not just an update, but a new protocol designed to coexist with and complement the native autoconfiguration capabilities of IPv6. Understanding DHCPv6 requires first understanding the new landscape of address assignment that IPv6 created.

The IPv6 Autoconfiguration Landscape: SLAAC

Before diving into DHCPv6, it is crucial to understand its primary counterpart: Stateless Address Autoconfiguration (SLAAC). In many IPv6 networks, devices can get a globally unique, routable IP address without any DHCP server being present. This process is built into the Neighbor Discovery Protocol (NDP), a core component of IPv6.

How SLAAC Works: Router Advertisements

The SLAAC process relies on messages sent by routers on the local network.

  1. Router Solicitations: When an IPv6-enabled device connects to a network, it sends out a Router Solicitation message to a special multicast address, essentially asking, "Are there any routers on this network?"
  2. Router Advertisements (RA): Routers on the network periodically send out Router Advertisement messages, and will also send one immediately in response to a solicitation. This RA message is the key to SLAAC and contains critical information:
    • Network Prefix: The first 64 bits of the IPv6 address for that local network (e.g., 2001:db8:acad::/642001:db8:acad::/64).
    • Prefix Lifetime: How long the prefix is valid.
    • Default Gateway: The address of the router itself, which the client will use as its default gateway.
    • Management Flags: Two critical one-bit flags, the "M" bit (Managed Address Configuration) and the "O" bit (Other Configuration), which we will discuss later.
  3. Address Generation: The client device receives the 64-bit network prefix from the RA message. It then generates the remaining 64 bits of its own address, known as the Interface Identifier. This can be done in two primary ways:
    • EUI-64: The client takes its 48-bit MAC address and expands it into a 64-bit identifier using a standard algorithm.
    • Random/Privacy Extensions: To avoid being tracked by a static interface identifier based on the MAC address, modern operating systems typically generate a temporary, random 64-bit identifier that changes over time.
  4. Uniqueness Check: Before using the address, the client performs a Duplicate Address Detection (DAD) process to ensure no other device on the local network is already using it. It now has a globally unique IPv6 address and knows its default gateway.

The Limitation of SLAAC

While powerful, SLAAC has one major limitation: it only provides an IP address and a gateway. It does not provide the address of a DNS server. A device with only a SLAAC-generated address would not be able to resolve domain names. This is the crucial gap that DHCPv6 was designed to fill.

DHCPv6 Modes of Operation: Stateful vs. Stateless

Since IPv6 devices can already get an IP address via SLAAC, DHCPv6 was designed to be more flexible than its IPv4 counterpart. It can operate in two primary modes, which are controlled by the "M" and "O" flags in the router's RA messages.

Stateless DHCPv6 ("I have an address, I just need options")

This is the most common mode in modern IPv6 networks. In this mode, the device uses SLAAC to generate its own IP address. The router's RA message has the M bit set to 0 (do not use DHCPv6 for addresses) and the O bit set to 1 (use DHCPv6 for "Other" configuration).

After configuring its IP address with SLAAC, the client sees the 'O' flag and knows it needs to talk to a DHCPv6 server to get the remaining configuration data. It sends a DHCPv6 query specifically asking only for options like DNS server addresses and a domain search list. This mode is called "stateless" because the DHCPv6 server does not need to keep a record or "state" of IP address leases; it simply provides stateless information to any client that asks.

Stateful DHCPv6 ("I need an address and all options")

This mode operates almost exactly like DHCPv4. The network administrator wants to maintain full control over IP address assignment. In this mode, the router's RA message has the M bit set to 1 (use DHCPv6 for addresses).

When a client sees this flag, it ignores SLAAC for address configuration and instead performs a full DHCPv6 query to request an IP address and all other configuration parameters from the server. This mode is called "stateful" because the DHCPv6 server must maintain a database (state) of which IP addresses have been assigned to which clients, along with their lease times. This is useful in corporate environments where tight control and logging of IP assignments are required.

The DHCPv6 Communication Process

The communication process in DHCPv6 is conceptually similar to DHCPv4's DORA, but the message names are different, and it uses multicast instead of broadcast. Clients send messages to the All DHCP Relay Agents and Servers multicast address (ff02::1:2ff02::1:2), and servers respond to the client's link-local address.

Four-Message Exchange (Stateful)

For stateful address assignment, a four-message exchange is typically used:

  1. Solicit: The client sends a 'Solicit' message to the all-servers multicast address, looking for a DHCPv6 server. This is the equivalent of DHCPv4's Discover.
  2. Advertise: Available DHCPv6 servers on the link respond with an 'Advertise' message, indicating that they are available for DHCP service. This is the equivalent of Offer.
  3. Request: The client chooses one of the servers and sends a 'Request' message, asking for a specific IP address and other configuration parameters. This is the equivalent of Request.
  4. Reply: The server finalizes the assignment and responds with a 'Reply' message, confirming the lease and providing the requested options. This is the equivalent of Acknowledge.

Two-Message Exchange (Rapid Commit)

To speed up the process, DHCPv6 introduces a "Rapid Commit" option. If a client includes this option in its 'Solicit' message, and the server supports it, the server can immediately respond with a 'Reply' message, completing the process in just two messages (Solicit and Reply) instead of four.

Stateless DHCPv6 Exchange

For stateless configuration, the exchange is simpler. The client sends an 'Information-Request' message, and the server responds with a 'Reply' containing only the requested configuration options (like DNS), with no IP address lease information.

Key Identifiers in DHCPv6: DUID and IA

DHCPv6 introduces two new and important concepts for identifying clients and managing address assignments: the DUID and the IA.

DUID (DHCP Unique Identifier)
In DHCPv4, clients are typically identified by their MAC address. This is problematic because MAC addresses can change if a network card is replaced. DHCPv6 replaces this with the DUID. The DUID is meant to be a stable identifier that is unique across all DHCP clients and servers and should remain constant for a device throughout its lifetime, regardless of network card changes. There are several types of DUIDs:
  • DUID-LLT (Link-Layer Address Plus Time): Combines the MAC address of an interface with a timestamp from when the DUID was generated. This is the most common type.
  • DUID-EN (Enterprise Number): Generated by a vendor based on their private enterprise number and a unique identifier they assign.
  • DUID-LL (Link-Layer Address): Simply uses the MAC address of an interface.
IA (Identity Association)
An IA is a construct through which a DHCPv6 server and a client manage and identify a collection of addresses and leases. A client creates an IA and assigns it a unique IAID (Identity Association Identifier). When requesting addresses, the client includes one or more IAs in its request. The server then returns the assigned addresses grouped within those same IAs. This allows a single client to manage multiple sets of addresses for different purposes. The most common IA types are:
  • IA_NA (Identity Association for Non-temporary Addresses): Used to request one or more standard, non-temporary IPv6 addresses.
  • IA_TA (Identity Association for Temporary Addresses): Used to request one or more temporary addresses, which are often used for privacy.
  • IA_PD (Identity Association for Prefix Delegation): This is a powerful feature unique to DHCPv6. It allows a device (typically a home router) to request an entire IPv6 network prefix from an ISP's DHCPv6 server. The router can then use this prefix to configure devices on its own local network using SLAAC or its own DHCPv6 server.
    DHCPv6 | Teleinf Edu