IPv6 Stateless Autoconfiguration 101

While preparing for my Rome IPv6 seminar, I had to reinvent a few wheels, including slides explaining IPv6 addressing and host behavior ... giving me a perfect reason to study the RFCs and figure out how exactly IPv6 stateless autoconfiguration (RFC 4862) works.

Stateless autoconfiguration is performed in a number of steps. After initializing the physical interface, the IPv6 host:

  • Creates its link-local address (LLA) using the FE80::/10 prefix and its MAC address encoded in EUI-64 format (see the diagram below).
  • Checks whether its LLA is unique using duplicate address detection procedure.
  • Joins the all-hosts multicast group (FF02::1) using Multicast Listener Discovery (MLD) protocol if it hasn’t joined the group during the LLA duplicate address detection step.

IPv6 hosts must use MLD to join IPv6 multicast groups to ensure MLD-snooping L2 switches propagate L2 multicasts to all interested hosts.

  • Sends router solicitation message (part of the neighbor discovery – ND – protocol) to all-routers multicast group (FF02::2).
  • Receives router advertisement messages from all directly-connected routers. The router(s) with the highest RA preference are used as the default gateways (default route: solved ).
  • Collects all valid prefixes advertised by adjacent routers and create a global IPv6 address within each advertised /64 IPv6 prefix, using either EUI-64 format or pseudo-random host ID as specified by RFC 4941.
  • Perform duplicate address detection for every generated global IPv6 address (interface IPv6 addresses: solved).

The router advertisement received during the autoconfiguration process might contain the managed address configuration flag (in which case the host uses DHCPv6 instead of stateless autoconfiguration) or other configuration flag that triggers an extra step: the IPv6 host sends a DHCPv6 information request query to receive additional configuration information like DNS server IPv6 address, domain search list, or SIP server IPv6 address (DNS server: solved). The list of all registered DHCPv6 options is available on IANA’s web site.

2 comments:

  1. Great stuff. I am working on an IPv6 multiprotocol lab for knob exploits. Your information is always so helpful to the learning process.
  2. Correct me if I am wrong, but EUI-64 also flips the 7th bit in the high 24 bits of the MAC address in the host portion, or is this only in certain operating systems?
Add comment
Sidebar