Here’s the second entry of Cisco Press author and chair of the Rocky Mountain IPv6 Task Force Scott Hogg multi-part blog on IPv6 addressing. This week: dynamic addressing with SLAAC. Thanks Scott! -Tom
Dynamic IPv6 Addressing
There are several ways for an IPv6-capable node to assign itself or be assigned an address dynamically. These methods are useful for systems that may change their location or are mobile and need a different IPv6 address in their new location. This dynamic address assignment is performed as soon as the system connects to the network. This section will go over the techniques that organizations will use for dynamic IPv6 address assignment.
Stateless Address Autoconfiguration
One of the simplest methods to dynamically have nodes self-assign their IPv6 address is to have them use Stateless Address Autoconfiguration (SLAAC). SLAAC is used by most computer operating systems as the default method of address assignment. SLAAC is defined in IETF RFC 4862, IPv6 Stateless Address Autoconfiguration.
When a host joins a network it sends an ICMPv6 (type 135) Router Solicitation (RS) message to inquire about the local router on the network. The local router will receive the RS message and immediately send an ICMPv6 (type 134) Routing Advertisement (RA) message. The router also sends the RA messages periodically (typically every 200 seconds) to all nodes on the network to keep them informed on any changes to the addressing information. The RA message contains important information for nodes and which method they should use to assign their addresses. The RA contains several flags that are set that the nodes watch for and use. One of these bits in the RA message is an Address Autoconfiguration Flag (A-flag or A-bit), which indicates if the host should perform address autoconfiguration.
- A = 0 = Node should not perform stateless address assignment
- A = 1 = Node should perform stateless address assignment
Therefore, if the A-bit is set to 1 then the node should self-assign its own IPv6 address using a method of its own choosing. This method is called Stateless Address Autoconfiguration (SLAAC). The node uses the prefix information from the RA message to tell it the first 64 bits of its IPv6 address and then it uses a method for determining its last 64 bits (interface identifier) of its 128-bit IPv6 address.
One technique for self-assigning the interface identifier of a node with stateless address auto-configuration uses the EUI-64 format. This format expands the node's 48-bit Ethernet MAC address of its network interface to a 64-bit version by inserting "FFFE" in the middle. The 48-bit MAC address with the 16 bits of FFFE makes a 64-bit interface identifier.
To make sure that 64-bits of the chosen address is from a unique Ethernet MAC address, the universal/local ( “u” bit) is set to 1 for global scope and 0 for local scope. The motivation for inverting the "u" bit when forming the interface identifier is to make it easy for system administrators to hand configure local scope identifiers when hardware tokens are not available. This is expected to be the case for serial links, tunnel end-points, etc.
To make sure that the chosen address is from a unique Ethernet MAC address, a bit is set to identify the unique property of the 48-bit address. If the bit is 1, then uniqueness is guaranteed. An OR is applied to the first octet of the 64-bit address using the unique 8 bits template.
- 0 | 0 = 0
- 0 | 1 = 1
- 1 | 0 = 1
- 1 | 1 = 0
The rationale of the global bit is for future use of the upper-layer protocols to uniquely identify a connection—even in the context of a change in the leftmost part of the address. However, this is not yet used. Uniqueness bit is considered to be globally unique; since it is constructed from a unique MAC address it should be set. However, IPv6 does not take advantage of this, implementations do not look at it.
There is a concern that if the node's MAC address is used for the EUI-64 technique to assign its own interface identifier that it is possible to track a node's behavior if the MAC address is known. Therefore, there is concern over the privacy of communications for nodes that use EUI-64. Another technique for a node assigning its own interface identifier is to use a privacy or temporary address. This technique is discussed in the following section.
The other concern over using the EUI-64 technique is that it may lead to easier reconnaissance of the systems on a network by an attack. This topic is covered in RFC 5157, IPv6 Implications for Network Scanning.
Even though SLAAC may be considered less desirable, this technique may be required for systems that cannot perform DHCPv6. For example, Microsoft Windows XP and earlier Apple MAC operating systems do not have a DHCPv6 client and perform SLAAC by default.