RJ Systems
Linux System Administration
Home Tech Linux Links Consulting







Valid XHTML 1.0!

Valid CSS!

IPv6 test

DHCPv6 stateful autoconfiguration

Introduction

Here is one way to set up IPv6 networking with Debian using the WIDE-DHCPv6 packages for servers and clients. Much information can be found about how it is possible to let IPv6 clients configure themselves using stateless autoconfiguration, but this is about how to set up a DHCP server for IPv6 so that the same (static) addresses can always be assigned to the same hosts using known DUID values; almost exactly the same as can be done with a DHCPv4 server using MAC addresses. This may seem old-fashioned, but since it is not (yet?) possible to combine dynamic DNS updates with IPv6 stateless autoconfiguration, a stateful aproach such as this will be necessary whenever DNS entries for DHCPv6 clients are required.

The example below shows how to set this up on a pair of machines running Debian lenny: on a server, holmes.example.com, and a client, watson.example.com. Both machines already have IPv4 Internet connectivity, with holmes also running a BIND9 server for DNS support. However, while watson has only one network interface, holmes has two: one external (eth0) that is connected to the Internet, and one internal (eth1) for client machines. In my case, IPv6 is tunneled into the server via IPv4, but as far as this exercise is concerned it could just as well be a native IPv6 connection. My tunnel broker happens to be my ISP, XS4ALL, the tunnel configuration for which is located in my server's /etc/network/interfaces file and looks like this:

auto xs6all
iface xs6all inet6 v4tunnel
	endpoint 194.109.5.241
	address 2001:888:10:db8::2
	up   ip route add default via 2001:888:10:db8::1
	down ip route del default via 2001:888:10:db8::1
	netmask 64
	ttl 64

Among other things, a default route is created when it is brought up. Otherwise, the external interface is of no further interest. Follow the ten steps below to implement DHCPv6 with stateful autoconfiguration using WIDE-DHCPv6. Of course, you should replace the IPv6 prefix, 2001:888:0db8::/48, which is used throughout this example, with your own.


1. Server interface configuration

On the server, edit /etc/network/interfaces to configure a fixed IPv6 address for the internal network interface. The configuration for the interface should look something like this:

auto eth1
iface eth1 inet6 static
	address 2001:888:0db8:1::a
	netmask 64
	pre-up modprobe ipv6
	up echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
	up echo 0 > /proc/sys/net/ipv6/conf/all/autoconf

In my own configuration, since I bring up this interface before the tunnel interface, I take this opportunity to use the pre-up option to first load the necessary Linux kernel module, ipv6. The last two lines are A.) to allow the server to act as an IPv6 router, and B.) a general measure to prevent any of the interfaces from accidentally gaining a second global IPv6 address through autoconfiguration at a later point in time.


2. Server package install

On the server, install the DHCPv6 server together with an IPv6 route advertising daemon:

~# apt-get install wide-dhcpv6-server radvd

A total of three packages, including one dependency, are installed as a result:

radvd                1:1.1-3            Router Advertisement Daemon
sharutils            1:4.6.3-1          shar, unshar, uuencode, uudecode
wide-dhcpv6-server   20080615-1lenny2   DHCPv6 server for automatic IPv6
                                        hosts configuration

Only one question is asked during the install process, related to the wide-dhcpv6-server package:

Interfaces on which the DHCPv6 server listens to requests: eth1

Enter the name of the interface to which you plan to connect your DHCPv6 clients. This information is saved in the /etc/default/wide-dhcpv6-server file.


3. Server DNS mappings

On the server, add forward and reverse mappings for the server and client to the DNS server. In the Bind9 zone file for example.com, they should look like this:

holmes   IN   AAAA   2001:888:0db8:1::a
watson   IN   AAAA   2001:888:0db8:1::b

Similarly, their counterparts in the 8.b.d.0.8.8.8.0.1.0.0.2.ip6.arpa reverse file should look like this:

a.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0   IN   PTR   holmes.example.com.
b.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.0   IN   PTR   watson.example.com.

4. Server route advertising daemon

On the server, the route advertising daemon does not yet have a configuration file. Create one for it called /etc/radvd.conf with the following contents:

interface eth1
{
	AdvSendAdvert on;
	AdvManagedFlag on;
	AdvOtherConfigFlag on;
	prefix 2001:888:0db8:1::/64 {
		AdvAutonomous off;
	};
};

The flags used in this configuration will also help to notify Windows 7 and Mac OS/X (10.7 and above) users that stateful autoconfiguration (DHCPv6) is to be used on this network.

After the file has been saved, start up the route advertising daemon:

~# /etc/init.d/radvd start

5. Server WIDE-DHCPv6 configuration

On the server, the dhcp6s daemon does not yet have a configuration file. Create one for it called /etc/wide-dhcpv6/dhcp6s.conf with the following contents:

option domain-name-servers	2001:888:0db8:1::a;
option domain-name		"example.com";

interface eth1 {
	address-pool pool1 3600;
};

pool pool1 {
	range 2001:888:0db8:1::1000 to 2001:888:0db8:1::2000;
};

6. Client package install

On the client machine, install the following packages:

~# apt-get install wide-dhcpv6-client

Two packages, including one dependency, are installed as a result:

sharutils            1:4.6.3-1          shar, unshar, uuencode, uudecode
wide-dhcpv6-client   20080615-1lenny2   DHCPv6 client for automatic IPv6
                                        hosts configuration

Only one question is asked during the install process, related to the wide-dhcpv6-client package:

Interfaces on which the DHCPv6 client sends requests: eth0

In this case, eth0 is the client's only interface.


7. Client DUID file replacement

Each DHCPv6 client is uniquely identified by its DUID (DHCP Unique Identifier). In this case the DUID is generated when the client is installed and saved as /var/lib/dhcpv6/dhcp6c_duid. For a DHCPv6 server to assign a static IPv6 address to a particular DHCPv6 client, it must identify that client by its DUID, almost the same as a DHCPv4 server can lease an address to a client after identifying it by its MAC address. The only problem is that we don't know what the value is of the automatically created DUID, so the easiest solution is to create a new DUID of which we will know the value.

On the client, use this script, wide_mkduid.pl, courtesy of Jeffrey F. Blank of Michigan Technological University, to replace the existing /var/lib/dhcpv6/dhcp6c_duid file. The only input required for the script is the MAC address of the client's interface, which in my case was 08:00:27:0c:5f:2b, but in the steps below all that is necessary is to supply the name of the network interface (eth0):

~# cd /usr/local/bin
~# wget -q http://www.ipv6.mtu.edu/wide_mkduid.pl
~# chmod 755 wide_mkduid.pl
~# cd /var/lib/dhcpv6
~# wide_mkduid.pl -m `ifconfig eth0 |grep HWaddr |awk '{print $5}'`
successfully created /var/lib/dhcpv6/dhcp6c_duid
DUID is 00:03:00:06:08:00:27:0c:5f:2b
~#

At 12 bytes, the new DUID file is 4 bytes shorter than the original, but that's okay. The important thing is that we now have a client with a DUID that has a known value.


8. Server DHCPv6 client entry

On the server, edit /etc/wide-dhcpv6/dhcp6s.conf once more to add a stanza for the DHCPv6 client, using the DUID value from step 8, to the end of the file:

host watson {
	duid 00:03:00:06:08:00:27:0c:5f:2b;
	address 2001:888:0db8:1::b infinity;
};

The value for address must be a valid IPv6 address; the use of a host name, as is possible with DHCPv4, is not an option. The host name included here, watson, is an arbitrary string, although it does help to improve log file readability. Unfortunately, as long as this is the case it means that each IPv6 address will have to be maintained here as well as in the DNS server. In this example, the client is allowed to use the address indefinitely.

Now start up the DHCPv6 server for the first time:

~# /etc/init.d/wide-dhcpv6-server start

9. Client WIDE-DHCPv6 configuration

On the client, edit the dhcpv6c daemon's configuration file, /etc/wide-dhcpv6/dhcp6c.conf and modify it to look like this:

interface eth0 {
	request domain-name-servers;
	request domain-name;
	send rapid-commit;
	send ia-na 15;
	script "/etc/wide-dhcpv6/dhcp6c-script";
};

id-assoc na 15 { #
};

The id-assoc (identity association) stanza may be empty, but unfortunately it cannot be omitted.


10. Client interface configuration

On the client, bring down the network interface:

~# ifdown eth0

Edit /etc/network/interfaces and add the necessary commands to the end of the eth0 stanza, such as this one that supports DHCPv4, to load the ipv6 module and start/stop the DHCPv6 client:

auto eth0
iface eth0 inet dhcp
	pre-up modprobe ipv6
	post-up /etc/init.d/wide-dhcpv6-client start
	pre-down /etc/init.d/wide-dhcpv6-client stop

In the future, I'm sure that that ifupdown will add support for configuring an interface with nothing other than a DHCPv6 client, but in case you're wondering, right now this is not an option.

Now bring up the network interface again:

~# ifup eth0

A simple test should confirm that the interface has been configured successfully:

~# ifconfig eth0
eth0	  Link encap:Ethernet  HWaddr 08:00:27:0c:5f:2b
	  inet addr:127.0.0.2  Bcast:127.255.255.255  Mask:255.0.0.0
	  inet6 addr: 2001:888:0db8:1::b/128 Scope:Global
	  inet6 addr: fe80::a00:27ff:fe0c:5f2b/64 Scope:Link
	  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
	  RX packets:255 errors:0 dropped:0 overruns:0 frame:0
	  TX packets:258 errors:0 dropped:0 overruns:0 carrier:0
	  collisions:0 txqueuelen:1000
	  RX bytes:30511 (29.7 KiB)  TX bytes:26695 (26.0 KiB)
	  Interrupt:10 Base address:0xd060 


Last modified: 2017-08-02, 17:50

©2003-2020 RJ Systems. Permission is granted to copy, distribute and/or modify the
content of this page under the terms of the OpenContent License, version 1.0.