Cisco Blogs


Cisco Blog > Enterprise Networks

IPv6 Automatic Addressing

Can anyone remember a time before DHCP?

In those dark days, some poor IT technician maintained a document mapping specific IP addresses to individual devices.  People had to ensure that they connected a new device to the correct subnet cable and that they entered address parameters carefully since a simple typographical error could knock an important server offline.  While protocols like BOOTP emerged to help provision devices, the manual tedium of mapping users to fixed IP addresses remained.

It was this environment that inspired the IPv6 Stateless Address AutoConfiguration (SLAAC) protocol.  The size of the IPv6 address space made it possible for a device to autonomously create a unique address once it learned the local router’s IPv6 prefix.  No requests, no central server, and no manual management.  Any IPv6 device dropped on an active IPv6 network could start communicating right away.

IPv4 users took a different path to “plug and play” networking.  BOOTP evolved into DHCP, where one-to-one mapping gave way to a system in which a server could dynamically hand out time-limited IPv4 address “leases” to devices on a subnet without any user intervention.  In addition, DHCP could administrative parameters (options) to these devices.  Finally, the server provided centralized tracking and administrative control over IP address assignment.

Since most enterprises already provide a DHCP server for IPv4, it should be unsurprising that DHCPv6 emerged as a way to manage IPv6 address space in parallel to SLAAC.  At first glance, it seems curious that two different schemes emerged for address assignment in IPv6, but having multiple approaches allows for multiple network management styles.

The three typical strategies for IPv6 automated address assignment are:

  • SLAAC: Clients self-address with no ready centralized tracking or management.  No means to pass options (like DNS server) to clients that don’t support RFC 6106.
  • Stateless DHCP: Use SLAAC for addresses, but pick up options from a DHCP server.
  • Stateful DHCP: Manage addresses leases and options from central server, just like IPv4 DHCP.

How does a client know which technique to use?  The “A” (Autonomous), “M” (Managed Address) and “O” (Other Stateful Configuration) bits of the ICMPv6 Neighbor Discovery Router Advertisement (RA) dictate the behavior, as shown in the following table:

For IOS, the commands to manipulate these flags would be:

M-bit: By default the M-bit is not set. To set the M bit:

  • interface FastEthernet0/0
  • ipv6 nd managed-config-flag

O-bit: By default the O bit is not set.  To set the O bit:

  • interface FastEthernet0/0
  • ipv6 nd other-config-flag

A-bit: By default the A bit is set. To disable it:

  • interface FastEthernet0/0
  • ipv6 ndprefix 2001:db8::/64 300 300 no-autoconfig

Which technique is best?  This is a matter of some debate and discussion, and it depends upon your goals for network management and control.  Take your questions and concerns to the World IPv6 Day – IPv6 Transition support forum.

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

6 Comments.


  1. Hi Mr. Philip has already the IPV6 day past. Is helpfull to our net disable the ipv4 protocol?

    thanks and best wishes

    Jorge Luiz

       0 likes

  2. Phillip Remaker

    There is no good reason to disable the IPv4 protocol if you already have it. IPv6 will exist in parallel to IPv4 for many years to come.

       0 likes

  3. Hello,

    If I wanted to disable SLAAC completly on an interface, would ipv6 nd ra suppress be correct or is there something else.

    Basically if there is a host on the network I want it to have a static and no ability for an unknown device to get an address via SLAAC.

    Cheers.

       0 likes

    • Phillip Remaker

      You don’t want to suppress the RAs completely, you just want to suppress the “A” (autoconfig) bit, for example:

      ipv6 ndprefix 2001:db8::/64 300 300 no-autoconfig

      However, unknown devices will still have the ability to set static IPv6 addresses, just like IPv4 devices can. If you want to stop unknown devices from getting access to your network, you should look at some other defense mechanisms such as Trustsec and IPv6 First Hop Security

         0 likes

  4. Thanks for the information. I would like to know what would be the issue with suppressing the RA?

       0 likes