ipv6 autoconfig

© 2011 Fred Bovy. IPv6AutoConfig—2-1

IPv6 Clients Autoconfiguration The whole process In-Depth fully explained!

Version 2.0


This presentation gives an in-depth explanation of the IPv6 Autoconfiguration process. It covers all the possible combinations to configure and to maintain automatically the IPv6 nodes using all the possible options currently available. This presentation focuses on IPv6 Autoconfiguration but it also introduces the Mobile IPv6 based applications. At the end of the presentation you will fully understand how the IPv6 nodes initially get configured and how the network configuration may be changed over time if needed. You will also understand the benefits of running Mobile IPv6. And you will deserve a good coffee break!

Presentation Objectives


Fred Bovy §  15 years experience in IPv6

–  IPv6 Forum Certified Gold Engineer –  IPv6 Forum Certified Gold Trainer

§  20+ years experience with CISCO, TCP/IP –  15 years CCIE #3013 (it was only R&S in 1997!) –  18 years CCSI #33517 since 1994 (it was #95003) –  7 years Cisco IOS IPv6 Software Engineer (NSSTG Group) –  3 years Cisco Network Consultant (CA Group)

§  12+ years experience in MPLS

Meet me on: –  Twitter: FredBovy –  Skype: FredericBovy –  Blogs: http://www.fredbovy.com/Go46/ –  LinkedIn, owner of 3 IPv6 Groups –  Email me: [email protected]

About the Author


IPv6 Autoconfiguration

Introduction to Autoconfiguration


§  With Autoconfiguration, a network node can configure itself completely and modify its configuration anytime needed.

Network Addresses, default route, DNS and Others Servers addresses, domain name, Dynamic DNS Updates

§  How Autoconfiguration is used: For Offices or Campuses: -  Renumbering if a new prefix must be used for a site or a company -  For privacy, the Interface ID can be changed with a random value every day -  With Mobile IPv6 enabled, support the Mobile users. They keep using their office home addresses

while they are roaming.

Roaming devices without Mobile IPv6 -  Autoconfigured is used to get addresses for each visited access network -  Application must be restarted each time as sockets are differents -  This is how MOST devices are currently operating !

Mobile IPv6: Mobile Routers (NEMO), MANET, Sensors (6LowPAN) -  The home Address is the only address known by the end-user Application -  A new Address (COA) acquired by Autoconfig is used for each visited network (Wifi, 3G) -  Because the home address is the same, the same socket is used, there is no interruption, no

need to restart the applications

What is Autoconfiguration ?


Autoconfiguration (SLAAC) on Linux! Autoconfiguration is Enabled by default on most platforms but Linux ! For Linux use sysctl -w or add in the /etc/sysctl.conf the following configuration:

To Enable Autoconfig use:

This is only about Stateless Address Autoconfiguration (SLAAC) and has nothing to do with Mobile IPv6. We will introduce Mobile IPv6 later in this presentation


Autoconfig Addresses in Tentative Mode Autoconfiguration First Step is the Tentative Mode to verify the IPv6 Addresses which are configured or could be configured on the interface IPV6 INTERFACE IS GOING UP…

§  First, the Link local address is generated and tested to enable the interface for IPv6 §  The Link Local address is verified with Duplicate Address Detection (DAD) §  The Link-Local address MUST be valid or Autoconfig exits and the Interface is disabled for

IPv6 §  Once the Link-Local passed DAD, the IPv6 Interface is Up and other addresses are also

generated from the RA or allocated by DHCPv6 and validated by DAD

Valid

Preferred Deprecated

Preferred Lifetime

Valid Lifetime

Invalid Tentative


Autoconfig Address is in Preferred state n  The « NORMAL » state for an address in production. n  The address verified by DAD can be used to send and receive unicast traffic. n  The address can be used for new connections or by existing one n  The Preferred Lifetime is determined by the field Preferred Lifetime included

in the RA Prefix Information or the Preferred-Lifetime Option in the DHCPv6

As long as the derived Address is refreshed with RA Prefixes or the allocated address is reniewed by DHCPv6, the address state will remain Preferred!

Valid


Preferred Lifetime Valid Lifetime

Invalid Tentative


Autoconfig Address is in Deprecated state The Address was not refreshed by a RA or DHCPv6 for Preferred timer… n  Can be used for Renumbering, during the transition to a NEW prefix n  New connection SHOULD not use this address n  Existing communications SHOULD still be able to use this address as source. « An implementation MAY prevent any new communication from using a deprecated address, but system management MUST have the ability to disable such a facility, and the facility MUST be disabled by default. » RFC4862!

Valid



Invalid Tentative


Autoconfig Address is in Valid state The address can be used to send and received unicast traffic Valid state = Preferred + Deprecated The Valid Lifetime is determined by the field Valid Lifetime included in the RA Prefix Information or the Valid-Lifetime Option in the DHCPv6 IA Address

Valid


Preferred Lifetime

Valid Lifetime

Invalid Tentative


Autoconfig Address is in Invalid State The address cannot be used to send or receive traffic The address reaches the Invalid state when the Valid Lifetime has

expired

« An address (and its association with an interface) becomes invalid when its valid lifetime expires. An invalid address MUST NOT be used as a source address in outgoing communications and MUST NOT be recognized as a destination on a receiving interface. » RFC4862!

Valid


Preferred Lifetime

Valid Lifetime

Invalid Tentative



IPv6 Interface is going up


Client initializes the Link-Local Address Derive the link-local

addressFE80::[Interface ID]

Send multicast NS. Destination address derived from the link-

local

NA received ? Stop

Initialize the link-local

Send RS

RA Received ? Use DHCPv6

Set Hop Limit, Reachable Time,

Retrans Timer, MTU

Prefix Information present ?

A

B

Managed Address

Configuration Flag = 1 ?

Other Configuration

Flag = 1 ?Use DHCPv6

Stop

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No


1. IPv6 Interface is going up 1.  Initialize and check the Link-Local Address 2.  Send a Router Solicitation (RS) message to get the

Autoconfiguration info from the Router Advertizements (RA) 3.  Initialize and validate default Parameters and other Addresses

derived from the Prefixes learned from the Router Advertizement (RAs)

4.  Check if DHCPv6 must be used for Addresses ? Other configurations ?

To A’s Solicited node address FF02::1:FF1E:8329

fe80::202:b3ff:fe1e:8329


Initialization of the Link-Local Address Workstation picks up a link-local address §  i.e. fe80::202:b3ff:fe1e:8329 EUI-64 §  Using prefix fe80::/10 and build the 64 bit Interface ID from EUI-64 format §  May be generated Cryptographically if SeND CGA is used (RFC3972)

Workstation performs Duplicate Address Detection (DAD) §  Sends NS to its own Neighbor Solicited Node Multicast Address !

–  FF02::1:FF00:0/104 + last 24 bits = ff02::1:ff1:8329 §  Expect no answer or the address is a duplicated (DUP)

IF DAD Fails for the the Link-Local address the IPv6 Intf is disabled ! 3 attempts if CGA(RFC3972)


Ubuntu performing DAD (NS) Captured

IPv6 Source address is ::

IPv6 Neighbor Solicitation

IPv6 Router Solicitation message to the All-Routers ff02::2

Dst address is the solicited node multicast address: ff02::1:ff30:3386

Neighbor Solicitation


Client Send Request and get Autoconf parameters Derive the link-local



local

NA received ? Stop


Send RS



Retrans Timer, MTU


A

B

Managed Address


Other Configuration


Stop

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No


2. IPv6 Intf is Going Up!

1.  Link-Local Address initialized and unique ! 2.  Send a Router Solicitation (RS) message to get the

Autoconfiguration info from the Router Advertizements (RA) 3.  Initialize and validate default Parameters and other Addresses


4.  if Check DHCPv6 must be used for Addresses ? Other conffigurations ?


2. Clients request Autoconfig Information The client issues a Router Solicitation (RS) using its link-local as source Address to the all-routers multicast destination address to request all the parameters needed for autoconfiguration: §  The default Hop Limit, the Link MTU, a default route… §  The Prefixes to used for autoconfiguration §  DHCPv6 must be used and what for? Addresses or Other Configurations?

If NO Response to the RS, then try a DHCPv6 Solicit and EXIT Autoconfig!!!

All-Routers: FF02::2

No Router


To Accept RA on Linux clients For Linux, it must be configured with sysctl command or

editing the /etc/sysctl.conf file. Use sysctl -w or add in the /etc/sysctl.conf the following config:

To Accept the RA use:


ISP 6RD RG RA Router Solicitation and Router Advertisement Router Advertisement sent to the All-IPv6 Nodes multicast ff02::1

Router Lifetime: 1800 secondes

Don’t modify the Reachable Timer and the Retrans timer

Prefix Option: 2a01:e35:2f26:d340::/64 On-Link Bit Flag Set Autonomous Bit Flag Set Valid Lifetime: 86400 sec Preferred Lifetime: 86400 sec

DNS Servers Option: 2a01:e00::1 2a01:e00::2

MTU Option: 1480 bytes

Source Link Layer Address Option f4:ca:e5:44:10:ef


If no RA Received, clients run DHCPv6

Solicit Dst:All_DHCP_Relay_Agents_and_Servers (FF02::1:2)

Request Dst: Server Dst:All_DHCP_Relay_Agents_and_Servers (FF02::1:2) Src: Client Link-local address

Relay-reply Dst: Client Link-local address

Src: Server Link-local address

DHCPv6 Client

DHCPv6 Server

DHCPv6 Relay!

Relay-Forward to All_DHCP_Servers (FF05::1:3)

Relay-reply

Advertize

Relay-Forward to All_DHCP_Servers (FF05::1:3)

Reply

If no RA Received, Autoconfiguration ends here !


IPv6 is not IPv4

DO NOT SUPPRESS the RA on LAN intf to force DHCPv6 By default the RA are enabled on a LAN interface and disabled on a Serial Point to Point. RAs are very useful to provide many other important IPv6 parameters like a default route, link MTU, the default Hop-Limit or the Neighbor Unreachability (NUD) parameters and more. If no RA is received, the client tries DHCPv6 and Exits Autoconfiguration!

For the clients to use DHCPv6:

Set the Managed Addr Config and Other Config flags.

Suppressing the RA will not convert IPv6 to IPv4

DHCPv6 cannot provide a default route !


Client is looping on the prefixes lists to autoconfigure new Addresses

A

Take the first prefix information

On-Link Flag = 1 ?

Add the prefix to the list

Autonomous Flag = 1 ?

Derive the Stateless Prefixe:[interface ID]

Send NS to the derived address

NA Received ?

Other prefixes to process

Yes

No

Initialise the Stateless address

Go to next prefix

BNo

No

Yes Do not initialize the stateless

address

No

Yes

Yes


IPv6 Interface is going Up! 1.  Link-Local Address Validated, IPv6 Intf is UP! 2.  A Router Solicitation (RS) message was sent and a Router

Advertizements (RA) was Received 3.  Initialize and validate the default Parameters and other

Addresses derived from the Prefixes learned from the Router Advertizement (RAs)



Router Advertisements (RA) information §  The Router is a candidate for default Route?

The Lifetime timers is how long a Router will remain a valid next hop without any refresh. If Lifetime = 0, the router cannot be used as a default route if Lifetime > 0, the Link-local IPv6 Address must be used as a default next hop. The RA also contains a Router Preference: Low, Medium or High. The router MAC Address is also provided in the SLLA Option.

§  Other Important Configuration: Hop Limit and MTU for the Link Reachable Timer and Retransmit interval used by NUD DNS Servers Addresses in the DNS Option (RFC6106) A List of zero or more prefix(es)

§  Should we also use of DHCPv6 for more Autoconfig? Managed and Other Config Flags

Warning: RFC6104. Rogue RA !!!


RA on Cisco Router - show ipv6 routers hote#show ipv6 routers

Router FE80::2038:148E:B9DF:FD6D on FastEthernet0/0, last update 2 min

Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500

HomeAgentFlag=0, Preference=Medium

Reachable time 0 (unspecified), Retransmit time 0 (unspecified)

Prefix 2001::/64 onlink autoconfig

Valid lifetime 2592000, preferred lifetime 604800

IMPORTANT REMARKS: The Router Lifetime applies only to the router's usefulness as a default router; it does not apply to information contained in other message fields or options. Options that need time limits for their information include their own lifetime fields.

A router which can’t be used as a default router or shutting down sends a RA with Lifetime=0 (0) Unspecified does not mean that the parameter must set to zero but it means « DO NOT CHANGE »

whatever value which is preconfigured on the node


Client process the Optional RA Prefix(es) List In each RA there may be a list of Prefixes which can

be used by SLAAC Each Prefix comes with: §  The Length of the Prefix §  2 bits or Flags: the On-Link bit and the Autonomous bit

–  Both flags MUST be SET for the Prefix to be used by SLAAC A full Stateless 128 bits address can be derived from the prefix adding an Interface ID

–  The 64 bits Interface ID can be built: - From the MAC Address: EUI-64 format or - With a Random Number if Privacy Extension is configured (RFC4941)

§  2 Timers: the Preferred Timers and the Valid Timers. –  This is how long the addresses derived from the RA advertized prefix if learned from

SLAAC will remain in the Preferred and in the Valid States. These timers are also managed when the addresses are allocated by a DHCPv6 Stateful Server.

–  The Timers can be reset by the periodic RA, in this case, the unsolicited RA transmission interval must be set to refresh the SLAAC derived addreses before they get deprecated or invalid. The Timers can also be refreshed by DHCPv6 protocol.

–  Statically configured IPv6 addresses have Infinite Preferred and Valid Timers.


Accept Prefixes from RA on Linux clients


The Client processes each Prefix of the List The Prefix is selected for SLAAC if both On-Link and Autonomous bits are set, then

Use EUI-64: Interface ID is derived from the MAC Address

Mac Address 48 bit X=1 Unique X=0 Not Unique

00 90 59 02 E0 F9

00 90 59 02 E0 F9 FF FE

000000X0

Use Privacy Extension (RFC4941): Interface ID is selected randomly

On Windows netsh interface ipv6 set privacy=enabled

On Mac OS X sysctl net.inet6.ip6.use_tempaddr=1 On Linux sysctl net.ip6.conf.if.use_tempaddr=2

OR


Client checks if DHCPv6 can be used Derive the link-local



local

NA received ? Stop


Send RS



Retrans Timer, MTU


A

B

Managed Address


Other Configuration


Stop

Yes

No

Yes

No

Yes

No

Yes

No

Yes

No


IPv6 Interface is Going Up! 1.  Initialize and validate the Link-Local Address. IPv6 Intf Up! 2.  Router Solicitation (RS) message Sent and the Router

Advertizements (RA) received 3.  Initialize and validate default Parameters and other Addresses




Clients check if DHCPv6 MUST be used In each RA there are 2 flags to advertize the use of DHCPv6! Managed Address Configuration Flag The Managed Address or M flag tells the clients to use DHCPv6 to configure IPv6 Address(es) Actually when the M bit is set, DHCPv6 is used to request all the available DHCPv6 configuration other information and the O is redundant Cisco Interface config « ipv6 nd managed-config-flag »

Other Configuration Flag The Other or O flag tells the clients to use DHCPv6 to configure everything but the IPv6 addresses. In this case the IPv6 Address(es) must be configured using SLAAC or manually Cisco interface config « ipv6 nd other-config-flag »

DHCPv6 Cannot be used to configure a default route! Some drafts exist but still no RFC!


IPv6 Autoconfiguration Modes Stateless Address Autoconfiguration §  NO DHCPv6, all the configuration is loaded with RA or or PPP

Statefull DHCPv6 Autoconfiguration §  DHCPv6 provides addresses and other parameters (DNS, domaine

name, SIP…) §  The Managed and the Other Config flags are set

Stateless DHCPv6 Autoconfiguration §  SLAAC is used for address autoconfiguration §  DHCPv6 for the other informations (DNS, Domain Name)

DHCPv6 Prefix Delegation §  The CPE which is a DHCPv6-PD Client receives a block of address (IPv6

Subnet) from the SP, the DHCPv6-PD Server. This block can be subnetted to configure multiple LAN interfaces. The CPE DHCPv6-PD Client can also be a DHCPv6 Stateless server for instance.


Stateless Address AutoConfig Signalisation IPv6 routers signal the use of DHCPv6, if both bit are not cleared (default) then DHCPv6 is not used. § M flag « Managed Adress Configuration » is set when address and network parameters configuration are available from DHCPv6. Must be configured on the routers. – no ipv6 nd Managed-config-flag

§ O flag « Other Statefull Configuration » is set when Other parameters configuration must be found from DHCPv6 – no ipv6 nd Other-config-flag


Stateless Address AutoConfiguration n  RFC 4862, IPv6 Stateless Address Autoconfiguration n RS/RA To request prefixes available to build addresses n DAD to test the new addresses n NO DHCPv6 Server required!

Autoconfiguration is configurable on Linux!


Stateful DHCPv6 Autoconfig Signalisation IPv6 routers signal the use of DHCPv6. Not M and O bits must be set in the RA. § M flag « Managed Adress Configuration » is set when address and network parameters configuration are available from DHCPv6. Must be configured on the routers. ipv6 nd Managed-config-flag

§ O flag « Other Statefull Configuration » is set when Other parameters configuration must be found from DHCPv6 ipv6 nd Other-config-flag


Statefull DHCPv6 Autoconfiguration

DHCPv6 with Rapid Commit

Address and Other parameters are configured from DHCPv6


Stateless DHCPv6 Autoconfig Signalisation

IPv6 Routers signal the DHCPv6 utilization § M bit = 0 « Managed Adress Configuration » to use

SLAAC for address autoconfiguration no ipv6 nd managed-config-flag

§ O bit = 1 « Other Statefull Configuration » to use DHCPv6 for Other parameter configuration ipv6 nd Other-config-flag

Address is configured by SLAAC

Other parameters are then requested to the DHCPv6 Server


Stateless DHCPv6 Autoconfiguration

DHCPv6 with Rapid Commit

Address configuration from the prefix received in the RA (SLAAC)

Other parameters are given by a DHCPv6 Server


© Frédéric Bovy 41

DHCP Prefix Delegation DHCPv6 PD Server allocates a block of addresses for the DHCPv6-PD Client The block received by the client is then subnetted to configure each interface


DHCPv6-PD Client and DHCPv6 Stateless Server

DHCP ND/DHCP AAA

1.  CPE Sends DHCP Solicit with ORO = PD

2.  PE Sends RADIUS Request for the User

3.  RADIUS Responds with User’s Prefix(es)

4.  PE Sends DHCP REPLY with Prefix Delegation Options

5.  CPE Configures Addresses from The Prefix on Its Downstream Interfaces, and Sends an RA. O-bit Is Set to On

6.  Host Configures Addresses Based on the Prefixes Received in the RA. As the O-bit Is on, It Sends a DHCP Information-request Message, with an ORO = DNS 7.  CPE Sends a DHCP REPLY

Containing Request Options

Host

ISP Provisioning System

E0 E1 PE

ISP

DHCP Client DHCP Server

CPE DHCPv6-PD Server DHCPv6-PD Client

DHCPv6 Lite Server


6RD Service Providers RG Autoconfig

•  RG=Residential Gateway, BR=Border Router •  Native dual-stack IPv4/IPv6 in the home or office •   Simple, stateless, automatic IPv6-in-IPv4 encap and decap functions •  IPv6 traffic automatically follows IPv4 routing between CPE and BR •  BRs placed at IPv6 edge, addressed via anycast for load-balancing and

resiliency •  RG Config can be pushed via TR-69, DHCP Option 212, PPP IPCP •  Standardized in RFC 5969

RG

6rd

BR

IPv4

IPv4 + IPv6 Core

IPv4 + IPv6 IPv4 + IPv6 IPv4 + IPv6

6rd



Autoconfigured Address Refreshment


Remember the Preferred state ! n  This is the « NORMAL » state for an address in production.

Each address has the two timers constantly updated from the system clock: Preferred and Valid As long as the derived Address is refreshed with RA Prefixes or the allocated address is reniewed by DHCPv6, the address state will remain Preferred!

Valid



Invalid Tentative


When the Interface has been started and is used by IPv6, each address which has been autoconfigured only has a limited Preferred and Valid Lifetime. •  Addresses derived from a Prefix advertized by a prefix received in a RA must be refreshed by another RA annoucing the same prefix with same or different Preferred and Valid Lifetime •  Addresses which are allocated by DHCPv6 also have a Valid and a Preferred Lifetime which must also be reset by DHCPv6 Reniew.

Autoconfigured addresses have a finite Valid and Preferred Lifetime


Refreshing the SLAAC Addresses Timers •  An address which has been derived from a RA must

be refreshed by new RAs advertizing the same prefix •  The RA Interval must be consistent with the Preferred

and the Valid Timers for the addresses to be refreshed in time

ipv6 nd ra-interval 200 seconds by default ipv6 nd ra-lifetime 1800 seconds or 30 minutes default ipv6 nd managed-config-flag ipv6 nd other-config-flag ipv6 nd prefix <prefix/mask> [Valid] [Preferred]

•  To Be used by SLAAC: -  The On-Link and Autonomous Bits Must be Set -  If Preferred Lifetime > Valid lifetime, ignore the Prefix

Information option. A node MAY wish to LOG a system management ERROR in this case….


Update the Address Preferred and Valid Timers The preferred lifetime of each address is reset to the Preferred Lifetime in the received advertisement. The Valid Lifetime depends on RemainingLifetime, the remaining time to the valid lifetime expiration of the previously autoconfigured address. 1.  If the received Valid Lifetime is greater than 2 hours or greater than

RemainingLifetime, set the valid lifetime of the corresponding address to the advertised Valid Lifetime.

2.  If RemainingLifetime is less than or equal to 2 hours, ignore the Prefix Information option with regards to the valid lifetime.

if SeND is used, the Advertizes Valid Lifetime is used to update Valid Lifetime.

3.  Otherwise, reset the valid lifetime of the corresponding address to 2 hours.


SLAAC Prefix Refreshed and Timers Updated by RA

1400

1600

200s

1900 2100

Preferred and Valid Timers at the Workstations

IPv6

RA are sent every 200 seconds +/-jitter Preferred: 1600-200 = 1400 secondsValid = 2100 - 200 = 1900 seconds

2001:db8:4:1::1/64initial timers:Preferred:1800, Valid: 2100

Just before receiving RAPreference:1400, Valid: 1900

After Receiving the RAPreference: 1800, Valid: 2100

2001:db8:4:1::2/64Preferred:1400, Valid:1900

Same Principle than other Workstation

SLAAC Timers just Before receiving the RA:Preferred: 1600-200 = 1400 secondsValid = 2100 - 200 = 1900 seconds

After receiving the RA:Preferred is reset to 1600 secondsValid was 1900 seconds, RemainingLifetime= 1900Received Valid = 2100 is greater than RemainingLifetime=1900So Valid Lifetime is reset to Received Valid Lifetime = 2100

Prefix: 2001:db8:4:1::/64On-Link, AutonomousPreferred:1800, Valid:2100

RA Interval default: 200 secondsRA Lifetime default: 1800 seconds

Unsolicited Periodic RA


Addresses are coded as DHCPv6 Options •  IA Address Option (IADDR)

-  The IA Address option is used to specify IPv6 addresses

associated with an IA_NA (Non Temporary) or an IA_TA (Temporary).

-  The IA Address (IADDR) option must be encapsulated in the Options field of an IA_NA or IA_TA option.

-  The Options field encapsulates those options that are specific to this address. preferred-lifetime The preferred lifetime for the IPv6 address in the option, expressed in units of seconds.

valid-lifetime The valid lifetime for the IPv6 address in the option, expressed in units of seconds.

Theses Timers are also in DHCPv6 Addresses


Address Refreshed by DHCPv6-PD Renew



Renumbering


Principle of Renumbering for IPv6 Renumbering can be performed thanks to RA or DHCPv6 1.  Old prefix is announced with Preferred Lifetime very

small or null and the new prefix with a normal Preferred Lifetime

2.  Hosts will have two prefixes 3.  Addresses built from the old prefix will be deprecated 4.  New connections use the new prefix 5.  After some time, all the remaining connections will be

set on the new prefix 6.  Router only announces the new prefix 7.  Old prefix will be invalid


© Frédéric Bovy 54

Renumbering Scenario using RA Routers Configuration interface Ethernet0

ipv6 nd prefix 2001:db8:cafe:1::/64 43200 0

ipv6 nd prefix 2001:db8:cafe:2::/64 43200 43200

RA Preferred Prefix: 2001:db8:cafe:2::/64 Deprecated Prefix: 2001:db8:cafe:1::/64

Host Preferred address: 2001:db8:cafe:2:1:4567:9f0:1 Deprecated address: 2001:db8:cafe:1:4567:9f0:1

Valid

Preferred


Autoconfiguration

Mobile IPv6: keep your home address everywhere you go, keep always online and only logout when you want to not when you move to another location!


Mobile IPv6 for dummies… Without Mobile IPv6, everytime you visit a new access network, your network applications must be restarted using the new socket because the IPv6 Source Address has changed! With Mobile IPv6, the mobile nodes (MN) can travel and visit access networks but the applications still believe that packets are originated from and sent to the Home Network Address.

On the Home Network, the Router must be a Home Agent (HA).

At the begining it intercepts and forwards traffic from the Correspondant Node (CN) to the Mobile Node (MN).

Once communication has started, it is possible to setup a direct tunnel

between the MN and the CN. This is Route Optimization. New with IPv6, impossible with IPv4!


Why MIPv6 never restart any session? §  The MN can roam from subnet to subnet getting a new IPv6 address for

each visited network but the same home network address is always presented to the application! No need to restart any session

§  The CN always sends packets to the Home Network Address and packets received by the CN are always originated from the Home Network Address!...No Magic, this is managed by Mobile IPv6 at the Network Layer so it is transparent for the Transport and Application layers


§ For MAC OS X check KAME Free BSD –  KAME Mobile IPv6 How To

§  http://www.kame.net/newsletter/20031007/

§ Linux – Project NATISBAD – The KAME project ported to Linux

§  http://natisbad.org/MIPv6/#racoon

§ Windows –  Very limited support with Windows 7 – Only CN Mode w/o Route Optimization

netsh interface ipv6 set mobility correspondentnode=enabled

Mobile IPv6 is supported on Linux and Free BSD


Most Important Terminology

Home Agent The router which forward the traffic to the Mobile Node (MN) when the us is at home!

Mobile Node The roaming user node.

Home Address All the packets from the Mobile Node (MN) received by the Corresponding Node (CN) come from this source address. All the packets sent to the Mobile Node (MN) from the Corresponding Node (CN) are sent to this destination address.

Home Link The link where the mobile node is permanently attached.

Care-Of-Address The temporary address on the visited network.

Correspondant Node The fixed node (not mobile) communicating with the Mobile Node (MN).


§ MN must acquire its Care-of-Address (CoA) § Autoconfiguration with SLAAC or DHCPv6…as usual!

Mobile Node visits a new access network

Mobile Node acquires its Care of Address from SLAAC or DHCPv6


§  The Mobile Node (MN) registers its CoA with the Home Agent The Home Agent is Automatically discovered using an Anycast Reserved address.

§  MIPv6 Signaling uses an IPv6 Mobility Option in an IPSec ESP protected tunnel ( )

§  An IPv6 in IPv6 IPSec Tunnel is setup between the Mobile Node and the Home Agent

Mobile Node (MN) initializes its new location

Mobile Node

1

2


Why the Applications don’t need to restart their Transport Connection (i.e TCP)?

Mobile Node

CN IPv6 @

In Dst MN IPv6 Home @

CN IPv6 @

Src @ Dst @

MN IPv6 CoA

HA IPv6 @

MN IPv6 Home @

Out Src Out Dst In Src 1) The HA replaces the COA src addr with the the MN IPv6 Home Address.

CN IPv6 @

MN IPv6 Home @

Src @ Dst @

HA IPv6 @ MN IPv6 CoA

CN IPv6 @

MN IPv6 Home @

Out Src Out Dst In Src In Dst 2) The HA replaces the HA dst addr with the the MN IPv6 Home Address

HA


1.  The Corresponding Node (CN) must support Mobile IPv6 with Route Optimization

2.  The Mobile Node (MN) initiates this by sending a Binding Update to the Corresponding Node (CN)

3.  The Corresponding Node (CN) sends Keygen Tokens to the Mobile Node (MN) at both its CoA and its Home Address. If the MN receives both, it has proven its identity to the CN! It receives a Binding Ack and the Tunnel setup!

Can we build a direct tunnel to bypass the HA?

Mobile Node

MN proves to the CN that it receives the Keygen Tokens

Binding Update

Binding Ack


Why the CN Application receives packets of the MN originated from the MN Home Network Address?

Mobile Node

MN IPv6 CoA

CN IPv6 @

MN IPv6 Home @

Src @ Dst @ Dst Opt

The CN replaces the MN IPv6 CoA with the IPv6 Home @ from the Destination Option: Datagram comes from the MN


Why the MN Application receives a packet with the Home Network Addr as the dst Addr?

Mobile Node

The MN replaces the MN IPv6 CoA with the MN IPv6 Home @ from the Routing Option: Datagram is sent to the MN Home @

CN IPv6 @

MN IPv6 CoA

MN IPv6 Home @

Src @ Dst @ Routing


§ Proxy Mobile IPv6 (PMIPv6) for LTE and 4G § Mobile Router or Nemo

– RFC3963: NEMO Basic Support Protocol –  A router is moving with all its networks and connected hosts – RFC5555: Mobile IPv6 Support for Dual Stack Hosts and

Routers – UMIP Project on Linux

–  http://natisbad.org/MIPv6/#umip

§ Ad Hoc dynamic mobile networks or Manet – Nodes discover their neighbors dynamically and join the

network

§ Wireless Sensors Networks (6LoWPAN)

Mobile IPv6 Applications


Proxy Mobile IPv6 introduced with LTE 1.  The MN enters the PMIPv6

domain and attach to an access-link.

2.  The MAG verifies the MN Identity and Authorizations.

3.  If OK, the MAG helps the MN to get all the configuration: address, default gateway,…

4.  The MN considers the PMIPv6 domain as a link

Authentication

The LMA provides the Mobile IPv6 HA function

IPv6 Network

Local Mobility Anchor(LMA1)

Mobile NodeMN1

Mobile Access

Gateway (MAG1)

Mobile Access

Gateway (MAG3)

Mobile Access

Gateway (MAG2)


Mobile NodeMN2

To offload the Mobile IPv6 Signaling and IPSec Protection complexity from the Smartphones to a Network device



Mobile NodeMN1

Mobile Access

Gateway (MAG1)

Proxy MIPv6 converts ND requests to MIPv6 Signaling

1.  The MN sends a RS (Router Solicitation) to the MAG. 2.  For updating the LMA about the MN location, the MAG sends a

PBU (Proxy Binding Update) to the MN’s LMA. 3.  The LMA sends a PBA (Proxy Binding Acknowledgement)

including the MN home network prefixes. It creates the Binding Cache entry and sets up its endpoint of the bi-directional tunnel to the MAG.

4.  The MAG sends a RA: Router Advertisement to the MN. The MAG can emulate the MN’s Home Link

5.  The MN can be configured using SLAAC or DHCPv6

n  PBA/PBU Signaling must be protected with IPSec !

n  Data Protection is Optional

RS

PBU

PBA including the MN home network prefixe(s)

RA

1

2

3

4

The LMA provides the Mobile IPv6 HA function


§  Mobile Router can receive a block of addresses from DHCPv6-PD §  The Mobile Router Can be a Smartphone to provide access Internet

via 4G to local nodes with WiFi or Bluetooth access.

The Mobile Router: Nemo

Dual Stack avec DSMIPv6

IPv6 InternetHome Network

Home Agent

Corresponding node

WLAN

3G Network

NEMORouter

IPv4 IPv6

Bluetooth or WiFi


With MANET, the nodes discover automatically configure their neighbors and build a dynamic Network To manage the neighbors a node can use:

– OSPFv3 –  EIGRP

What if these nodes have sensors?

Mobile Ad Hoc Networking: Manet

Wireless Uplink


Wireless Sensors Networks (6LoWPAN) The Network of Sensors can be built dynamically using Dynamic MANET On-demand for 6LoWPAN (DYMO-low).

Possible Applications: • Localized weather monitoring • Structural Health monitoring (Earthquake prone areas) • Battlefield troop detection, movement • Intelligent Transportation Systems (ITS) • Green app: Building environment management – Lights, HVAC, Security Access, smart power outlets, etc. – Building demo - ~20% MRC cost savings

This concludes IPv6 Autoconfiguration In-depth Presentation Fred Bovy IPv6 Forum Gold Certified Engineer IPv6 Forum Gold Certified Trainer CISCO 15 years CCIE #3013 CISCO 18 years CCSI #33517 (before was #95003) Meet me on Twitter: FredBovy Skype: FredericBovy Blog: http://www.fredbovy.com/Go46 Email: [email protected]

Thank you for attending!

ipv6 autoconfig

Technology