Implementing DHCP for IPv6 http://tools.ietf.org/html/rfc3315
DHCPv6 and DNS3 Methods for Autoconfiguration in IPv6 One of the many enhancements introduced in IPv6 is an overall strategy for easier administration of IP devices, including host configuration. Two basic methods defined for autoconfiguration of IPv6 hosts: Stateless Autoconfiguration A method defined to allow a host to configure itself without help from any other device. Problem: it does not supply a DNS server address. “Stateful” Autoconfiguration A technique where configuration information is provided to a host by a server.
DHCPv6 and DNS4 Protocols and Addressing The operation of DHCPv6 is similar to that of DHCPv4, but the protocol itself has been completely rewritten. It is not based on the older DHCP or on BOOTP, except in conceptual terms. It still uses UDP but uses new port numbers, a new message format, and restructured options. DHCPv6 is not compatible with DHCPv4 or BOOTP.
DHCPv6 and DNS5 DHCP Message Exchanges DHCP servers receive messages from clients using a reserved, link-scoped multicast address. A DHCP client transmits most messages to this reserved multicast address, so that the client need not be configured with the address or addresses of DHCP servers. Two basic client/server message exchanges used in DHCPv6: Four-message exchange Two-message exchange
DHCPv6 and DNS6 DHCP Message Exchanges- Four Message Exchange When a client needs to obtain an IPv6 address and other parameters Client sends a Solicit message Similar to the regular DHCP address allocation process: The client sends a multicast Solicit message to all-DHCP-Agent Multicast address (FF02::1:2) to find a DHCPv6 server and ask for a lease. Any server that can fulfill the client's request responds to it with an Advertise message. The client chooses one of the servers and sends a Request message to it asking to confirm the offered address and other parameters. The server responds with a Reply message to finalize the process.
DHCPv6 and DNS7 DHCP Message Exchanges – Two-message exchange When a DHCP client does not need to have a DHCP server assign it IP addresses, the client can obtain configuration information such as a list of available DNS servers or NTP servers through a single message and reply exchanged with a DHCP server. To obtain configuration information the client first sends an Information-Request message to the All_DHCP_Relay_Agents_and_Servers multicast address. Servers respond with a Reply message containing the configuration information for the client.
DHCPv6 and DNS9 DHCPv6 Multicast Addresses All_DHCP_Relay_Agents_and_Servers (FF02::1:2) A link-scoped multicast address used by a client to communicate with neighboring (i.e., on-link) relay agents and servers. All servers and relay agents are members of this multicast group. All_DHCP_Servers (FF05::1:3) A site-scoped multicast address used by a relay agent to communicate with servers, either because the relay agent wants to send messages to all servers or because it does not know the unicast addresses of the servers. Note that in order for a relay agent to use this address, it must have an address of sufficient scope to be reachable by the servers. All servers within the site are members of this multicast group.
DHCPv6 and DNS10 DHCPv6 UDP Ports Clients listen for DHCP messages on UDP port 546. Servers and relay agents listen for DHCP messages on UDP port 547.
DHCPv6 and DNS12 DHCPv6 Option Format & Base Options Client Identifier Server Identifier Identity Association for Non- temporary Addresses Identity Association for Temporary Addresses IA Address Option Request Preference Elapsed Time Relay Message Authentication Server Unicast Status Code Rapid Commit User Class Vendor Class Vendor-specific Information Interface-Id Reconfigure Message Reconfigure Accept
DHCPv6 and DNS13 Differences between DHCP for IPv4 and IPv6 Hosts always have a link local address that can be used in requests (in IPv4 0.0.0.0 is used as source address) Uses special multicast addresses for relay agents and servers No compatibility with BOOTP, since no BOOTP support on IPv6. Simplified two-message exchange for simple configuration cases A client can request multiple IPv6 addresses Client can send multiple unrelated requests to the same or different servers There is a reconfigure message where servers can tell clients to reconfigure. This feature is optional.
Domain Name System (DNS) Paul Mockapetris invented the DNS in 1983.
DHCPv6 and DNS15 How important is the DNS? Getting the IP address of the remote endpoint is necessary for every communication between TCP/IP applications Humans are unable to memorize millions of IP addresses (specially IPv6 addresses) To a larger extent: DNS provides applications with several types of resources (domain name servers, mail exchangers, reverse lookups, …) they need DNS design hierarchy distribution redundancy
DHCPv6 and DNS16 Approximate geographical position of all DNS root name servers in February 2007 http://www.icann.org/maps/board-staff.htm http://www.icann.org/maps/root-servers.htm
DHCPv6 and DNS17 TLDs and IPv6 One of IANA’s functions is the DNS Top- Level Delegations (TLDs) Changes in TLDs (e.gccTLDs) has to be approved and activated by IANA Introduction of IPv6-capable name servers at ccTLDs level has to be made through IANA
DHCPv6 and DNS19 DN structure Resource Record (RRs): Data records stored by name servers. Types of RRs: Start of Authority (SOA) Marks the beginning of a DNS zone Name Servers (NS) Doma name of a server in a DNS zone Canonical Names (CNAMEs) Aliases for FQDN Pointer (PTR) Aliase for another location in the domain name space. Resolver Host resovling a Ip address-to-name mapping
DHCPv6 and DNS21 DNS for IPv6 To expand the functionality of DNS to IPv6, three aspects to be considered: 1. Define a new record to store the 128-bit IPv6 address 2. Define IPv6 equivalent for in-addr.arpa.com domain for IPv4 PTR 3. Define changes to Query messages and method of transporting them between Resolver and NS
DHCPv6 and DNS22 The ‘Quad A’ Record (AAAA) Similar to ‘A’ Resource Record for IPv4 (RFC3596) Holds the IPv6 Record for a host Entered into zone file in standard representation Backward compatible with (most) non-IPv6 aware resolvers (ignored RR type)
DHCPv6 and DNS23 Configuring AAAA record on Cisco IOS Configuring router to query DNSv6 server
DHCPv6 and DNS24 Reverse DNS lookup Reverse DNS lookups for IPv6 addresses use similarly the special domain ip6.arpa which is special Top-Level Domain (TLD). An IPv6 address is represented as a name in the ip6.arpa domain by a sequence of nibbles in reverse order, represented as hexadecimal digits, separated by dots with the suffix.ip6.arpa.
DHCPv6 and DNS25 DNS software changes BIND 8 – AAAA Resource records, no native IPv6 transport (patch available) BIND 9 – All currently defined IPv6 record types, native IPv6 transport djbns – AAAA RR only, IPv6 transport only with patch NSD – as per BIND 9
DHCPv6 and DNS26 IPv6 DNS and root servers DNS root servers are critical resources! 13 roots «around»the world (#10 in the US) Not all the 13 servers already have IPv6 enabled and globally reachable via IPv6. Need for (mirror) root servers to be installed in other locations (EU, Asia, Africa, …) New technique : anycastDNS server To build a clone from the master/primary server Containing the same information (files) Using the same IP address Such anycastservers have already begun to be installed : F root server: Ottawa, Paris(Renater), Hongkong, Lisbon (FCCN)… Look at http://www.root-servers.org for the complete and updated list.http://www.root-servers.org
DHCPv6 and DNS27 DNS IPv6-capable software BIND (Resolver& Server) http://www.isc.org/products/BIND/ BIND 9 (avoid older versions) On Unix distributions ResolverLibrary (+ (adapted) BIND) NSD (authoritative server only) http://www.nlnetlabs.nl/nsd/ Microsoft Windows (Resolver& Server)
DHCPv6 and DNS28 DNSv6 Operational Requirements & Recommendations The target today IS NOT the transition from an IPv4- only to an IPv6-only environment How to get there? Start by testing DNSv6 on a small network and get your own conclusion that DNSv6 is harmless, but remember: The server (host) must support IPv6 And DNS server software must support IPv6 Deploy DNSv6 in an incremental fashion on existing networks DO NOT BREAK something that works fine (production IPv4 DNS)!
DHCPv6 and DNS29 Host Name-to-Address Mappings Configuration Example ipv6 host cisco-sj 3FFE:700:20:1::12 ipv6 host cisco-hq 2002:C01F:768::1 3FFE:700:20:1::22 ip domain-list csi.com ip domain-list telecomprog.edu ip domain-list merit.edu ip name-server 3FFE:C00::250:8BFF:FEE8:F800 3FFE:80A0:0:F004::1 ip domain-lookup Defines two static host name-to-address mappings in the host name cache Establishes a domain list with several alternate domain names to complete unqualified host names, Specifies host 3FFE:C00::250:8BFF:FEE8:F800 and host 3FFE:80A0:0:F004::1 as the name servers, and re enables the DNS service