ipv6 dhcpv6 dns. implementing dhcp for ipv6
TRANSCRIPT
IPv6
DHCPv6
DNS
Implementing DHCP for IPv6
http://tools.ietf.org/html/rfc3315
DHCPv6 and DNS 3
Methods for Autoconfiguration in IPv6
One of the many enhancements introduced in IPv6 is an overall strategy for easier administration of IP devices, including host configuration.
Two basic methods defined for autoconfiguration of IPv6 hosts:
Stateless Autoconfiguration A method defined to allow a host to configure itself without
help from any other device. Problem: it does not supply a DNS server address.
“Stateful” Autoconfiguration A technique where configuration information is provided to
a host by a server.
DHCPv6 and DNS 4
Protocols and Addressing
The operation of DHCPv6 is similar to that of DHCPv4, but the protocol itself has been completely rewritten.
It is not based on the older DHCP or on BOOTP, except in conceptual terms.
It still uses UDP but uses new port numbers, a new message format, and restructured options.
DHCPv6 is not compatible with DHCPv4 or BOOTP.
DHCPv6 and DNS 5
DHCP Message Exchanges
DHCP servers receive messages from clients using a reserved, link-scoped multicast address.
A DHCP client transmits most messages to this reserved multicast address, so that the client need not be configured with the address or addresses of DHCP servers.
Two basic client/server message exchanges used in DHCPv6: Four-message exchange Two-message exchange
DHCPv6 and DNS 6
DHCP Message Exchanges- Four Message Exchange
When a client needs to obtain an IPv6 address and other parameters Client sends a Solicit message
Similar to the regular DHCP address allocation process: The client sends a multicast Solicit message to all-DHCP-Agent
Multicast address (FF02::1:2) to find a DHCPv6 server and ask for a lease.
Any server that can fulfill the client's request responds to it with an Advertise message.
The client chooses one of the servers and sends a Request message to it asking to confirm the offered address and other parameters.
The server responds with a Reply message to finalize the process.
DHCPv6 and DNS 7
DHCP Message Exchanges – Two-message exchange
When a DHCP client does not need to have a DHCP server assign it IP addresses, the client can obtain configuration information such as a list of available DNS servers or NTP servers through a single message and reply exchanged with a DHCP server.
To obtain configuration information the client first sends an Information-Request message to the All_DHCP_Relay_Agents_and_Servers multicast address.
Servers respond with a Reply message containing the configuration information for the client.
DHCPv6 and DNS 8
DHCPv6 Operations
DHCPv6 and DNS 9
DHCPv6 Multicast Addresses
All_DHCP_Relay_Agents_and_Servers (FF02::1:2) A link-scoped multicast address used by a client to communicate
with neighboring (i.e., on-link) relay agents and servers. All servers and relay agents are members of this multicast group.
All_DHCP_Servers (FF05::1:3) A site-scoped multicast address used by a relay agent to
communicate with servers, either because the relay agent wants to send messages to all servers or because it does not know the unicast addresses of the servers.
Note that in order for a relay agent to use this address, it must have an address of sufficient scope to be reachable by the servers.
All servers within the site are members of this multicast group.
DHCPv6 and DNS 10
DHCPv6 UDP Ports
Clients listen for DHCP messages on UDP port 546.
Servers and relay agents listen for DHCP messages on UDP port 547.
DHCPv6 and DNS 11
DHCPv6 Basic Message Format & Types
SOLICIT ADVERTISE REQUEST CONFIRM RENEW REBIND REPLY
RELEASE DECLINE RECONFIGURE INFORMATION-REQUEST RELAY-FORW RELAY-REPL
DHCPv6 and DNS 12
DHCPv6 Option Format & Base Options
Client Identifier Server Identifier Identity Association for Non-
temporary Addresses Identity Association for
Temporary Addresses IA Address Option Request Preference Elapsed Time Relay Message
Authentication Server Unicast Status Code Rapid Commit User Class Vendor Class Vendor-specific Information Interface-Id Reconfigure Message Reconfigure Accept
DHCPv6 and DNS 13
Differences between DHCP for IPv4 and IPv6
Hosts always have a link local address that can be used in requests (in IPv4 0.0.0.0 is used as source address)
Uses special multicast addresses for relay agents and servers No compatibility with BOOTP, since no BOOTP support on IPv6. Simplified two-message exchange for simple configuration cases A client can request multiple IPv6 addresses Client can send multiple unrelated requests to the same or
different servers There is a reconfigure message where servers can tell clients to
reconfigure. This feature is optional.
Domain Name System (DNS)
Paul Mockapetris invented the DNS in 1983.
DHCPv6 and DNS 15
How important is the DNS?
Getting the IP address of the remote endpoint is necessary for every communication between TCP/IP applications
Humans are unable to memorize millions of IP addresses (specially IPv6 addresses)
To a larger extent: DNS provides applications with several types of resources (domain name servers, mail exchangers, reverse lookups, …) they need DNS design hierarchy distribution redundancy
DHCPv6 and DNS 16
Approximate geographical position of all
DNS root name servers in February 2007
http://www.icann.org/maps/board-staff.htm
http://www.icann.org/maps/root-servers.htm
DHCPv6 and DNS 17
TLDs and IPv6
One of IANA’s functions is the DNS Top-Level Delegations (TLDs)
Changes in TLDs (e.gccTLDs) has to be approved and activated by IANA
Introduction of IPv6-capable name servers at ccTLDs level has to be made through IANA
DHCPv6 and DNS 18
DNS Lookup
DHCPv6 and DNS 19
DN structure
Resource Record (RRs): Data records stored by name servers. Types of RRs:
Start of Authority (SOA) Marks the beginning of a DNS zone
Name Servers (NS) Doma name of a server in a DNS zone
Canonical Names (CNAMEs) Aliases for FQDN
Pointer (PTR) Aliase for another location in the domain name space.
Resolver Host resovling a Ip address-to-name mapping
DHCPv6 and DNS 20
DNS Lookup
DHCPv6 and DNS 21
DNS for IPv6
To expand the functionality of DNS to IPv6, three aspects to be considered:
1. Define a new record to store the 128-bit IPv6 address
2. Define IPv6 equivalent for in-addr.arpa.com domain for IPv4 PTR
3. Define changes to Query messages and method of transporting them between Resolver and NS
DHCPv6 and DNS 22
The ‘Quad A’ Record(AAAA)
Similar to ‘A’ Resource Record for IPv4 (RFC3596) Holds the IPv6 Record for a host Entered into zone file in standard representation Backward compatible with (most) non-IPv6 aware
resolvers (ignored RR type)
DHCPv6 and DNS 23
Configuring AAAA record on Cisco IOS
Configuring router to query DNSv6 server
DHCPv6 and DNS 24
Reverse DNS lookup Reverse DNS lookups for IPv6 addresses use similarly the
special domain ip6.arpa which is special Top-Level Domain (TLD).
An IPv6 address is represented as a name in the ip6.arpa domain by a sequence of nibbles in reverse order, represented as hexadecimal digits, separated by dots with the suffix .ip6.arpa.
DHCPv6 and DNS 25
DNS software changes
BIND 8 – AAAA Resource records, no native IPv6 transport (patch available)
BIND 9 – All currently defined IPv6 record types, native IPv6 transport
djbns – AAAA RR only, IPv6 transport only with patch
NSD – as per BIND 9
DHCPv6 and DNS 26
IPv6 DNS and root servers
DNS root servers are critical resources! 13 roots «around»the world (#10 in the US) Not all the 13 servers already have IPv6 enabled and globally
reachable via IPv6. Need for (mirror) root servers to be installed in other locations (EU,
Asia, Africa, …) New technique : anycastDNS server
To build a clone from the master/primary server Containing the same information (files) Using the same IP address
Such anycastservers have already begun to be installed : F root server: Ottawa, Paris(Renater), Hongkong, Lisbon (FCCN)… Look at http://www.root-servers.org for the complete and updated
list.
DHCPv6 and DNS 27
DNS IPv6-capable software
BIND (Resolver& Server) http://www.isc.org/products/BIND/ BIND 9 (avoid older versions)
On Unix distributions ResolverLibrary (+ (adapted) BIND)
NSD (authoritative server only) http://www.nlnetlabs.nl/nsd/
•Microsoft Windows (Resolver& Server)
DHCPv6 and DNS 28
DNSv6 Operational Requirements & Recommendations
The target today IS NOT the transition from an IPv4-only to an IPv6-only environment How to get there?
Start by testing DNSv6 on a small network and get your own conclusion that DNSv6 is harmless, but remember: The server (host) must support IPv6 And DNS server software must support IPv6
Deploy DNSv6 in an incremental fashion on existing networks
DO NOT BREAK something that works fine (production IPv4 DNS)!
DHCPv6 and DNS 29
Host Name-to-Address Mappings Configuration Example
ipv6 host cisco-sj 3FFE:700:20:1::12ipv6 host cisco-hq 2002:C01F:768::1 3FFE:700:20:1::22ip domain-list csi.comip domain-list telecomprog.eduip domain-list merit.eduip name-server 3FFE:C00::250:8BFF:FEE8:F800 3FFE:80A0:0:F004::1ip domain-lookup
Defines two static host name-to-address mappings in the host name cache Establishes a domain list with several alternate domain names to complete
unqualified host names, Specifies host 3FFE:C00::250:8BFF:FEE8:F800 and host
3FFE:80A0:0:F004::1 as the name servers, and re enables the DNS service
Q & A