Skip to end of metadata
Go to start of metadata

General Setup

To use DHCPv6, you must setup a DHCPv6 server and configure your router to set the appropriate flags in its Router Advertisement packets. DHCPv6 can be used to obtain addresses, configuration data, or both. Whether a client uses stateless auto-configuration, DHCPv6, or both is controller by the M and O flags in the Router Advertisement (RA) packets.

At NANOG 46, Comcast gave a tutorial presentation on DHCPv6, with a description on how it might be used in cable access networks. Slides are available, as is a recording of the presentation.

Router Configuration

To enable stateful DHCPv6 (e.g., clients get addresses from the DHCPv6 server), set the M flag in the RA.

To enable stateless DHCPv6 (e.g., clients get configuration data, such as DNS search domains, from the DHCPv6 server), set the O flag in the RA.

Both the M and O flags may be set.

See the Router Configuration page for configuration examples.

The Router Advertisement's M flag is commonly described as a toggle between stateless autoconfiguration or using DHCPv6 to obtain addresses. This is false. Rather, it indicates whether or not DHCPv6 may be used. It says nothing about whether stateless autoconfiguration may also be used. To quote RFC 4862,

"It should be noted that a host may use both stateless address autoconfiguration and DHCPv6 simultaneously." - RFC 4862, section 4.

To disable stateless autoconfiguration, you must change the Router Advertisement's Prefix Information option, to not set the A flag (see RFC 4861, section 4.6.2). This will disable stateless autoconfiguration for the advertised prefix. This is described in RFC 4862, section 5.5.3.

Server support

OS

Non-temporary address

temporary address

stateless mode

rapid-commit

DNS servers

DNS search domains

SNTP

Prefix Delegation

Authentication

Pseudo-random address assignment

Windows Server 2008

Yes

No

Yes

No / Yes (in R2)

Yes

Yes

Yes

 

 

Yes

ISC DHCP 4.1

Yes

Yes (in 4.1)

 

Yes

 

 

 

Yes (in 4.1)

 

No

AIX 5.3

 

 

 

 

 

 

 

 

 

 

Dibbler

Yes

Yes

 

Yes

Yes

Yes

Yes

 

Yes (0.7.0)

 

Fedora DHCPv6

 

 

 

 

 

 

 

 

 

 

WIDE DHCPv6

Yes

No

Yes

Yes

Yes

Yes

Yes

Yes

 

No

Nominum DCS 3

Yes

Yes

Yes

Yes

Yes

Yes

Yes

 

Yes

IOS

 

 

Yes

Yes

Yes

Yes

Yes

Yes

 

 

JunOS 5.3+

 

 

 

 

 

 

 

 

 

 

Hitachi GR2000

 

 

 

 

 

 

 

 

 

 

HP-UX 11i

 

 

Yes

Yes

Yes

Yes

 

 

 

 

Windows Server 2008

Supports these DHCPv6 configuration options:

21 - SIP Servers Domain Name List
22 - SIP Servers IPv6 Address List
23 - DNS Recursive NAme Server IPv6 Address List
24 - Domain Search List
27 - NIS IPv6 Address List
28 - NIS+ IPv6 Address List
29 - NIS Domain List
30 - NIS+ Domain Name List
31 - SNTP Servers IPv6 Address List

Bugs

  • Windows 2008's DHCPv6 server does not support requests for temporary addresses.
  • Windows 2008's DHCPv6 server does not support rapid-commit. (This is fixed in Windows 2008 SP2 and 2008 R2).
  • Windows 2008's DHCPv6 server malforms the DNS Domain Search List. See Microsoft bug 345620. (This is fixed in Windows 2008 SP2 and 2008 R2).

ISC DHCP 4.1

ISC's server can only be run in either DHCPv4 or DHCPv6 mode. To provide both protocols on a network, two instances must be run.

Sample configuration:

option dhcp6.domain-name-servers code 23 = array of ip6-address;
option dhcp6.time-servers code 40 = array of ip6-address;

option dhcp-renewal-time 86400;
option dhcp-rebinding-time 43200;

ddns-update-style none;
authoritative;

subnet6 2610:8:6800:4::/64 {
    range6 2610:8:6800:4:bbbb::/80;
    option dhcp6.domain-name-servers 2610:8:6800:1::4 2610:8:7800:9::4 2610:8:7800::4;
    option dhcp6.time-servers 2610:8:6800:1::4 2610:8:7800:9::4 2610:8:7800::4;
}

To enable rapid-commit, set this option globally:

option dhcp6.rapid-commit;

The dhcp6.rapid-commit option must be set globally. If it set inside a subnet6 directive, it will be ignored.

ISC DHCP 4.1 compiles on Linux, Solaris, and FreeBSD.

Dibbler

Configuration docs

AIX 5.3

Configuration docs

Fedora dhcp6s

Project page

WIDE DHCP6s

Sample configuration

# use et1, et2 and otc2 for DNS and NTP
option domain-name-servers 2610:8:6800:1::4 2610:8:7800:9::4 2610:8:7800::4;
option ntp-servers 2610:8:6800:1::4 2610:8:7800:9::4 2610:8:7800::4;

option domain-name "et-test.psu.edu";
option domain-name "its.psu.edu";
option domain-name "psu.edu";

# use pool1 for addresses
# preferred lifetime: 1 hour
# valid lifetime: 5 hours
interface em0 {
     allow rapid-commit;
     address-pool pool1 3600 18000;
};

pool pool1 {
     range 2610:8:6800:4:bbbb::1 to 2610:8:6800:4:bbbb::ffff ;
};

Bugs

When setting DNS domain search lists, if you start the search domains with a ".", dhcp6s will segfault.

E.g., this works:

option domain-name "et-test.psu.edu";
option domain-nane "psu.edu";

This will cause a segfault (note the periods before the domain names):

option domain-name ".et-test.psu.edu";
option domain-name ".psu.edu";

Nominum DCS 3

DCS 3.0.0.1 supports DHCPv6. DHCPv6 support requires a separate license from Nominum. DCS supports Rapid Commit, but is disabled by default. To enable it, set the dhcp6-allow-rapid-commit scoped configuration field.

DCS supports the following DHCPv6 options:

21 - SIP Servers Domain Name List
22 - SIP Servers IPv6 Address List
23 - DNS Recursive NAme Server IPv6 Address List
24 - Domain Search List
27 - NIS IPv6 Address List
28 - NIS+ IPv6 Address List
29 - NIS Domain List
30 - NIS+ Domain Name List
31 - SNTP Servers IPv6 Address List
41 - Timezone-POSIX
42 - Timezone-TZDB

Sample Configuration

The following was done on a Solaris 10 x86 machine:

pfexec nom_tell dcs

# create a network object for the 2610:8:6800:4::/64 network
dcs> network.add name=v6test network=2610:8:6800:4::/64

# I want to assign addresses in the range 2610:8:6800:4::bbbb:0 to 2610:8:6800:4::bbbf:0
dcs> pool.add name=pool-bbb
dcs> range.add pool=pool-bbbb start=2610:8:6800:4::bbbb:0 end=2610:8:6800:4::bbbf:0

# enable rapid-commit on this pool
dcs> pool.update name=pool-bbbb dhcp6-allow-rapid-commit=true

# check that everything looks ok
dcs> pool.get name=pool-bbbb
{
    type => 'pool.get'
    dhcp6-allow-rapid-commit => 'true'
    generation => '5'
    last-stored-time => '1236202666.761227'
    name => 'pool-bbbb'
    range-accounting => (
        {
            range-start => '2610:8:6800:4::bbbb:0'
            range-end => '2610:8:6800:4::bbbf:0'
            range-used => '0'
            range-active => '0'
            my-addr-free => '262145'
            peer-addr-free => '0'
            reserved-free => '0'
            bootp => '0'
        }
    )
    ranges => ('2610:8:6800:4::bbbb:0')
}


# create an IPv6 option set
dcs> optionset.add name=v6_options
dcs> server.update optionsets+=(v6_options)

# add options for SNTP servers (et1, et2, clock.psu.edu)
# add options for recursive DNS servers (et1, et2, clock.psu.edu, sodium.tns.its.psu.edu)
# add option for DNS search domains (et-test.psu.edu., its.psu.edu., psu.edu.)
dcs> optionset.update name=v6_options options6={ sntp-servers=> ('2610:8:6800:1::4' '2610:8:7800:9::4' '2610:8:7800::4') domain-name-servers => ('2610:8:6800:1::4' '2610:8:7800:9::4' '2610:8:7800::4' '2610:8:6800:6::4') domain-search-list => ('et-test.psu.edu.' 'its.psu.edu.' 'psu.edu.') }

# check that it looks ok
dcs> optionset.get name=v6_options {     type => 'optionset.get'     generation => '5'
    last-stored-time => '1236202988.191853'
    name => 'v6_options'
    options6 => {
        sntp-servers => ('2610:8:6800:1::4' '2610:8:7800:9::4' '2610:8:7800::4')
        domain-name-servers => ('2610:8:6800:1::4' '2610:8:7800:9::4' '2610:8:7800::4' '2610:8:6800:6::4')
        domain-search-list => ('et-test.psu.edu.' 'its.psu.edu.' 'psu.edu.')    }
}

# quit DCS and restart DCS
dcs> quit

# nom_tell nanny restart dcs

# verify that the machine has joined the DHCPv6 multicast groups
$ netstat -gf inet6
Group Memberships: IPv6
 If       Group                   RefCnt
----- --------------------------- ------
lo0   ff02::1:ff00:1                  1
lo0   ff02::1                         1
e1000g0 ff02::1:2                       1        <-- All_DHCP_Relay_Agents_and_Servers
e1000g0 ff05::1:3                       1        <-- All_DHCP_Servers
e1000g0 ff02::1:fffc:a0cb               1
e1000g0 ff02::202                       1
e1000g0 ff02::1:ffcd:5bcf               1
e1000g0 ff02::1                         3

Cisco IOS

Configuration docs.

Note, not all DHCPv6 features are enabled in every IOS version. Consult the IOS DHCPv6 documentation for a complete list.

JunOS

coming soon.

Hitachi GR2000

Not tested empirically, due to lack of equipment. 

HP-UX 11i

Not tested empirically, due to lack of equipment.

The HP-UX DHCPv6 2.002/2.003 add-on is available for IA-64 and PA-RISC platforms.It is bundled with 11i v2 and v3. See this page for more information.

It supports the following DHCPv6 options:

21 - SIP Servers Domain Name List
22 - SIP Servers IPv6 Address List
23 - DNS Recursive NAme Server IPv6 Address List
24 - Domain Search List
27 - NIS IPv6 Address List
28 - NIS+ IPv6 Address List
29 - NIS Domain List
30 - NIS+ Domain Name List

Rapid commit is supported but must be manually enabled by passing the -C argument to dhcpv6d on the command-line.

Client support

You may wish to consult the DHCPv6 section of the IPv6 Rosetta Stone page. It lists common DHCPv6-related commands for a variety of operating systems.

OS

client installed by default

client enabled based on RA

client configured by default

Stateless mode

Rapid commit

Non-temporary address

Temporary Address

DNS Search Domain

DNS Servers

NTP servers

Prefix Delegation

Authentication

Releases lease on shutdown

Windows Vista

Yes

Yes

Yes

Yes

No

Yes

No

Yes (with bugs!)

Yes

No

Yes, if ICS is enabled.

 

No, appears to leak.

Windows 7

Yes

Yes

Yes

Yes

No

Yes

No

Yes

Yes

 

Yes, if ICS is enabled.

 

Not by default; journals lease to disk

Solaris 10 U4

Yes

Yes

Yes

 

Yes (always)

Yes

No

No

No

No

No

 

Not by default; journals lease to disk.

Windows XP + Dibbler

No

 

Yes

Yes

 

Yes

Yes

N/A

N/A

N/A

 

Yes (0.7.0)

Not by default; journals lease to disk.

FreeBSD/ WIDE

No

Yes

No

Yes

Yes (not enabled by default)

 

 

Yes

Yes

Yes

Yes

 

Yes

RedHat Linux 5 / Fedora 9

 

 

Yes

Yes

 

 

 

Yes

Yes

Yes

Yes

 

 

Ubuntu 8.04

No

Yes

Yes (with bugs)

Yes

 

 

 

Yes

Yes

 

 

 

 

AIX 5.3

Yes

No

Yes

Yes

Yes

 

 

Yes

Yes

 

 

Yes

 

Mac OS X

No

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

ISC DHCP 4.1

N/A

N/A

N/A

Yes

Yes (in 4.1)

Yes

Yes

 

 

 

Yes

 

Not by default; journals lease to disk. 

HP-UX 11i

 

 

 

 

 

Yes

Yes

Yes

Yes

 

 

 

 

Windows Vista

Microsoft has a good article on auto-configuration in Vista.

Vista will detect the M flag and obtain a DHCPv6 lease for a non-temporary address. It requests configuration data for DNS servers and DNS search domains. Vista's DHCPv6 client does not request rapid-commit.

Vista allows router discovery to be disabled, as well as the managed and other configuration modes to be disabled. Kbase article 961433 has more information.

Note, when using cloning a system, you must manually delete the DUID. Delete this registry key: 

Bugs

  • Vista SP1 doesn't issue a DHCPv6 release upon shutdown.
  • Vista SP1 malforms the FQDN option (option 39, defined in RFC 4704). This issue is fixed in Vista SP2.
  • Vista SP1 doesn't properly parse DNS search domains. It uses the same broken parsing algorithm as Windows 2008. See Microsoft bug 345620. This issue is fixed in Vista SP2.

Windows 7

Windows 7's DHCPv6 support is largely the same as Windows Vista SP2. One improvement is that Windows 7 will journal a DHCPv6 lease to disk upon shutdown. Upon reboot if the lease is still valid, 7 will attempt to confirm that address. Even if it is unable to contact the originating DHCPv6 server, it will configure the address. This behavior is in compliance with RFC 3315, section 18.1.2.

Solaris 10 Update 4

The DHCPv6 client is installed by default. Out of the box, it lacks configuration scripts to configure options (DNS servers, DNS search domains, NTP servers, etc) that are acquired via DHCPv6.

If the M flag is set in the RA, and IPv6 is enabled on the Solaris host, in.ndpd(1M) will send a DHCPv6 Solicit. The Solaris 10 DHCPv6 client uses rapid-commit. Not all DHCPv6 servers support rapid-commit.

By default, the client requests the following options: Preference (7), Server unicast (12), DNS recursive name server (23), Domain Search List (24), NIS (27) NIS Domain Name(29).

To display the DHCPv6 address lease times, use netstat -D:

$ netstat -D
Interface  State         Sent  Recv  Declined  Flags
e1000g0    BOUND            1     1         0  [V6]
(Began, Expires, Renew) = (03/05/2009 11:37, 03/05/2009 13:37, 03/05/2009 12:37)

To display DHCPv6 configuration data, use the dhcpinfo(1) command, with the "-v6" option. For example, to display the DNS servers returned by the server, run:

$ /sbin/dhcpinfo -v6 -i e1000g0 DNSAddresses
2610:8:6800:1::4
2610:8:7800:9::4
2610:8:7800::4

The list of queryable options may be found in dhcp_inittab(4).

To set the configuration options requested by the client, edit /etc/default/dhcpagent. For example, to only request the DNS recursive name server (23) and Domain Search List (24) options, you would set:

$ cat /etc/default/dhcpagent
.v6.PARAM_REQUEST_LIST=23,24

This will set the request options globally. To set them for a specific interface, prepend the interface name to the line, e.g., e1000g0.v6.PARAM_REQUEST_LIST=23,24

By default, Solaris does not release addresses upon suspend/shutdown. To force dhcpagent to release addresses, edit /etc/default/dhcpagent and uncomment the line

.v6.RELEASE_ON_SIGTERM=yes

On shutdown, if a DHCPv6 lease is still valid, Solaris will journal the lease information to disk. Upon reboot, if the lease is still valid, Solaris will reconfigure that address, even if the DHCPv6 server that leased it is offline. The client sends several DHCPv6 CONFIRM messages first. If it doesn't get a response, it will configure the address anyway. This behavior is in compliance with RFC 3315, section 18.1.2.

The Solaris 10 DHCPv6 client appends "." to DNS search domains (e.g., a search domain of "psu.edu" will be stored as "search psu.edu."). This is not a serious issue as the DHCPv6 client does not write these values into /etc/resolv.conf (you can discover them by using dhcpinfo(4) with the DNSAddresses query option).

More information can be found in Sun's DHCP client documentation

Bugs

  • The client lacks configuration scripts for common DHCPv6 options (DNS servers, DNS search domains, NTP servers).

Windows XP SP2 + Dibbler

XP does not natively support DHCPv6, but there are third party DHCPv6 clients available.

On Windows XP SP3, it may be necessary to open a hole in the firewall for the DHCPv6 traffic.

The Dibbler client can request DNS servers, DNS search domains, and NTP server but these aren't used, as Windows XP can only use IPv4 for DNS queries and NTP.

Notes:

Dibbler 0.70 sends multiple DHCPv6 Solicts before sending a Request.

When installed as a service, Dibbler does not run before the logon window appears. There is a several second delay before the DHCPv6 reply is received.

FreeBSD 7 / WIDE

Enable IPv6: Edit /etc/rc.conf and add:

ipv6_enable="YES"

and reboot.

Install WIDE DHCPv6:

cd /usr/ports/net/dhcp6
sudo make install clean

In /etc/rc.conf.d/dhcp6c add:

dhcp6c_enable YES
dhcp6c_interfaces XX

In /usr/local/etc/dhcp6c.conf, add:

interface XX {
	send ia-na 0;
	request domain-name-servers,domain-name,ntp-servers;
};

id-assoc na {
};

where XX is your interface identifier (e.g., em0).

Once the DHCPv6 client is installed, FreeBSD will start it at boot time, if the M bit it set in the Router Advertisement. WIDE-DHCPv6 sends a DHCPv6 release upon shutdown. It tries to renews its address when half of the preferred lifetime has elapsed (e.g., if the preferred lifetime is 600 seconds, it will send a DHCPv6 Renew after 300 seconds).

Bugs

  • By default, dhcp6c won't set the DNS, search realm or NTP servers. It requires a helper shell script to to this. No such script is bundled with FreeBSD.
  • The DHCPv6 client must be manually installed and configured.

Ubuntu / WIDE

Ubuntu 7.10, 8.04 and 8.10 do not a DHCPv6 client by default. To install:

sudo apt-get install wide-dhcpv6-client

You have to manually configure the WIDE client:

and select the interface on which to run DHCPv6:

By default, Ubuntu's DHCPv6 config runs in information-only mode - it assumes it gets a routable IPv6 address via stateless autoconfiguration. To change this, you must edit /etc/wide-dhcpv6/dhcp6c.conf to resemble the following:

interface XXXX
{
	information-only; <-- remove this
	send ia-na 0;	<-- add this;
	request domain-name-servers;
	request domain-name;

	script "/etc/wide-dhcpv6/dhcp6c-script";
};

id-assoc na {		<-- add this
};			<-- add this

Ubuntu's dhcp6c-script will set DNS servers and search domains. It does not set NTP servers. The WIDE dhcp6c client appends "." to DNS search domains (e.g., a search domain of "psu.edu" will be written to /etc/resolv.conf as "search psu.edu.").

I haven't been able to get DHCPv6 working on Ubuntu 7.10. It works on Ubuntu 8.04 and 8.10.

8.04 periodically releases its lease and obtains a new one.

Bugs

  • DHCPv6 client not installed by default.
  • NTP servers are not set.
  • The DHCPv6 address lifetimes aren't set properly (the valid and preferred lifetimes).

RedHat Enterprise Linux / Fedora Core

RHEL and Fedora bundle the Fedora DHCPv6 package.

The installer appears to allow the user to enable DHCPv6:

However, selecting this box doesn't actually do anything. The DHCPv6 client (dhcp6c) will not be enabled after installation. All lines in /etc/dhcp6c.conf are commented out. The default firewall rules (ip6tables) blocks DHCPv6 REPLY packets.

Bugs

  • Selecting DHCPv6 in the installer does not result in DHCPv6 being used.
  • dhcp6c is not started during boot, even if the RA has the M flag set.
  • nameservers are not set properly in /etc/resolv.conf. If multiple name servers are set in the DHCPv6 Reply, they will all be placed on one line. E.g:"nameserver 2610:8:6800:1::4 2610:8:7800:9::4 2610:8:7800::4", which does not parse. This bug is fixed in version 1.0.15, or by applying this patch.

ISC dhclient 4.1.0

ISC's DHCPv6 client was tested on FreeBSD 7.1.

The ISC client does not yet have a default option request list for DHCPv6. You must manually specify what options to request in dhclient.conf(5). dhclient.conf requires that DHCPv6 options be specified by their numeric values. DHCPv6 options are not (yet) integrated into the "request" and "require" syntax used for DHCPv4.

For example, to request an IPv6 address, DNS servers, DNS search domains, and NTP servers, you would specify the following:

send dhcp6.oro 3, 23, 24, 31;

3 = OPTION_IA_NA (IPv6 address)
23 = DNS Recursive Name Server Option
24 = Domain Search List option
31 = OPTION_SNTP_Servers

Users may wish to consult the IANA DHCPv6 parameters registry for the list of numeric values.

To enable rapid commit, set the following in dhclient.conf:

send dhcp6.rapid-commit;

Currently, there is very little documentation on DHCPv6 configuration. Users are advised to consult ISC's dhcp-users mailing list.

AIX 5.3

AIX 5.3 added a DHCPv6 client. IBM's site has configuration data

The client does send a RELEASE upon shutdown.

Sample configuration

Put the following in /etc/dhcpv6/dhcpc6.cnf:

option dns-servers
option domain-list

logging_info {
        log-file-size 4000
        log-item SYSERR
        log-item PROTERR
        log-item WARNING
        log-item EVENT
        log-item ACTION
        log-item INFO
        log-item ACNTING
        log-item TRACE
        log-file-num 3
        log-file-name "/var/tmp/dhcpv6.log"
}

interface xxx {
        option ia-na
}

Then run the following as root:

startsrc -s dhcpcd6

To launch the DHCPv6 client on boot, add the following to /etc/rc.tcpip :

# Start up the DHCPv6 client daemon
start /usr/sbin/dhcpcd6

Bugs

  • The DHCPv6 client isn't started automatically based on flags in the RA.

Mac OS X

Notes

DHCPv6 is included on OS X 10.7 Lion and later - http://seclists.org/nanog/2011/Jul/417

The Dibbler project is working on a port to Mac OS X. The WIDE-DHCPv6 client compiles on Mac OS X.

Client configuration file that worked at Winter 2009 ESCC/Internet2 Joint Techs Workshop.

Bugs

  • Mac OS X 10.6 and below does not support DHCPv6 natively. See Apple bug 6544362.

HP-UX 11i

The HP-UX client hasn't been tested empirically due to lack of equipment. This section is populated based on HP's documentation.

The client supports the following DHCPv6 options:

  • SIP-server-address
  • SIP-server-domain-list
  • DNS-server-domain-list
  • NIS-domain-name-list
  • NIS+client_domain_list

By default, the client will query for SIP-server-address, SIP-server-domain-list, and DNS-server-domain-list.

From the documentation, it appears that the DHCPv6 client must be manually enabled by setting DHCPV6_ENABLE=1 in /etc/rc.config.d/netconf-ipv6

The client provides a helper utility, dhcpv6client_ui, which can be used to obtain non-temporary and/or temporary addresses, or configuration data.

Relay Agents

Forthcoming.

Cisco IOS. Dibbler, AIX, and HP-UX 11i (among others) provide DHCPv6 relay agents.