You are not logged in.

#1 2017-05-22 20:01:30

apoletti
Member
From: Arizona
Registered: 2016-02-17
Posts: 16

Static IPv6 Address Reservations Using DHCPv6

Hi there, it's been a while since I've been on here, mainly since things have been running smoothly wink. Anyway, I finally had the time to get IPv6 working on my Arch-based router using a Hurricane Electric tunnel broker. It works great thus far--forwarding works and RADVD is handing out the correct prefix to the clients. Now my next task is getting DHCPv6 (I'm using the ISC daemon) to hand out static reservations as I do with IPv4. For IPv4, I collected the MAC addresses of all devices on my network--from desktop/laptop computers, to phones/tablets, to appliance-type devices like my Amazon FireTV-- and gave them each a client stanza in the dhcpd.conf file to give them an address based on an entry in my DNS records. For example, the following is for my FireTV (FYI the DNS entry is 10.0.0.53):

  host FireTV {
    hardware ethernet 10:AE:60:BA:98:AB;
    fixed-address FireTV.ConeSystems.com;
  }

I would like to do the same with IPv6. I already added a AAAA DNS record, but I'm not sure how to assign it. Everything I read so far says you need a DUID, which on a Linux or Windows system I can get, but on other devices like the FireTV, my network printer, and Android/iOS devices, I can't seem to get them. Also, I've heard that the DUIDs may chance if the devices get updated (like Windows) or reinstalled, which makes it more fragile than a MAC in my opinion. I was considering using EUI-64 addresses, which is deterministic based on the MAC, but I'm not certain all devices support it and Windows uses Privacy Extensions by default. So what is the best practice for this?

Which leads me to my next issue--is it possible to configure devices to use a privacy address for normal Internet bound traffic, but also assign an internal one I can use my DNS with (i.e. fd00:1::53 for the FireTV)? This is because I'm not using NAT for IPv6 (isn't that one of the selling points of IPv6?) and would rather not go back to that.

I appreciate any input. I've learned a lot about IPv6 the last few weeks and am so excited (nerd moment) that I got it working thus far. After I get this working, my last step is getting OpenVPN to tunnel IPv6 in addition to IPv4 (which works great now).

Offline

#2 2017-05-23 13:52:50

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: Static IPv6 Address Reservations Using DHCPv6

Maybe  RFC 6939 - Client Link-Layer Address Option would work ?


Disclaimer :

I have no idea if dhcp from ISC supports RFC 6939 and no personal experience with Client Link-Layer Addresses .


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#3 2017-05-23 17:44:44

apoletti
Member
From: Arizona
Registered: 2016-02-17
Posts: 16

Re: Static IPv6 Address Reservations Using DHCPv6

I can't believe I missed that! It sounds like a good thing to try. I'm curious why DUIDs aren't as "easy" to manage as MACs are. I mean, you can find MACs on the packaging of phones and other devices (I think it's an FCC requirement, not sure though), but the DUID seems to be unnecessarily complex. I get that with IPv6 the DHCP server need not be on the same subnet, hence it can't use the link-layer MAC address. But the DHCPv6 request could easily contain the MAC as part of it's datagram and thus be able to travel to any other network.I can still see a use for an addition IAID so devices with multiple connections can be considered the same device, but the IAID+MAC pair should be sufficient--i.e. we don't really need a DUID. Maybe I'm oversimplifying the issues though.

Last edited by apoletti (2017-05-23 23:31:56)

Offline

#4 2017-05-23 18:33:49

rsmarples
Member
Registered: 2009-05-12
Posts: 287

Re: Static IPv6 Address Reservations Using DHCPv6

The idea behind the DUID is that it doesn't change when you swap network cards.

If you provision the address to the MAC, it follows the MAC which normally isn't desirable.

Offline

#5 2017-05-23 23:42:48

apoletti
Member
From: Arizona
Registered: 2016-02-17
Posts: 16

Re: Static IPv6 Address Reservations Using DHCPv6

OK, that makes sense. I suppose though for devices where the network adapter can't be changed (e.g. my FireTV) it doesn't matter. I would like to use the DUID for everything if that is the "proper" way to do it in IPv6. If I only knew how to get the DUID from all of my devices, that would be fantastic. How would you go about collecting DUIDs, or would you be in the same boat as me per se?

Offline

#6 2017-05-24 07:47:31

rsmarples
Member
Registered: 2009-05-12
Posts: 287

Re: Static IPv6 Address Reservations Using DHCPv6

OK, that makes sense. I suppose though for devices where the network adapter can't be changed (e.g. my FireTV) it doesn't matter.

Of course, the FireTV would never have a virtual tunnel interface bridged to the physical interface (and thus different MAC address)?
Just because there is one physical interface does not mean there are virtual interfaces internally with different MAC addresses. This is what DUID is trying to solve.

Moving forwards, dhcpcd will try and default the DUID to the UUID of the system where supported.
Like the MAC address, this could be printed on the unit. The UUID would be set in the BIOS (pc) or by u-boot (think devices like Edge Router Lite) and then set in the kernel.
But not all kernels support this (I need to work on this in NetBSD for example).

Well, how you get the DUID also depends on the software.
dhcpcd-6.x and older look in /etc/dhcpcd.duid
dhcpcd-7.x and newer look in /var/lib/dhcpcd/duid

Other software may have the DUID in different places, or require running a program to see it.

BUT that's not the end of the story! DUID just identifies the host. IAID identifies the interface within the host (IAID is a 32-bit number, too short for a MAC address).
dhcpcd will default to using the VLANID if >0 or the last 4 bytes of the MAC address.
The two are combined to make the ClientID (DHCPv4) or use separately (DHCPv6) depending on the protocol.

Hope this helps!

Offline

#7 2017-05-24 16:08:29

apoletti
Member
From: Arizona
Registered: 2016-02-17
Posts: 16

Re: Static IPv6 Address Reservations Using DHCPv6

Thanks for the explanation! I believe I am convinced the DUID+IAID is the way to go. But as I've said for devices like the FireTV or my printer, I don't know how to get those values, hence I'm not able to use the client ID in DHCPD. So I think for now I'll use the MAC as outlined in the RFC and hope that the DUID+IAID information for devices will become as transparent as the MAC in the future. I honestly can't wait to be able to turn off IPv4 completely, if only everyone would get on board.

Offline

Board footer

Powered by FluxBB