The objective of this post is to help understand and discuss AOS-CX IPv6 - Stateless Address Auto-configuration/SLAAC.
We covered AOS-CX IPv6 - IPv6 address types, Link Local Addresses, solicited-node multicast addresses, duplicate address detection, ICMPv6 Neighbor Solicitation/NS, GUA for BGP peering, GUA for inter subnet connectivity and Unique Local Addresses/ULA previously in
https://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresseshttps://community.arubanetworks.com/discussion/aos-cx-ipv6-link-local-addresses-part-2https://community.arubanetworks.com/discussion/aos-cx-ipv6-global-unicast-addresseshttps://community.arubanetworks.com/discussion/aos-cx-ipv6-unique-local-addressesStatic GUA IPv6 addresses are typically configured on critical network infrastructure devices such as routers and servers.
For hosts that do not require static IPv6 addresses, SLAAC or DHCPv6 which depend on ICMPv6 Router Advertisement/RA can be used for dynamic IP assignment.
SLAAC:
- Allows GUA IPv6 addresses to be dynamically allocated to hosts without relying on a DHCPv6 server
- Allows a host to generate its own GUA using the RA sent by the L3 default gateway
- Default gateway information is sent in the RA and the router link local address is typically used as the default gateway
The ICMPv6 RA sent by the L3 default gateway will provide default gateway information and guide host behavior with regards to IPv6 address assignment.
However, final behavior is still dependent on the host OS , e.g. Some hosts might not support DHCPv6, some hosts might use SLAAC if the DHCPv6 server is unreachable.
Managed address configuration (M), Other Configuration (O) and Autonomous address-configuration (A) flag bit combinations in the RA message will help IPv6 hosts determine if SLAAC or DHCPv6 should be used.
To indicate SLAAC should be used by hosts, the router should send M/O flags set to 0 and A flag set to 1.
We will use this topology, an AOS-CX switch, a windows host and a linux host can be seen in our example.
ULA on Lo0 is used to verify hosts can communicate beyond their local subnet.
Here is a screenshot of a Windows host with SLAAC working as expected.
You can see it has an IPv6 address ending with :e386 assigned and a temp IPv6 address ending with :e257 assigned.
It uses link local fe80::1 as default gateway to communicate beyond it's local subnet.
It has DNS server and DNS search list from RA.
It can ping to the ULA using it's link local default gateway.
Here is a screenshot of a Linux host with SLAAC working as expected.
You can see it has an IPv6 address ending with :7ecf and another IPv6 address ending with :e68c assigned.
Interestingly, the 2nd IPv6 address is not labeled temp, this is an example of different host behavior, windows vs linux.
It has DNS server and DNS search list from RA.
It uses link local fe80::1 as default gateway to communicate beyond it's local subnet.
It can ping to the ULA using it's link local default gateway.
From the switch perspective.
AOS-CX# sh ipv6 nei
IPv6 Address MAC Port Physical Port State
-------------------------------------------------------------------------------------------------------------------------------------------
2001:db8:2001:0:24c7:19b4:950d:e257 00:50:56:9e:63:9a vlan2001 1/1/47 reachable <- Windows host
fe80::6101:49e6:c661:e386 00:50:56:9e:63:9a vlan2001 1/1/47 reachable <- Windows host
fe80::4852:5683:ed5b:f967 00:50:56:9e:dc:27 vlan2002 1/1/31 reachable
2001:db8:2001:0:5c81:9d98:16a0:e68c 00:50:56:9e:37:55 vlan2001 1/1/47 reachable <- Linux host
fe80::791a:9c93:73de:9949 00:50:56:9e:37:55 vlan2001 1/1/47 reachable <- Linux host
2001:db8:2001:0:1c38:2f32:d2cf:2014 00:50:56:9e:dc:27 vlan2002 1/1/3 reachable
Total Number Of IPv6 Neighbors Entries Listed: 6.
-------------------------------------------------------------------------------------------------------------------------------------------
We can see windows host (MAC ending with 63:9a) has IPv6 neighbor mapping for it's temp GUA IPv6 address (ending with :e257) and link local address.
This means the temp IPv6 address (ending with :e257) is used to communicate beyond the subnet, the other IPv6 address (ending with :e386) is not used.
While the linux host (MAC ending with 37:55) has IPv6 neighbor mapping for it's GUA IPv6 address (ending with :e68c) and link local address.
This means the IPv6 address (ending with :e68c) is used to communicate beyond the subnet, the other IPv6 address (ending with :7ecf) is not used.
As shown above, you have seen how Windows/Linux hosts and AOS-CX switch interact when SLAAC is used.
If you have questions, let's discuss!
------------------------------
DWan
------------------------------