18

IPv6 and RFC 2462 provide a means for hosts to configure their own IP addresses via stateless address autoconfiguration. To me this seems like the bee's knees, and it leaves me wondering why someone would want to go through the trouble of configuring a DHCPv6 server instead. I don't manage networks as a profession, so I'm guessing that there are some obvious simple reasons why one would want to support DHCPv6 that don't occur to me. Could someone please elaborate on what these reasons might be?

Jeff
  • 360
  • 1
  • 2
  • 11

7 Answers7

9

One thing that DHCPv6 supplies that autoconfig doesn't is DNS servers.

becomingwisest
  • 3,278
  • 19
  • 17
  • 3
    http://tools.ietf.org/html/rfc6106 For now, anyway – DerfK Feb 28 '11 at 04:42
  • 1
    There's RFC 6106. If you can't use that yet your IPv4 DNS servers will probably be around until you can. Definitely not a reason by itself to use DHCPv6. – eater Feb 28 '11 at 04:50
9

You want DHCPv6 if

  • the network administrator should have control over who gets (which) IPv6 addresses, e.g. because they need to be in sync with AAAA DNS records, or
  • if you don't want to tell the outside your MAC addresses (i.e. what hardware vendors you use), but don't want to use privacy extensions either, e.g. to still use permanent IPv6 addresses, or
  • if you want the same dynamic DNS updates for IPv6 which you're used from your DHCP(v4) server for IPv4.
Axel Beckert
  • 398
  • 2
  • 17
  • Why would you need DHCPv6 over SLAAC if you want dynamic DNS updates? – Ale Dec 12 '14 at 23:52
  • Good point, I updated that statement to be less ambiguous. – Axel Beckert Dec 12 '14 at 23:54
  • 2
    @Ale Some operating systems handle SLAAC entirely in-kernel and have no provision for calling a userland program after SLAAC completes, which would be required to do dynamic DNS updates. Since DHCPv6 is done in userland, it is possible to have dynamic DNS updates. – Michael Hampton Dec 13 '14 at 02:32
  • @MichaelHampton Even if there is no direct hooks for calling user space code immediately upon completing SLAAC, there are so many other ways the result of SLAAC would be visible to user space, that it certainly would be possible to create a user space utility that could detect the assigned addresses and update DNS. – kasperd Dec 13 '14 at 10:45
  • 1
    @kasperd That's probably true...now I wish someone would do it! This is one of the annoying issues in my FreeIPA domains. – Michael Hampton Dec 13 '14 at 10:46
7

DHCPv6 provides more control to the administrator in assigning addresses. If you really want that sort of control over your IPv6 addresses, you don't understand IPv6 yet.

It also can be used to provide additional configuration parameters beyond the basic address/gateway supported through autoconfiguration. An example might be WINS servers, NTP servers, TFTP boot servers, and other less common options. None of which are worth the pain of deploying a DHCPv6 architecture in my opinion.

Stick with autoconfig.

eater
  • 1,519
  • 9
  • 12
  • 6
    Specifying TFTP isn't worth deploying a DHCP server? I'm guessing you've never deployed IP phones... – Jason Berg Feb 28 '11 at 05:28
  • 13
    I think it's arrogant to claim that if you want DHCPv6 you haven't understood yet. There are definitely scenarios where DHCPv6 is the best solution. – Axel Beckert Dec 12 '14 at 23:05
3

DHCPv6 has many features not present in SLAAC. Most of those features are rarely needed.

There is however one DHCPv6 feature, which would be useful in many cases. That is prefix delegation. If you are a network administrator at an ISP, that one feature may be enough for you to make it worthwhile to deploy a DHCPv6 server. If you are not working for an ISP, you probably don't need prefix delegation.

What prefix delegation can do is that the DHCPv6 server at the ISP can tell the CPE router which range of addresses it can use for its internal LAN(s). Without prefix delegation only the WAN interface of the router could be autoconfigured. The LAN would need to be manually configured.

The CPE router would act as DHCPv6 client. It would not need to act as DHPv6 server, since the LAN(s) can just use SLAAC.

kasperd
  • 29,894
  • 16
  • 72
  • 122
1

SLAAC was a good attempt to autoconfig addresses and remove the centralization that a DHCP server obliges. In a IPv4 network with all devices' addresses handled by DHCP server, if it fails, soon enough (when leases start expiring), nobody will be able to talk anymore.

But SLAAC lacks features. In example, if you wanna attribute a local domain name for every device, you're gonna need a local DNS server anyway. If all connections are done by these names instead of (very) long IPv6 addresses, then you have back your centralized server giving you neat features and that irritating risk. Then, if you have a DNS server, then a DHCP one isn't big issue.

Another example, if you have multiple VLANs. Say you wanna restrict only known devices to your VLAN, and configure another one for new yet-unknown devices. This VLAN can't access Internet and neither see your devices. Then a DHCP server comes at hand.

A big issue with SLAAC is that a device's address has its MAC. It was ingenuous to do that, as it increased address size and reduced privacy, some say security too. DHCP server allows you to use other rules to set addresses.

Hikari
  • 107
  • 3
  • 12
0

The whole point of ipv6 is for every device to have a permanent unique address that can be routed (found) in the network. The 'D' in DHCP stands for 'Dynamic' which was needed in ipv4 when ipv4 address exhaustion started to be a problem. ipv4 addresses could no longer be assigned without having routing problems. That is not the case with ipv6.

It is not needed. It defeats the point of having a bigger ip address space.

DHCPv6 foments an stratified ip address space. Not a good idea as we have seen with ipv4.

Stick with autoconfig.

0

Dhcpv6-PD is actually really efficient in the sense of ad-hoc networks. Got a computer that can't use ndp to get dns, so have to use dhcp to get dns, tftp and certificate server. Also, dhcpv6 is good for prefix delegation, I like to assign /128 addresses.

Omoeba
  • 1
  • I thought all up to date OS understood DNS advertised through router advertisements by now. And I don't know of any good reason for using link prefixes longer than /64. – kasperd Nov 21 '16 at 21:44