I'm currently evaluating Server 2012 to serve as a domain controller in a small heterogeneous network of Linux and Windows workstations and servers, all of which would eventually be joined to the domain. This is a 100% dual stack network; every device has IPv4 and IPv6 connectivity. The router is a Linux server running radvd 1.9.1 and various other necessities.
I have just installed the first domain controller; its domain name is ad.businessname.com
(where businessname.com
is handled by external DNS servers; the domain also has the public website, email etc. and these won't be joined to the domain at this time). It's a Server Core installed with AD DS and DNS roles. All seems well and I'm about ready to set up the second DC and start joining computers, but...
Now my network has extra IPv6 router advertisements on it, advertising Unique Local Addresses. It's also advertising the native IPv6 prefix that the actual router is advertising. At first I thought that these RAs were originating from the domain controller, since they disappeared when I shut it off, but after running Wireshark I see they came from my actual IPv6 router. Wireshark is showing that this version of the RA very shortly follows a Neighbor Solicitation for fd4a:e7ab:34a5::1 coming from the DC.
Strangely, the router is also sending the original route advertisement which it normally sends when the domain controller is not present on the network. This version of the RA matches /etc/radvd.conf
(a copy is below). A quick session with Wireshark confirmed that both versions of the router advertisement are coming from the MAC address of the Linux router running radvd
.
So far these seem harmless, as my IPv6 connectivity hasn't been interrupted by the presence of the extra RA. But since I have global IPv6 connectivity already, the ULAs seem unnecessary and unwanted.
I've spent much of last night and today scouring the Internet to try to figure out what's going on, but have found little to explain anything beyond a hint that it might have something to do with the IP Helper Service (and vague warnings to not turn it off). But as far as I have ever heard, it should be safe to disable this service when native IPv6 is available.
So my questions are:
- Why is Windows sending a Neighbor Solicitation for a ULA network?
- Why are these RAs being sent, apparently in response?
- Why do they advertise ULAs in addition to my native addresses?
- Isn't this going to cause a problem with IPv6 routing later on?
- Do I have to put up with this, or how can I make Windows and radvd behave?
Various configuration information follows:
Here is a captured RA that was sent (as shown by radvdump
which is IMO easier to read than wireshark's output). You can see that it is advertising both the ULA and the public prefix (obscured here). And when I shut down the domain controller, this version of the RA stops appearing on the network.
#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#
interface eth0
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag off;
AdvOtherConfigFlag on;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 0;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
AdvLinkMTU 1500;
prefix fd4a:e7ab:34a5::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
prefix 2001:db8:16:bf::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 86400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
RDNSS fd4a:e7ab:34a5::1
{
AdvRDNSSLifetime 86400;
}; # End of RDNSS definition
DNSSL businessname.com
{
AdvDNSSLLifetime 1800;
}; # End of DNSSL definition
}; # End of interface definition
Here is the original router advertisement, which matches the router's /etc/radvd.conf
and is still being sent onto the network, alternating with the one above:
#
# radvd configuration generated by radvdump 1.9.1
# based on Router Advertisement from fe80::20c:29ff:fef4:66f1
# received by interface eth0
#
interface eth0
{
AdvSendAdvert on;
# Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
AdvManagedFlag off;
AdvOtherConfigFlag off;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvDefaultLifetime 1800;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
AdvSourceLLAddress on;
prefix 2001:db8:16:bf::/64
{
AdvValidLifetime 86400;
AdvPreferredLifetime 14400;
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr off;
}; # End of prefix definition
RDNSS 2001:4860:4860::8888 2001:4860:4860::8844
{
AdvRDNSSLifetime 600;
}; # End of RDNSS definition
}; # End of interface definition
The list of installed roles/features on the domain controller:
[dc1]: PS C:\Users\Administrator\Documents> Get-WindowsFeature | where {$_.InstallState -eq "Installed"}
Display Name Name Install State
------------ ---- -------------
[X] Active Directory Domain Services AD-Domain-Services Installed
[X] DNS Server DNS Installed
[X] File And Storage Services FileAndStorage-Services Installed
[X] File and iSCSI Services File-Services Installed
[X] File Server FS-FileServer Installed
[X] Storage Services Storage-Services Installed
[X] .NET Framework 4.5 Features NET-Framework-45-Fea... Installed
[X] .NET Framework 4.5 NET-Framework-45-Core Installed
[X] WCF Services NET-WCF-Services45 Installed
[X] TCP Port Sharing NET-WCF-TCP-PortShar... Installed
[X] Group Policy Management GPMC Installed
[X] Remote Server Administration Tools RSAT Installed
[X] Role Administration Tools RSAT-Role-Tools Installed
[X] AD DS and AD LDS Tools RSAT-AD-Tools Installed
[X] Active Directory module for Windows ... RSAT-AD-PowerShell Installed
[X] Windows PowerShell PowerShellRoot Installed
[X] Windows PowerShell 3.0 PowerShell Installed
[X] WoW64 Support WoW64-Support Installed
The IPv6 configuration of the Ethernet interface, as requested in chat:
[dc1]: PS C:\Users\Administrator\Documents> netsh interface ipv6 show interface interface=Ethernet
Interface Ethernet Parameters
----------------------------------------------
IfLuid : ethernet_7
IfIndex : 12
State : connected
Metric : 10
Link MTU : 1500 bytes
Reachable Time : 33500 ms
Base Reachable Time : 30000 ms
Retransmission Interval : 1000 ms
DAD Transmits : 1
Site Prefix Length : 64
Site Id : 1
Forwarding : disabled
Advertising : disabled
Neighbor Discovery : enabled
Neighbor Unreachability Detection : enabled
Router Discovery : enabled
Managed Address Configuration : disabled
Other Stateful Configuration : enabled
Weak Host Sends : disabled
Weak Host Receives : disabled
Use Automatic Metric : enabled
Ignore Default Routes : disabled
Advertised Router Lifetime : 1800 seconds
Advertise Default Route : disabled
Current Hop Limit : 64
Force ARPND Wake up patterns : disabled
Directed MAC Wake up patterns : disabled
ECN capability : application