14

Is there any way in IPv6 to enable dynamic addressing and configuration for a subset of hosts on a network identified by specific mac addresses?

I have been slowly working at setting up IPv6. All my routers have static addresses and routes and a few critical servers are statically addressed. Now I want to start testing out some clients, but I don't want to simply enable it for an entire network at once. I would like to be able to just enable it for a few hosts.

In the IPv4 world I would setup a DHCP server with 0 free addresses in the scope, and just setup reservations. In the IPv6 world this doesn't appear to be an option since I can't set a default gateway via DHCPv6, that apparently can only be learned via router advertisements.

How is this approached? Is it simply not possible to selectively enable IPv6 on a network?

My routers are Linux based and the DHCPv6 server would run on Linux if it matters, and I am looking to enable clients of all sorts (Windows/Linux/OSX).

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • Why can't you do DHCPv6 reservations? Even my _home router_ can do this. – Michael Hampton Dec 06 '13 at 18:22
  • @MichaelHampton, Yes DHCPv6 should be able to deliver an address to the client, but how do I get the client to have a default route? – Zoredache Dec 06 '13 at 18:25
  • On the DHCP server, you could make some iptables-rules which blocks DHCPv6 from some MAC addresses and allows from the ones you wish to have IPv6 enabled. – Atle Dec 06 '13 at 18:42
  • @Zoredache: the default route is always communicated by Router Advertisement (RA) messages. DHCPv6 does not exchange routing information. – Sander Steffann Dec 06 '13 at 19:49

2 Answers2

7

I don't see why you can't do it substantially the same way with IPv6 as with IPv4 (though I will recommend deploying by subnets rather than by single hosts; it will save you a lot of time and headaches later).

This is how IPv6 works here (greatly simplified; see RFC 4861 for the gory details):

The default router sends a router advertisement periodically, or when it receives a router solicitation from a new host. The RA contains the address of the router, of course, and various flags. Of interest to us here are the M (managed) flag and the O (other) flag. These flags specify that the host should get the remainder of its configuration information from a DHCPv6 server:

  • When the M flag is set, all configuration information (except the router addresses) is provided by DHCPv6.
  • When the O flag is set, the host configures its own IPv6 address with SLAAC; all other configuration information (except the router addresses) is provided by DHCPv6.

At that point, it's just a matter of using, e.g. fixed-address6 in your dhcpd.conf configuration to set reservations; your DHCPv6 setup will be substantially similar to the DHCP setup for IPv4.

I've also skipped over the case where a subnet might have two or more routers handling the "default" route; in this case look into IPv6 router preference for configuring this aspect.

Community
  • 1
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • Ok, this sounds right. The challenge is that I am currently experimenting with using DnsMasq for route advertisements. Which seems to lack the features required to enable this. I guess I'll have to switch over to using radvd. – Zoredache Dec 06 '13 at 18:54
  • 1
    @Zoredache dnsmasq is pretty minimal in this respect, and I don't think it has all the necessary features. I'm using radvd myself. If you need something minimalist, e.g. for an embedded system, consider [6relayd](https://github.com/sbyx/6relayd). This is a combined router advertisement/DHCPv6 server and relay which was originally written for OpenWrt. – Michael Hampton Dec 06 '13 at 18:57
1

You can set up a DHCPv6 server (such as WIDE or ISC) for stateful configuration or radvd for stateless auto configuration. IPv6 specifies the range FC00::/7 for unique local addresses (similar to private address ranges in IPv4).

Mark Bidewell
  • 111
  • 1
  • 1
    And you are not supposed to use fc00:: or fd00:: as I see some people doing. You're meant to pick a random /48 from within that range. – Michael Hampton Dec 29 '14 at 07:00