How do you pass DHCPv6 to workstations without using RA's ?

[icecream-guy]

The host sends request for an IP address, Router (L3 switch, Helper address on SVI) forwards request to DHCP server for IP, The hosts wants back direction on how to IP itself (M flag  0 or 1 , either by SLAAC, or an assigned IP address via the DHCP server  as in this case) along with an ip, default gateway and other goodies.

Not quite. It's more like this, chronologically;
1, IPv6 enabled host sits on its subnet. Not knowing there are any routers on the subnet it sends out an RS (Router Solicitation).
2. A router on the subnet will respond with an RA (Router Advertisement. These also comes unsolicited at configured times). The RA will include the prefix(or prefixes) on the link, along with some additional flags; of special interest are the M and O flags. With both set to 0, or unset, the host will automatically generate its IPv6 via the function called SLAAC. DHCPv6 is not necessarily (see 4 below) used here.
Here you have a fully functioning IPv6 host.

I need to get back into this, or the IPv6 forum will revoke my certification.
been a while.

[routerdork]

The host sends request for an IP address, Router (L3 switch, Helper address on SVI) forwards request to DHCP server for IP, The hosts wants back direction on how to IP itself (M flag  0 or 1 , either by SLAAC, or an assigned IP address via the DHCP server  as in this case) along with an ip, default gateway and other goodies.

Not quite. It's more like this, chronologically;
1, IPv6 enabled host sits on its subnet. Not knowing there are any routers on the subnet it sends out an RS (Router Solicitation).
2. A router on the subnet will respond with an RA (Router Advertisement. These also comes unsolicited at configured times). The RA will include the prefix(or prefixes) on the link, along with some additional flags; of special interest are the M and O flags. With both set to 0, or unset, the host will automatically generate its IPv6 via the function called SLAAC. DHCPv6 is not necessarily (see 4 below) used here.
Here you have a fully functioning IPv6 host.

I need to get back into this, or the IPv6 forum will revoke my certification.
been a while.

[aceandy79]

The host sends request for an IP address, Router (L3 switch, Helper address on SVI) forwards request to DHCP server for IP, The hosts wants back direction on how to IP itself (M flag  0 or 1 , either by SLAAC, or an assigned IP address via the DHCP server  as in this case) along with an ip, default gateway and other goodies.

Not quite. It's more like this, chronologically;
1, IPv6 enabled host sits on its subnet. Not knowing there are any routers on the subnet it sends out an RS (Router Solicitation).
2. A router on the subnet will respond with an RA (Router Advertisement. These also comes unsolicited at configured times). The RA will include the prefix(or prefixes) on the link, along with some additional flags; of special interest are the M and O flags. With both set to 0, or unset, the host will automatically generate its IPv6 via the function called SLAAC. DHCPv6 is not necessarily (see 4 below) used here.
Here you have a fully functioning IPv6 host.

But this can also happen:
3. If the M and O flags are 1/set, this will hint to the host that there are a DHCPv6 server available for address assignment (M-flag) or other option assignment (O). (SLAAC are still performed, the host will end up with multiple IPv6s)

Depending on your OS, this can also happen:
4, The hosts OS is manually configured with DHCPv6, and will send a DHCPv6 SOLICIT regardless of the O/M-flags in the RA. The flags are only hints, they do not really enable or disable any behavior.



All this is for client/workstation assignment. The DHCPv6 server itself needs nothing of this and can be configured with a static IPv6 IP and GW as a IPv4 host. So the whole RA with this and that flag to the server is not needed.

In IOS the flags are configured under the interface:

Code Select Expand

ipv6 nd managed-config-flag
ipv6 nd other-config-flag

Have found that although as you say the M and O flags are just hints, you can enforce a DHCPv6-only environment by stopping the router advertising a prefix in its RA. The command "ipv6 nd prefix X:X:X:X::X/<0-128> no-advertise" will stop any SLAAC clients being able to autoconfigure an address, so only clients supporting DHCPv6 will get connectivity.

[srg]

The host sends request for an IP address, Router (L3 switch, Helper address on SVI) forwards request to DHCP server for IP, The hosts wants back direction on how to IP itself (M flag  0 or 1 , either by SLAAC, or an assigned IP address via the DHCP server  as in this case) along with an ip, default gateway and other goodies.

Not quite. It's more like this, chronologically;
1, IPv6 enabled host sits on its subnet. Not knowing there are any routers on the subnet it sends out an RS (Router Solicitation).
2. A router on the subnet will respond with an RA (Router Advertisement. These also comes unsolicited at configured times). The RA will include the prefix(or prefixes) on the link, along with some additional flags; of special interest are the M and O flags. With both set to 0, or unset, the host will automatically generate its IPv6 via the function called SLAAC. DHCPv6 is not necessarily (see 4 below) used here.
Here you have a fully functioning IPv6 host.

But this can also happen:
3. If the M and O flags are 1/set, this will hint to the host that there are a DHCPv6 server available for address assignment (M-flag) or other option assignment (O). (SLAAC are still performed, the host will end up with multiple IPv6s)

Depending on your OS, this can also happen:
4, The hosts OS is manually configured with DHCPv6, and will send a DHCPv6 SOLICIT regardless of the O/M-flags in the RA. The flags are only hints, they do not really enable or disable any behavior.



All this is for client/workstation assignment. The DHCPv6 server itself needs nothing of this and can be configured with a static IPv6 IP and GW as a IPv4 host. So the whole RA with this and that flag to the server is not needed.

In IOS the flags are configured under the interface:

Code Select Expand

ipv6 nd managed-config-flag
ipv6 nd other-config-flag

Have found that although as you say the M and O flags are just hints, you can enforce a DHCPv6-only environment by stopping the router advertising a prefix in its RA. The command "ipv6 nd prefix X:X:X:X::X/<0-128> no-advertise" will stop any SLAAC clients being able to autoconfigure an address, so only clients supporting DHCPv6 will get connectivity.

Yep, what that also does is provide no on link prefix information to the clients, so they cannot find eachother via ND, all their communication will go through the router. Sometimes this is the intended design.

There's also the option to send the prefix on link info without the A flag, that should prevent clients from using the prefix for SLAAC autoconfig but still allowing on link info. But then there's also of course the possibility of clients not honoring this and doing autoconfig regardless, since the info is there.

Sent from my E6653 using Tapatalk

[aceandy79]

Thanks for the extra info srg. Have tried that setup instead (advertising a prefix but with 'no auto-config' set). Windows and Linux both seem to honour it and are still going to DHCPv6 server for address.

Just a question though, even if there were no prefix being advertised, wouldn't local clients communicate with each other using link-local addresses anyway? And would be able to do that directly without the help of the router?