DHCPv6 Stateful Mode

 

IPv6 has two modes with regards to auto configuration, stateless mode and stateful mode.

In stateless mode, clients obtain their IP address using router advertisement (RA) messages. While this is working correctly, it doesn’t provide the client with a DNS server, this still has to come from a DHCP server. In stateless mode, all the DHCP server does is assign the client with a DNS server and a domain search list.

Stateful mode is more like the old DHCPv4 way of doing things. It uses a DHCP server to get IP address, and some other options like DNS server and domain search list. The default gateway is assigned using RA messages.

The documentation on setting up a DHCPv6 server using Windows Server 2008R2 is virtually non-existing, that’s why I wanted to post about it.

Stateful mode is more appropriate for large network environments, where more control is needed to auto configure clients.

To install the DHCP(v6) server on Windows 2008R2, you just need to fire up server manager, and add the DHCP role. Go to roles, add roles, next,  select DHCP server,

dhpc1

next, next, select the network connections that the DHCP server is going to bind to, press next,

dhpc4

 

Now you should specify IPv4 specific server settings, like parent domain and preferred DNS servers, I am leaving the defaults here and press next, WINS is not required (and doesn’t even work with IPv6, next, I am not defining a DHCP scope, press next, which will bring you to the DHCPv6 stateless mode screen, here you need disable stateless mode for this server, this allows for clients to actually use the DHCP server to obtain an address,

dhcp5

in addition to the other options that are assigned in stateless mode. Press next and you will arrive a the authorize DHCP server screen, I accepted the defaults, press next, finally press install and the DHCP role will be installed.

Now before we can actually use the DHCP server, we should assign the server a fixed IPv6 address. Using the server manager’s main page, select view network connections, right click Local Area Network connection, properties, double click the IP 6 settings and set the IPv6 address to fc00:0:0:1::1 and the preferred DNS server to either ::1 (localhost) or fec0:0:0:1::1 (in my example the DNS server is also located on this server). and press ok.

We should now have a Global IPv6 address. This is the IPv6 equivalent of the IPv4 Global address and is directly reachable. Other types of addresses are the site local address (FEC0) which is equivalent to the IPv4 private address, this is used for NAT in IPv4, but the site local address has somehow been dropped. We should already have a link local address (starting with FE80) this address is assigned by the operating system and is equivalent to the IPv4 APIPA address, which is non routable. You can see the adapter’s IP address in the ipconfig/all output below.

dhcp2

Now that we actually have a fixed IPv6 address, we can create a scope for the DHCP server, so in server manager go to roles, DHCP server, server, and IPv6, right click and choose New scope. Press next, enter a name and a description for the scope, next,

dhcp6

and enter the Prefix, I used fc00:0:0:1:: as the prefix, press next,

which will bring you to the add exclusions screen, where I added the server IP address fc00:0:0:1 as both the start and end IPv6 address, (enter :1 for both fields and press add, and then next,

dhcp7

I left the defaults for the scope lease and press next, finally press next on the activate scope screen and the scope should be active and ready to hand out IP addresses to clients.

We also need to set scope options, at least the DNS and domain search list should be set, so on our new scope, go to scope options, right click and choose configure options, Tick option 00023 DNS recursive Name Server IPV6 address, set it to fc00:0:0:1::1 and press add, The program will validate that a DNS server exists on that address, if you get an error, you need to ensure that the DNS server is binding to the fc00:0:0:1::1 address.

dhc8

Finally tick option 00024 Domain Search list and enter the domain (in my test server the domain is adatum.com) and press add, finally press Ok and the DHCP scope setup is completed.

dhcp8

As you can see in below screenshot, the server successfully handed out IP addresses:

dhcp11

On the client VAN-EX1 we did get an IP address and the DNS server and domain search list option:

dhcp10

The only problem is that we actually cannot ping the server from the client, or the client from the server:

dhcp12

The reason is that there is no route on the client, so it cannot ping the server. Normally we would have an IPv6 capable router that would publish these routes to the network, but in this test setup there are only two computers and no router.

To fix this issue run a command prompt on the server and enter netsh interface ipv6 show route and press enter. This shows us the existing routes, if they are published and the interface on which they are published. It also shows the interface identifier (IDX) which we need to actually add the route, in my case the IDX for Local Area Connection is 11.

Now that we know the Idx we enter the following command:

netsh interface ipv6 set interface 11 advertise=enabled man=en other=en

and finally we need to advertise (publish) the route:

netsh interface ipv6 add route fc00:0:0:1::/64 11 publish=yes

Now if we issue another netsh interface ipv6 show route we will see that the route is now published.

dhcp12a

a ping on the server to the client:

dhcp16

and a ping –6 fc00:0:0:1::1 on van-ex1 correctly reaches the server van-dc:

dhcp15

Now there is still one small problem with this approach, as you can see on VAN-EX1, it now has two IPv6 global addresses:

dhcp17

One obtained from the DHCP server and one obtained from… router advertisements 🙂 This is default behavior on the client. We can switch off the client’s auto configuration, so that it will not set an IP address obtained through router advertisements.

To make sure that the client only gets the IP address handed out by the DHCP server enter the following netsh command on a command prompt at the client:

first to get the Idx:

netsh interface ipv6 show interfaces (or show routes as that will also get you the idx);

 dhcp18

Finally enter:

netsh interface ipv6 set 11 advertise=enable managed=enable

this will allow the client to ONLY get an ip address from the dhcp server. ipconfig/all now displays one global IPv6 address on the client:

image

You might want to create a IPv6 reverse lookup zone on the DNS server so that dynamic updates initiated from the clients will work.

Now this approach will work correctly the following clients:

Windows Server 2008
Windows Server 2008R2
Windows Vista
Windows 7

For other operating systems you might need to install some software if the OS doesn’t handle stateful DHCP by default. I tested various Linux distributions (CentOS 5.5, Ubuntu 10.10 and OpenSuse 11.3) and Windows XP SP3 with a program called Dibbler which can be obtained from the following link:

http://klub.com.pl/dhcpv6/

Leave a Reply

Your email address will not be published. Required fields are marked *