A few weeks ago, I visited a former customer at their office. When I passed the coffee room, someone saw my IPv6 t-shirt and said, “Since you know everything about IPv6, why do we have a problem between server1 and server2? They are located on the same VLAN, and when we ping between them with IPv6 it’s unstable, but it’s 100% stable with IPv4.”
This organization has a few hundred Windows 2008 (or newer) servers in some VLANs where most of them have IPv6 enabled through Dynamic Host Protocol version 6 (DHCPv6), and very few have static IPv6 addresses. We sat down and tried a ping where the roundtrip time was unstable, and sometimes we also lost packets.
I suspected that the /64 prefix didn’t show where it was announced through the Router Advertisements (RA), and a Route -6 print confirmed that.
Remember the Prefix Option in RA When Doing DHCPv6
This is a common mistake with DHCPv6. It isn’t just a mapping of DHCP for IPv4 functionality to IPv6. DHCPv6 does not provide the address, subnet mask, and default gateway that DHCP for IPv4 does. RAs provide the prefix and default gateway to the client, which then use that prefix to auto-config the interface on that network. Roughly put, functionality (DHCP for IPv4) = functionality (DHCPv6 + RA).
When we activated the RA with the correct /64 and enabled the on-link flag, the IPv6 between those servers worked perfectly.
Notice the route for the /64 prefix in the Route -6 print after:
The customer enabled IPv6 more than five years ago in the same way, and though they may have had a problem with IPv6 earlier, this was the first time they discovered the problem.
In theory, we shouldn’t have this problem with this setup, but do you know anyone who has a perfect computer and network that works 100% according to standards?
IPv6 in an Enterprise Environment
When dealing with IPv6 in an enterprise environment, you must understand:
- Managed and Other flag for DHCPv6
- Autonomous and on-link flag
If you run DHCPv6 without Autonomous and on-link flag in a shared VLAN environment you can get in trouble.
You must also learn to configure the network equipment with the flags above. In this case, the syntax looked correct but when we pressed “?” after, it showed more parameters that should be included.
When to use DHCPv6 vs SLAAC
You may wonder why it is better to use DHCPv6 and not Stateless Address Auto-Configuration (SLAAC) in this case then? In an enterprise network where you must have 100% control, SLAAC isn’t enough in my opinion. With Option18 or 37 you can get a persistent lease of just one IPv6 address/host/etc. per device.
With my 17 years of experience with IPv6, I know that the network administrators like when it’s “IPv4-like.” There is one exception when SLAAC is an option – use it when you have one VLAN per host in a large enterprise network.
In my defense, I had not helped the customer with this setup! Luckily, I was able to help them fix the problem all thanks to someone noticing my t-shirt, “A home without IPv6 is just a house.”
The post A Common Mistake with DHCPv6 appeared first on Team ARIN.