IP autoconfiguration

Introduction – stateful vs. stateless autoconfiguration

Static configuration of IP-capable equipment has proved to be painful for network administrators, when they manage a large number of PCs, printers, routers and so on, but also for access or service providers, who manage a large number of subscribers.

Two main autoconfiguration families of mechanisms have been developed:

stateful autoconfiguration mechanisms
Stateful mechanisms make use of servers who register information about all client equipment. Client equipment connect to these servers, possibly authentify themselves, and request configuration parameters, such as client addresses, client domain name, name server address…
stateless autoconfiguration mechanisms

Stateless mechanisms are lighter mechanisms, where some privileged equipment (typically routers) regularly advertise information common to all hosts on a link, typically network prefixes, default router address, addresses of servers and so on. Hosts on the link receive this information, possibly combine it to specific data (such as network cards MAC addresses or random numbers) and autoconfigure themselves, without the need to explicitly ask a server.

Hosts are responsible for checking that their parameters do not conflict with those of neighbors and for notifying servers if necessary (e.g. update Domain Name Servers). These techniques alleviate the load of devices composing the network infrastructure, but reduce control of the administrator on the hosts. Moreover, fewer parameters are usually advertised by these mechanisms. The only stateless mechanism is currently |ipv6| stateless autoconfiguration.

IPv6 stateless autoconfiguration

Overview

IPv6 specification describes stateless address configuration as a possible way to configure IPv6 addresses. This method relies on the IPv6 address structure. IPv6 addresses are made of a network prefix and an interface identifier. Networks prefixes are advertised on every link by routers, while the interface identifier is built locally in the host from the MAC address of the network card. From these elements, every host can build its own IPv6 addresses.

The configuration is limited to prefix configuration in routers, since host machines automatically configure themselves.

A Turbo IPsec may play different roles:

When configured as a router, Turbo IPsec periodically advertises prefixes configured on its interfaces. In general, the router does not listen to prefixes advertised by other routers.

When configured as an autoconfigurable device, Turbo IPsec listens to prefix advertisements to build its IPv6 addresses.

When configured as a non autoconfigurable device, Turbo IPsec ignores prefix advertisements.

IPv6 autoconfiguration for a router

When a Turbo IPsec is configured as a router, it advertises prefixes based on the Router Advertisement parameters.

Adding/removing an IPv6 prefix on an interface can be done using the following commands:

router{conf:myconfig-ifname}prefix X:X::X:X/M [valid-lifetime VLTIME]
[preferred-lifetime PLTIME]
router{conf:myconfig-ifname}delete prefix X:X::X:X/M
X:X::X:X/M
IPv6 address or prefix with prefix length.
VLTIME
Length of time in seconds that the prefix is valid. Default is 2592000 seconds (30 days).
PLTIME
Length of time in seconds that addresses generated from the prefix via stateless address autoconfiguration remain preferred. This value cannot exceed valid lifetime. Default is 604800 seconds (7 days).

To remove all IPv6 prefixes on an interface:

router{conf:myconfig-ifname}delete prefix all

Examples

router{conf:myconfig-eth1_0}prefix 3ffe:304:124:1950::/64
router{conf:myconfig-eth1_0}prefix cafe:deca:124:1950::1/64 valid-lifetime 854000 preferred-lifetime 259200
router{conf:myconfig-eth1_0}delete prefix cafe:deca:124:1950::/64

In general, the router does not listen to prefixes advertised by other routers. By default, autoconfiguration is disabled on all the interfaces.

IPv6 prefixes are advertised in a RA (Router Advertisement) message. All the parameters relevant to a RA message can be configured using the following commands.

router{conf:myconfig-ifname}ra-transmit-mode always|never|smart
router{conf:myconfig-ifname}ra-interval INTERVAL
router{conf:myconfig-ifname}ra-lifetime LIFETIME
router{conf:myconfig-ifname}ra-autoconf-level none|address|other|full
router{conf:myconfig-ifname}ra-mtu none|MTU
router{conf:myconfig-ifname}ra-interval-transmit enable|disable

ra-transmit-mode always|never|smart

configures the RA transmit mode.

always
Specify that RA messages are systematically sent.
never
Specify that RA messages are never sent.
smart
Specify that RA messages are sent only if at least one prefix has been configured. This is the default value.
ra-interval INTERVAL

Configures the period of emission of RA messages in milliseconds

(default value is 600000).

ra-lifetime LIFETIME

Configures the lifetime of RA messages in seconds

(default value is 1800).

ra-autoconf-level none|address|other|full
Configures the autoconfiguration-related flags that appear in RA messages.

The following keywords correspond the possible combinations of M and O flags, as described in RFC 2462.

none

Specify that there is nothing to autoconfigure

(M false, O false). This is the default value.

address

Specify that addresses should be configured using DHCPv6

(M true, O false).

other

Specify that other parameters should be configured using DHCPv6

(M false, O true).

full

Specify that most parameters should be configured using DHCPv6

(M true, O true).

ra-mtu none|MTU
Configures the MTU value to be advertised.
none
Specify that MTU should not be advertised. This is the default value.
MTU
Specify the MTU value in bytes (greater than 64).
ra-interval-transmit enable|disable
Specify if the period of emission of RA messages should be advertised in the RA message (INTERVAL value described above).
enable
advertise INTERVAL. This is the default value.
disable
do not advertise INTERVAL.

Example

router{conf:myconfig-eth1_0}ra-transmit-mode smart
router{conf:myconfig-eth1_0}ra-interval 10000
router{conf:myconfig-eth1_0}ra-lifetime 1810
router{conf:myconfig-eth1_0}ra-autoconf-level address
router{conf:myconfig-eth1_0}ra-mtu 1500
router{conf:myconfig-eth1_0}ra-interval-transmit disable

Note

These commands can be gathered in the following one:

router{conf:myconfig-ifname}router-advert always|never|smart INTERVAL LIFETIME none|address|other|full MTU|none enable|disable

Example

router{conf:myconfig-eth1_0}router-advert smart 10000 1810 address 1500 disable

IPv6 autoconfiguration for an autoconfigurable device

When a Turbo IPsec is configured as an autoconfigurable device, the IPv6 stateless address autoconfiguration process can be enabled on a broadcast interface using The following command:

router{conf:myconfig-ifname}autoconfv6 enable

Once the IPv6 stateless address autoconfiguration is enabled, Turbo IPsec is ready to listen to prefixes advertised by routers to build its own addresses on the interface. This command does not enable the advertisement of any prefix.

IPv6 autoconfiguration for a non autoconfigurable device

When a Turbo IPsec is configured as a non autoconfigurable device, the IPv6 stateless address autoconfiguration process can be disabled on an Ethernet interface using the following command:

router{conf:myconfig-ifname}autoconfv6 disable