After I finally had IPv6 in my network I started to configure everything perfectly.
So first of all: What address does the clients receive?
My Linksys E3000 router runs on Toastman Tomato.
This custom firmware has everything included to support IPv6 correctly.
Now I noticed my computer in the LAN received 2 IPv6 addresses out of the /64 range that was announced by the router.
I got 1 DHCPv6 address, and 1 SLAAC address.
DHCPv6?
DHCPv6 works exactly the same as DHCP for IPv4.
The client computer asks for an IP, and the DHCPv6 daemon gives you an IPv6 to assign.
Also DNS servers are passed to the client.
Stateless address autoconfiguration aka SLAAC
This is something new in the world of IPv6.
As a IPv6 address is 128 bits, and subnets are (normally) a /64, then we can use the device’s MAC address for the last 64 bits.
And this is how SLAAC works.
The router sends RA (Router Advertisement) messages to the network with just the prefix (first 64 bits).
Your client in the LAN receives this message and generates a EUI64 from its MAC address.
This part is then added to the announced prefix, and there we have our IPv6 address.
What to choose?
You now need to decide what to choose. Will I use DHCPv6 ? Or will I use SLAAC?
SLAAC
+ All clients support this
+ Easy config, no states
– Privacy (as the MAC address is included in the IPv6 address, everybody can check your MAC address and thus reveal information of your device)
– No support for passing DNS (RDNSS got added later)
DHCPv6
+ Privacy (random IP’s are assigned)
+ You can use a small range to assign to some clients (for example make DHCP reservation for some clients and allow that range to connect to your server)
– Not all devices support this (Android for example does NOT support DHCPv6!)
– Can’t pass routes
So as you see, both have its pro’s and con’s.
But you can combine both by setting some bits (M/O and A-bit).
See the image below:
In my case I chose for SLAAC to assign addresses in my network and set the routing.
And then use DHCPv6 to tell clients which DNS server to use.
But Tomato uses by default the following dnsmasq setting:
|
1 2 |
enable-ra dhcp-range=::1, ::FFFF:FFFF, constructor:br*, ra-names, 64, 12h |
This causes the router to set the A-bit and the M-bit.
So we have 2 IPv6 IP’s.
As it wasn’t possible to fix this by default in Tomato, I patched the code and added an option to enable/disable DHCPv6/SLAAC.
So now you will have 3 options:
1) SLAAC only (but DHCPv6 for DNS)
|
1 2 |
enable-ra dhcp-range=::, constructor:br*, ra-names, ra-stateless, 64, 12h |
2) DHCPv6 only (but RA for route)
|
1 2 |
enable-ra dhcp-range=::1, ::FFFF:FFFF, constructor:br*, 64, 12h |
3) SLAAC & DHCPv6
|
1 2 |
enable-ra dhcp-range=::1, ::FFFF:FFFF, constructor:br*, ra-names, 64, 12h |
In Tomato the options will look like this:
The patch I made to fix this will be sent to Tomato.
So I hope this option will be available soon for everybody 