Junos router advertisements - Unix IPv6 stateless autoconfiguration via SLAAC
One of the differences brought by IPv6 is the Extended Unique Identifier (EUI) (RFC2373). EUI-64 allows a host to assign iteslf a unique 64-Bit IP Version 6 interface identifier - based on it's MAC address. This algorithm is used to generate the link local IPv6 address and can also be used with a stateless mechanism.
With SLAAC (Stateless Address Auto Configuration), a host sitting in a layer2 domain assigns that specific interface a global IPv6 address based on a router-advertisement received from a router sitting in the same domain.
Along with the address, the host can also install a default route via that specific router.
While this method has very serious security implications ( as a rogue DHCP server / arp poisoning ), sometimes it is really necessary.
Configuring router-advertisment in Junos:
Code:
# show protocols router-advertisement
interface vlan.10 {
max-advertisement-interval 60;
min-advertisement-interval 10;
other-stateful-configuration;
prefix 2002:1470:7012:1::/64 {
on-link;
autonomous;
}
}
Below is packet dump of this RA:
Code:
11:02:39.508838 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 56) fe80::2e21:72ff:fec6:c188 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement, length 56
hop limit 64, Flags [managed, other stateful], pref medium, router lifetime 180s, reachable time 0s, retrans time 0s
source link-address option (1), length 8 (1): 2c:21:72:c6:c1:88
prefix info option (3), length 32 (4): 2002:1470:7012:1::/64, Flags [onlink, auto], valid time 2592000s, pref. time 604800s
About the options in router advertisement:
- Autonomous (prefix "A" flag): permits the host to use SLAAC and assign it'self an IPv6 address based on the interface's MAC address, within the /64 prefix (it is useless to use it with longer prefixes)
- " other-stateful-configuration" - use the originator of the RA as a default gateway.
To note: This procedure has serious security implications. Read the links at the end for more information.
When Router-Advertisement protocol is disabled in Junos, a new RA packet is sent with "router lifetime 0s" - meaning "Stop using me as your default router".
Interesting reads:
http://blog.ipspace.net/2012/11/ipv6-router-advertisements-deep-dive.htmlhttp://www.fehcom.de/ipnet/ipv6/ipv6-ra.pdfhttps://tools.ietf.org/html/rfc5175It's up to each organization to decide if state(less|ful) (auto)configuration mechanism will be used to assign IPv6 inside it's own netork, mostly based on the culture, information and security features available in each case.
_________________
VPSie - SSD VPS servers in AMS-IX, LINX, DE-CIX
https://vpsie.com
News 
Site map 
SitemapIndex 
RSS Feed 