TSHOOT – IPv6 EUI-64, SLAAC, Auto-Configuration, DHCPv6 Stateful and Stateless review and troubleshooting!


Above is the IPv6 TSHOOT Topology, and though I will not go into RIPng or OSPFv3 in this article, I want to begin identifying IPv6 subnetworks without hesitation!

The full article to understand IPv6 / Subnetting can be found here.

A quick review of IPv6 Addressing concepts

  • An IPv6 Address is 128 bits / 64 bytes / 32 Hex characters long
  • A Hextet is the grouping of 4 Hex characters in an IPv6 Address
  • The first 64 bits represents the Network Prefix, the following 64 bits make up the Host Address, unless it is subnetted as shown in the Topology above!
  • IPv6 does not use Broadcasts, only Multicast and Unicast traffic, this means no ARP

Things to immediately check when having IPv6 routing issues

  • Make sure “ipv6 unicast-routing” is enabled in Global Config, this is verified with “sh run | i ipv6 unicast-routing” or by looking through the running config
  • Make sure an interface is IPv6 Enabled with the command “ipv6 enable” on the interface configuration level
  • “sh ipv6 int (int)” will be your main IPv6 addressing TSHOOTing command

How does a Host discover another Host without ARP?

IPv6 uses Neighbor Discovery Protocol (NDP) in place of ARP, however if Host A goes to send data to Host B and finds them on the same Network Prefix (same network) it will put its IPv6 and MAC as the Src info and Host B’s IPv6 and MAC as the Dst info, however just like with ARP if Host A detects Host B to be on a different network it must get its Default Gateway involved to route the traffic.

Solicited Node Multicast Group and how it works (NDP)

This is done by sending Multicast “Neighbor Solicitation” messages to the “Solicited Node Multicast Address” of FF02:0:0:0:0:1:FFxx:xxxx where the X’s will be the last 24 bits / 6 Hex values of the Destination IPv6 Address.

The Destination MAC will also be an IPv6 Destination Address as well, being there is no ARP / Broadcasts, so the IPv6 packet will have the Destination MAC for a “Solicited Node Multicast Address” packet as 33:33:FF:xx:xx:xx where the X’s will once again be the Destination IPv6 address last 24 bits / 6 Hex characters.

When a Router Interface is enabled with IPv6, it automatically creates and joins a Multicast Group for Neighbor Solicitation messages, which can be verified with “sh ipv6 int gi1/0/1” (or whatever the int #), and confirming one of the “Joined Groups:” begins with the NDP Group of FF02::1:FFxx:xxxx.

So if the Router / Default Gateways Address was ::1, the “Joined Group Address” would be FF02::1:FF00:0001 in the “sh ipv6 int (int)” output.

The Router / Default Gateway will then respond back to this “Neighbor Solicitation” Multicast with a “Neighbor Advertisement” Unicast back to the Host containing its own IPv6 Address and MAC Address as the Src info for the Destination, this is equivalent to an IPv4 “ARP Response” meaning it directs Host A to send traffic destined for Host B to R1 so it can route the traffic to that Host.

NDP Step by Step

Step 1

Host A ——————————> R1
Neighbor Solicitation Multicast
Src IP / MAC: Host A info
Dst IP / MAC: Host B info

Step 2

Host A <——————————–R1
Neighbor Advertisement Unicast
Src IP / MAC: R1 Info
Dst IP / MAC: Host A Info

Step 3

Host A———————————>R1———————>Host B

Even though we are not breaking up “broadcast domains” with IPv6, we are routing across network boundaries, and it is the same concept as an IPv4 Host requiring a Default Gateway to route traffic across network boundaries whether it is a Layer 3 switch or Router device!

“sh ipv6 int (int)” is an important command to remember for verifying IP Addressing, whether it is for verifying a Router is part of a NDP Address Group to respond to NS Multicasts from Hosts for communication, or to confirm how its obtained it IPv6 Address and that it is in the correct IPv6 Network that it is supposed to be in.

The only real point you may have an issue with this on the TSHOOT or in the real world would be if the Default Gateway to route across network boundaries does not have an IPv6 interface in the Network Segment that the Host with the issue resides.

EUI-64 Addressing review

This plays off the fact that the first 64 bits of an IPv6 Address is the Network Prefix (Subnet Mask), it can be manually configured but is best left to auto-configuration by the Router interface itself, and has a tricky address config that may show up on exam day.

EUI-64 first uses the “Link-Local” IPv6 Address Prefix of FE80::/64, and nothing can be done with that, the “trick” portion of the address is after this Prefix portion!

EUI-64 takes the clients MAC Address (48 bits) and splits it into two halves, injects the Hex value of FFFE in the middle of the MAC Address in this new IPv6 Address, and in addition to this it takes the seventh bit from the left of the MAC Address and “flips it” to be the opposite bit value (0 becomes 1 or 1 becomes 0)

To visually demonstrate this with color coding (blue for auto config / red for Host MAC)

Lets pull a Host MAC Address out of thin air: 08:00:F2:01:C2:D4

Each Hex segment is two 4-bit segments, starting left to right, 8/4/2/1.

Therefore the original 8 bits of the MAC:     00001000
And the transformed or “flipped bit” MAC: 00001010

The resulting first Hex segment value is now 0a rather than 08, because the 2 has been flipped to be “on” for address creation of EUI-64.

The resulting EUI-64 Address is: FE80::a00:F2FF:FEF2:C2D4

Not zero compression is used, and what would have been an 8 in red is instead an a in blue within the EUI-64 Address, because I consider this to be part of the “auto-config” rather than the device MAC Address itself.

“ipv6 address 2001::/64 eui-64” is the command issued on an IPv6 enabled interface to manually set the EUI-64 Address, the host portion will still fill in with the Link-Local Host Address the interface assigns to itself (this is just to set the Network Prefix).

Again this can be verified with “sh ipv6 int (int)” command, the only troubleshooting I foresee is a manual configuration being put on a network interface, which can be resolved by simply removing the manual configuration to let it auto-config its EUI-64 Address or to manually set it with the above “ipv6 add …” command.

SLAAC (Stateless Address Auto Configuration) IPv6 Addressing review

This brings Address “Auto Configuration” to the next level, by manually configuring a Router interface to auto configure its own IP Address in the network segment it resides in, Windows PC’s / Hosts are configured to use SLAAC by default for their own Address.

“ipv6 address autoconfig” on an IPv6 enabled router interface to set “SLAAC”

The Router interface will send out a “Router Solicitation” (RS) message off the configured interface to see if it receives a “Router Advertisement” (RA) from the Default Gateway(s) identifying the Network Prefix being used for the Network Segment. There can be multiple Default Gateways that respond, and it is OK to have multiple Default Gateways on a host PC, these can be identified by a %# (like %3) in the IPv6 Address indicating there are multiple IPv6 interfaces / Gateways for the PC.

Be sure to check that each of the Default Gateways can reach the Destination if there is routing issues in the problem report!

SLAAC Addresses can be easily identified on PC’s with “ipconfig /all” because they may show a different link-local address than their Default Gateway address, you will want to verify this is correct on the Router interface acting as their default gateway with the “sh ipv6 int (int)” command to verify SLAAC is in use and recognizes both the device Prefix and the SLAAC (Host DG) Prefix.

SLAAC Addresses can be identified on Routers as the interface will show “autoconfig” as enabled, but the Prefix will always be /64 as well.

Troubleshooting IPv6 Addressing topics above

  • Use “sh ipv6 int (int)” to confirm the addresses being used, the Default Router address at the very bottom should be one of the addresses in use on the local router assuming it is a gateway, this will also show ND packets such as “ND RA’s Suppressed” to verify if the Router Advertisements are being suppressed / causing the issue, as well as “ND DAD” (Duplicate Address Detection) which should almost never increment but if it is there is a duplicate address problem
  • Make sure “ipv6 unicast-routing” is enabled globally, “ipv6 enable” on interface
  • Confirm that even if all devices are in the correct segment, that the Default Gateway (all of them) can reach the destination Host IP
  • If you see %4 or any %# on a Host PC, that means there are multiple default gateways, use “tracert” to the Destination IP to determine which Gateway Device it is using to reach that Destination, and use “ping” to ensure they are reachable!

DHCPv6 Stateless and Stateful review and troubleshooting

While SLAAC is a good method for Layer 3 connectivity for IPv6, handing out Prefix / Gateway / Addressing information, Hosts require things line DNS / TFTP / Etc to be delivered so the more probable IP Addressing solution would be DHCPv6.

To address this there is two different flavor of DHCPv6, which is stateless, and stateful.

Stateless DHCPv6

Stateless DHCPv6 utilizes SLAAC in the way that a host will still send a Router Solicitation (RS) Multicast and the Router will respond with a Router Advertisement to configure the host with an IPv6 SLAAC Address, however it will include an “ipv6 nd other-config-flag” telling the host it needs to create a DHCPv6 REQUEST packet for additional information like DNS / TFTP / Etc.

“ipv6 nd other-config-flag” is the exact command to be entered on the interface providing SLAAC Addressing to the Host, this can be confirmed with “sh ipv6 int (int)” command as with most configs reviewed so far with IPv6 Addressing.

This can also be easily spotted on an IPv6 Host via “ipconfig /all” as it will be missing DNS Server information (and anything outside of its Addresses and Default Gateway).

If this is verified set on the SLAAC configured interface, the DHCPv6 Stateful Server will then need to be reviewed for issues with the info being provided to Hosts / not receiving the DHCPv6 REQUEST packets from Hosts.

Stateful DHCPv6

This is very similar to DHCP for IPv4 in terms of both its configuration on a Cisco router with of course the IPv6 spin on the configs, and it must be applied to an interface for the network segment it is leasing addresses to <- That is a biggy.

So the pool is created with:

  1. “ipv6 dhcp pool POOLNAME”
  2. “address prefix x:x:x:x:x::/64”
  3. “dns-server x:x:x:x::1”
  4. “domain-name loopedback.com”

And then on the interface in the IPv6 network segment it is serving:

“ipv6 dhcp server POOLNAME” to assign the pool to the interface

One thing you will want to make sure of with assigning an IPv6 DHCP Pool, is that the pool prefix for DHCP Leases resides in the same Network Segment as the Interface Address that it is being assigned to!

DHCPv6 Operation

  1. SOLICIT – Sent by Client in attempt to find DHCP Server, sent to Multicast FF02::1:2 (All DHCP Servers Multicast Address)
  2. ADVERTISE – Unicast response from DHCP Servers to Host SOLICIT message indicating their availability
  3. REQUEST – Unicast message to the DHCP Server confirming the Address and other Parameters provided
  4. REPLY – Unicast response to Client confirming info, and completing the process

A bit different from the IPv4 “DORA” exchange for DHCP, but same concept 🙂

Additional DHCPv6 messages

  • “RENEW” – Sent by Client to Server to extend the Lease time for an Address
  • “REBIND” – When no response is gotten from a RENEW, a REBIND is sent to request a new Leased Address from the DHCP Server
  • “REPLY” – Repeated here as this Unicast will be sent for REQUEST messages as well as RENEW and REBIND messages
  • “RELEASE” – Sent from Client to Server to inform it no longer needs the Address
  • “DECLINE” – Sent from Client to Server to inform Server the assigned Address is already in user
  • “RECONFIGURE” – Sent from Server to Client when the Server has new or updated information
  • “INFORMATION-REQUEST” – Sent from Client to Server when the client only needs additonal configuration info without any IP Address
  • “RELAY-FORW” – Used by Relay Agent to forward messages to DHCP Server
  • “RELAY-REPL” – Used by DHCP Server to send messages back to Relay Agent

DHCPv6 Relay Agent

A “DHCP Relay Agent” describes the router that forwards “SOLICIT” messages across Network Boundaries, which works exactly like the “ip helper-address” command for IPv4, as it is configuring a Default Gateway interface to forward DHCP traffic to the DHCPv6 Server in the remote network segment.

The configuration will be on the interface facing the Hosts sending the “SOLICIT” messages, and it will be as follows:

conf t
 int gi1/0/1
  ipv6 dhcp relay destination (server addr)

And that’s it, this can be verified by using “sh run int gi1/0/1” or “sh ipv6 int gi1/0/1” and review the bottom of the output as it will show DHCP related information.

Some good verification commands for exam day

  • “sh ipv6 dhcp bindings”
  • “sh ipv6 dhcp”
  • “sh ipv6 dhcp pool”
  • “sh ipv6 dhcp interface”

Possible troubleshooting issue you will face on exam day!

One IPv6 Addressing method that has moving parts (so its ripe for exam trickery) is DHCPv6 Stateless config using SLAAC, but the Hosts are not able to communicate with the network, this is very probably due to the interface configuration:

“ipv6 nd ra suppress all” – This will prevent the Router providing a SLAAC address from also sending the additional “ipv6 nd other-config-flag” portion of the Hosts Auto Configuration, so it will NOT form a DHCP REQUEST packet for additional network information provided by the DHCPv6 (without it leasing an IP Address)

This can be verified with “sh ipv6 int (int)” and in the running config under the interface configs, to turn it off simply negate the command with a “no ipv6 nd ra suppress all” on the interface it is configured on.

SLAAC relies on Router Advertisements, so this can come into play with a lot of issues, that is important to remember Clients send RS messages and get RA responses for SLAAC to set Host Auto Configuration addresses correctly!

Also again, confirm “ipv6 unicast-routing” is enabled globally, and each interface participating in IPv6 has “ipv6 enable” issued to turn on IPv6 services.

Coming back to SLAAC / Stateless DHCPv6, another thing that will cause an issue with Host communication, is if the Global Unicast Address mask is NOT /64:

R5(config-if)#do sh ipv6 int fa0/0
FastEthernet0/0 is administratively down, line protocol is down
  IPv6 is tentative, link-local address is FE80::21E:F7FF:FE97:F14A [TEN]
  No Virtual link-local address(es):
  Global unicast addess(es):
      2001:DBA:D:C::1, subnet is 2001:DBA:D:C::/63 <—– EHHH, WRONG!
  Joined group address(es):
  MTU is 1500 bytes
  ICMP error messages limited to one every 100 milliseconds
  ICMP redirects are enabled
  ICMP unreachables are sent
  ND DAD is enabled, number of DAD attempts: 1
  ND reachable time is 30000 milliseconds (using 30000)

If the subnet Prefix is anything other than /64, which is required by EUI-64 to operate correctly (which is the basis of auto-config), and this will NOT be apparent on Host PC’s as they do not have the Prefix length displayed on their “ipconfig /all” output – So this needs to be caught with a “sh ipv6 int (int)” output.

If you see the Host Default Gateway displaying as the Router interfaces Link-Local Address rather than their Global Unicast Address, this is the first indicator, and is then confirmed by verifying the Prefix length.

This can be fixed by finding the configuration in the interfaces running configuration with “sh run int (int)” and negating the command with the incorrect Prefix, and replacing the command on the interface with a /64 Prefix length.

That is it for IPv6 Addressing and mechanisms!

This information along with the previous post regarding IPv6 Addressing conversion from Hex to Binary, this should be more than enough to tackle IPv6 DHCP / Addressing issues on exam day!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s