Depth study of automatic allocation of IPv6 addresses Stateless (stateless) and Stateful (stateful) way
Small slow brother of the original article, welcome to reprint
table of Contents
▪ a. Link-Local Address GENERATION
▪ two. Global Address GENERATION
▪ three. The RA message three key In Flag
▪ IV. A schematic flow diagram
▪ V. Test obtained IP effect
▪ six. Scenario (select no there are state or state)
▪ VII. follow-up content
▪ attached reference documents
A. Link-Local Address GENERATION
Generating a "link-local address", there are two ways
▷ manually configure
▷ autoconfiguration
The "automatic configuration" according to the algorithm, is divided into
▷ eui64: The conversion from the mac address
▷ stable_secret: while following the change in the network environment changes, the value of which is in a fixed network environment fixed
▷ random: randomly generated
Two. Global Address GENERATION
Generation "global unicast address" (or "unique local address"), there are 2 ways
▷ manually configure
▷ autoconfiguration
The "auto-configuration" According to the way, is divided into
▷ stateless (Stateless): IPv6 address automatically according to the routing prefix prefix advertisement message RA (Router Advertisement) message containing composition mode is Prefix + (EUI64 or random). Stateless may also be referred SLAAC (address Stateless Autoconfiguration)
▷ stateful (Stateful): IPv6 address is obtained by way of DHCPv6
The "stateful" is divided into two kinds
▷ stateful DHCPv6 (Stateful DHCPv6): IPv6 address, other parameters (e.g., DNS) are DHCPv6 obtained by
▷ stateless DHCPv6 (Stateless DHCPv6): IPv6 address remains RA mode generated by the route advertisement, other parameters (e.g., DNS) obtained by DHCPv6
To avoid confusion, in this interpretation have state, no state in the end is what it means : First, make clear that there is a state, not only for the state to IPv6 address allocation method does not include other parameters
▷ stateful: controllable and manageable. An IP address exists in the network manager, it is possible to identify the client, depending on the client, the assigned IPv6 address, and the need to maintain the renewal of the IP address lease between the client and the server. Currently achieve this effect, that is, DHCPv6 protocol, IP address management is Server DHCPv6
▷ Stateless: uncontrollable, difficult to manage. Only in the network gateway, there is no IP address manager. Thus no one to identify the client, each client according to the same RA message content sent by the gateway, configure its own IPv6 address
Three. RA message three key Flag
RA messages exist in three key flag bit:
▷ Autonomous In Flag (abbreviated A flag): Indicates whether Stateless IP. In a RA message, there may be multiple prefix, such as 2401 :: / :: 64,2402 / 64,2403 :: / 64, each prefix A flag can be disposed independently
▪ as (corresponding bit to 1) on: that the client should be generated automatically in the prefix scope IPv6 address (client by DAD themselves ensure that the address is available), and configure the subnet entry, the gateway
when ▪ is turned off (corresponding to bit to 0): means that the client should not automatically generates an IPv6 address prefix within this range, it may be configured by the sub-network entry, the gateway
▷ Managed flag(简称M flag):表示是否配置有状态IP。M flag是RA报文的全局参数,一个RA报文只有一个M flag
▪ 为on时(对应bit位为1):表示在stateless流程结束后开始stateful流程,也就是告诉客户端可以通过DHCPv6来获得IPv6地址和其他参数(如DNS列表)
▪ 为off时(对应bit位为0):表示不通过DHCPv6来获得IPv6地址。
▷ Other flag(简称O flag):表示是否通过DHCPv6获得除IP以外的其他参数(如DNS列表)。O flag也是RA报文中的全局参数,一个RA报文只有一个O flag。注意:仅当M flag为off时,该参数才会被读取。
▪ 为on时(对应bit位为1):当M flag为on,或者M flag为off且至少有一个A flag为on时,将通过DHCPv6获得其他参数
▪ 为off时(对应bit位为0):当M flag为on时,依然将通过DHCPv6获得其他参数;当M flag也为off时,将不通过DHCPv6获得其他参数
四. 流程示意图
无状态和有状态并不是相互对立的,他们可以同时存在,也就是一张网卡上可以同时出现通过RA生成的IP以及通过DHCPv6获得的IP。通过下面这张笔者绘制的流程图可知晓其中奥秘。
从图中可以看到,顺序为:
1️⃣ Stateless自动配置“链路本地地址”
2️⃣ Stateless自动配置“全球地址”(或“唯一本地地址”)
3️⃣ Stateful自动配置“全球地址”(或“唯一本地地址”)和其他参数,其中Stateful阶段中存在Stateful DHCPv6或Stateless DHCPv6
注意:部分客户端操作系统或网络管理器当Stateless阶段没有收到RA报文后,就到此结束,不会走Stateful阶段,比如CentOS 7、Ubuntu 17的默认逻辑都是这样,而windows server 2012就会继续走Stateful阶段。
五. 测试获得IP效果
测试环境:客户端基于CentOS 7+NetworkManager(即系统默认的网络管理方式)进行测试
▪ 网关会发送RA报文,包含一个prefix
▪ DHCPv6 Server会分配IP、DNS
测试内容:测试M、O、A flag在所有排列组合的情况下
▪ 客户端是否会通过RA报文配置无状态IP
▪ 客户端是否会通过RA报文配置prefix子网路由
▪ 客户端是否会通过RA报文配置gateway
▪ 客户端是否会通过DHCPv6获得有状态IP
▪ 客户端是否会通过DHCPv6获得DNS
测试结果:
六. 应用场景(选择无状态还是有状态)
何时采用无状态、何时采用有状态,关键看应用场景。核心在于是否需要控制IP地址,比如保持IP不变,如果需要控制,就采用有状态;如果无需控制,就采用无状态。
▷ 服务端领域:如对外提供服务,通常需要采用有状态IP。因为业务IP的突然变化容易导致业务中断(除非做好服务发现)
▷ 客户端领域:如移动设备、办公室内PC机,只需要上IPv6互联网,并不需要对外提供服务,可以采用无状态IP
七. 后续内容
由于篇幅有限,本文尚未贴出实验的详细配置。将会在《IPv6系列》后续文章里,贴出实验的完整信息,包括RA、DHCPv6的配置,以及客户端的配置,敬请关注。
附. 参考文档
http://www.6deploy.eu/tutorials/080-6deploy_ipv6_autoconfiguration_mechs_v0_4.pdf
https://cshihong.github.io/2018/02/01/DHCPv6基础/