Contact

Subscribe via Email

Subscribe via RSS/JSON

Categories

Creative Commons Attribution 4.0 International License
© Rakhesh Sasidharan

Elsewhere

Brief note on IPv6 flags and Dnsmasq modes

Discovered that my Android phone only had a link-local IPv6 address and learnt that it doesn’t support DHCPv6 (who thought?!). So I want to enable SLAAC in addition to DHCPv6 in my network. Was checking out Dnsmaq options (as Asus uses that) and came across its various modes.

IPv6 Router Advertisement (RA) messages can contain the following flags:

  • M (“Managed address configuration”) – indicates that IPv6 addresses are available via DHCPv6. This is also referred to as Stateful DHCP.
  • O (“Other configuration”) – no IPv6 address, but other configuration information like DNS etc. are available via DHCPv6. This is also referred to as Stateless DHCP.
  • A (“Autonomous Address Configuration”) – indicates that the prefix present with the flag can be used for SLAAC (StateLess Auto Address Configuration).

Note that if the M flag is present the O flag doesn’t matter – coz clients are getting information via DHCPv6 anyway.

Dnsmasq allows the following modes when defining an IPv6 range (from its man page):

For IPv6, the mode may be some combination of ra-only, slaac, ra-names, ra-stateless, ra-advrouter, off-link.

ra-only tells dnsmasq to offer Router Advertisement only on this subnet, and not DHCP.

slaac tells dnsmasq to offer Router Advertisement on this subnet and to set the A bit in the router advertisement, so that the client will use SLAAC addresses. When used with a DHCP range or static DHCP address this results in the client having both a DHCP-assigned and a SLAAC address.

ra-stateless sends router advertisements with the O and A bits set, and provides a stateless DHCP service. The client will use a SLAAC address, and use DHCP for other configuration information.

ra-names enables a mode which gives DNS names to dual-stack hosts which do SLAAC for IPv6. Dnsmasq uses the host’s IPv4 lease to derive the name, network segment and MAC address and assumes that the host will also have an IPv6 address calculated using the SLAAC algorithm, on the same network segment. The address is pinged, and if a reply is received, an AAAA record is added to the DNS for this IPv6 address. Note that this is only happens for directly-connected networks, (not one doing DHCP via a relay) and it will not work if a host is using privacy extensions. ra-names can be combined with ra-stateless and slaac.

ra-advrouter enables a mode where router address(es) rather than prefix(es) are included in the advertisements. This is described in RFC-3775 section 7.2 and is used in mobile IPv6. In this mode the interval option is also included, as described in RFC-3775 section 7.3.

off-link tells dnsmasq to advertise the prefix without the on-link (aka L) bit set.

This is a bit confusing so thought I should put it into a nice table. Note that this is my understanding, I could be wrong:

ra-only

no M or O flags; only A flag

clients can use the RA to configure their SLAAC IPv6 address. no DHCPv6 is offered.
slaac

if a DHCPv6 range is specified then M and A flags; else only A flag. no O flag, but as I said above the O flag doesn’t matter anyways if M flag is present.

I’d say M and A flags always (see my point in the next column)

clients can use RA to configure their SLAAC address. DHCPv6 too is offered if a range is configured. thus clients can have two IPv6 addresses – a SLAAC one and a DHCPv6 one.

slaac sounds like ra-only if no DHCP range is configured. I wonder why the DHCP range is presented as it is an optional thing. The DHCP range is what makes slaac different from ra-only, so you kind of actually need it.

ra-stateless only O and A flags; no M flag clients can use RA to configure their SLAAC address and look to DHCPv6 for the DNS etc. information.
ra-names no M or O flags; only A flag this one didn’t make much sense to me; but then again it is meant for dual stacked clients and I am not looking at that scenario. it sounds like ra-only, the difference being that Dnsmasq will assume the client’s SLAAC IPv6 address is based on its MAC address and thus derive a possible IPv6 address and ping it and if there’s a reply then create an AAAA record mapping the client’s name to this SLAAC IPv6 address.
ra-names,slaac M and A flags (assuming it is same as the slaac mode) same as above, just that clients will have a DHCPv6 address in addition to the SLAAC one. and Dnsmasq will create the AAAA DNS record.
ra-names,ra-stateless O and A flags; no M flag same as above, just that clients don’t have any DHCPv6 address but use RA to configure DNS etc.
ra-advrouter ignoring it for now – it’s to do with mobile IPv6 and didn’t make much sense to me :)  
off-link ignoring for now; didn’t make much sense to me  

So in my case it looks like I have to enable the slaac mode. This way all my clients will have both DHCPv6 and SLAAC addresses (with the exception of Android who will get the SLAAC address only).

Brief note on IPv6 flags and Dnsmasq modes by rakhesh is licensed under a Creative Commons Attribution 4.0 International License.