Wednesday, October 13, 2010

IPv6 Addresses - SLAAC

IPv6 has two methods that an interface can use to be assigned an address.  The first is the SLAAC, (StateLess Address AutoConfiguration) method, and the second is DHCPv6 (another post).

IPv6 addresses, besides being obviously longer than IPv4 addresses, are not terribly different from IPv4.  In most unicast addresses, the high order 64-bits are for the subnet mask (also called the prefix length) definition and the lower order 64-bits are for host addresses just as the IPv4 address can be broken into subnet and host values.  It is these addresses we will focus on address assignment with.  If you want more on specifics on IPv6 addresses types, go read Wikipedia.

SLAAC uses the aforementioned Router Advertisements to get the network configuration that the address will need for the higher order bits.  This will define how the subnet masks and gateways should be set.

The low order bits are then picked usually using one of two methods, EUI-64 or Privacy Extensions.  EUI-64 takes the MAC address of the interface, splits the 12 high and low order bytes in half and sticks 'FF:FE' between them.  When concatenated to the high order bits, we should now have an IPv6 address that should be completely unique.  Unfortunately it also means that the IP address is completely trackable globally, and this is a bad thing from a privacy perspective.

So, someone came up with Privacy Extensions.  Privacy Extensions adds some randomness to the IPv6 address creation function, which changes under a variety of scenarios.  This solves the problem of privacy, but can often make the IPv6 addresses difficult to track... an issue I will go into length about later.

Network configuration was a different thing back in 1998.  Nowadays IPv4 addresses are tightly controlled tracked and managed.  A device deciding on its own address is completely unheard of.  If your policies depend on that level of management, we've hit upon your first and possibly biggest hitch in managing IPv6 address space because DHCP, a common solution to IP address management problems, has a similar service available called DHCPv6.  But as we will see, it works very differently.