disabling client use of SLAAC
Brian E Carpenter
brian.e.carpenter at gmail.com
Fri Mar 5 21:24:49 CET 2010
On 2010-03-05 22:24, Mikael Abrahamsson wrote:
> The M and O flags says "get info via DHCP", but it seems they don't mean
> "do NOT use SLAAC" if I read http://www.ietf.org/rfc/rfc2462.txt correctly?
> So bottom line, how to make clients not use SLAAC with a Cisco router?
Note that this is known to be a tricky area in mutlti-vendor, multi-o/s
We should note a currently unresolved ambiguity in the interaction
between DHCPv6 and SLAAC from the host's point of view. RA messages
include a 'Managed Configuration' flag known as the M bit, which is
supposed to indicate that DHCPv6 is in use. However, it is
unspecified whether hosts must interpret this flag rigidly (i.e., may
or must only start DHCPv6 if it is set, or if no RAs are received) or
whether hosts are allowed or are recommended to start DHCPv6 by
default. An added complexity is that DHCPv6 has a 'stateless' mode
[RFC3736] in which SLAAC is used to obtain an address but DHCPv6 is
used to obtain other parameters. Another flag in RA messages, the
'Other configuration' or O bit, indicates this.
Until this ambiguous behaviour is clearly resolved by the IETF,
operational problems are to be expected, since different host
operating systems have taken different approaches. This makes it
difficult for a site network manager to configure systems in such a
way that all hosts boot in a consistent way. Hosts will start SLAAC
if so directed by appropriately configured RA messages. However, if
one operating system also starts a DHCPv6 client by default, and
another one starts it only when it receives the M bit, systematic
address management is impeded.
More information about the ipv6-ops