disabling client use of SLAAC
otroan at employees.org
Sat Mar 6 00:18:47 CET 2010
>> The M and O flags says "get info via DHCP", but it seems they don't mean
>> "do NOT use SLAAC" if I read http://www.ietf.org/rfc/rfc2462.txt correctly?
>> So bottom line, how to make clients not use SLAAC with a Cisco router?
> Note that this is known to be a tricky area in mutlti-vendor, multi-o/s
> Quoting draft-carpenter-renum-needs-work-05:
> We should note a currently unresolved ambiguity in the interaction
> between DHCPv6 and SLAAC from the host's point of view. RA messages
> include a 'Managed Configuration' flag known as the M bit, which is
> supposed to indicate that DHCPv6 is in use. However, it is
> unspecified whether hosts must interpret this flag rigidly (i.e., may
> or must only start DHCPv6 if it is set, or if no RAs are received) or
> whether hosts are allowed or are recommended to start DHCPv6 by
> default. An added complexity is that DHCPv6 has a 'stateless' mode
> [RFC3736] in which SLAAC is used to obtain an address but DHCPv6 is
> used to obtain other parameters. Another flag in RA messages, the
> 'Other configuration' or O bit, indicates this.
> Until this ambiguous behaviour is clearly resolved by the IETF,
> operational problems are to be expected, since different host
> operating systems have taken different approaches. This makes it
> difficult for a site network manager to configure systems in such a
> way that all hosts boot in a consistent way. Hosts will start SLAAC
> if so directed by appropriately configured RA messages. However, if
> one operating system also starts a DHCPv6 client by default, and
> another one starts it only when it receives the M bit, systematic
> address management is impeded.
I wouldn't say it is quite that indeterministic.
a network manager is still in making the choice of what address assignment mechanism to use.
I think you can reasonably safely assume that a host will use SLAAC if the A flag is set. it will not do SLAAC if the A flag is off. if it supports DHCPv6 it will most likely do DHCP if the M-flag is set and it may do it without, and especially in the case where the A flag is off. (;-))
if a host tries DHCP on a link which doesn't support it. no harm done.
More information about the ipv6-ops