Tuesday, November 5, 2013

Windows Server 2012 - DHCP with IPv6

 
 
This is my second post on IPv6 in Windows 2012 (some concepts may very well apply to Windows 2008/R2) and what could be considered my 7th post on DHCP, since the subject is "DHCP with IPv6".


Some preliminary comments...


But first, I want to mention something I noticed from my first post.

I'll usually exclude the first 10 or 20 addresses for static IP assignments (reservations being the other option).

In this present scenario, the IP of the server ends in "10" and the IP of the client in "15".

This is to make the example clear and simple.

But I do want to point out that since we are counting in hexdecimal, there are not 10 numbers before 10 (0-9) but rather 16 (0-f):

0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f

We'll see this again when we exclude addresses from the scope.

Here are two other examples that can be confusing:

18,19,1a,1b,1c,1d,1e,1f,20,21

99,9a,9b,9c,9d,9e,9f,af,bf,cf,df,ef,ff,100,101,102


Second, I thought I might configure what I believe would be NAT64 on my Cisco ASA device so I could access the Internet on a client machine running only IPv6 from an IPv6 only LAN. This may require more research than I had thought so, for the time being at least, I'll put that project "on hold" and concentrate on Windows Server 2012.




Configuration of an IPv6 scope in DHCP


I have already installed the DHCP role and configured some basic elements for the DHCP server. First and foremost, I have authorized it in Active Directory.

So let's go ahead and configure an IPv6 scope.


We'll start in the DHCP Manager.
 

1. Click on IPv6 and select "New Scope":






2. Click "Next" and then provide a name for the scope:


 
 


3. Indicate the scope prefix. For this exercise, I'm simply using fd00:0000:0000:0000


 
 


I can leave the preference at 0. We could adjust preferences if there were multiple scopes.
 
4. I'll exclude a range of IP addresses for static addressing. 0000 to 00ff is more than enough. And more than 100 - please see my first preliminary comment.


 
 


5. I'll leave the scope lease as is. 8 days would be fine for wired clients in most cases. 8 hours might be more appropriate for wireless clients, especially if they only connect for several hours at a time.
 
 
 
 


Of course, with DHCPv6, we do not have to worry about IP address exhaustion, having trillons (and even more) to "play with".


 
IPv6 dynamic address allocation 
 


I was about to remove the static IPv6 address on the Windows 7 client used to test DHCP in this exercise so the client could obtain a DHCPv6 assigned address.

I first looked at the ipconfig /all output, thinking I could present an interesting "before and after" comparison.

Surprise!

Just as a client can have a static "Unique Local" IPv6 address (ULA) and a local link address, it can also have a DHCPv6 assigned address as well.

As shown below, it is possible for a single network interface to have not only 2 but 3 IPv6 addresses:


DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fd00::15(Preferred)
IPv6 Address. . . . . . . . . . . : fd00::520b:b2ef:36d2:a9d3(Preferred)
Lease Obtained. . . . . . . . . . : Tuesday, November 05, 2013 8:26:46 PM
Lease Expires . . . . . . . . . . : Sunday, November 17, 2013 8:26:45 PM
Link-local IPv6 Address . . . . . : fe80::e07e:50de:a86e:edc7%11(Preferred)


Of course, we are not even considering (here) any IPv4 addresses.

So, unlike with IPv4, where a single network interface most often has only one (1) address, several IPv6 addresses can be assigned to a single interface by a combination of methods:


- Static assignement
- DHCP
- Link local automatic configuration.


After some research on the Internet, I see that RFC 4291 defines this feature (multiple IPv6 addresses for a single interface).

That's the client side.

I wanted to look at the server side and I was surprised again.

The DHCPv6 server not only allocated an IPv6 address to a client already configured with a static IPv6 address... but also configured *itself* with an dynamically assigned IPv6 address:
 

 


Now my curiosity inspires some questions...


A. Will the client respond to a ping on all addresses (why not?)?

Yes (we do have to remove any percent symbols and the numbers that follow them - see examples below).

Note: I disabled Windows Firewall for the pings (no risk on my usually closed test network).

PS C:\> ping fd00::15

Pinging fd00::15 with 32 bytes of data:
Reply from fd00::15: time=3ms
Reply from fd00::15: time<1ms
Reply from fd00::15: time=1ms
Reply from fd00::15: time<1ms
[...]

PS C:\> ping fd00::520b:b2ef:36d2:a9d3

Pinging fd00::520b:b2ef:36d2:a9d3 with 32 bytes of data:
Reply from fd00::520b:b2ef:36d2:a9d3: time=1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time=1ms
[...]

Here we have to remove the " %11 ":

PS C:\> ping fe80::e07e:50de:a86e:edc7%11

Pinging fe80::e07e:50de:a86e:edc7%11 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
[...]

PS C:\> ping fe80::e07e:50de:a86e:edc7

Pinging fe80::e07e:50de:a86e:edc7 with 32 bytes of data:
Reply from fe80::e07e:50de:a86e:edc7: time=3ms
Reply from fe80::e07e:50de:a86e:edc7: time<1ms
Reply from fe80::e07e:50de:a86e:edc7: time<1ms
Reply from fe80::e07e:50de:a86e:edc7: time=2ms


B. What IP address will be registered in DNS?

The static ULA address and the DHCPv6 assigned address:
 

 
 
 
C. If we ping by FQDN, to what IP address will the name resolve?
 

I'll enter the following command on the DNS server (DC-001) for a fresh start:
 
dnscmd /clearcache
 
And let's clear the client cache on the server as well:
 
ipconfig /flushdns
 
 
The first time I try this, it's the DHCP assigned address:
 
PS C:\> ping PC1
 
Pinging PC1.machlinkit.biz [fd00::520b:b2ef:36d2:a9d3] with 32 bytes of data:
Reply from fd00::520b:b2ef:36d2:a9d3: time=2ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms

 
But the second time, it's the static address:
 
PS C:\> ping PC1
 
Pinging PC1.machlinkit.biz [fd00::15] with 32 bytes of data:
Reply from fd00::15: time=3ms
Reply from fd00::15: time<1ms
Reply from fd00::15: time=1ms
Reply from fd00::15: time<1ms

 
The third time, it's the DHCP assigned address, and the fourth time, the static address (again).
 
Note: I cleared the DNS cache after each attempt.
 
 
Logically, the link local address will never participate in DNS since it does not register itself in the first place.
 
So it seems that DNS alternates among the available IP addresses.
 
 
 

4 comments:

  1. Hi
    I want to configure DHCPV6 of Windows Server 2013 with IANA ( Option 3) but I am not able to do it. Can you please me in this regard ?

    Thanks in advance.
    Suvajit.

    ReplyDelete
  2. sorry it's Windows Server 2012.

    ReplyDelete

  3. windows 7 ultimate key code free , genuine windows 7 home basic product key , windows 10 product key new , windows 10 key sale , windows 10 serial keys product key , windows 8.1 pro key buy , sql server 2008 r2 , windows 7 ultimate 64 bit product key , lJTbhw

    buy office 2016 product key

    windows server 2012 r2 free

    rosetta stone french key sale

    ReplyDelete

  4. windows 7 ultimate key code free , genuine windows 7 home basic product key , windows 10 product key new , windows 10 key sale , windows 10 serial keys product key , windows 8.1 pro key buy , sql server 2008 r2 , windows 7 ultimate 64 bit product key , lJTbhw

    buy office 2016 product key

    windows server 2012 r2 free

    rosetta stone french key sale

    ReplyDelete