What are the flag settings when a host should use the slaac only option?

continued from:

http://www.ccieordie.com/legend/cciers-lab/cciers-lab-2-0/cciers-lab-2-1/cciers-lab-2-1-b/2-1-b-nd-rs-ra/

Task 2
R4 should be configured as a DHCP server, and R5 should be configured as a DHCP client acquiring an IPv6 address from R4. R5 should also get its domain name (example.com) and the DNS server’s IPv6 address (2001:1111::1) from R4.

Task 3
R2 should be configured to acquire an IPv6 address from the DHCP server.
R2 should acquire the following from the DHCP server (R4):

An address from the range 12::/64
DNS server: 2000:2222::2
Domain name: example.com
R1 should be configured as a DHCP relay agent.

Task 4
Reconfigure R5 to acquire its IPv6 address from R4 (the DHCP server) using two messages instead of four.
_________________________________________________________________________________________________________
Task 2
R4 should be configured as a DHCP server, and R5 should be configured as a DHCP client acquiring an IPv6 address from R4. R5 should also get its domain name (example.com) and the DNS server’s IPv6 address (2001:1111::1) from R4.

Configure R4 as a DHCP server using the options stated in the task. To work as a DHCP server, unicast routing must be enabled:

R4
ipv6 unicast-routing

configure ipv6 link-local and GUA

R4(config-dhcpv6)#int s1/1
R4(config-if)#ipv6 en
R4(config-if)#ipv6 add 45::4/64

The following specifies the address range to provide in the pool:

R4(config)#ipv6 dhcp pool DHCPv6
R4(config-dhcpv6)#add prefix 45::/64

The following configuration provides the DNS server and the domain name option to DHCP clients:

R4(config-dhcpv6)#dns-server 2001:1:1111::1
R4(config-dhcpv6)#domain-name v6lab.com

The following command associates the DHCP pool with the interface facing the client (R5), effectively starting the particular DHCP server instance on s1/1

R4
interface Serial1/1
no ipv6 nd ra suppress
ipv6 dhcp server DHCPv6

R4(config-if)#do sh ipv6 int s1/1
Serial1/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:400
No Virtual link-local address(es):
Global unicast address(es):
45::4, subnet is 45::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:2
FF02::1:FF00:4
FF02::1:FF00:400
FF05::1:3
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.
R4(config-if)#

Serial interfaces do not send the Router Advertisement messages by default—this is different from Ethernet interfaces, where RA messages are sent automatically. Because they will be required later, we are configuring the s1/5 interface to send them.

As opposed to IPv4, where starting a DHCP server was essentially enough for the hosts to obtain their configuration via DHCP, in IPv6, the hosts must actually be instructed to use DHCP. Without this indication, they will continue using SLAAC. This is accomplished using the Router Advertisement (RA) messages.

RA messages contain two specific bits, or flags, that are used to inform hosts about the mechanism hosts should use to obtain their IPv6 settings. These flags are commonly called the M-flag and the O-flag.

The M-flag, or the managed address configuration flag, tells hosts to obtain their entire IPv6 configuration using DHCP, including their address, prefix length, DNS server address, domain name, and so on. The only parameter that will still remain discovered using RA messages is the default gateway address. DHCP for IPv6 does not support conveying the default gateway address information to clients because this information can always be learned from RA messages, which must have been received by hosts in the first place; otherwise, they would not be contacting DHCP at all. The M-flag can be set in outgoing RA messages using the ipv6 nd managed-config-flag interface configuration command.

The O-flag, or the other configuration flag, tells hosts to obtain their IPv6 address and gateway using SLAAC, and to acquire all other configuration (DNS address, domain name, and so on) using DHCP. The O-flag can be set in outgoing RA messages using the ipv6 nd other-config-flag interface configuration command.

It is important to note that these flags are indications only. It is entirely up to the software running on the host to honor them. Some operating systems may choose to ignore these flags and behave according to their preset configuration. This is also valid for IOS—obviously, when an interface is statically configured to obtain its configuration via DHCP, it will attempt to talk to DHCP even if the RA messages do not have the M-flag set. Nonetheless, we will set up the flags diligently—it is considered a best practice, as well as a very safe approach, to accommodate most operating systems.

The following command sets the M-flag in the RA messages. This tells the hosts not to rely on SLAAC and instead to use DHCP to obtain their IPv6 configuration. (Without this command, some hosts would continue using SLAAC even if the DHCP server was running.)

R4(config-if)#ipv6 nd managed
R4(config-if)#ipv6 nd managed-config-flag
R4(config-if)#

Note Hosts use DHCP to obtain routable addresses.
after setting the M-flag, see below:

R4#sh ipv6 int s1/1
Serial1/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:400
No Virtual link-local address(es):
Global unicast address(es):
45::4, subnet is 45::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:2
FF02::1:FF00:4
FF02::1:FF00:400
FF05::1:3
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use DHCP to obtain routable addresses.
R4#

R5#sh run int s1/1 | b int
interface Serial1/1
no ip address
serial restart-delay 0
end

R5#debug ipv6 dhcp
IPv6 DHCP debugging is on
R5#

R5(config-if)#do sh run int s1/1 | b int
interface Serial1/1
no ip address
ipv6 address dhcp
ipv6 enable

Here, the ipv6 enable command is required to allow the interface to have a link-local address. Without it, the interface would be unable to send DHCP requests because it would have no source IPv6 address. Based on the following output, we can see that the local router (R5) sends a Solicit message to FF02::1:2. Because there is no broadcast in IPv6, this is a special multicast address that the clients use to communicate with a DHCP server.

The local router receives an Advertise message from the link-local IPv6 address of R4, the DHCP server.

The local router then sends a request to use the IPv6 address given to it by the DHCP server, and it receives a reply from the server. In IPv4 DHCP, we also had four messages: Discover, Offer, Request, and Acknowledge, all with a similar meaning.

R5(config-if)#no s
*Aug 15 11:31:36.942: IPv6 DHCP: Sending SOLICIT to FF02::1:2 on Serial1/1
*Aug 15 11:31:36.952: IPv6 DHCP: Received ADVERTISE from FE80::A8BB:CCFF:FE00:400 on Serial1/1
*Aug 15 11:31:36.952: IPv6 DHCP: Adding server FE80::A8BB:CCFF:FE00:400
*Aug 15 11:31:38.062: IPv6 DHCP: Sending REQUEST to FF02::1:2 on Serial1/1
*Aug 15 11:31:38.062: IPv6 DHCP: DHCPv6 address changes state from SOLICIT to REQUEST (ADDR_ADVERTISE_RECEIVED) on Serial1/1
*Aug 15 11:31:38.072: IPv6 DHCP: Received REPLY from FE80::A8BB:CCFF:FE00:400 on Serial1/1
*Aug 15 11:31:38.072: IPv6 DHCP: Processing options
*Aug 15 11:31:38.072: IPv6 DHCP: Adding address 45::D14C:29F9:285D:C980/128 to Serial1/1
*Aug 15 11:31:38.072: IPv6 DHCP: T1 set to expire in 43200 seconds
*Aug 15 11:31:38.072: IPv6 DHCP: T2 set to expire in 69120 seconds
*Aug 15 11:31:38.072: IPv6 DHCP: Configuring DNS server 2001:1:1111::1
R5(config-if)#no shu
*Aug 15 11:31:38.072: IPv6 DHCP: Configuring domain name v6lab.com
*Aug 15 11:31:38.072: IPv6 DHCP: DHCPv6 address changes state from REQUEST to OPEN (ADDR_REPLY_RECEIVED) on Serial1/1

http://www.gtri.com/accounting-differences-dhcpv6-dhcp/

R5(config-if)#do sh ipv6 int brie s1/1
Serial1/1              [up/up]
    FE80::A8BB:CCFF:FE00:500
    45::D14C:29F9:285D:C980
R5(config-if)#

R5(config-if)#do sh ipv6 dhcp int
Serial1/1 is in client mode
  Prefix State is IDLE
  Address State is OPEN
  Renew for address will be sent in 11:46:00
  List of known servers:
    Reachable via address: FE80::A8BB:CCFF:FE00:400
    DUID: 00030001AABBCC000400
    Preference: 0
    Configuration parameters:
      IA NA: IA ID 0x00080001, T1 43200, T2 69120
        Address: 45::D14C:29F9:285D:C980/128
                preferred lifetime 86400, valid lifetime 172800
                expires at Aug 17 2018 12:31 PM (171961 seconds)
      DNS server: 2001:1:1111::1
      Domain name: v6lab.com
      Information refresh time: 0
  Prefix Rapid-Commit: disabled
  Address Rapid-Commit: disabled
R5(config-if)#

R4#sh ipv6 dhcp bind
Client: FE80::A8BB:CCFF:FE00:500
  DUID: 00030001AABBCC000500
  Username : unassigned
  VRF : default
  IA NA: IA ID 0x00080001, T1 43200, T2 69120
    Address: 45::D14C:29F9:285D:C980
            preferred lifetime 86400, valid lifetime 172800
            expires at Aug 17 2018 12:31 PM (171896 seconds)
R4#

The default route in DHCPv6 environments is somewhat confusing. Because IPv6 routers are required to send RA messages, the creators of DHCPv6 decided not to have a default gateway option for DHCPv6, and instead simply rely on the hosts discovering their gateways using RA messages. As a result, even in a DHCPv6 environment, RA messages are required for hosts to discover their gateway, while DHCPv6 provides the rest of the IPv6 configuration.

On Cisco IOS-based routers, having a router obtain its interface configuration through ipv6 address dhcp will cause it to obtain its address and other optional information via DHCP, but this will not make it install a default route through a neighbor sourcing RA messages. If you want to do that as well, you must add the ipv6 address autoconfig default command to the same interface to have the router install a default route discovered via SLAAC.

Finally, having an interface configured both with ipv6 address dhcp and ipv6 address autoconfig default will cause the interface to have two addresses: one obtained via DHCP, the other via SLAAC. Although this may appear to defeat the purpose of DHCP, that is not entirely true: You can configure R4’s s1/5 interface with the ipv6 nd prefix default no-advertise command, which will prevent R4 from advertising any prefix in its RA messages. Although R4 will continue to send RAs, there will be no global prefix advertised, so R5 would only install a default route through R4 without generating a SLAAC-derived address itself.
______________________________________________________________________________________________
Task 3
R2 should be configured to acquire an IPv6 address from the DHCP server.
R2 should acquire the following from the DHCP server (R4):

An address from the range 12::/64
DNS server: 2000:2222::2
Domain name: example.com
R1 should be configured as a DHCP relay agent.

R1(config-if)#do sh cdp neigh s1/0 | b Dev
Device ID Local Intrfce Holdtme Capability Platform Port ID
R4 Ser 1/0 160 R B Linux Uni Ser 1/0

R1(config-if)#do sh ipv6 int brie | ex admin|unass
Ethernet0/0 [up/up]
FE80::200:11FF:FE11:1111
2001:18::1
Serial1/0 [up/up]
FE80::200:11FF:FE11:1111
14::1
Serial1/1 [up/up]
FE80::200:11FF:FE11:1111
12::1

R1(config-if)#do ping ipv6 14::4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 14::4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/10 ms

R4#sh run | b DHCPv6_2
ipv6 dhcp pool DHCPv6_2
address prefix 12::/64
dns-server 2000:2222::2
domain-name lab.com

apply the pool called “DHCPv6_2” on R4’s closest interface to R2. (as illustrated by the diagram, that must be s1/0)

R4#sh run int s1/0 | b int
interface Serial1/0
no ip address
ipv6 address 14::4/64
ipv6 enable
ipv6 dhcp server DHCPv6_2
end

R1’s s1/1 interface should be configured to set the M-flag, the no ipv6 nd ra suppress and then relay the Solicit messages to the DHCP server:

R1(config-if)#do sh cdp neigh s1/1 | b Dev
Device ID Local Intrfce Holdtme Capability Platform Port ID
R2 Ser 1/1 167 R B Linux Uni Ser 1/1

R1(config-if)#do sh run int s1/1 | b int
interface Serial1/1
no ip address
ipv6 address 12::1/64
ipv6 enable
ipv6 nd managed-config-flag
no ipv6 nd ra suppress
ipv6 dhcp relay destination 14::4

As an aside, the configuration of IPv6 DHCP relay is much more intuitive than its IPv4 counterpart whose command, ip helper-address, does not even readily resemble anything related to DHCP.

In this case, R2 is going to be the DHCP client. R2 will multicast a DHCP Solicit message. R1 will receive this message and relay it to R4, the DHCP server. The Solicit message will have the Link Address field populated with the IPv6 address of R1’s link facing R2. R4 will go through its DHCP scopes and will find one that matches the same network. Subsequently, it will lease out an IPv6 address from that scope and offer it to R2 using the Advertise message. Note, however, that the Advertise response will be unicast to R1’s address learned from the Solicit message.

R1 will receive the Advertise message and will relay it down to R2. After R2 receives the Advertise message, it will continue with multicasting a DHCP Request message, which will again be relayed by R2 to R4. Then, R4 will respond with a DHCP Reply message to R2, which in turn forwards it to R1. At this point, R1 has a usable address. The entire process is very similar to IPv4 DHCP.

Note If the address prefix 12::/64 is configured in the previous pool (TST), R2 will get two IPv6 addresses: one from the 12::/64 network, and the second from the 45::/64 network. A DHCP pool in IPv6 can contain multiple IPv6 prefixes at the same time.

R2#debug ipv6 dhcp
IPv6 DHCP debugging is on
R2#sh run int s1/1 | b int
interface Serial1/1
no ip address
end

R2(config)#int s1/1
R2(config-if)#ipv6 en
R2(config-if)#ipv6 add dhcp
R2(config-if)#
*Aug 15 14:53:28.264: IPv6 DHCP: Sending SOLICIT to FF02::1:2 on Serial1/1
*Aug 15 14:53:28.289: IPv6 DHCP: Received ADVERTISE from FE80::200:11FF:FE11:1111 on Serial1/1
*Aug 15 14:53:28.289: IPv6 DHCP: Adding server FE80::200:11FF:FE11:1111
*Aug 15 14:53:29.381: IPv6 DHCP: Sending REQUEST to FF02::1:2 on Serial1/1
*Aug 15 14:53:29.381: IPv6 DHCP: DHCPv6 address changes state from SOLICIT to REQUEST (ADDR_ADVERTISE_RECEIVED) on Serial1/1
*Aug 15 14:53:29.401: IPv6 DHCP: Received REPLY from FE80::200:11FF:FE11:1111 on Serial1/1
*Aug 15 14:53:29.401: IPv6 DHCP: Processing options
*Aug 15 14:53:29.401: IPv6 DHCP: Adding address 12::5C2B:7A4A:57AB:C194/128 to Serial1/1
*Aug 15 14:53:29.402: IPv6 DHCP: T1 set to expire in 43200 seconds
*Aug 15 14:53:29.402: IPv6 DHCP: T2 set to expire in 69120 seconds
*Aug 15 14:53:29.402: IPv6 DHCP: Configuring DNS server 2000:2222::2
R2(config-if)#
*Aug 15 14:53:29.402: IPv6 DHCP: Configuring domain name lab.com
*Aug 15 14:53:29.402: IPv6 DHCP: DHCPv6 address changes state from REQUEST to OPEN (ADDR_REPLY_RECEIVED) on Serial1/1
R2(config-if)#

R2(config-if)#do sh ipv6 int s1/1
Serial1/1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::A8BB:CCFF:FE00:200
No Virtual link-local address(es):
Global unicast address(es):
12::5C2B:7A4A:57AB:C194, subnet is 12::5C2B:7A4A:57AB:C194/128
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:200
FF02::1:FFAB:C194
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
ND RAs are suppressed (periodic)
Hosts use stateless autoconfig for addresses.
R2(config-if)#

R1(config-if)#do sh ipv6 int s1/1 | i Hosts
Hosts use DHCP to obtain routable addresses.

place relay, managed-config and suppression on the relay’s directly connected client interface.

place the dhcp server statement on the dhcp server interface (R4 in the exercise) connected to the relay agent.

R2(config)#do ping ipv6 12::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12::1, timeout is 2 seconds:

% No valid route for destination
Success rate is 0 percent (0/1)
R2(config)#ipv6 route ::/0 s1/1
R2(config)#do ping ipv6 12::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/11/15 ms
R2(config)#
_________________________________________________________________________________
Task 4
Reconfigure R5 to acquire its IPv6 address from R4 (the DHCP server) using two messages instead of four.

Rapid-commit:
In this process, only two messages are exchanged: a Solicit from the client to the server, and a Reply from the server to the client.

Default:
The DHCP client and server exchange four DHCP messages: Solicit, Advertise, Request, and Reply.

The rapid-commit option must be configured both on the DHCP client and the DHCP server to be effective. Here’s how to configure the DHCP server for rapid-commit:

R4(config-if)#ipv6 dhcp serv DHCPv6 rapid

R5(config)#default int s1/1
Interface Serial1/1 set to default configuration
R5(config)#int s1/1
R5(config-if)#ipv6 en
R5(config-if)#ipv6 add dhcp ?
rapid-commit Enable Rapid-Commit

R5(config-if)#ipv6 add dhcp rapid
R5(config-if)#
*Aug 15 16:03:15.831: IPv6 DHCP: Sending SOLICIT to FF02::1:2 on Serial1/1
*Aug 15 16:03:15.841: IPv6 DHCP: Received REPLY from FE80::A8BB:CCFF:FE00:400 on Serial1/1
*Aug 15 16:03:15.841: IPv6 DHCP: Adding server FE80::A8BB:CCFF:FE00:400
*Aug 15 16:03:15.841: IPv6 DHCP: Processing options
*Aug 15 16:03:15.841: IPv6 DHCP: Adding address 45::D14C:29F9:285D:C980/128 to Serial1/1
*Aug 15 16:03:15.841: IPv6 DHCP: T1 set to expire in 43200 seconds
*Aug 15 16:03:15.841: IPv6 DHCP: T2 set to expire in 69120 seconds
*Aug 15 16:03:15.841: IPv6 DHCP: Configuring DNS server 2001:1:1111::1
*Aug 15 16:03:15.841: IPv6 DHCP: Configuring domain name v6lab.com
R5(config-if)#
*Aug 15 16:03:15.841: IPv6 DHCP: DHCPv6 address changes state from SOLICIT to OPEN (ADDR_REPLY_RECEIVED) on Serial1/1
R5(config-if)#
______________________________________________________________________________________________________
continue to Task 5:
5.3.c prefix delegation