DHCPv6 and the Trouble with MAC Addresses (Part 2 of 2)

Share On Facebook
Share On Twitter
Share On Linkedin

In my last post we looked briefly at a key difference between DHCPv6 and DHCPv4: the use of elements other than just the MAC address to identify to which host and interface a particular DHCP lease belongs. Among these DHCPv6 identification elements the DHCP Unique Identifier (or DUID) in is the closest thing to how a MAC address is used in DHCPv4.

As quoted from RFC 3315, Dynamic Host Configuration Protocol for IPv6 (DHCPv6): “DHCP servers use DUIDs to identify clients for the selection of configuration parameters and in the association of IAs with clients. DHCP clients use DUIDs to identify a server in messages where a server needs to be identified.”

The more granular host and interface identification mechanism facilitated by the DUID (and associated elements) is arguably better suited to a IPv6-enabled LAN environment where interfaces have multiple addresses of different scopes. But enterprise LAN administration practice has long relied on the use of the MAC address to reserve address leases for particular hosts in DHCPv4 (along with practices not directly related to DHCP such as using the MAC to control access to the network and help track host hardware).

RFC 6939, Client Link-Layer Address Option in DHCPv6, offers “an optional mechanism and the related DHCPv6 option to allow first-hop DHCPv6 relay agents (relay agents that are connected to the same link as the client) to provide the client’s link-layer address in the DHCPv6 messages being sent towards the server.” As we discussed in the last post, if the server is on the same link as the client, the MAC address of the originating host can always be learned from the layer 2 frame.

From the description, it sounds like RFC 6939 offers a way to preserve the lease reservation method used in DHCPv4. It would also allow simpler correlation of a host with both IPv4 and IPv6 addresses for management purposes. Sounds great, right? But do DHCPv6 servers support this option yet?

Well after I published the first part of this blog, a colleague pointed me to a recent post from Enno Rey and Antonios Atlasis on the blog over at Enno’s excellent Infosec/IPv6 site, Insinuator. As chance would have it, Antonios recently tested exactly the above question with both ISC DHCP 4.3 and Cisco IOS XE. Seems I was picking up Enno’s and Antonios’ powerful brainwaves through The Cosmic Ether when I chose (er, thought I was choosing) the subject to blog about. Please do yourself a favor and follow the link to read the whole post.

I’ll be back a couple of weeks with a blog discussing (the at least) 3 things that will sink your IPv6 adoption initiative.

Labels:

Tom Coffeen

Co-founder of HexaBuild.io

Tom Coffeen is a network engineer, architect, and author with over twenty years of internetwork design, deployment, administration, and management experience. Tom co-founded HexaBuild, an IT consultancy specializing in the advancement of cloud, IoT, and security deployment best practices through IPv6 adoption. Prior to co-founding HexaBuild, Tom was an IPv6 Evangelist and a Distinguished Architect at Infoblox. Before that Tom was the VP of network architecture at the global CDN Limelight Networks where he led their deployment of IPv6. He is also the author of O’Reilly Media’s IPv6 Address Planning.

View All Posts
×