IPv6 SLAAC Process Explained with Examples and Wireshark Capture
Contents
I- Link-Local Address Assignment
Once an IPv6 node is connected to an IPv6 enabled network, the first thing it typically does is to auto-configure itself with a link-local address. The link-local address is needed to enable the node to communicate at Layer 3 with other IPv6 devices in the local segment.
The IPv6 link-local address is generated by combining the link-local prefix FE80::/64 and the interface identifier.
Typically, there are 2 way to generate link-local address:
- EUI-64 process
- Random 64-bit (used by newer operating system windows 10 and MAC)
Link-Local Address with EUI-64 process:
The link-local address with EUI-64 process is a method used to generate a unique IPv6 link-local address for a network interface based on its MAC (Media Access Control) address. The EUI-64 process stands for Extended Unique Identifier-64, and it involves manipulating the 48-bit MAC address to create a 64-bit interface identifier.
Then Combine the Interface identifier with the link-local prefix to generate the link local address for the interface, following is an illustration of the process from networkacademy.io:
So, At this point, the host (Host-A) generated it Link-local address with EUI-64 method (note that in windows 10, it will be using random 64 bits for security reasons):
In order to confirm that the link-local generated address is unique in the local segment, the host will perform Duplicate Address Detection (DAD) mechanism.
Duplicate Address Detection (DAD):
After the configuration of IPv6 address, the host will join a special multicast group called ‘solicited-node multicast‘. For each configured unicast address (link-local or global), the host joins the associated solicited-node multicast group.
The solicited-node mcast group is identified by the address FF02::1:FF followed by the last 6 hexadecimal values in the IPv6 unicast address.
For our example:
Link-Local address: fe80::250:79ff:fe66:681f
–> solicited-node multicast group: ff02::1:ff:66:681f
As a result, for each configured unicast address, no matter if it is link-local or global, the host joins the respective auto-generated solicited-node multicast group.
If another host has the same exact link-local address, it listens for the same solicited-node multicast group ff02::1:ff:66:681f. In order for Host-A to check that, it sends an ICMPv6 (Neighbor Solicitation) message with:
- The destination address set to the solicited-node multicast group (ff02::1:ff:66:681f)
- The source address set to the IPv6 unspecified address (::)
If no reply, the host will confirm that the link-local address is unique.
At this stage, the host has a link-local address and confirmed that it’s unique via DAD process, but, no Global unicast address is assigned yet:
II- Global Unicast Address Assignment
IPv6 Stateless Address Autoconfiguration (SLAAC) is a mechanism in IPv6 that allows hosts on a network to automatically configure their own IP addresses without the need for a centralized DHCP server. SLAAC relies on the Neighbor Discovery Protocol (NDP) to obtain network configuration information:
Step-1: Router Solicitation:
Host will send an ICMPv6 message called Router Solicitation (RS) in order to trigger the router to send a Router Advertisement (RA):
- Router Solicitation (from Host-A to “All Routers Address” multicast group FF02::2):
- Router Solicitation Wireshark capture:
Step-2: Router Advertisement:
Upon receiving the Router solicitation (RS) (or untriggered), which was send to all router multicast group, the router will send a Router Advertisement (RA) message:
- Router Advertisement (from Router-1 to “All Nodes Address” multicast group FF01):
- Router Advertisement Wireshark capture:
Router Advertisement (RA): A router periodically sends out Router Advertisement messages to announce its presence and network configuration information. The RA message contains the Prefix, which is the network portion of the IPv6 address.
Example of RA
Type: Router Advertisement
Flags: 0x40 (Managed address configuration not available)
0x80 (Other configuration not available)
Router Lifetime: 1800 seconds
Prefix Information: 2001:db8:1234:5678::/64
Step-3: Host Global Unicast Configuration:
Upon receiving the RA message, the host extracts the Prefix Information and combines it with its interface identifier to create its IPv6 address. The interface identifier can be derived from various methods, such as the MAC address or privacy extensions.
When Host-A gets the Router Advertisement from Router 1, it combines the prefix 2001:1234:a:a::/64 with its EUI-64 interface identifier (2050:79ff:fe66:681f)
The result is the global unicast address 2001:1234:a:a:2050:79ff:fe66:681f/64. Because the Router Advertisement came from Router 1, PC1 sets its IPv6 default gateway to the link-local address of R1.
Example Interface Identifier (MAC-based): 2050:79ff:fe66:681f
Since the Router Advertisement sent from Router 1, Host-A sets its IPv6 default gateway to the link-local address of R1.
Now Host-A has a global unicast address and a default gateway. But, Host-A must confirm that the auto-generated address is unique, Host-A will perform the Duplicate Address Detection (DAD) process.
Step-4: Duplicate Address Detection (DAD)
When Host-A auto-generate its own global unicast address, it will join the auto-generated solicited-node multicast group FF02::1:FF66:681F. To confirm the address is unique, Host-A then sends an ICMPv6 message called “Neighbor Solicitation” to the solicited-node address FF02::1:FF66:681F.
If no reply is received back Host-A can start using it for communication outside its local segment including on the Internet.