Stateless Autoconfiguration

IPv6 stateless autoconfiguration (documented in RFC 2462) is a fairly simple protocol, but not a very complete one. Most of the work is actually done by the end host that wishes to obtain an IPv6 address on the network. A host appears on the network, creates an interface identifier, then obtains a network prefix that is prepended to the interface identifier. Using the link-local address of the router, the host has instant IPv6 connectivity. Most of the communication in stateless autoconfiguration uses the ICMPv6 protocol, which has been greatly enhanced for these functions, compared to ICMPv4.

The first task in stateless autoconfiguration is for the host to create a unique interface identifier to be used for any link-local, site-local, or global addresses. This interface identifier, called EUI-64, is 64 bits that are adapted from the device's layer two address, typically MAC-48 in LANs. The IEEE dictates that the conversion from MAC-48 to EUI-64 be carried out by inserting a value of 0xfffe after the first 24 bits of the MAC address. Assuming 0xX (the company ID) and 0xY are hexadecimal values of the original MAC-48 address, the EUI-64 identifier would be computed as XX-XX-XX-FF-FE-YY-YY-YY. Most systems would then insert a binary one at bit seven (counting from the right) to indicate a global scope. The following example illustrates this.

       MAC-48: 00:01:03:69:8B:CF
       EUI-64: 0201:03ff:fe69:8bcf
Using a MAC-48 layer two address is only one example of computing an interface identifier. A EUI-64 identifier can be created for layer two addresses up to 118 bits, and for addresses larger than that, autoconfiguration fails.

The interface identifier is then appended to the prefix fe80::/10, which is reserved for link-local addresses. Before this, or any other unicast address, can be assigned, the end host must perform duplicate address detection, or DAD, to ensure the address is unique to the link. The host then joins the all-nodes and solicited-node multicast addresses using the tentative address. With neighbor solicitation and advertisement messages, the host can determine if the address is unique to the link. The following tcpdump output illustrates a case where DAD finds an address conflict (ff02::1 is the all-nodes multicast address).

       15:02:53.862965 :: > ff02::1:ff1c:bb3a: icmp6: neighbor sol: who has
       15:02:53.863213 3ffe:b80:d6e:2:250:56ff:fe1c:bb3a > ff02::1: icmp6:
       neighbor adv: tgt is 3ffe:b80:d6e:2:250:56ff:fe1c:bb3a
If no neighbor advertisements are received, the host assumes the address is unique. DAD is required to be used on all new unicast addresses not derived from the same interface identifier. Additionally, DAD can be disabled (DupAddrDetectTransmits <= 1) via the operating system, since some administrators believe it generates unneeded overhead, and MAC-48 addresses should be unique. In this situation, an address conflict could possibly be undetected, and communication between hosts might mysteriously fail. If not using DAD, a prudent administrator should create a registration system to check MAC-48 addresses before they are allowed on the network.

Once the host has build a unique interface identifier (and a link-local address), the host then uses the link-local address to send a router solicitation to ff02::2, the all-routers multicast address. The router sends a router advertisement to the all-nodes multicast address with a network prefix, preferred and valid lifetimes, and a MTU for the link. The preferred lifetime is the time until the address is deprecated in favor of a new preferred address. This is most often used in conjunction with IPv6 privacy extensions, covered later in this section. The prefix is prepended to the interface identifier and a new, often globally routable, IPv6 address is added to the interface. Since the interface identifier is the same used in the link-local address, DAD is not performed.

Stateless autoconfiguration is available on many devices today, including most Unix systems, routers, and Windows-based machines. Additionally, software such as Radvd (router advertisement daemon) and the Zebra/Quagga software routing suites can provide router advertisements for a link.

One may note that stateless autoconfiguration does not provide the many common options that DHCPv4 (or DHCPv6) provides, such as DNS/NTP servers or a domain/host name to be used by the client. For this reason, stateless autoconfiguration is popular for dual-stack hosts where there is already an IPv4 network, and stateful IPv4 autoconfiguration has been performed.

Even though stateless autoconfiguration is quite simple, it is not without security issues. There is no authorization to obtain an address on the network, and this has supposedly been addressed in RFC 2402, which states that neighbor discovery packets can be authenticated. If DAD is not used, the host can silently become a part of the network, without one packet being transferred. This is possible, although unlikely, because many routers send out router advertisements on a periodic interval, regardless of whether a router solicitation is received. A DoS with DAD is always a possibility, if neighbors respond to a neighbor solicitation indicating a duplicate address, even though no such conflict exists. The victim's operating system will, in some cases, invalidate what it believes to be a duplicate address, and the host will lose connectivity. However, this is not a particularly new problem, since certain ARP spoofing techniques can achieve the same goal with IPv4.

According to Microsoft, since interface identifiers do not change when a mobile host moves between subnets on a network, privacy can be an issue for anyone snooping network traffic. RFC 3041 was developed, which details privacy extensions for use with stateless autoconfiguration. In addition to the IPv6 address generated via the interface identifier, a new IPv6 address with a ``scrambled'' interface identifier is suggested, using MD5 hashing. Using a 64-bit history value, which can be held in stable storage or generated at random, the MD5 hash is computer for the history value plus the interface identifier. Taking the leftmost 64 bits of the hash and setting bit six to zero creates the anonymous address. Since the interface identifier is new, DAD is used. This anonymous address is changed frequently, depending on usage.

Using privacy extensions helps solve the privacy problem with constant interface identifiers, but can make it more difficult to diagnose network problems. When a host's IPv6 address changes randomly, it is almost impossible to troubleshoot the network when there are no set addresses for outgoing connections from hosts. Additionally, some Internet services will refuse access to hosts without PTR records, which anonymous addresses will end up lacking.

Mark Kamichoff 2004-04-23