SLAAC IPv6

Before a host can communicate on a network, it must be configured with network parameters. The absolute minimum requirement for communication to take place is the assignment of an IP address and a subnet mask. Additional network parameters, including a default gateway and a DNS server, help expand a host’s communication capabilities.

These parameters must either be manually configured or assigned using a network management protocol such as the Dynamic Host Configuration Protocol (DHCP). In the latter case, a network administrator must still set up the DHCP server and configure the host to request network parameters from the DHCP server.

IPv6 has included within its mechanisms an automatic process through which an IPv6 host can obtain the absolute minimum network parameters it needs to communicate on the network with zero intervention from an administrator. This mechanism is called Stateless Address Auto-Configuration (SLAAC). 

In this article, we’ll take a closer look at what SLAAC is, how it operates, and the areas where it can be most useful.

Executive summary

What is SLAAC, and what does it do?

Configuring a host in IPv4 requires either manual configuration or automatic configuration using a DHCP server. Stateless Address Auto-Configuration (SLAAC) can automatically configure IPv6 host parameters on an IPv6 host without the need for manual configuration or a DHCP server.

The second part of the name is quite clear, indicating that SLAAC automatically configures an IPv6 address on an IPv6 host. However, what does “stateless” mean? 

“Stateful” address assignment involves a server, such as one running DHCP, to actively keep a database of the addresses that have been assigned. The DHCP server assigns and manages IP addresses and lease times and keeps a mapping of the corresponding host MAC addresses. In other words, the DHCP server maintains an accurate representation of the current “state” of the network in terms of these elements of address allocation.

“Stateless” refers to the fact that there is no centralized server tracking address assignments, corresponding MAC addresses, and lease times. It’s stateless in the sense that there is no entity that currently has a record of the current state of address assignments and related information.

SLAAC is designed to be a simple, automatic approach to assigning IPv6 addresses. It is defined in RFC4862 and is specifically used to assign only a global unicast IPv6 address, an IPv6 prefix length, and, optionally, a default router. These are the minimum network parameters required for communication on the network.

In addition, SLAAC can be used to direct a host to a DHCPv6 server, where it can obtain further network parameters such as a DNS server as well as a multitude of other DHCP options. This extra step is often essential because of how important DNS is for accessing the internet, and how costly DNS resolution failures can be, as described in this case study.

The SLAAC process involves the use of the Neighbor Discovery (ND) protocol, which is used to gather some of the information required for network communication and unique address assignment. SLAAC employs ICMPv6 messages that are exchanged among IPv6 hosts and routers to complete the configuration process, including Router Solicitation (RS), Router Advertisement (RA), Neighbor Solicitation (NS), and Neighbor Advertisement (NA) messages. The Duplicate Address Detection (DAD) process is used after initial address assignment to verify that the address chosen is unique.

{{banner-13="/design/banners"}}

How does SLAAC work?

Let’s go through the steps of how an IPv6 host obtains IPv6 network parameters via SLAAC. We’ll be using the following topology with the indicated IPv6 address space:

‍

Note that the address space being used is for demonstration purposes. You can use any valid global unicast address space.

Step 0: Link-local IPv6 address assignment

Technically, this is not actually part of the SLAAC process, but it is a prerequisite. As soon as an IPv6 host is connected to an IPv6 network, it automatically generates its own IPv6 link-local address. Link-local addresses are in the form of fe80::/64, are only locally significant, and are primarily used by various protocols for control-plane communication within a particular network segment. 

Link-local addresses are generated in various ways depending on the operating system or firmware of the IPv6 device in question. For example, Cisco devices use EUI-64, which generates an address using the interface’s MAC address as part of the algorithm, while Windows computers generate them randomly.

Once assigned, the node performs a duplicate address detection (DAD).  This is a process used to check and ensure that the link-local address is indeed unique on the segment. If a duplicate address is detected, the host is informed, and it attempts to choose a different link local address (if this fails, then SLAAC cannot continue). Once uniqueness is ensured and the link local address is activated on the interface, the IPv6 host is able to communicate using ND to perform all the necessary SLAAC operations to obtain a unique global unicast IPv6 address.

Step 1: Router solicitation and router advertisement

The IPv6 host sends out an RS message using its newly obtained link-local address. The RS message solicits any router that may be on the segment for an IPv6 global unicast prefix. The FF02::2 all routers multicast address is used as the destination of the RS message. Only IPv6 routers will receive this message because only IPv6 routers belong to this multicast group.

Once the IPv6 router receives this message, it responds with an RA message, advertising its own global IPv6 prefix as well as the network prefix length. In the network topology presented above, the prefix sent would be 2001:1234:: and the prefix length would be /64. The RA uses the router’s link-local address on its Gi0/0 interface as the source IPv6 address and the all hosts multicast address of FF02::1 as the destination.

Step 2 - Global unicast address configuration

At this point, the IPv6 host has learned the network prefix as well as the prefix length. The only thing left is for the host to determine the right-most 64 bits of its IPv6 address. This can be done in various ways, once again, based on the operating system or the firmware of the IPv6 device. Let’s say for simplicity, that our host randomly chooses ::2 as the right-most 64 bits of its IPv6 address, thus resulting in a SLAAC assigned IPv6 address of 2001:1234::2/64 for the host.

The router may specify its own address as the host’s default gateway, depending on whether we configure the router to do so or not. If it does, then it will share its own IPv6 link-local address of the Gi0/0 interface as the default gateway.

Step 3 - Duplicate address detection for the global unicast address

Finally, the last step is to run DAD again to ensure that there are no duplicate addresses on the network. If the IPv6 address passes the DAD check, then no duplicate address is found, and the host now has an IPv6 global unicast address, a prefix length, and a default router. (Because of the previous steps taken, DAD should not fail at this step; if it does, something has gone wrong, and the SLAAC process must restart with a new link-local identifier.) Once DAD passes, the host can now communicate on the network segment as well as with destinations behind the local gateway router, such as other LANs or the global internet.

{{banner-9="/design/banners"}}

Configuration Options

We can configure the router in a few different ways. So far, we’ve described a basic configuration, where the local router provides the prefix, prefix length, and default router parameters in its RA, and the host is instructed that these are the only IPv6 parameters to be configured. But other behaviors are also possible.

The three primary ways that SLAAC operates involve the local IPv6 router sending out an RA that instructs the host to:

• Use the prefix, prefix length, and default router contained within the RA as the only IPv6 parameters for the host. This is the process that has been described above.
• Use the prefix, prefix length, and default router contained within the RA and also request a DNS server address from a DHCPv6 server.
• Use a DHCPv6 server to receive all of the required network parameters by sending out a DHCP Discover message; this essentially tells the host to use DHCP instead of SLAAC.

An IPv6 host is instructed to do one of the above based on the settings of the autoconfiguration flags found within a field of the RA message. Below you can see a depiction of an RA message focusing on the contents of the Autoconfig Flags field:

The host will respond as follows based on the flag values:

• If the Managed (M) flag is set to 1, the host is instructed to obtain all of its IPv6 network parameters from a DHCPv6 server. If so, the value of the Other Configuration (O) flag has no meaning and is ignored.

• If the M flag is set to 0 and the O flag is set to 1, the host is instructed to receive its prefix, prefix length, and default router information from the contents of the RA message but to request a DNS server address from a DHCPv6 server.
• If M and O are set to 0, the host is instructed to simply use the prefix, prefix length, and the default router provided in the RA and nothing more.

The Default Router Preference (Prf) is two bits in length and can have the values of 01 (high), 00 (medium), or 11 (low). (Note that the seemingly odd choices of numbers for these priorities are intentional; see RFC4191 for more details.) When a host receives RAs from multiple messages, the value of the Prf field is used to determine which router to prefer as the default router.

The following is a Wireshark packet capture of an RA message:

Note the following:

• The source address is the link-local address of the router, while the destination address is the all hosts multicast address.
• The message is contained within an ICMPv6 packet.
• The type is set to 134, which indicates an RA.
• The flags are set to M=0 and O=0, so the RA is instructing the host to use the prefix, prefix length, and default router delivered by the RA only.
• The Prf is set to 01, which is high.
• The prefix and prefix length are 2001:db8:123:123::/64 and are contained within an ICMPv6 option called Prefix Information.

{{banner-10="/design/banners"}}

Configuring SLAAC on a Cisco Router

In the following example, we’ll configure SLAAC on two Cisco routers using the following topology:

One router will play the role of the IPv6 router on the network segment, while the other will play the role of the host. Before we start, let’s enable IPv6 Neighbor Discovery debugging to see what messages are being sent between the router and client:

IPv6_Router#debug ipv6 nd
ICMP Neighbor Discovery events debugging is on

IPv6_Host#debug ipv6 nd
ICMP Neighbor Discovery events debugging is on

Let’s begin by configuring the IPv6 router’s Gi0/0 interface to act as an IPv6 router on the network segment:

IPv6_Router#conf t
IPv6_Router(config)#ipv6 unicast-routing 
IPv6_Router(config)#interface gigabitethernet 0/0
IPv6_Router(config-if)#ipv6 address 2001:1234::1/64

Now we have enabled unicast routing, which essentially makes this router an active IPv6 router, and we’ve assigned an IP address to the Gi0/0 interface.

Next, let’s configure the IPv6 host to use SLAAC to configure its IPv6 address:

IPv6_Host#conf t
IPv6_Host(config)#interface gigabitethernet 0/0
IPv6_Host(config-if)#ipv6 address autoconfig

Note that in this case we don’t have to use the ipv6 unicast-routing command since the router is actually acting as an IPv6 host. Thus, it won’t send out RAs or respond to RSes.

At some point during the configuration, some debug events will appear indicating what ND messages are being sent and received:

IPv6_Router#
ICMPv6-ND: Sending RA to FF02::1 on GigabitEthernet0/0
ICMPv6-ND:     MTU = 1500
ICMPv6-ND:     prefix = 2001:1234::/64 onlink autoconfig

IPv6_Host#
ICMPv6-ND: Received RA from FE80::CE0A:18FF:FE0E:0 on GigabitEthernet0/0
ICMPv6-ND: Autoconfiguring 2001:1234::CE09:18FF:FE0E:0 on GigabitEthernet0/0

Notice that the IPv6 router is sending out an RA to the host multicast group that contains the appropriate prefix and prefix length. The prefix is determined from the IPv6 address of the interface itself.

The IPv6 host is receiving this RA from the IPv6 router’s link-local address and autoconfiguring the IPv6 address of the Gi0/0 interface. Let’s take a look at the IPv6 address assigned to the interface on the IPv6 host:

IPv6_Host#show ipv6 interface brief 
GigabitEthernet0/0            [up/up]
    FE80::CE09:18FF:FE0E:0
    2001:1234::CE09:18FF:FE0E:0

Note that the interface has a link-local IPv6 address already assigned but has a newly assigned global unicast IPv6 address:

The above address is composed of the prefix sent by the router (2001:1234::/64) and the rest of the address obtained using the EUI-64 method.

Strengths, Weaknesses, and Usage

SLAAC is very useful in many situations but also has some weaknesses and drawbacks. Here we discuss strengths, weaknesses, and typical usage scenarios of the feature.

Strengths and usage scenarios of SLAAC

The primary advantage of SLAAC is the fact that an IPv6 host can obtain network connectivity without any intervention by an administrator. This is especially useful in the following scenarios:

• Extremely large number of devices: Applications in machine communication as well as the Internet of Things (IoT) may use hundreds, thousands, or even tens of thousands of network-connected devices. This is the case in various applications, such as smart cities, smart agriculture, and smart transportation systems, where computerized devices of all types are used not only to collect data but also automatically respond to specific conditions. When deploying so many devices, it is cost-prohibitive to have to configure each one or even to ensure that the networks to which they connect are supplied with DHCPv6 services.
• Home electronics: More and more home devices, including TVs, refrigerators, thermostats, security systems, and even washing machines and dryers are becoming network-aware, but most homes do not have network professionals to configure these devices. IPv6 devices with SLAAC are truly plug-and-play when it comes to network connectivity.

In both of the above cases, only IPv6 network connectivity is achieved and not communication using additional services, such as DNS. For this reason, such devices must be preconfigured to communicate successfully with predetermined network addresses on the internet for the appropriate services to function.

SLAAC: Limited by design

The primary disadvantage of SLAAC is the fact that it is limited in the number and type of parameters it can provide to hosts; especially troublesome is the lack of DNS server configuration for IPv6 hosts. SLAAC is thus not useful for traditional LANs that deliver network connectivity to devices such as PCs, laptops, smartphones, and tablets.

This may seem like a very significant oversight on the part of the designers, but keep in mind that IPv6 has been designed with the next couple of decades in mind. In the future, there will be many more networks composed of connected “things” rather than connected devices that are designed for direct human interfaces (such as PCs or tablets). 

While computer networks will still need DHCPv6 servers to allow web sites and services to be accessed using domain names, future networks will be primarily composed of autonomous connected devices that can easily use SLAAC because they don’t need domain names or other options delivered by DHCP servers. Even today, there are more connected autonomous devices than connected PCs, laptops, smartphones, and tablets combined! SLAAC is ideally suited to make such large machine networks easily addressable with little to no network professional effort (or cost).

{{banner-sre="/design/banners"}}

Summary of key concepts

SLAAC is an extremely important mechanism that was introduced in IPv6. Also called IPv6 autoconfiguration, it provides an IPv6 host with a global unicast address, prefix length, and default router, all without any human intervention. These are the minimum network parameters needed for an IPv6 host to obtain network access.

SLAAC achieves this using ND. It can be configured to use DHCPv6 for IPv6 hosts to obtain only the DNS server address, or it can redirect hosts to search for a DHCPv6 server for all of their network configuration parameters.

SLAAC is extremely useful for situations where network parameter configuration is impractical or impossible. However, it has the disadvantage of not providing parameters such as DNS server addresses, so it is not practical for use in a traditional LAN consisting of devices such as PCs and smartphones that require DNS services.