In the IPv6 SLAAC (Stateless Autoconfiguration) lesson I explained how IPv6 routers send router advertisements which hosts can use to receive the prefix on the subnet, configure their own IPv6 address using EUI-64 and how they select the router as a default gateway.
What happens however when we have more than one router on the subnet? Which router advertisement will our host then use? To figure this out, we’ll use the following topology:
We have two routers, R1 and R2 who will send router advertisements. Our host will be configured for SLAAC so that it will configure its own IPv6 address. With two router advertisements, our host will have to make a decision which one to use.
Let’s start with the configuration.
Configuration
First we will enable IPv6 unicast routing on R1 and R2, otherwise they won’t send any router advertisements:
R1 & R2
(config)#ipv6 unicast-routing
Let’s configure a global unicast address on each router so that they can advertise a prefix in the RA:
R1(config)#interface GigabitEthernet 0/1
R1(config-if)#ipv6 address 2001:DB8:123:123::1/64R2(config)#interface GigabitEthernet 0/1
R2(config-if)#ipv6 address 2001:DB8:123:123::2/64
That’s all we have to do on the routers. Before we configure the host, let’s enable a debug so we can see the router advertisements in real-time:
R1 & R2 & H1
#debug ipv6 nd
ICMP Neighbor Discovery events debugging is on
Now we will configure the host to use the router advertisements for autoconfiguration:
Host(config)#interface GigabitEthernet 0/1
Host(config-if)#ipv6 address autoconfig
As soon as you enable this command, the host will send a router solicitation:
H1#
ICMPv6-ND: (GigabitEthernet0/1) Sending RS
The routers will receive the router solicitation and will respond with a router advertisement:
R1#
ICMPv6-ND: (GigabitEthernet0/1) Sending solicited RA
ICMPv6-ND: (GigabitEthernet0/1,FE80::F816:3EFF:FE8F:86C2) send RA to FF02::1
ICMPv6-ND: (GigabitEthernet0/1,FE80::F816:3EFF:FE8F:86C2) Sending RA (1800) to FF02::1
ICMPv6-ND: MTU = 1500
ICMPv6-ND: prefix 2001:DB8:123:123::/64 [LA] 2592000/604800R2#
ICMPv6-ND: (GigabitEthernet0/1) Sending solicited RA
ICMPv6-ND: (GigabitEthernet0/1,FE80::F816:3EFF:FE19:6D0) send RA to FF02::1
ICMPv6-ND: (GigabitEthernet0/1,FE80::F816:3EFF:FE19:6D0) Sending RA (1800) to FF02::1
ICMPv6-ND: MTU = 1500
ICMPv6-ND: prefix 2001:DB8:123:123::/64 [LA] 2592000/604800
What does our host think of this?
H1#
ICMPv6-ND: (GigabitEthernet0/1,FE80::F816:3EFF:FE19:6D0) Received RA
ICMPv6-ND: [default] New router interface context created/GigabitEthernet0/1
ICMPv6-ND: [default] New router interface context created/C645C24
ICMPv6-ND: [default] inserted router FE80::F816:3EFF:FE19:6D0/GigabitEthernet0/1
ICMPv6-ND: [default] Select default router
ICMPv6-ND: [default] best rank is 811
ICMPv6-ND: [default] router FE80::F816:3EFF:FE19:6D0/GigabitEthernet0/1 is new best
ICMPv6-ND: [default] Selected new default router
ICMPv6-ND: [default] Install default to FE80::F816:3EFF:FE19:6D0/GigabitEthernet0/1
ICMPv6-ND: Prefix : 2001:DB8:123:123::, Length: 64, Vld Lifetime: 2592000, Prf Lifetime: 604800, PI Flags: C0
ICMPv6-ND: New on-link prefix 2001:DB8:123:123::/64 on GigabitEthernet0/1/FE80::F816:3EFF:FE19:6D0, lifetime 2592000
ICMPv6-ND: Autoconfiguring 2001:DB8:123:123:F816:3EFF:FEDF:47FD on GigabitEthernet0/1
Above you can see that it receives the RA from R2 first which is selected as the default router. The host configures its own address with the prefix it receives. A few seconds later it receives the RA from R1:
H1#
ICMPv6-ND: (GigabitEthernet0/1,FE80::F816:3EFF:FE8F:86C2) Received RA
ICMPv6-ND: [default] New router interface context created/C645C24
ICMPv6-ND: [default] inserted router FE80::F816:3EFF:FE8F:86C2/GigabitEthernet0/1
ICMPv6-ND: [default] Select default router
ICMPv6-ND: [default] best rank is 811
ICMPv6-ND: Prefix : 2001:DB8:123:123::, Length: 64, Vld Lifetime: 2592000, Prf Lifetime: 604800, PI Flags: C0
ICMPv6-ND: Update on-link prefix 2001:DB8:123:123::/64 on GigabitEthernet0/1/FE80::F816:3EFF:FE8F:86C2, lifetime 2592000
Another way to verify that we received two router advertisements is by using the show ipv6 routers command:
H1#show ipv6 routers
Router FE80::F816:3EFF:FE19:6D0 on GigabitEthernet0/1, last update 1 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
HomeAgentFlag=0, Preference=Medium
Reachable time 0 (unspecified), Retransmit time 0 (unspecified)
Prefix 2001:DB8:123:123::/64 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
Router FE80::F816:3EFF:FE8F:86C2 on GigabitEthernet0/1, last update 1 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
HomeAgentFlag=0, Preference=Medium
Reachable time 0 (unspecified), Retransmit time 0 (unspecified)
Prefix 2001:DB8:123:123::/64 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
If you want to see which one was selected as the default then you need to add the default parameter:
H1#show ipv6 routers default
Router FE80::F816:3EFF:FE19:6D0 on GigabitEthernet0/1, last update 1 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
HomeAgentFlag=0, Preference=Medium, trustlevel = 0
Reachable time 0 (unspecified), Retransmit time 0 (unspecified)
Prefix 2001:DB8:123:123::/64 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
Great, as you can see our host is using R2 as the default router. Why? all parameters in the router advertisements from our routers are equal so there’s nothing in the RA that the host will use to make a selection. It decided to use R2 since that’s the first RA that it received. We can demonstrate this by shutting the interface on R2:
R2(config)#interface GigabitEthernet 0/1
R2(config-if)#shutdown
R2 will inform our host that it is leaving, you can see it in the debug:
H1#
ICMPv6-ND: (GigabitEthernet0/1,FE80::F816:3EFF:FE19:6D0) Received RA
ICMPv6-ND: Packet contains no options
ICMPv6-ND: Validating ND packet options: valid
ICMPv6-ND: Packet contains no options
ICMPv6-ND: Zero lifetime, deleting
ICMPv6-ND: [default] Delete router FE80::F816:3EFF:FE19:6D0/GigabitEthernet0/1
ICMPv6-ND: [default] Select default router
ICMPv6-ND: [default] best rank is 811
ICMPv6-ND: [default] router FE80::F816:3EFF:FE19:6D0/GigabitEthernet0/1 no longer best
ICMPv6-ND: [default] Free router FE80::F816:3EFF:FE19:6D0/GigabitEthernet0/1
ICMPv6-ND: [default] router FE80::F816:3EFF:FE8F:86C2/GigabitEthernet0/1 is new best
ICMPv6-ND: [default] Selected new default router
ICMPv6-ND: [default] Install default to FE80::F816:3EFF:FE8F:86C2/GigabitEthernet0/1
Above you can see that our host receives the RA from R2, it will select R1 as the new default router. We can also verify this with the show command we just used:
H1#show ipv6 routers default | include Router
Router FE80::F816:3EFF:FE8F:86C2 on GigabitEthernet0/1, last update 0 min
R1 is now the new default router. Let’s enable R2 again:
R2(config)#interface GigabitEthernet 0/1
R2(config-if)#no shutdown
The host will receive the fresh RA from R2:
H1#
ICMPv6-ND: (GigabitEthernet0/1,FE80::F816:3EFF:FE19:6D0) Received RA
ICMPv6-ND: Validating ND packet options: valid
ICMPv6-ND: [default] New router interface context created/C645C24
ICMPv6-ND: [default] inserted router FE80::F816:3EFF:FE19:6D0/GigabitEthernet0/1
ICMPv6-ND: [default] Select default router
ICMPv6-ND: [default] best rank is 811
ICMPv6-ND: Prefix : 2001:DB8:123:123::, Length: 64, Vld Lifetime: 2592000, Prf Lifetime: 604800, PI Flags: C0
So does it select R2 as the new default router again? Let’s find out:
H1#show ipv6 routers
Router FE80::F816:3EFF:FE8F:86C2 on GigabitEthernet0/1, last update 2 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
HomeAgentFlag=0, Preference=Medium
Reachable time 0 (unspecified), Retransmit time 0 (unspecified)
Prefix 2001:DB8:123:123::/64 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800
Router FE80::F816:3EFF:FE19:6D0 on GigabitEthernet0/1, last update 0 min
Hops 64, Lifetime 1800 sec, AddrFlag=0, OtherFlag=0, MTU=1500
HomeAgentFlag=0, Preference=Medium
Reachable time 0 (unspecified), Retransmit time 0 (unspecified)
Prefix 2001:DB8:123:123::/64 onlink autoconfig
Valid lifetime 2592000, preferred lifetime 604800H1#show ipv6 routers default | include Router
Router FE80::F816:3EFF:FE8F:86C2 on GigabitEthernet0/1, last update 2 min
R1 is still the default router even though we also received the router advertisement from R2. What if we want to use one router as the preferred router?
This is possible with the preference setting. By default our Cisco IOS routers will advertise a medium preference in their router advertisements:
H1#show ipv6 routers default | include Preference
HomeAgentFlag=0, Preference=Medium, trustlevel = 0
There are three levels we can select from though:
R1(config)#interface GigabitEthernet0/1
R2(config-if)#ipv6 nd router-preference ?
High High default router preference
Low Low default router preference
Medium Medium default router preference
Let’s change R2 so that it advertises a high preference. This should force our host to use R2 as the default router:
R2(config-if)#ipv6 nd router-preference High
As soon as you configure this, it will trigger R2 to send a new RA:
R2#
ICMPv6-ND: (GigabitEthernet0/1) RA parameter change
ICMPv6-ND: (GigabitEthernet0/1,FE80::F816:3EFF:FE19:6D0) send RA to FF02::1
ICMPv6-ND: (GigabitEthernet0/1,FE80::F816:3EFF:FE19:6D0) Sending RA (1800) to FF02::1
ICMPv6-ND: MTU = 1500
ICMPv6-ND: prefix 2001:DB8:123:123::/64 [LA] 2592000/604800
Once our host receives it, it will act upon it:
H1#
ICMPv6-ND: (GigabitEthernet0/1,FE80::F816:3EFF:FE19:6D0) Received RA
ICMPv6-ND: [default] Select default router
ICMPv6-ND: [default] best rank is 819
ICMPv6-ND: [default] router FE80::F816:3EFF:FE8F:86C2/GigabitEthernet0/1 no longer best
ICMPv6-ND: [default] router FE80::F816:3EFF:FE19:6D0/GigabitEthernet0/1 is new best
ICMPv6-ND: [default] Selected new default router
ICMPv6-ND: [default] Install default to FE80::F816:3EFF:FE19:6D0/GigabitEthernet0/1
Above you can see that the host now prefers R2 as the new default router and installs a default route for it.
- Configurations
- R1
- R2
- H1
Want to take a look for yourself? Here you will find the configuration of each device.
Conclusion
When your IPv6 hosts receive multiple router advertisements, you probably want to decided yourself which router advertisement will be used. By setting the preference, this can be accomplished.
Although this is how IPv6 works, automatically accepting router advertisements is a security risk. If you want to see what I’m talking about, take a look at the IPv6 RA guard lesson.
No comments:
Post a Comment