IPv6 autoconfiguration isn’t just about getting an address; it’s a sophisticated dance where hosts proactively discover network parameters without human intervention, and the surprising part is how much information a host can get before it even has a permanent IP address.
Let’s see it in action. Imagine a brand new server booting up. Its network interface, say eth0, has no IP address yet.
# On the server, before any config
ip -6 addr show dev eth0
# Output: (empty or maybe a link-local address like fe80::1/64)
# On a router on the same link, advertising itself
# Router's interface connected to the server's network
# Shows RA flags: M=0 (no DHCPv6 for stateful config), O=1 (use DHCPv6 for other info)
# Prefix information: 2001:db8:abcd:1234::/64, A=1 (autonomous address configuration enabled)
router# show ipv6 interface gigabitethernet0/1
GigabitEthernet0/1 is up, line protocol is up
...
IPv6 is enabled, link-local address is fe80::1
...
ND advertising is enabled, and on link
ND reachable time is 3600000 milliseconds
ND advertised minimum hop limit is 64
ND advertised lifetime is 1800 seconds
ND advertised default router is fe80::1 on GigabitEthernet0/1
ND advertised prefix is 2001:db8:abcd:1234::/64 valid 2592000sec hop-limit 64
Flags: a, m, o, s, u
RAs: enabled, directed
...
The server, upon link-up, will immediately send a Router Solicitation (RS) message to the all-routers multicast address (ff02::2). The router, upon receiving this, will send a Router Advertisement (RA). This RA is the cornerstone of SLAAC (Stateless Address Autoconfiguration).
The RA contains a prefix (e.g., 2001:db8:abcd:1234::/64). If the 'A' flag (Autonomous address configuration) is set for this prefix, the host knows it can use this prefix to generate its own address. It combines this prefix with a unique Interface Identifier (IID). The most common method for generating the IID is EUI-64, where the MAC address of the interface is modified: the 7th bit of the first octet is flipped (local/global bit), and ff:fe is inserted in the middle. So, if the MAC is 00:1a:2b:3c:4d:5e, the IID becomes 021a:2bff:fe3c:4d5e (00 becomes 02 because the 7th bit is flipped). The resulting address would be 2001:db8:abcd:1234:021a:2bff:fe3c:4d5e.
The host then performs Duplicate Address Detection (DAD) by sending a Neighbor Solicitation (NS) for the address it just generated. If no Neighbor Advertisement (NA) is received, the address is considered unique and is assigned to the interface. This is SLAAC – the host gets an IPv6 address and a default router without any central server intervention for the address itself.
But what about other crucial information, like DNS server addresses or domain names? This is where the 'O' flag (Other configuration) in the RA comes into play. If the 'O' flag is set (and the 'M' flag for Managed configuration is not set), the host knows to use DHCPv6 for "other" configuration options. Even though it got its address via SLAAC, it still needs to talk to a DHCPv6 server.
The host, now with a link-local address and potentially a SLAAC address, will send a DHCPv6 Information-Request message to the all-DHCPv6-servers multicast address (ff05::1:3). A DHCPv6 server will respond with a Reply message containing requested options, such as DNS servers (IA_NA is not used here as it’s for stateful address assignment, but OPTION_DNS_SERVERS is).
So, a host can get its IPv6 address via SLAAC (using RAs) and then get DNS server information via DHCPv6 (using Information-Requests and Replies, triggered by the 'O' flag in the RA). This is often called "Stateless DHCPv6" because the DHCPv6 server doesn’t track the host’s IP address assignment, only provides configuration parameters.
The full mental model is:
- Link-Local Address: Every IPv6 interface automatically configures a link-local address (starting with
fe80::) using the EUI-64 method or privacy extensions. This is essential for basic communication on the local link, including sending RS messages and performing DAD. - Router Discovery (RS/RA): Hosts send Router Solicitations to find routers. Routers send Router Advertisements. These RAs are critical because they contain:
- Prefix Information: For SLAAC, indicating which prefixes can be used to form global unicast addresses. The 'A' flag determines if SLAAC is allowed for that prefix.
- Default Router: The router’s link-local address, which the host adds to its routing table.
- Flags (M and O):
- 'M' (Managed address configuration): If set to 1, the host must use DHCPv6 to get its IPv6 address (Stateful DHCPv6).
- 'O' (Other configuration): If set to 1, the host should use DHCPv6 to get other configuration information (like DNS servers), even if it got its address via SLAAC (Stateless DHCPv6).
- Address Configuration:
- SLAAC: If 'A' flag is set in RA for a prefix, the host generates its own global unicast address by combining the prefix with its Interface Identifier (EUI-64 or privacy extensions) and performs DAD.
- Stateful DHCPv6: If 'M' flag is set, the host sends a DHCPv6 Solicit, receives Advertise, and then sends a Request to get a stateful IPv6 address from the DHCPv6 server.
- Other Configuration: If 'O' flag is set (and 'M' is not), the host sends a DHCPv6 Information-Request to get options like DNS servers, domain names, NTP servers, etc.
The key insight often missed is how the 'O' flag allows for a hybrid approach: SLAAC for addresses and DHCPv6 for everything else. This is incredibly common and efficient, as it offloads the complexity of IP address management from DHCPv6 while still centralizing DNS and other vital parameters. The host doesn’t need a full DHCPv6 lease; it just asks for information.
The next hurdle you’ll likely encounter is understanding the nuances of DHCPv6 privacy extensions, which modify how the Interface Identifier is generated to enhance user privacy by creating temporary, randomized IIDs.