Setting up DHCPv6 to Dynamically Issue IPv6 Addresses in a Network

转载自，http://www.networkworld.com/article/2228461/microsoft-subnet/setting-up-dhcpv6-to-dynamically-issue-ipv6-addresses-in-a-network.html

In this blog post on IPv6, I’m going to cover:

How to setup DHCP for IPv6 to dynamically issue addresses in your block of IPv6addresses

This is the third technical blog post on configuring IPv6 in a Windows networkingenvironment. My previous postsinclude:http://www.networkworld.com/community/blog/ipv6-addressing-subnets-private-addresseshttp://www.networkworld.com/community/node/71252

Basic understanding of IPv6 addressing, and acquiring an IPv6 address block

Configuring Static IPv6 addresses on Windows 2008 R2 servers, Windows 7 workstations,and configuring DNS

With this posting, I’m going to cover setting up DHCPv6, which is effectively doing thesame thing in dynamically issuing IP addresses to systems, but instead of issuing (just)IPv4 addresses, we will be issuing IPv6 addresses as well. The concept is identical toissuing IPv4 addresses, you need to assign a block of IPv6 addresses you want todynamically assign, you need to know the IPv6 address for your DNS server, and that’s it.

In continuing on the Static IP Address blog post example, for DHCP, I’m going to usesimilar IPv6 addresses and have the following assumptions:

I’m going to be using Unique Local Addresses (ie: private IPv6 addressing), thus myprefix starts with fd
I’m going to use a randomly selected GlobalID (a8:06c3:ce53) and SubnetID (a890)so that all of my devices will start with fda8:06c3:ce53:a890

My DNS server that I created in the last blog is addressedfda8:06c3:ce53:a890:0000:0000:0000:0001, the Gateway to another Subnet isfda8:06c3:ce53:a890:0000:0000:0000:0005

(which the truncation method gets rid of extra zeros so they look like

http://www.networkworld.com/article/2228461/microsoft-subnet/setting-up-dhcpv6-to-dynamically-issue-ipv6-addresses-in-a-network.html

Page 1 of 8

Setting up DHCPv6 to Dynamically Issue IPv6 Addresses in a Network | Network World 1/30/15 10:38 AM

fda8:6c3:ce53:a890::1 and fda8:6c3:ce53:a890::5)

And for my DHCP server, I’m going to give it a static IP address offda8:06c3:ce53:a890:0000:0000:0000:0004

How to setup DHCPv6 for IPv6 on a Windows 2008 R2 ServerAs you probablyknow, DHCP issues IP addresses to systems when the system boots and needs an IPaddress, saves you from having to go to each system and statically addressing the systems(especially with the crazy long IPv6 addresses).To setup and configure DHCP, 3 majorthings need to be done:

1) You need to configure a Windows 2008 R2 server with an IPv6 address (which I coveredstatically addressing IPv6 server addresses in my previous post)

2) You need to install the Windows Server DHCP role to the server
3) You need to configure the DHCP server role to issue IPv6 addresses

Note: If you already have a fully working DHCP server running on Windows 2008 R2, youcan skip the section on installing the basic DHCP role and just jump right to configuringthe IPv6 scope. A fully working DHCP server on Windows 2008 R2 works fine forDHCPv6, it’s installed/setup exactly the same. So all we are really doing is adding in anIPv6 “scope” to a working DHCP IPv4 server.

For the first step, build a Windows 2008 R2 server and give it an IPv6 address (as noted,we’ll be using fda8:06c3:ce53:a890:0000:0000:0000:0004 as the IP address for thisDHCP server, but your IP address can be anything as long as it is on the same subnet asyour DNS server, domain controller, etc). Just make sure you can ping the other serverson your network and if you can, then your server is ready to go!

For the second step of making the server a DHCP server, do the following:1) Logon to the server with administrator rights
2) Click on Start | Administrative Tools | Server Manager
3) Click to highlight Roles, then click on Add Roles

4) For the Before you Begin, click Next

http://www.networkworld.com/article/2228461/microsoft-subnet/setting-up-dhcpv6-to-dynamically-issue-ipv6-addresses-in-a-network.html

Page 2 of 8

Setting up DHCPv6 to Dynamically Issue IPv6 Addresses in a Network | Network World 1/30/15 10:38 AM

5) Select DHCP Server (so it is checkmarked), click Next

6) For the Introduction to DCHP Server, click Next

7) For Network Connection Binding, assuming you are issuing dynamic IPv4 addresses,select the IPv4 address for the DHCP server (which if you only have 1 IP address on theserver, it’ll already be checked), click Next

8) For DNS setting, enter your parent domain (this is the domain name of your network(ie: companyabc.com)), and enter in the IPv4 address of your DNS server, click Next

9) Most orgs are no longer using WINS so you can likely say “WINS is not required”, clickNext

10) For your DHCP v4 scope, Click Add and enter in the IPv4 range you want to issue IPv4addresses including the Subnet Mask, Click OK, then click Next

11) For DHCP Stateless mode (notation on options a and b below added to this post on2/8/2011)

a) If your routers are setup to support IPv6 with the otherconfig=true , effectively thatyour router is configured to tell your IPv6 clients their routing information, then choose toEnable DHCPv6 Stateless Mode, click Next (if you choose this mode, and your DHCPserver issues IPv6 addresses and you get an error when trying to Ping IPv6 devices thatlook like “transmit failed. General failure.”, then configure your routers to support theotherconfig=true setting, --or-- reinstall DHCP to Disable Stateless mode, --or-- run themanual Add Route commands I note below (in that order of preference)

b) If your routers are not setup to support IPv6 (and cannot be configured to supportotherconfig=true, then choose the option to Disable DHCPv6 Stateless Mode, click Next

12) For Parent Domain, enter in the name of your domain again (ie: companyabc.com inmy case, same as step #8 above)

13) For preferred DNS server, enter in the DNS server we have configured for this scenariowhich is fda8:06c3:ce53:a890:0000:0000:0000:0001 (click Validate to make sure itresolves), clear the Alternate DNS (unless you have an alternate DNS, if you have an

http://www.networkworld.com/article/2228461/microsoft-subnet/setting-up-dhcpv6-to-dynamically-issue-ipv6-addresses-in-a-network.html Page 3 of 8

Setting up DHCPv6 to Dynamically Issue IPv6 Addresses in a Network | Network World 1/30/15 10:38 AM

alternate DNS server, then enter it in and Validate that system), click Next

14) To authorize this DHCP server, choose “Use Current Credentials” assuming you arelogged in as the domain administrator, click Next

15) Click Install
This will install DHCP on the Server

Once DHCP is installed on the system, it’ll be ready to issue IPv4 dynamic addresses, butyou need to configure it to support IPv6 dynamic addresses. To configure it as a DHCPv6server, do the following:

1) Click on Start | Administrative Tools | DHCP
2) Highlight and Expand the computer name
3) Highlight the IPv6 container, right click the container and choose New Scope4) Click Next through the Welcome screen
5) Enter in IPv6 DHCP Scope (or whatever you want) for the Name, click Next

6) For Prefix, in our case, we will enter in the Network and Subnet: fda8:06c3:ce53:a890::(note the two : there before the default /64 on the screen). For Preference, leave the defaultat 0 (if you have multiple DHCP scopes, you can change the priority of which DHCP scopegets priority/preference for issuing addresses. Assuming this is the first and only DHCPserver for now, leave it at 0), click Next

7) For exclusions, enter in any static IPv6 addresses you’ve already created (which for ourcase we have issued static IPv6 addresses for our DNS server, our DHCP server, ourgateway, so we would add fda8:06c3:ce53:a890:0000:0000:0000:0001,fda8:06c3:ce53:a890:0000:0000:0000:0002,fda8:06c3:ce53:a890:0000:0000:0000:0004,fda8:06c3:ce53:a890:0000:0000:0000:0005 (or more easily exclude the “range” from:0001 to say :00ff)), click next

Note: You will see that with the IPv6 Scope, you cannot name a specific range (ie: :0100 to

http://www.networkworld.com/article/2228461/microsoft-subnet/setting-up-dhcpv6-to-dynamically-issue-ipv6-addresses-in-a-network.html Page 4 of 8

Setting up DHCPv6 to Dynamically Issue IPv6 Addresses in a Network | Network World 1/30/15 10:38 AM

:01ff), it’s going to pull from any of the available addresses in the entire device addressrange, thus you need to exclude your static servers. Comment I get all the time is “then Ishould put my static servers in one subnet, and my dynamic devices in another”, which youcould so you don’t have to exclude all static addresses in the DHCPv6 scope, but WindowsDHCP provides a concept called “DHCP Reservations” for setting pre-reserved static IPaddresses in DHCP. It’s a new way where “everything” (including domain controllers andservers) are dynamically addressed, but when DHCP sees the name of a specific server, it’llalways assign that server a specific IP address you designate. I will cover this is a separateblog post as I think it is due some attention here in DHCP designs, but for now, just knowthat “all” IP addresses in the entire IP device range will be up for grabs, BUT if you want tonarrow the scope, then just exclude “everything” except for a small range (ie: exclude0000:0000:0000:0001 to 0000:0000:0000:ffff and exclude say 0000:0000:0010:0000to ffff:ffff:ffff:ffff which will only give a very tight range (0000:0000:0001:000 to0000:0000:000f:ffff) to be issued IP addresses for these dynamic devices)

8) Specify the life of the lease (default is fine for this case), click Next

9) Have Active Scope Now (Yes), then click Finish

************

Troubleshooting client problems (getting a “transmit failed. General failure.”when trying to ping other IPv6 clients after DHCPv6 is setup)

(this section revised 2/8/2011)

If you have a problem where after DHCPv6 is setup your client systems cannot accessother IPv6 systems and you get a transmit failed error, as noted above in the configurationsettings, you have 3 options. The best of the options is to run DHCPv6 in a Statelessautoconfiguration mode and set your routers with the otherconfig=true setting. But ifyour routers are not IPv6 supported (yet), you can reconfigure DHCPv6 to DisableStateless mode, and that'll issue IPv6 addresses that will eliminate the Ping problem. Orthere is a workarond by manually setting Routes on your client systems as I note below:

(note 1: the appropriate way to address this is to add otherconfig=true on your routerson your network, which IPv6 devices look for a route/gateway to get out of the subnet and

http://www.networkworld.com/article/2228461/microsoft-subnet/setting-up-dhcpv6-to-dynamically-issue-ipv6-addresses-in-a-network.html Page 5 of 8

Setting up DHCPv6 to Dynamically Issue IPv6 Addresses in a Network | Network World 1/30/15 10:38 AM

automatically acknowledge the subnet that the device is on. If your router(s) support thisconfiguration, then you do not need to proceed with the manual command configurations Inote below. If your routers do not support the otherconfig=true configuration setting,then upgrade your router firmware, or you may need to upgrade/replace yourinternetworking equipment to have IPv6 support so that this can be configured at therouter)

(note 2: if your router does not support the otherconfig=true configuration, or you won'tbe purchasing new internetworking equipment for a while but still want to get IPv6working on your clients and servers, then proceed with the following manual settings. Ifyou don’t have supported routers, or if you don't do this workaround, you’ll get an errorwhen you try to Ping anything with an error “transmit failed. General failure.”. You willscratch your head forever and never figure it out. The reason you have to add thesecommands is that while DHCPv6 issues the IPv6 address to a client, it is missing the /64route needed for the client system to access servers on the subnet. If you go to a freshlyDHCPv6 addressed client and type netsh interface ipv6 show route you’ll see /128there, you’ll see other routes, but no /64 route for your specific subnet, thus the DHCPv6addressed client can’t see any systems on its own network. If you statically address theclient, it works fine (statically address a workstation and do the same netsh command andyou’ll see the /64 address show up), this is what we are manually having to insert for ALLDHCPv6 issued clients.)

The commands you need to run on a DHCPv6 issued client is as follows:1) Run a elevated command prompt on the client system (cmd.exe)

2) type Netsh int ipv6 show int (this displays a list of connected and disconnectednetwork adapters. You’re looking for your default adapter, on my system it is 11)

http://www.networkworld.com/article/2228461/microsoft-subnet/setting-up-dhcpv6-to-dynamically-issue-ipv6-addresses-in-a-network.html

Page 6 of 8

Setting up DHCPv6 to Dynamically Issue IPv6 Addresses in a Network | Network World 1/30/15 10:38 AM

3) type Netsh interface ipv6 set interface {# you identified in step 2} advertise=enabledFor my example: Netsh interface ipv6 set interface 11 advertise=enabled

4) type Netsh interface ipv6 add route 1024://64 {# you identified in step 2} publish=yesFor my example: Netsh interface ipv6 add route 1024::/64 11 publish=yes

5) type Netsh interface ipv6 add route {your prefix::/64} {# you identified in step 2}publish=yes

For my example: Netsh interface ipv6 add route fda8:06c3:ce53:a890::/64 11publish=yes

Test DHCP to see if it is working. Have a server or workstation with DHCP selected for theIP address of the system and see if the system pulls a proper IPv4 address from the IPv4scope, and a proper IPv6 address from the IPv6 scope. See if you can ping a server likeyour DNS server (in my example: ping fda8:06c3:ce53:a890:0000:0000:0000:0001 -6(the -6 will ping over IPv6))

If you need to run these Netsh commands, you can run them in a batch file to executewhen you configure the system. If you have IPv4 available and can access an IPv4 share,then run the batch file off an available IPv4 share to get IPv6 running. If you are runningIPv6 only, then you need to put the batch file on a USB stick and run it manually on the

http://www.networkworld.com/article/2228461/microsoft-subnet/setting-up-dhcpv6-to-dynamically-issue-ipv6-addresses-in-a-network.html Page 7 of 8

Setting up DHCPv6 to Dynamically Issue IPv6 Addresses in a Network | Network World 1/30/15 10:38 AM

system (yeah, I know, lame...) You only need to do this once per system, so once you getthis working, you don’t have to deal with it again (unless you change the network adapterof the system, and then you’ll have a different “interface” (ie: mine was 11 above) that youneed to run the commands to the new interface as it responds to the system)

That is it for DHCP in IPv6, you’ll find that doing dynamic addressing in IPv6 to be apreference over typing in IPv6 static addresses into systems.

In my upcoming blog posts on IPv6, I will cover:Configuring Active Directory to Support IPv6Configuring IPv6 Routing through IPv4