LTLnetworker | IT hálózatok, biztonság, Cisco

               IT networks, security, Cisco

IPv6 host’s default router selection

Posted by ltlnetworker on May 14, 2010


An IPv6 host’s default router selection is affected both by manual static routes and received router advertisements.

I am very happy with my HE IPv6 tunnel. Szívesen lennék natív IPv6 felhasználó is, de az UPC nem ad információt, hogy milyen IPv6 tervei vannak. )-: I bookmarked Google’s IPv6 site but once it turned inaccessible. What could have happened?


C:\Users\Peter>ping ipv6.google.com

Pinging ipv6.l.google.com [2a00:1450:8004::6a] with 32 bytes of data:
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.
Destination net unreachable.

Ping statistics for 2a00:1450:8004::6a:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

(I can still ping the other side of the 6in4 tunnel.) I found a second default route in the routing table:

C:\Windows\system32>netsh
netsh>int ipv6
netsh interface ipv6>
netsh interface ipv6>show route

Publish  Type      Met  Prefix                    Idx  Gateway/Interface Name
-------  --------  ---  ------------------------  ---  ------------------------
No       Manual    256  ::/0                       25  2001:470:1f0a:11da::1
No       Manual    256  ::/0                       15  fe80::c802:24ff:fe64:1f
No       Manual    256  ::1/128                     1  Loopback Pseudo-Interface 1
No       Manual    256  2001:470:1f0a:11da::/64    25  IP6Tunnel
No       Manual    256  2001:470:1f0a:11da::2/128   25  IP6Tunnel
...

I realized that  my Windows7 laptop installed another default route into the routing table as my virtual router in GNS3 started to send Router Advertisements. So why not, after all it has an IPv6 address:

interface Ethernet1/3
 ip address 192.168.159.101 255.255.255.0
 ipv6 address 2001:470:9B39:8::1/64

R1#sh ipv6 int e1/3
Ethernet1/3 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C802:14FF:FE70:1F
No Virtual link-local address(es):
Global unicast address(es):
2001:470:9B39:8::1, subnet is 2001:470:9B39:8::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF70:1F
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.

This host behavior is based on RFC4861:

On receipt of a valid Router Advertisement, a host extracts the source address of the packet and does the following:

– If the address is not already present in the host’s Default Router List, and the advertisement’s Router Lifetime is non- zero, create a new entry in the list, and initialize its invalidation timer value from the advertisement’s Router Lifetime field.
[…]
Source Address MUST be the link-local address assigned to the interface from which this message is sent.


So that’s why the router doesn’t send the packet from its global unicast address 2001:470:9B39:8::1.

Note that this link-local address fe80::c802:24ff:fe64:1f slightly changes with every reload on the router.  You will find some similar but different address in this article as some screenshots and outputs were copied after a reload cycle.

R1#debug ipv6 icmp
ICMP Packet debugging is on
*May  2 11:55:12.567: ICMPv6: Sent R-Advert, Src=FE80::C802:14FF:FE70:1F, Dst=FF02::1


I had a manually configured IPv6 address on my VMnet8 interface. Now new IPv6 addresses appear on it:

netsh interface ipv6>sh address 15 normal

Interface 15: VMware Network Adapter VMnet8

Addr Type DAD State   Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Manual     Preferred     infinite   infinite 2001:470:1f0b:11da::2222
Public     Preferred 29d23h59m11s 6d23h59m11s 2001:470:9b39:8:743b:89ce:e35b:30c0
Temporary Preferred 6d23h37m44s 6d23h37m44s 2001:470:9b39:8:89bc:da7c:745f:af12
Other      Preferred     infinite   infinite fe80::743b:89ce:e35b:30c0%15

These addresses are generated by Stateless Address Autoconfiguration (SLAAC from RFC 4862, originally RFC 2462) due to the Prefix Information field  that contains the 2001:470:9b39:8::/64 prefix. This is the router’s own connected subnet. The host uses one of those SLAAC address when sending packets towards the router rather than its manually configured address:

This PC is in a multihomed situation (VMnet8 and IP6Tunnel), but a bogus default router can be picked up in the same way when a host is connected to an IPv6 LAN and someone connects a router to the LAN with an IPv6-enabled interface. This differs from the IPv4 world where modifying a PC’s default route required a rogue DHCP server. An IPv6 RA is for picking up a default router by design, you should be aware of that before you connect a router to a LAN.

There is a similar situation if the valid route is not manually set but learned from the company router (RouterA) RA’s and a second router (RouterX) starts to send RA’s too.
As you can see, both ::/0 routes have the default metric of 256. To achieve a working solution, we have multiple choices:

  • set a better metric for the manual route
  • set  RouterX to send less preferable RA’s (higher metric)
  • increase the preference of the route learned from legitimate RouterA
  • prevent RouterX from advertising itself as a default router

1. Decreasing the manual route’s metric

netsh interface ipv6>delete route ::/0 25
Ok.

netsh interface ipv6>add route ::/0 25  2001:470:1f0a:11da::1 metric=22
Ok.

netsh interface ipv6>sh route

Publish  Type      Met  Prefix                    Idx  Gateway/Interface Name
-------  --------  ---  ------------------------  ---  ------------------------
No       Manual    22 ::/0                       25  2001:470:1f0a:11da::1
No       Manual    256 ::/0                       15  fe80::c802:14ff:fe70:1f
No       Manual    256  ::1/128                     1  Loopback Pseudo-Interface 1
No       Manual    256  2001:470:1f0a:11da::/64    25  IP6Tunnel
No       Manual    256  2001:470:1f0a:11da::2/128   25  IP6Tunnel
No       Manual    256  2001:470:1f0b:11da::/64    15  VMware Network Adapter VMnet8
No       Manual    256  2001:470:1f0b:11da::2222/128   15  VMware Network Adapter VMnet8
No       Manual    8    2001:470:9b39:8::/64       15  VMware Network Adapter VMnet8
No       Manual    256  2001:470:9b39:8:301b:eca8:ac87:39db/128   15  VMware Network Adapter VMnet8
No       Manual    256  2001:470:9b39:8:743b:89ce:e35b:30c0/128   15  VMware Network Adapter VMnet8
No       Manual    256  fe80::/64                  25  IP6Tunnel
...

2.       Setting RouterX to send less preferable RA’s

There is a Default Router Preference field in the Router Advertisement which was introduced in RFC 4191:

Preference values are encoded as a two-bit signed integer, as follows:


01      High
00      Medium (default)
11      Low
10      Reserved – MUST NOT be sent

(You can see its default value in the previous capture.)

Most Cisco routers and L3 switches support this feature from IOS versions 12.4(2)T, 12.2(33)SXH, 12.2(33)SB and Cisco IOS XE Release 2.1.  The interface command is

ipv6 nd router-preference {high | medium | low}

interface Ethernet1/3
ip address 192.168.159.101 255.255.255.0
ipv6 address 2001:470:9B39:8::1/64

R101(config-if)#do debug ipv6 icmp
ICMP Packet debugging is on
R101#sh ipv6 int e1/3
Ethernet1/3 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C802:14FF:FE70:1F
No Virtual link-local address(es):
Global unicast address(es):
2001:470:9B39:8::1, subnet is 2001:470:9B39:8::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF70:1F
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.

R101(config)#int e1/3
R101(config-if)#ipv6 nd router-preference low
R101(config-if)#
*May 2 11:03:09.435: ICMPv6: Sent R-Advert, Src=FE80::C802:14FF:FE70:1F, Dst=FF02::1
*May 2 11:03:25.515: ICMPv6: Sent R-Advert, Src=FE80::C802:14FF:FE70:1F, Dst=FF02::1
*May 2 11:03:41.595: ICMPv6: Sent R-Advert, Src=FE80::C802:14FF:FE70:1F, Dst=FF02::1
R101#sh ipv6 int e1/3
Ethernet1/3 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::C802:14FF:FE70:1F
No Virtual link-local address(es):
Global unicast address(es):
2001:470:9B39:8::1, subnet is 2001:470:9B39:8::/64
Joined group address(es):
FF02::1
FF02::2
FF02::1:FF00:1
FF02::1:FF70:1F
MTU is 1500 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Low
Hosts use stateless autoconfig for addresses.

netsh interface ipv6>sh route

Publish Type      Met Prefix                    Idx Gateway/Interface Name
------- -------- --- ------------------------  --- ------------------------
No       Manual    256   ::/0                       25 2001:470:1f0a:11da::1
No       Manual    4096 ::/0                       15 fe80::c802:14ff:fe70:1f
No       Manual    256 ::1/128                     1 Loopback Pseudo-Interface 1

Ping ipv6.google.com: working.

3. Increasing the preference of the route learned from legitimate RouterA

Now that we know about that IOS feature it’s quite easy:

RouterA(config-if)#ipv6 nd router-preference high

Actually, this method provides the most reliable solution. You can expect any rogue routers to send their RA’s with default medium router preference. We shouldn’t expect such a router to be set to low preference or RA suppression. (However, it may be set to high preference with bad intention.)

Windows 7 will install a ::/0 route with a metric of 16 in this case.

4. Preventing a router from advertising itself as a default router

This method is useful if you have  a router that you never want to be used as a default gateway by PC’s (not even as a backup path when the primary router goes down).

R101(config-if)#ipv6 nd ra suppress
R101(config-if)#
*May 2 11:34:21.875: ICMPv6: Sent R-Advert, Src=FE80::C802:14FF:FE70:1F, Dst=FF02::1
*May 2 11:34:27.963: ICMPv6: Sent R-Advert, Src=FE80::C802:14FF:FE70:1F, Dst=FF02::1
*May 2 11:34:34.051: ICMPv6: Sent R-Advert, Src=FE80::C802:14FF:FE70:1F, Dst=FF02::1

Before Cisco IOS Release 12.4(2)T, the command was ipv6 nd suppress-ra .

These are ‘revoke’ Router Advertisements: the Router Lifetime is set to zero therefore Windows removes the ::/0 from the routing table as it’s required by RFC 4861.

Update: “The ipv6 nd ra suppress command only suppresses periodic unsolicited RAs. It does not suppress RAs sent in response to a router solicitation. To suppress all RAs, including those sent in response to a router solicitation, use the ipv6 nd ra suppress command with the all keyword.”

You can choose ipv6 nd ra lifetime 0 command as an alternative. In this case, RA’s are still sent periodically but with a Router Lifetime of 0 which prevents host from accepting it.

In case the router was removed and you still have a false default route in Windows you can delete it manually:

netsh interface ipv6>delete route ::/0 15
(use your interface index or interface name instead of 15)

Now I can ping and browse ipv6.google.com again and play with the IPv6 router at the same time.

Multiple equivalent routes, load sharing
Initially, we had two default routes with the same metric. RFC 4311 recommends that hosts “SHOULD support choosing using some method that distributes load for different destinations among the equivalent routers rather than always choosing the same router.” Windows 7 doesn’t seem to support this method as all pings are going to the false direction. I haven’t found any referrals to RFC 4311 on microsoft.com  though one of the RFC authors is a Microsoft engineer.

Advertising specific prefixes to hosts

When a network with IPv6 hosts has multiple gateways, it may be useful to make the hosts learn about specific prefixes that should be directed to a WAN headend router rather than an Internet gateway. RFC 4191 introduces a Route Information Option field in the RA in order to advertise such prefixes with a preference value. Until it is implemented, prefixes can still be advertised in Prefix Information option:

R101(config-if)#ipv6 nd prefix 2001:470:9b32::/48
*May 2 15:34:51.931: ICMPv6: Sent R-Advert, Src=FE80::C802:BFF:FEF0:1F, Dst=FF02::1
*May 2 15:35:08.011: ICMPv6: Sent R-Advert, Src=FE80::C802:BFF:FEF0:1F, Dst=FF02::1

The RA contains 2 prefixes now.

netsh interface ipv6>sh route

Publish Type      Met Prefix                    Idx Gateway/Interface Name
------- -------- --- ------------------------ --- ------------------------
No       Manual    22   ::/0                       25 2001:470:1f0a:11da::1
No       Manual    256 ::/0                       15 fe80::c802:bff:fef0:1f
No       Manual    256 ::1/128                     1 Loopback Pseudo-Interface 1
No       Manual    256 2001:470:1f0a:11da::/64    25 IP6Tunnel
No       Manual    256 2001:470:1f0a:11da::2/128   25 IP6Tunnel
No       Manual    256 2001:470:1f0b:11da::/64    15 VMware Network Adapter VMnet8
No       Manual    256 2001:470:1f0b:11da::2222/128   15 VMware Network Adapter VMnet8
No       Manual    8    2001:470:9b32::/48         15 VMware Network Adapter VMnet8
No       Manual    8    2001:470:9b39:8::/64       15 VMware Network Adapter VMnet8
No       Manual    256 2001:470:9b39:8:48c3:7:3f05:5775/128   15 VMware Network Adapter VMnet8
No       Manual    256 2001:470:9b39:8:743b:89ce:e35b:30c0/128   15 VMware Network Adapter VMnet8
No       Manual    256 fe80::/64                  25 IP6Tunnel

The main difference between Prefix Information (type 3) and Route Information Option (type 24) is that the latter contains a preference value which enables more flexibility and backup path configurations. Routes learned from a Prefix Information field have a metric of 8 in Windows routing table.

Advertisements

3 Responses to “IPv6 host’s default router selection”

  1. RFC 6104 also discusses these scenarios.

  2. H264 Codec said

    I do not know if it’s just me or if everybody else encountering issues with your website. It appears as though some of the text on your content are running off the screen. Can someone else please provide feedback and let me know if this is happening to them too? This could be a issue with my internet browser because I’ve had this happen before.
    Thanks

    • It was not easy to select even this simple theme. I chose it because text and logs are well readable if the browser is quite wide (e. g. fullscreen). I use Mozilla but haven’t tested it against other browsers.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: