How is a link-local address created when duplicate address detection fails in IPv6 Stateless Address Autoconfiguration (SLAAC)?

Question

When Stateless Address Autonconfiguration (SLAAC) RFC 4862 is used to create a link-local address based on the interface identifier (Modified EUI-64), before the address is assigned to an interface Duplicate Address Detection (DAD) is processed. Now what happens when DAD fails?

Section 4 just describes that autoconfigurations has to stop:

If a node determines that its tentative link-local address is not unique, autoconfiguration stops and manual configuration of the interface is required.

It is not specified what "manual configuration" means in that context. There are two extensions for DAD (RFC 4429, RFC 7527) which do also not describe what happens when DAD fails.

I would assume that a randomized interface identifier is created and used to create a link-local address e.g. as described in RFC 4941 - Privacy Extensions for Stateless Address Autoconfiguration in IPv6 but i could not find any source or reference specifying such behaviour...

---

1. How is a link-local address created when duplicate address detection fails?

2. Is a randomized interface identifier used for the creation of a link-local address? If yes, is that somewhere described in a RFC or documented for an OS?

Answer 1

1. How is a link-local address created when duplicate address detection fails?

In regular RFC 4862 SLAAC, it simply isn't.

"Autoconfiguration stops" means just what it says: the IP stack does not attempt any alternative algorithms, it literally stops the process and a link-local address is not created. Likewise, "manual configuration" means that the sysadmin has to add a working address instead.

(After all, when using hardware-based IIDs, IPv6 DAD failure implies that the hardware address itself is duplicate – and you probably wouldn't want to continue in that situation.)

The RFC 4941 "Privacy Extensions" random generation was never meant to replace the main "public" address or alter the regular SLAAC process, as it explicitly says in its own RFCs.

However, if the OS uses RFC 7217 "Semantically Opaque" IIDs instead of standard hardware-based IIDs, it keeps retrying with a different 'DAD_Counter' value (which produces a different IID) until at least one address succeeds.

2. Is a randomized interface identifier used for the creation of a link-local address? If yes, is that somewhere described in a RFC or documented for an OS?

Yes, RFC 7217 (if implemented by the OS) applies to link-local as well as global addresses. Note that the usage of RFC 7217 is completely optional; and if implemented, it is meant to completely replace the hardware-based IID generation algorithm, rather than act as a fallback.

Additionally, RFC 7721 references a different algorithm used by Microsoft Windows (which I believe slightly predates RFC 7217).