0

My local network runs IPv4 and IPv6. The IPv6 is mostly experimental, as my internet service provider uses IPv4. I'm running DHCP for IPv6 on a W2K8R2 server. Several computers on my LAN have IPv6 disabled, and others have it enabled.

The IPv6 configuration which results on the computers with IPv6 enabled is peculiar. I can see the address handed out by the DHCP server, but there are other addresses which I don't recognize and don't make sense to me. There's also the linklocal address, but I know about that.

enter image description here This is a snapshot of running ipconfig /all. The address from the DHCP server is circled in green (0000:0000:0000:00b0). But there's these other addresses which I don't understand. They use the same prefix as the DHCP server, but the suffix looks random (64 bits of random). This happens in Windows 7 and also Windows 11 (and presumably the versions inbetween?). The DHCP server doesn't report these extra addresses as leases.

What are these addresses, what are they for ? Where do they come from ? Is there any way I can get rid of them ?

** EDIT - July 27 **

I belated remember SLAAC; it makes me uneasy. I set up a DHCP server because I want to really know about all the nodes on my network.

Now, about SLAAC. My router is a Debian box running Shorewall (cable modem on other side), and I have IPv6 disabled pretty hard on that system, so there is effectively no IPv6 router and no IPv6 "default gateway" on my network.

So I don't know how then my IPv6 nodes are getting SLAAC addresses. My android devices do get IPv6 addresses, and with the right prefix, but those aren't talking to DHCP (as you pointed out) and there is no IPv6 router, Do you know if they are probing the network to "guess" the prefix ?

William
  • 921

1 Answers1

0

These addresses have been configured through SLAAC (RFC4862) because your ICMPv6 Router Advertisements have the "Autonomous address configuration" flag set. For each advertised prefix that has this flag, the host will configure:

  1. an address with a fixed suffix (interface ID), either using the traditional EUI64 scheme or RFC7217 hash-based scheme or something similar;

  2. optionally, an address with a randomly-generated suffix, per the RFC4941 "Privacy Extensions" specification.

SLAAC is the primary address auto-configuration mechanism in IPv6 and works independently from DHCPv6 (indeed it predates DHCPv6 by a few years); some hosts don't support DHCPv6 at all and use SLAAC exclusively, while others will use both at the same time if your network has both available.

The router or the DHCP server won't report these addresses as leases because they're not leased at all; they're generated independently by the host from just the network prefix (with duplicate detection), hence the 'Stateless' in the name.

When "Privacy Extensions" are enabled, the host will use the temporary address for outgoing connections and will rotate it every ~10 hours or so, in order to make client tracking slightly more difficult. The temporary addresses can be disabled through netsh on Windows.

To prevent automatic configuration of the non-temporary address, disable the "Autonomous" flag in your Router Advertisements. (It'll break IPv6 connectivity for devices that aren't capable of DHCPv6 – e.g. Android still refuses to implement it this day.)

grawity
  • 501,077