Microsoft Subnet An independent Microsoft community View more

Setting up DHCPv6 to Dynamically Issue IPv6 Addresses in a Network

Providing DHCP for IPv6 Devices in your Microsoft Windows Network

In this blog post on IPv6, I’m going to cover:

How to setup DHCP for IPv6 to dynamically issue addresses in your block of IPv6 addresses

This is the third technical blog post on configuring IPv6 in a Windows networking environment.  My previous posts include:http://www.networkworld.com/community/blog/ipv6-addressing-subnets-private-addresseshttp://www.networkworld.com/community/node/71252

Basic understanding of IPv6 addressing, and acquiring an IPv6 address block

Configuring Static IPv6 addresses on Windows 2008 R2 servers, Windows 7 workstations, and configuring DNS

With this posting, I’m going to cover setting up DHCPv6, which is effectively doing the same thing in dynamically issuing IP addresses to systems, but instead of issuing (just) IPv4 addresses, we will be issuing IPv6 addresses as well.  The concept is identical to issuing IPv4 addresses, you need to assign a block of IPv6 addresses you want to dynamically assign, you need to know the IPv6 address for your DNS server, and that’s it.

In continuing on the Static IP Address blog post example, for DHCP, I’m going to use similar IPv6 addresses and have the following assumptions:

  • I’m going to be using Unique Local Addresses (ie: private IPv6 addressing), thus my prefix starts with fd
  • I’m going to use a randomly selected GlobalID (a8:06c3:ce53) and SubnetID (a890) so that all of my devices will start with fda8:06c3:ce53:a890
  • My DNS server that I created in the last blog is addressed fda8:06c3:ce53:a890:0000:0000:0000:0001, the Gateway to another Subnet is fda8:06c3:ce53:a890:0000:0000:0000:0005

    (which the truncation method gets rid of extra zeros so they look like fda8:6c3:ce53:a890::1 and fda8:6c3:ce53:a890::5)
  • And for my DHCP server, I’m going to give it a static IP address of fda8:06c3:ce53:a890:0000:0000:0000:0004

How to setup DHCPv6 for IPv6 on a Windows 2008 R2 ServerAs you probably know, DHCP issues IP addresses to systems when the system boots and needs an IP address, saves you from having to go to each system and statically addressing the systems (especially with the crazy long IPv6 addresses).To setup and configure DHCP, 3 major things need to be done:

1) You need to configure a Windows 2008 R2 server with an IPv6 address (which I covered statically addressing IPv6 server addresses in my previous post)

2) You need to install the Windows Server DHCP role to the server

3) You need to configure the DHCP server role to issue IPv6 addresses

Note:  If you already have a fully working DHCP server running on Windows 2008 R2, you can skip the section on installing the basic DHCP role and just jump right to configuring the IPv6 scope.  A fully working DHCP server on Windows 2008 R2 works fine for DHCPv6, it’s installed/setup exactly the same.  So all we are really doing is adding in an IPv6 “scope” to a working DHCP IPv4 server.

For the first step, build a Windows 2008 R2 server and give it an IPv6 address (as noted, we’ll be using fda8:06c3:ce53:a890:0000:0000:0000:0004 as the IP address for this DHCP server, but your IP address can be anything as long as it is on the same subnet as your DNS server, domain controller, etc).  Just make sure you can ping the other servers on your network and if you can, then your server is ready to go!

For the second step of making the server a DHCP server, do the following:

1) Logon to the server with administrator rights

2) Click on Start | Administrative Tools | Server Manager

3) Click to highlight Roles, then click on Add Roles

4) For the Before you Begin, click Next

5) Select DHCP Server (so it is checkmarked), click Next

6) For the Introduction to DCHP Server, click Next

7) For Network Connection Binding, assuming you are issuing dynamic IPv4 addresses, select the IPv4 address for the DHCP server (which if you only have 1 IP address on the server, it’ll already be checked), click Next

8) For DNS setting, enter your parent domain (this is the domain name of your network (ie: companyabc.com)), and enter in the IPv4 address of your DNS server, click Next

9) Most orgs are no longer using WINS so you can likely say “WINS is not required”, click Next

10) For your DHCP v4 scope, Click Add and enter in the IPv4 range you want to issue IPv4 addresses including the Subnet Mask, Click OK, then click Next

11) For DHCP Stateless mode  (notation on options a and b below added to this post on 2/8/2011)

   a)  If your routers are setup to support IPv6 with the   otherconfig=true   , effectively that your router is configured to tell your IPv6 clients their routing information, then choose to Enable DHCPv6 Stateless Mode, click Next    (if you choose this mode, and your DHCP server issues IPv6 addresses and you get an error when trying to Ping IPv6 devices that look like “transmit failed. General failure.”, then configure your routers to support the   otherconfig=true    setting, --or-- reinstall DHCP to Disable Stateless mode, --or-- run the manual Add Route commands I note below (in that order of preference)

   b)  If your routers are not setup to support IPv6 (and cannot be configured to support   otherconfig=true, then choose the option to Disable DHCPv6 Stateless Mode, click Next

12) For Parent Domain, enter in the name of your domain again (ie: companyabc.com in my case, same as step #8 above)

13) For preferred DNS server, enter in the DNS server we have configured for this scenario which is fda8:06c3:ce53:a890:0000:0000:0000:0001 (click Validate to make sure it resolves), clear the Alternate DNS (unless you have an alternate DNS, if you have an alternate DNS server, then enter it in and Validate that system), click Next

14) To authorize this DHCP server, choose “Use Current Credentials” assuming you are logged in as the domain administrator, click Next

15) Click Install

This will install DHCP on the Server

Once DHCP is installed on the system, it’ll be ready to issue IPv4 dynamic addresses, but you need to configure it to support IPv6 dynamic addresses.  To configure it as a DHCPv6 server, do the following:

1) Click on Start | Administrative Tools | DHCP

2) Highlight and Expand the computer name

3) Highlight the IPv6 container, right click the container and choose New Scope

4) Click Next through the Welcome screen

5) Enter in IPv6 DHCP Scope (or whatever you want) for the Name, click Next

6) For Prefix, in our case, we will enter in the Network and Subnet: fda8:06c3:ce53:a890::  (note the two : there before the default /64 on the screen). For Preference, leave the default at 0 (if you have multiple DHCP scopes, you can change the priority of which DHCP scope gets priority/preference for issuing addresses.  Assuming this is the first and only DHCP server for now, leave it at 0), click Next

7) For exclusions, enter in any static IPv6 addresses you’ve already created (which for our case we have issued static IPv6 addresses for our DNS server, our DHCP server, our gateway, so we would add fda8:06c3:ce53:a890:0000:0000:0000:0001, fda8:06c3:ce53:a890:0000:0000:0000:0002, fda8:06c3:ce53:a890:0000:0000:0000:0004, fda8:06c3:ce53:a890:0000:0000:0000:0005 (or more easily exclude the “range” from :0001 to say :00ff)), click next

Note: You will see that with the IPv6 Scope, you cannot name a specific range (ie: :0100 to :01ff), it’s going to pull from any of the available addresses in the entire device address range, thus you need to exclude your static servers.  Comment I get all the time is “then I should put my static servers in one subnet, and my dynamic devices in another”, which you could so you don’t have to exclude all static addresses in the DHCPv6 scope, but Windows DHCP provides a concept called “DHCP Reservations” for setting pre-reserved static IP addresses in DHCP.  It’s a new way where “everything” (including domain controllers and servers) are dynamically addressed, but when DHCP sees the name of a specific server, it’ll always assign that server a specific IP address you designate.  I will cover this is a separate blog post as I think it is due some attention here in DHCP designs, but for now, just know that “all” IP addresses in the entire IP device range will be up for grabs, BUT if you want to narrow the scope, then just exclude “everything” except for a small range (ie: exclude 0000:0000:0000:0001 to 0000:0000:0000:ffff and exclude say 0000:0000:0010:0000 to ffff:ffff:ffff:ffff which will only give a very tight range (0000:0000:0001:000 to 0000:0000:000f:ffff) to be issued IP addresses for these dynamic devices)

8) Specify the life of the lease (default is fine for this case), click Next

9) Have Active Scope Now (Yes), then click Finish

************

Troubleshooting client problems (getting a “transmit failed. General failure.” when trying to ping other IPv6 clients after DHCPv6 is setup)

(this section revised 2/8/2011)

If you have a problem where after DHCPv6 is setup your client systems cannot access other IPv6 systems and you get a transmit failed error, as noted above in the configuration settings, you have 3 options.  The best of the options is to run DHCPv6 in a Stateless autoconfiguration mode and set your routers with the   otherconfig=true     setting.  But if your routers are not IPv6 supported (yet), you can reconfigure DHCPv6 to Disable Stateless mode, and that'll issue IPv6 addresses that will eliminate the Ping problem.  Or there is a workarond by manually setting Routes on your client systems as I note below:

(note 1: the appropriate way to address this is to add    otherconfig=true    on your routers on your network, which IPv6 devices look for a route/gateway to get out of the subnet and automatically acknowledge the subnet that the device is on.  If your router(s) support this configuration, then you do not need to proceed with the manual command configurations I note below.  If your routers do not support the  otherconfig=true  configuration setting, then upgrade your router firmware, or you may need to upgrade/replace your internetworking equipment to have IPv6 support so that this can be configured at the router)

(note 2: if your router does not support the   otherconfig=true   configuration, or you won't be purchasing new internetworking equipment for a while but still want to get IPv6 working on your clients and servers, then proceed with the following manual settings.  If you don’t have supported routers, or if you don't do this workaround, you’ll get an error when you try to Ping anything with an error “transmit failed. General failure.”.  You will scratch your head forever and never figure it out.  The reason you have to add these commands is that while DHCPv6 issues the IPv6 address to a client, it is missing the /64 route needed for the client system to access servers on the subnet.  If you go to a freshly DHCPv6 addressed client and type    netsh interface ipv6 show route     you’ll see /128 there, you’ll see other routes, but no /64 route for your specific subnet, thus the DHCPv6 addressed client can’t see any systems on its own network.  If you statically address the client, it works fine (statically address a workstation and do the same netsh command and you’ll see the /64 address show up), this is what we are manually having to insert for ALL DHCPv6 issued clients.)

The commands you need to run on a DHCPv6 issued client is as follows:

1) Run a elevated command prompt on the client system (cmd.exe)

2) type  Netsh int ipv6 show int    (this displays a list of connected and disconnected network adapters.  You’re looking for your default adapter, on my system it is 11)

3) type  Netsh interface ipv6 set interface {# you identified in step 2} advertise=enabled

       For my example: Netsh interface ipv6 set interface 11 advertise=enabled

4) type  Netsh interface ipv6 add route 1024://64 {# you identified in step 2} publish=yes

       For my example:   Netsh interface ipv6 add route 1024::/64 11 publish=yes

5) type  Netsh interface ipv6 add route {your prefix::/64} {# you identified in step 2} publish=yes

       For my example:   Netsh interface ipv6 add route fda8:06c3:ce53:a890::/64 11 publish=yes

Test DHCP to see if it is working.  Have a server or workstation with DHCP selected for the IP address of the system and see if the system pulls a proper IPv4 address from the IPv4 scope, and a proper IPv6 address from the IPv6 scope.  See if you can ping a server like your DNS server (in my example:   ping fda8:06c3:ce53:a890:0000:0000:0000:0001 -6    (the -6 will ping over IPv6))

If you need to run these Netsh commands, you can run them in a batch file to execute when you configure the system.  If you have IPv4 available and can access an IPv4 share, then run the batch file off an available IPv4 share to get IPv6 running.  If you are running IPv6 only, then you need to put the batch file on a USB stick and run it manually on the system (yeah, I know, lame…)  You only need to do this once per system, so once you get this working, you don’t have to deal with it again (unless you change the network adapter of the system, and then you’ll have a different “interface” (ie: mine was 11 above) that you need to run the commands to the new interface as it responds to the system)

That is it for DHCP in IPv6, you’ll find that doing dynamic addressing in IPv6 to be a preference over typing in IPv6 static addresses into systems.

In my upcoming blog posts on IPv6, I will cover:

Configuring Active Directory to Support IPv6

Configuring IPv6 Routing through IPv4

Join the discussion
Be the first to comment on this article. Our Commenting Policies