IPv6/Windows/DHCP mit IPv6: Unterschied zwischen den Versionen

Aus Foxwiki
Die Seite wurde neu angelegt: „== DHCP mit IPv6 == Schön langsam sollte man sich ernsthaft mit dem Thema IPv6 auseinandersetzen. Hier eine Anleitung, wie man Microsofts DHCP Server mit IPv6 konfiguriert. Eines gleich vorweg - ganz sauber gehts noch nicht. Aber, ich will nicht gleich alles verraten - legen wir los. Beginnen wir mit den Serveroptionen, um ganz sauber vorzugehen. Die '''Option 23''' gibt den DNS Server an. Die IPv6 Adresse des DNS Servers eintippen und Hinzufügen kli…“
 
Keine Bearbeitungszusammenfassung
Zeile 50: Zeile 50:
===== Quelle =====
===== Quelle =====
[http://www.hoenninger-it.net/windows-server-os-reader/items/dhcp-mit-ipv6.html http://www.hoenninger-it.net/windows-server-os-reader/items/dhcp-mit-ipv6.html]
[http://www.hoenninger-it.net/windows-server-os-reader/items/dhcp-mit-ipv6.html http://www.hoenninger-it.net/windows-server-os-reader/items/dhcp-mit-ipv6.html]
== Windows Server 2012 - DHCP with IPv6 ==
This is my second post on IPv6 in Windows 2012 (some concepts may very well apply to Windows 2008/R2) and what could be considered my 7th post on DHCP, since the subject is "DHCP with IPv6".
'''Some preliminary comments...'''
But first, I want to mention something I noticed from my first post.
I'll usually exclude the first 10 or 20 addresses for static IP assignments (reservations being the other option).
In this present scenario, the IP of the server ends in "10" and the IP of the client in "15".
This is to make the example clear and simple.
But I do want to point out that since we are counting in hexdecimal, there are not 10 numbers before 10 (0-9) but rather 16 (0-f):
0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f
We'll see this again when we exclude addresses from the scope.
Here are two other examples that can be confusing:
18,19,1a,1b,1c,1d,1e,1f,20,21
99,9a,9b,9c,9d,9e,9f,af,bf,cf,df,ef,ff,100,101,102
Second, I thought I might configure what I believe would be NAT64 on my Cisco ASA device so I could access the Internet on a client machine running only IPv6 from an IPv6 only LAN. This may require more research than I had thought so, for the time being at least, I'll put that project "on hold" and concentrate on Windows Server 2012.
=== Configuration of an IPv6 scope in DHCP ===
I have already installed the DHCP role and configured some basic elements for the DHCP server. First and foremost, I have authorized it in Active Directory.
So let's go ahead and configure an IPv6 scope.
===== We'll start in the DHCP Manager. =====
Click on IPv6 and select "New Scope":
[[Image:Bild1.png|top]]
===== Click "Next" and then provide a name for the scope: =====
[[Image:Bild2.png|top]]
===== Indicate the scope prefix. For this exercise, I'm simply using fd00:0000:0000:0000 =====
[[Image:Bild3.png|top]]
I can leave the preference at 0. We could adjust preferences if there were multiple scopes.
===== I'll exclude a range of IP addresses for static addressing. 0000 to 00ff is more than enough. And more than 100 - please see my first preliminary comment. =====
[[Image:Bild4.png|top]]
===== I'll leave the scope lease as is. 8 days would be fine for wired clients in most cases. 8 hours might be more appropriate for wireless clients, especially if they only connect for several hours at a time. =====
[[Image:Bild5.png|top]]
Of course, with DHCPv6, we do not have to worry about IP address exhaustion, having trillons (and even more) to "play with".
==== IPv6 dynamic address allocation ====
I was about to remove the static IPv6 address on the Windows 7 client used to test DHCP in this exercise so the client could obtain a DHCPv6 assigned address.
I first looked at the '''ipconfig /all''' output, thinking I could present an interesting "before and after" comparison.
Surprise!
Just as a client can have a static "Unique Local" IPv6 address (ULA) and a local link address, it can also have a DHCPv6 assigned address as well.
As shown below, it is possible for a single network interface to have not only 2 but 3 IPv6 addresses:
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : '''fd00::15'''(Preferred)
IPv6 Address. . . . . . . . . . . : '''fd00::520b:b2ef:36d2:a9d3'''(Preferred)
Lease Obtained. . . . . . . . . . : Tuesday, November 05, 2013 8:26:46 PM
Lease Expires . . . . . . . . . . : Sunday, November 17, 2013 8:26:45 PM
Link-local IPv6 Address . . . . . : '''fe80::e07e:50de:a86e:edc7%11'''(Preferred)
Of course, we are not even considering (here) any IPv4 addresses.
So, unlike with IPv4, where a single network interface most often has only one (1) address, several IPv6 addresses can be assigned to a single interface by a combination of methods:* Static assignement
* DHCP
* Link local automatic configuration.
After some research on the Internet, I see that RFC 4291 defines this feature (multiple IPv6 addresses for a single interface).
That's the client side.
I wanted to look at the server side and I was surprised again.
The DHCPv6 server not only allocated an IPv6 address to a client already configured with a static IPv6 address... but also configured *itself* with an dynamically assigned IPv6 address:
[[Image:Bild6.png|top]]
Now my curiosity inspires some questions...
===== A. Will the client respond to a ping on all addresses (why not?)? =====
'''Yes''' (we do have to remove any percent symbols and the numbers that follow them - see examples below).
''Note: I disabled Windows Firewall for the pings (no risk on my usually closed test network).''
PS C:\> '''ping fd00::15'''
Pinging fd00::15 with 32 bytes of data:
Reply from fd00::15: time=3ms
Reply from fd00::15: time<1ms
Reply from fd00::15: time=1ms
Reply from fd00::15: time<1ms
[...]
PS C:\> '''ping fd00::520b:b2ef:36d2:a9d3'''
Pinging fd00::520b:b2ef:36d2:a9d3 with 32 bytes of data:
Reply from fd00::520b:b2ef:36d2:a9d3: time=1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time=1ms
[...]
Here we have to remove the " %11 ":
PS C:\> ping fe80::e07e:50de:a86e:edc7%11
Pinging fe80::e07e:50de:a86e:edc7%11 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
[...]
PS C:\> '''ping fe80::e07e:50de:a86e:edc7'''
Pinging fe80::e07e:50de:a86e:edc7 with 32 bytes of data:
Reply from fe80::e07e:50de:a86e:edc7: time=3ms
Reply from fe80::e07e:50de:a86e:edc7: time<1ms
Reply from fe80::e07e:50de:a86e:edc7: time<1ms
Reply from fe80::e07e:50de:a86e:edc7: time=2ms
===== B. What IP address will be registered in DNS? =====
The static ULA address and the DHCPv6 assigned address:
[[Image:Bild7.png|top]]
===== C. If we ping by FQDN, to what IP address will the name resolve? =====
I'll enter the following command on the DNS server (DC-001) for a fresh start:
'''dnscmd /clearcache'''
And let's clear the client cache on the server as well:
'''ipconfig /flushdns'''
The first time I try this, it's the DHCP assigned address:
PS C:\> ping PC1
Pinging PC1.machlinkit.biz [fd00::520b:b2ef:36d2:a9d3] with 32 bytes of data:
Reply from fd00::520b:b2ef:36d2:a9d3: time=2ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
But the second time, it's the static address:
PS C:\> ping PC1
Pinging PC1.machlinkit.biz [fd00::15] with 32 bytes of data:
Reply from fd00::15: time=3ms
Reply from fd00::15: time<1ms
Reply from fd00::15: time=1ms
Reply from fd00::15: time<1ms
The third time, it's the DHCP assigned address, and the fourth time, the static address (again).
''Note: I cleared the DNS cache after each attempt.''
Logically, the link local address will never participate in DNS since it does not register itself in the first place.
So it seems that DNS alternates among the available IP addresses.
==== Quelle ====
http://davidmtechblog.blogspot.de/2013/11/windows-server-2012-dhcp-with-ipv6.html

Version vom 30. November 2023, 08:56 Uhr

DHCP mit IPv6

Schön langsam sollte man sich ernsthaft mit dem Thema IPv6 auseinandersetzen. Hier eine Anleitung, wie man Microsofts DHCP Server mit IPv6 konfiguriert.

Eines gleich vorweg - ganz sauber gehts noch nicht. Aber, ich will nicht gleich alles verraten - legen wir los.

Beginnen wir mit den Serveroptionen, um ganz sauber vorzugehen.

Die Option 23 gibt den DNS Server an. Die IPv6 Adresse des DNS Servers eintippen und Hinzufügen klicken. Windows prüft, ob es sich bei der eingegebenen Adresse um einen DNS Server handelt. Trifft dies zu, wird er unten in die Liste eingetragen.

Jetzt aber legen wir einen neuen IPv6-Bereich an.

"neuer IPv6-Bereich"

Der Bereichserstellungsassistent startet und führt durch die Erstellung. Zuerst der Name und die Beschreeibung. Wie an der Beschreibung zu erkennen ist, soll der IPv6-Bereich aus "nur" 256 Adressen bestehen, genau wie der IPv4-Bereich.

"Bereichsname"

Jetzt kommt der Teil, den ich bekritteln muss, da hier ausschliesslich /64 verwendet werden kann. Mein um ein vielfaches kleinerer IPv6-Raum lässt sich hier nicht abbilden.

"Bereichspräfix"

Also muss ich mit Ausschlüssen tricksen. Solange es keinen weiteren IPv6-Bereich innerhalb von fd00::100 bis fd00::ffff:ffff:ffff:ffff gibt, kann man so tricksen. Optimal ist aber doch was anderes...

"DHCP Ausschlüsse"

Den Bereichslease an die Unternehmensvorgaben anpassen.

"Bereichslease"

Und schon ist der Assistent auch wieder fertig. Den Bereich kann man sofort aktiviern.

"Assistent fertig"

In den Bereichsoptionen kann man kontrollieren, ob die Einstellungen aus den Serveroptionen übernommen wurden, ansonsten kann man den selben Eintrag setzen.

"IP Einstellungen beim Client"

Mit

ipconfig /all

kann man überprüfen, ob die IPv6-Adresse über DHCP bezogen wurde. Die beiden Einträge DHCPv6-IAID und DHCPv6-Client-DUID werden benötigt, wenn man eine Reservierung unter IPv6 für diesen Rechner vornehmen möchte.

"neue Reservierung"

"Client reservieren"

Somit ist die IP Adresse fd00::2c für den Rechner reserviert.

Quelle

http://www.hoenninger-it.net/windows-server-os-reader/items/dhcp-mit-ipv6.html

Windows Server 2012 - DHCP with IPv6

This is my second post on IPv6 in Windows 2012 (some concepts may very well apply to Windows 2008/R2) and what could be considered my 7th post on DHCP, since the subject is "DHCP with IPv6".

Some preliminary comments...

But first, I want to mention something I noticed from my first post.

I'll usually exclude the first 10 or 20 addresses for static IP assignments (reservations being the other option).

In this present scenario, the IP of the server ends in "10" and the IP of the client in "15".

This is to make the example clear and simple.

But I do want to point out that since we are counting in hexdecimal, there are not 10 numbers before 10 (0-9) but rather 16 (0-f):

0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f

We'll see this again when we exclude addresses from the scope.

Here are two other examples that can be confusing:

18,19,1a,1b,1c,1d,1e,1f,20,21
99,9a,9b,9c,9d,9e,9f,af,bf,cf,df,ef,ff,100,101,102

Second, I thought I might configure what I believe would be NAT64 on my Cisco ASA device so I could access the Internet on a client machine running only IPv6 from an IPv6 only LAN. This may require more research than I had thought so, for the time being at least, I'll put that project "on hold" and concentrate on Windows Server 2012.

Configuration of an IPv6 scope in DHCP

I have already installed the DHCP role and configured some basic elements for the DHCP server. First and foremost, I have authorized it in Active Directory.

So let's go ahead and configure an IPv6 scope.

We'll start in the DHCP Manager.

Click on IPv6 and select "New Scope":

Datei:Bild1.png

Click "Next" and then provide a name for the scope:

Datei:Bild2.png

Indicate the scope prefix. For this exercise, I'm simply using fd00:0000:0000:0000

Datei:Bild3.png

I can leave the preference at 0. We could adjust preferences if there were multiple scopes.

I'll exclude a range of IP addresses for static addressing. 0000 to 00ff is more than enough. And more than 100 - please see my first preliminary comment.

Datei:Bild4.png

I'll leave the scope lease as is. 8 days would be fine for wired clients in most cases. 8 hours might be more appropriate for wireless clients, especially if they only connect for several hours at a time.

Datei:Bild5.png

Of course, with DHCPv6, we do not have to worry about IP address exhaustion, having trillons (and even more) to "play with".

IPv6 dynamic address allocation

I was about to remove the static IPv6 address on the Windows 7 client used to test DHCP in this exercise so the client could obtain a DHCPv6 assigned address.

I first looked at the ipconfig /all output, thinking I could present an interesting "before and after" comparison.

Surprise!

Just as a client can have a static "Unique Local" IPv6 address (ULA) and a local link address, it can also have a DHCPv6 assigned address as well.

As shown below, it is possible for a single network interface to have not only 2 but 3 IPv6 addresses:

DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : fd00::15(Preferred)
IPv6 Address. . . . . . . . . . . : fd00::520b:b2ef:36d2:a9d3(Preferred)
Lease Obtained. . . . . . . . . . : Tuesday, November 05, 2013 8:26:46 PM
Lease Expires . . . . . . . . . . : Sunday, November 17, 2013 8:26:45 PM
Link-local IPv6 Address . . . . . : fe80::e07e:50de:a86e:edc7%11(Preferred)

Of course, we are not even considering (here) any IPv4 addresses.

So, unlike with IPv4, where a single network interface most often has only one (1) address, several IPv6 addresses can be assigned to a single interface by a combination of methods:* Static assignement

  • DHCP
  • Link local automatic configuration.

After some research on the Internet, I see that RFC 4291 defines this feature (multiple IPv6 addresses for a single interface).

That's the client side.

I wanted to look at the server side and I was surprised again.

The DHCPv6 server not only allocated an IPv6 address to a client already configured with a static IPv6 address... but also configured *itself* with an dynamically assigned IPv6 address:

Datei:Bild6.png

Now my curiosity inspires some questions...

A. Will the client respond to a ping on all addresses (why not?)?

Yes (we do have to remove any percent symbols and the numbers that follow them - see examples below).

Note: I disabled Windows Firewall for the pings (no risk on my usually closed test network).

PS C:\> ping fd00::15
Pinging fd00::15 with 32 bytes of data:
Reply from fd00::15: time=3ms
Reply from fd00::15: time<1ms
Reply from fd00::15: time=1ms
Reply from fd00::15: time<1ms
[...]
PS C:\> ping fd00::520b:b2ef:36d2:a9d3
Pinging fd00::520b:b2ef:36d2:a9d3 with 32 bytes of data:
Reply from fd00::520b:b2ef:36d2:a9d3: time=1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time=1ms
[...]

Here we have to remove the " %11 ":

PS C:\> ping fe80::e07e:50de:a86e:edc7%11
Pinging fe80::e07e:50de:a86e:edc7%11 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
[...]
PS C:\> ping fe80::e07e:50de:a86e:edc7
Pinging fe80::e07e:50de:a86e:edc7 with 32 bytes of data:
Reply from fe80::e07e:50de:a86e:edc7: time=3ms
Reply from fe80::e07e:50de:a86e:edc7: time<1ms
Reply from fe80::e07e:50de:a86e:edc7: time<1ms
Reply from fe80::e07e:50de:a86e:edc7: time=2ms
B. What IP address will be registered in DNS?

The static ULA address and the DHCPv6 assigned address:

Datei:Bild7.png

C. If we ping by FQDN, to what IP address will the name resolve?

I'll enter the following command on the DNS server (DC-001) for a fresh start:

dnscmd /clearcache

And let's clear the client cache on the server as well:

ipconfig /flushdns

The first time I try this, it's the DHCP assigned address:

PS C:\> ping PC1
Pinging PC1.machlinkit.biz [fd00::520b:b2ef:36d2:a9d3] with 32 bytes of data:
Reply from fd00::520b:b2ef:36d2:a9d3: time=2ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms
Reply from fd00::520b:b2ef:36d2:a9d3: time<1ms

But the second time, it's the static address:

PS C:\> ping PC1
Pinging PC1.machlinkit.biz [fd00::15] with 32 bytes of data:
Reply from fd00::15: time=3ms
Reply from fd00::15: time<1ms
Reply from fd00::15: time=1ms
Reply from fd00::15: time<1ms

The third time, it's the DHCP assigned address, and the fourth time, the static address (again).

Note: I cleared the DNS cache after each attempt.

Logically, the link local address will never participate in DNS since it does not register itself in the first place.

So it seems that DNS alternates among the available IP addresses.

Quelle

http://davidmtechblog.blogspot.de/2013/11/windows-server-2012-dhcp-with-ipv6.html