IPv6 Configuration
IPv6 (Internet Protocol Version 6) is the second-generation standard for network layer protocols, used to replace IPv4. This chapter introduces the basic IPv6 configurations supported by the device, including interface IPv6 address settings, Neighbor Discovery Protocol (NDP) management, Router Advertisement (RA) configuration, and the RA Guard security feature, to help users complete the deployment and maintenance of IPv6 networks.
Description of the Principle
Section titled “Description of the Principle”IPv6 Address
The length of an IPv6 address is 128 bits, and it is usually represented using colon-separated hexadecimal notation (for example: 2001:db8::1/64). Device interfaces can be configured with global unicast addresses, unique local addresses, or link-local addresses. Link-local addresses (FE80::/10) are automatically generated when IPv6 is enabled on an interface and are often used for neighbor discovery and the establishment of routing protocol neighbors.
Neighbor Discovery Protocol (NDP)
NDP is a core protocol of IPv6, replacing ARP, ICMP router discovery, etc. in IPv4. Its main functions include:
- Address resolution: Obtain the link-layer address corresponding to the IPv6 address on the same link through Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages, and maintain the neighbor cache table (which can be viewed via show ndp).
- Router discovery: Hosts discover routers on the link and their configuration information through Router Solicitation (RS) and Router Advertisement (RA) messages.
- Address autoconfiguration: Hosts can use the prefix information in RA messages for Stateless Address Autoconfiguration (SLAAC), or obtain addresses and other configurations through DHCPv6 (stateful configuration).
Router Advertisement (RA)
When a device functions as an IPv6 router, it can periodically send RA (Router Advertisement) messages to advertise network configuration information to hosts on the link, including:
- Prefix information: IPv6 prefixes used for SLAAC (Stateless Address Autoconfiguration).
- Flags: The M flag (managed flag) indicates whether the host should obtain an address using DHCPv6; the O flag (other flag) indicates whether to obtain other configurations (such as DNS) using DHCPv6.
- Routing information: Specific routes and their priorities are advertised through routing options.
- Other parameters: Link MTU, DNS servers, etc.
Configuration
Section titled “Configuration”Configure the IPv6 Address of the Interface
Section titled “Configure the IPv6 Address of the Interface”| Operation | Command | Description |
|---|---|---|
| Enter the interface view | interface interface-type interface-name | For example: interface vlan 100 |
| Configure IPv6 address | ip address A::B/mask | The address format is X:X:X:X:X:X:X:X/prefix length |
| Delete the IPv6 address | no ip address* A::B/mask* | - |
Configure the Interface to Use a Link-Local Address
Section titled “Configure the Interface to Use a Link-Local Address”In some scenarios (such as BGP peer establishment), the link-local address of the interface needs to be used, which can be enabled through this command.
| Operation | Command | Description |
|---|---|---|
| Enter the interface view | interface interface-type interface-name | For example: interface vlan 100 |
| Enable the use of link-local addresses | ipv6 use-link-local | The interface will prioritize the use of link-local addresses. |
| Disable | no ipv6 use-link-local | - |
Configure NDP Message Rate Limiting
Section titled “Configure NDP Message Rate Limiting”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Configure NDP packet rate limiting | nd rate-limit* value* | value:100-2000pps,Default 2000pps |
Enable NDP MAC Address Check
Section titled “Enable NDP MAC Address Check”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Enable MAC address check | nd ipv6 mac-check enable | Check whether the link layer address of the ND message is consistent with the source MAC. If they are inconsistent, discard the message. |
| Turn off the check | no nd ipv6 mac-check enable | - |
Configure Router Advertisement (RA)
Section titled “Configure Router Advertisement (RA)”The RA function is used to advertise IPv6 network configuration information to hosts on the link.
Globally Enable RA
Section titled “Globally Enable RA”| Operation | Command | Description |
|---|---|---|
| Enter the system configuration view | configure terminal | |
| Enable RA | nd ra | The device will send RA messages periodically. |
| Turn off RA | no nd ra | - |
Configure RA Prefix Information
Section titled “Configure RA Prefix Information”RA messages do not carry prefixes by default and need to be specified manually.
| Operation | Command | Description |
|---|---|---|
| Enter the VLAN view | vlan vlan-id | For example: vlan 100 |
| Configure prefix | nd ra prefix* A::B/mask* | For example: nd ra prefix fd00:100::/64 |
| Remove the prefix | no nd ra prefix* A::B/mask* | - |
Configure the RA Flag Bit
Section titled “Configure the RA Flag Bit”- M flag (managed flag): Indicates whether the host uses DHCPv6 to obtain an IPv6 address.
- O flag (other flag): Indicates whether the host uses DHCPv6 to obtain other configurations (such as DNS).
- A flag (autonomous flag): Indicates whether the prefix is used for SLAAC.
| Operation | Command | Description |
|---|---|---|
| Enter the VLAN view | vlan vlan-id | For example: vlan 100 |
| Configure the M flag | nd ra managed-flag {on|off} | default off |
| Configure the O flag | nd ra other-flag {on|off} | default off |
| Configure the A flag | nd ra autonomous{on|off} | default off |
Configure RA Routing Options
Section titled “Configure RA Routing Options”Advertise specific routing information to the host via RA.
| Operation | Command | Description |
|---|---|---|
| Enter the VLAN view | vlan vlan-id | - |
| Configure routing information | nd ra route-information* A::B/mask* [preference {low|medium|high}] | Default priority medium |
| Delete routing information | no nd ra route-information A::B/mask | - |
Configure other RA options
Section titled “Configure other RA options”Including DNS servers, link MTU, etc.
| Operation | Command | Description |
|---|---|---|
| Enter the VLAN view | vlan vlan-id | - |
| Configure the DNS server | nd ra dns-server A::B | Multiple DNS servers can be configured multiple times |
| Delete the DNS server | no nd ra dns-server* A::B* | - |
| Configure the link MTU | nd ra link-mtu mtu | The value range of mtu is 0 or 1280-1500, where 0 means not carrying this option. |
Display and Maintenance
Section titled “Display and Maintenance”| Operation | Command |
|---|---|
| Display interface IPv6 address information | show ipv6 interfaces |
| Display the IPv6 neighbor table (NDP table) | show ndp |
| Display the neighbor information of the specified IPv6 address | show ndp ipv6-address A::B |
| Display the neighbor information of the specified interface | show ndp ipv6 iface {mgmt|ethernet} interface-name |
| Display IPv6 MAC address detection configuration | show nd ipv6 mac-check |
| Display ND message speed limit configuration | show nd rate-limi t |
Configuration Example
Section titled “Configuration Example”Networking Requirements
A park’s network uses IPv6, with a switch acting as the gateway. The requirements are as follows:
1. Hosts in VLAN100 automatically obtain IPv6 addresses through SLAAC, with the prefix being fd00:100::/64.
2. The switch sends RA messages regularly and advertises the DNS server 2400:3200:baba::1.
Configuration Steps
sonic# configure terminalsonic(config)# vlan 100sonic(config-vlan-100)# exitsonic(config)# interface vlan 100sonic(config-vlanif-100)# ip address fd00:100::1/64sonic(config-vlanif-100)# nd rasonic(config-vlanif-100)# nd ra prefix fd00:100::/64sonic(config-vlanif-100)# nd ra autonomous onsonic(config-vlanif-100)# nd ra dns-server 2400:3200:baba::1sonic(config-vlanif-100)# endVerification
Check the interface IPv6 address: show ipv6 interfaces
Check the NDP neighbor table: show ndp, and you should be able to observe the neighbor entries of the host.
After the host is built, check whether the host has automatically obtained an address with the fd00:100::/64 prefix.