书名：Learn pfSense 2.4
作者名：David Zientara
本章字数：773字
更新时间：2021-08-13 15:56:40

DHCPv6 configuration in the web GUI

As with DHCP configuration on IPv4 networks, DHCP configuration on an IPv6 network (DHCPv6) has many options. The DHCPv6 configuration page combines DHCPv6 and router advertisement configuration. This section will focus on options that are only available with DHCPv6 rather than options that are present in both DHCP and DHCPv6.

To configure DHCPv6, navigate to Services | DHCPv6/RA. Under DHCPv6 Options, there are several useful settings such as the Prefix Delegation Range option, the purpose of which is to delegate the ability to act as DHCPv6 servers to clients by assigning portions of the subnet to them. Consider one of the common IPv6 prefix examples: fd12: 3456: 78: 9a:: with a subnet mask of 48. The remaining bits are available for delegation, so we have an available range of fd12: 3456: 789a:: to 1234: 5678: 9a: ffff:ffff:ffff:ffff:ffff. We can delegate any subset of this range. The boundaries of the range indicated in the DHCPv6 Prefix Delegation Size must include the prefix delegation size, which indicates the CIDR of the client's subnets. In our previous example, we had a ULA with a prefix of fd12: 3456: 789a::/ 48. We set the prefix delegation range of fd12: 3456: 789a: 0000:: to fd12: 3456: 789a:ff00:: with a size of 56 if we want our clients to receive portions of the subnet. This would result in a maximum of 256 blocks of delegated addressed to be provided.

While it is possible to use a prefix longer than 64 bits, doing so is discouraged, since features such as stateless address autoconfiguration (SLAAC) depend on the DHCPv6 server advertising a prefix of 64 bits.

There is another tab on this page for Router Advertisements (RA). This enables an IPv6-capable router to advertise its presence to other routers, and keep other nodes informed of any changes in the network.

Understanding the RA configuration options requires an understanding of the RA flags. Two flags that are in every RA packet are the M flag and the O flag. The M flag stands for managed address configuration and it informs the host receiving the packet that there is a DHCPv6 server available and that the host should get its IPv6 address from this server. If the M flag is set to zero, then it means that the host should not look for a DHCPv6 server. The O flag stands for an other configuration and it tells the host that it should get other configuration information (for example, DNS) from the DHCP server.

In addition, many packets have an L flag and an A flag. The L flag tells the host that other devices with the same prefix as the prefix contained in the RA packet are on the same subnet. Therefore, they should communicate at the switch level and not send every packet to the router. The A flag tells the host to use the prefix inside the RA packet and the host's own MAC address to generate its own IPv6 address. Thus, the host should use SLAAC.

With this in mind, here is how these flag settings correspond to the router mode options:

In addition to these options, there is also a Disabled option to completely disable router advertisements.

Most modern operating systems support both SLAAC and DHCPv6, so you should be able to choose either Unmanaged or Managed in most cases. If you are not sure which modes are supported on your systems, you can choose Assisted mode. The Default valid lifetime field defines the length of time in seconds that the prefix is valid for the purposes of on-link determination.

The Default preferred lifetime field defines the length of time in seconds that the addresses generated from the prefix via SLAAC remain preferred. The defaults are 86,400 seconds and 14,400 seconds, respectively.

The RA Subnets field allows you to specify subnets on which RA will take place. If no subnet is specified, the RA daemon will advertise on the subnet to which the router's interface is assigned. You must specify both the subnet and the CIDR mask. This option allows you to only perform RA on selected subnets.

The DNS Servers section allows you to specify different DNS servers than the default ones (the interface IP if DNS Forwarder or Resolver is enabled, or the servers configured on the General page if neither of these is enabled). In the Domain search list, you can specify an optional list, and there is also a Use same settings as DHCPv6 server checkbox if you just want the RA daemon to use the same DNS servers specified on the DHCPv6 tab.