Introducing DHCPv6 Prefix Delegation
25/04/2024
By Tom Coffeen, IPv6 Consultant and Co-Founder @ www.hexabuild.io
Let’s begin with the most basic definition of DHCPv6 Prefix Delegation: It’s a function of the overall DHCPv6 protocol that allows a DHCPv6 client to request and receive an entire IPv6 prefix (rather than just one IPv6 address) from a DHCPv6 server.
This mechanism may not be as familiar as the much more typical operational scenario where DHCPv6 (and/or IPv4 DHCP) provides a single address to a requesting client device such as a laptop or smartphone, enabling network access for that device.
By comparison, the original definition of prefix delegation from RFC 3633: IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6 describes a mechanism “intended for simple delegation of prefixes from a delegating router [DHCPv6 server] to requesting routers [DHCPv6 clients]” that “would be used by a service provider to assign a prefix to a Customer Premise Equipment (CPE) [ONT/ONU] device acting as a router between the subscriber’s internal network and the service provider’s core network.” (Note that the original DHCPv6 specification has been updated in RFC 8415: Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
Before we look at an example of this mechanism, let’s consider what this same configuration looks like using IPv4:
An ONT/ONU device (e.g., a CPE/cable modem that includes a router and perhaps a wireless AP) comes online and requests, via DHCP from the upstream ISP router, a publicly routable IPv4 address to assign to its ISP router/Internet facing interface. Meanwhile, the CPE’s own internal interface is preconfigured with a private (i.e., RFC1918) network (such as 192.168.1.0/24). A DHCP server runs on the CPE to assign individual addresses to requesting home network end-users. Because private addresses are a shared resource and not globally routable, the CPE router must also perform IPv4 Network Address Translation (NAT44) to enable home network end-users to reach the Internet.
Now let’s take a look at the IPv6 configuration:
In the IPv6 case, the ONT/ONU/CPE device requests both an IPv6 address as well as an IPv6 prefix (this is the delegated prefix of DHCPv6 Prefix Delegation). Both the address and the prefix are derived from a larger prefix allocated to the ISP and taken from the publicly routable Global Unicast Allocation (GUA) of 2000::/3. As with IPv4, a single public IPv6 address is assigned to the external interface of the CPE. But unlike IPv4, the publicly routable IPv6 prefix is used by the CPE router to assign individual IPv6 addresses to home network end-users. These end-user assigned addresses are also all publicly routable and preclude the need for the CPE router to provide NAT – a requirement when using private IPv4 addresses. The CPE router might use either DHCPv6 or SLAAC (or even both) to assign addresses to end-users from the delegated prefix. The size of the prefix delegated to the CPE by the ISP could vary from the smallest of a /64 (not recommended for the reasons detailed below) to as much as a /48 – though a /56 per customer is quite a common CPE assignment by many ISPs.
A single /64 provides the same number of IPv6 addresses as the entire IPv4 Internet squared (approximately 4.3 billion times 4.3 billion!) – obviously more than enough for a network of any size, much less one home network. A /60 by comparison provides 16 /64 prefixes, while a /56 yields 256 /64s. And a /48? That’s 65,536 /64s! You might be wondering just exactly what the benefit is of having so many additional prefixes delegated to one home network. One possible answer is that as home networks become more sophisticated, with increased performance and security requirements, applications and services may require and benefit from greater network segmentation. Having an abundance of IPv6 prefixes available to more easily meet these requirements should facilitate and promote continued home network innovation, performance, and features. And until then, for an IPv6 nerd, it’s a great opportunity to test some different IPv6 network lab configurations!
As mentioned above, an ISP delegating a single /64 prefix to a customer is not recommended. For one thing, a single /64 wouldn’t provide for the customer home network any additional subnets and any resulting benefits those additional subnets provide, now or in the future. And given that IETF proposals exist for the possible, eventual assignment of a /64 per interface, home networks may end up needing many, many more /64 prefixes, and thus a much larger overall IPv6 prefix delegation than currently required or recommended.
If you’d like to learn more about DHCPv6 Prefix Delegation, please attend training at LACNIC 41!
The views expressed by the authors of this blog are their own and do not necessarily reflect the views of LACNIC.