Home Broadband IPv6 Address Allocation Revealed

Part 01 Background

In 2021, the Ministry of Industry and Information Technology and the Cyberspace Administration of China jointly issued the "Three-Year Special Action Plan to Increase IPv6 Traffic (2021-2023)", emphasizing that "newly launched home broadband, enterprise broadband and dedicated line services should support IPv6". For operators, with the development and evolution of IPv6, they are facing some adjustments from services and content to terminals. Among them, whether the terminal equipment can have IPv6 capabilities is one of the key factors in completing the action plan.

Part 02 Current status of home networking  

For newly opened home broadband users, the operator will dispatch staff to install the smart gateway (optical modem) to complete the home installation and debugging work. The smart gateway is the entrance to the broadband, and its LAN side supports the router or terminal equipment to be connected. According to relevant specifications, all home gateways currently in China Mobile's inventory support the acquisition and distribution of IPv6 addresses, but due to the personalized differences in home networking scenarios, the actual terminal side cannot cover 100% of the IPv6 capabilities.

Figure 1 “China Mobile Smart Home Gateway Technical Specifications” - IPv6 address management requirements

In a home network, there are five main potential scenarios for home broadband networks:

(1) The device is directly connected to the optical modem, and the optical modem is in routing mode. In this scenario, the device obtains the IPv4/IPv6 address from the optical modem;

(2) The device is connected to a router and the optical modem is in routing mode. In this scenario, the router obtains the IPv6 prefix from the optical modem and the router allocates the IPv6 address to the connected device.

(3) The device is connected to the router, and the optical modem is in bridge mode. In this scenario, the router dials through PPPoE, applies for an IPv6 prefix, and the router allocates an IPv6 address to the connected device;

(4) The device is connected to a router, the optical modem is in routing mode, and the router does not support IPv6. In this scenario, the router obtains an IPv4 address from the optical modem, and the connected device cannot obtain an IPv6 address;

(5) The device is connected to a router, the optical modem is in bridge mode, and the router does not support IPv6. In this scenario, the router obtains an IP address through PPPoE dial-up, and the downstream device cannot obtain an IPv6 address.

Scenario 2 is the most typical home broadband network environment. In scenarios 4 and 5, because the router does not support IPv6, the connected smart home devices cannot be assigned IPv6 addresses. Therefore, the IPv6 capability of the router has a great impact on the promotion of IPv6 in home scenarios.

So, how to allocate IPv6 addresses to routers and terminals through intelligent gateways? Here we will explain in detail with the concept of IPv6.

Part 03 IPv6 Concepts  

3.1 DHCP-PD

DHCP-PD (Prefix Delegation) is an extension of DHCPv6. Traditional DHCPv6 passes network configuration parameters such as addresses from the server to IPv6 client hosts, while DHCPv6-PD implements prefix allocation, that is, the PD server sends a prefix address segment of a subnet range and other network configuration information such as DNS to the PD client. This means that the PD server sends a "subnet address segment" instead of a specific IPv6 address that can be directly used by the host.

3.2 SLAAC (IETF RFC4862)

SLAAC (Stateless Address Autoconfiguration). SLAAC technology is a technology for automatically obtaining IP addresses. In IPv6, in addition to configuring and using DHCPv6, it also supports using SLAAC technology to obtain IPv6 addresses to achieve the effect of plug-and-play of devices.

The implementation of SLAAC relies on the RS message and RA message in the NDP protocol. In the IPv6 NDP protocol, there are five messages, RS message, namely Router Solicitation, and RA message, namely Router Advertisement.

Part 04 Home Broadband IPv6 Address Allocation  

Combined with the networking environment in the home, BRAS is the allocator of IPv6 addresses and can set the address pool size according to the device capabilities and actual configuration scale.

Figure 2 Home broadband IPv6 address allocation process

For home broadband device types, BRAS allocates /64 IPv6 addresses to PC terminals through SLAAC, and allocates WAN port /64 addresses and LAN port /60 addresses to home gateways. In actual configuration, provincial companies can configure the address pool capacity according to business development and device configuration.

The WAN port of the device connected to the home gateway is configured with an IPv6 address through the SLAAC or DHCPv6 protocol. The specific method depends on the manufacturer. The LAN port prefix is ​​slightly different from the home gateway LAN port prefix at the 64th bit, which is equivalent to the router further subdividing the /64 prefix to facilitate the allocation of prefix addresses downward. The allocation method supports manual configuration, SLAAC and DHCPv6.

After the terminal device is connected to the router, it obtains an IPv6 address through manual configuration, SLAAC, or DHCPv6.

Part 05 Packet capture analysis   

As mentioned above, when a terminal accesses a home broadband network, it involves several important IPv6 address knowledge. Through packet capture analysis, the steps of allocating IPv6 addresses can be clearly understood.

Step 1: The terminal device has just been connected to the home network, and the device has not yet been assigned an IPv6 address. Therefore, a local link address is generated in combination with the terminal MAC address. The address is in tentative state, that is, after the address conflict detection, multicast is initiated through ::/128. All nodes on the link will receive NS messages to implement the address conflict detection process. If NA is received in response from other sites, it proves that the address is unavailable. The packet capture shows that there is indeed no such response packet.

Figure 3 Generating a link-local address

Step 2: Combined with the local prefix, the host generates the local link address fe80::818:5ed6:27bc:59bd, sends an RS message to the router to request an RA, and notifies all routers in the link that the local IPv6 router needs an RA.

Figure 4 RS request

Step 3: Feedback RA information from the router including prefix, MTU, and DNS server information;

Carrier prefix: 2409:8a28:ec1:a080::/64, Valid Lifetime: 7200s, Preferred Lifetime: 3600s

Figure 5 RA response

The host generates a global unicast IPv6 address (GUA) based on the RA information to be fed back. In addition to the 64-bit network prefix, a 64-bit interface ID is also required to create a global unicast address.

Step 4: After configuration, the host needs to verify that the IPv6 address is unique. Here, the host will use a specially constructed multicast address to send an ICMPv6 neighbor solicitation message. This address is called the solicited node multicast address, and the last 24 bits of the host are copied to ensure that the address is unique. The above process is called DAD (Duplicate Address Detection).

Figure 6 IPv6 address duplication detection

At this point, the terminal device completes the acquisition of the IPv6 address.

Part 06   Summarize  

This article starts from the actual home network environment and explores and analyzes the IPv6 allocation situation and principles of devices in the actual home broadband network. The next article will discuss the actual availability and security analysis of IPv6, so stay tuned.