Fact-checked by Grok 2 weeks ago

DHCPv6

Dynamic Host Configuration Protocol for (DHCPv6) is a network protocol that provides a framework for hosts and routers to dynamically obtain addresses and other parameters required for operation on an network. It enables both stateful address assignment, where the DHCPv6 directly manages address allocation, and stateless , which can complement Stateless Address Autoconfiguration (SLAAC) by delivering additional options like DNS addresses. Developed by the (IETF), DHCPv6 operates on a client- model, using ports 546 (client) and 547 (), and supports communication via addresses such as ff02::1:2 for discovery on the local link. Unlike its IPv4 counterpart (DHCP), DHCPv6 is a distinct without , emphasizing IPv6-specific features like for routers to assign subnets to downstream interfaces. Key message types include Solicit (for server discovery), Advertise (server responses), Request (client requests), and Reply (server grants), typically exchanged in a four-message sequence, though a two-message exchange (Solicit/Reply) is possible for rapid configuration. Relay agents extend DHCPv6 across routed networks by encapsulating messages in Relay-forward and Relay-reply types, appending link-specific information like interface identifiers. Configuration data is conveyed through extensible options, such as the Identity Association for Non-temporary Addresses (IA_NA) for client addresses, Identity Association for Temporary Addresses (IA_TA) for privacy-enhanced temporary addresses, and Identity Association for Prefix Delegation (IA_PD) for routing scenarios. is enhanced via options, including Reconfigure Key Authentication Protocol (RKAP), while status codes provide feedback on operations like address declines due to duplicates. The current specification, RFC 8415 (November 2018), obsoletes the original RFC 3315 (2003) and incorporates updates from related standards, ensuring a unified and robust for modern deployments.

Introduction

Overview

DHCPv6, or for , is a network protocol that enables DHCP servers to dynamically assign addresses, prefixes, and other configuration parameters to nodes, facilitating automated network setup. Introduced in RFC 3315 in July 2003, it serves as the adaptation of the original DHCP protocol, providing flexibility for reusable address allocation and extensible options for additional parameters. In networks, DHCPv6 supports both stateful and stateless operational modes to meet diverse configuration needs. The stateful mode handles full address assignment and tracks client states, while the stateless mode delivers only non-address configuration details, such as DNS server information, and works alongside IPv6 Stateless Address Autoconfiguration (SLAAC) as defined in RFC 4862. This dual-mode approach allows networks to balance centralized management with decentralized autoconfiguration. DHCPv6 addresses IPv6's design choice to eliminate broadcast messaging by using addresses for and or for direct communication between clients, relays, and servers. Its key benefits include minimizing manual intervention in device setup, supporting plug-and-play connectivity for diverse hosts, and seamlessly integrating with core features to enhance network scalability and efficiency. The has since been updated and obsoleted by 8415 in November 2018, incorporating refinements while preserving its foundational role.

Background and Motivation

The development of DHCPv6 emerged as part of the broader effort to create protocols supporting , which addressed key limitations of IPv4 such as the exhaustion of its 32-bit by introducing a 128-bit addressing scheme capable of supporting vastly more devices. Unlike IPv4, eliminated broadcast mechanisms in favor of for efficiency in larger networks, necessitating a redesigned dynamic configuration protocol that could operate without relying on broadcasts for client discovery and message propagation. These fundamental changes in 's architecture, initiated through IETF discussions in the mid-1990s, required a new protocol to handle address assignment and parameter distribution in environments with potentially trillions of addresses and no inherent broadcast support. A primary motivation for DHCPv6 was to complement IPv6's built-in Stateless Address Autoconfiguration (SLAAC), which relies on Router Advertisements from Neighbor Discovery (ND) to enable hosts to self-configure addresses autonomously. While SLAAC provides simplicity and stateless operation, it lacks centralized control over address allocation, DNS server assignment, and other network parameters, creating a need for a stateful mechanism to enable administrators to manage configurations uniformly across large-scale deployments. DHCPv6 thus fills this gap by offering dynamic, server-mediated assignment of IPv6 addresses and options, supporting scenarios where policy enforcement or integration with existing management systems is essential, even as IPv6's address abundance reduces the urgency of address conservation seen in IPv4. The protocol's development began with early IETF drafts in the Dynamic Host Configuration (DHC) during the late , including initial proposals like "Options for DHCPv6" in November 1995 and subsequent "DHCPv6" drafts that evolved through iterations addressing -specific requirements. Formalization accelerated around 2000 within the DHC WG, which extended its charter from IPv4 DHCP to , culminating in the publication of 3315 as a Proposed Standard in July 2003, defining the core DHCPv6 specification. This timeline aligned with the maturation of standards, such as 2460 in 1998, ensuring DHCPv6 integrated seamlessly with ND protocols for router discovery and address configuration. Adoption of DHCPv6 has been gradual, hampered by the overall slow transition to , which reached approximately 45% global deployment as of November 2025 due to compatibility issues, transition costs, and the sufficiency of SLAAC for many basic use cases. Integrating DHCPv6 with ND protocols presented additional challenges, as networks had to balance stateful DHCPv6 for managed environments against ND's stateless mechanisms, often requiring hybrid configurations during dual-stack IPv4/IPv6 phases. This slower rollout reflects broader hurdles, including the need for updated and training, delaying widespread reliance on DHCPv6 for centralized IPv6 management.

Protocol Fundamentals

Differences from DHCPv4

DHCPv6 eliminates the use of broadcasts present in DHCPv4, instead employing link-local addresses for discovery and for direct communication between clients and . Specifically, clients send Solicit messages to the All_DHCP_Relay_Agents_and_Servers (ff02::1:2), which reduces network overhead in environments where broadcasts are inefficient due to the larger . This shift aligns with IPv6's design principles, avoiding the flood of packets that broadcasts can cause on shared links. Unlike DHCPv4, which operates independently for initial , DHCPv6 integrates closely with Neighbor (ND) to facilitate and . Clients rely on Router Advertisements (RAs) from routers—sent via ND—to determine whether to initiate DHCPv6 requests, using flags like the Managed-address (M) flag or Other (O) flag in the RA to trigger Solicit messages. This dependency on ND contrasts with DHCPv4's standalone broadcast-based , enabling a hybrid stateless/stateful model that complements Stateless Address Autoconfiguration (SLAAC). The message structure in DHCPv6 diverges from DHCPv4 by adopting a fully IPv6-native format without the BOOTP compatibility layer that DHCPv4 inherits from its predecessor. DHCPv6 uses a four-message exchange (Solicit, Advertise, Request, Reply) for assignment, allowing multiple servers to advertise before the client selects one via Request, avoiding the DHCPv4-style broadcast Request that can lead to conflicts; an optional two-message exchange (Solicit/Reply) is supported via the Rapid-Commit option. This cleaner structure supports extensible options without legacy address fields, focusing instead on IPv6-specific needs. DHCPv6 expands address handling beyond DHCPv4's focus on individual host addresses to include and support for global addresses, accommodating the hierarchical nature of IPv6 routing. It manages es via Identity Association for Prefix Delegation (IA_PD) options, enabling routers to request and assign entire subnets, and supports temporary addresses through Identity Association for Temporary Addresses (IA_TA) to enhance user privacy by randomizing addresses periodically. In contrast, DHCPv4 leases are limited to single addresses with no native mechanism or privacy-oriented temporality. Client identification in DHCPv6 mandates the use of a DHCP Unique Identifier (DUID), a flexible, up to 130-octet value that persists across network interfaces and reboots, replacing DHCPv4's reliance on the client address (chaddr) field tied to addresses. DUIDs, conveyed in Client Identifier and Server Identifier options, enable stable bindings without dependencies. Additionally, DHCPv6 relays operate differently from their DHCPv4 counterparts, using interface identifiers rather than subnet-specific forwarding to handle multi-link environments, avoiding the limitations of IPv4 relays.

Transport and Ports

DHCPv6 employs as its transport protocol over to exchange messages between clients, servers, and agents. All DHCPv6 communications occur via datagrams, enabling stateless and connectionless delivery suitable for dynamic configuration in networks. DHCPv6 designates specific ports for message transmission: clients use 546 and destination port 547 when sending messages to servers or agents, while servers and agents use source port 547 and destination port 546 when responding to clients. Clients listen for incoming messages on port 546, and servers or agents listen on port 547. This port assignment facilitates directed communication and allows firewalls to permit DHCPv6 traffic by filtering on these well-known ports. For discovery and initial exchanges, DHCPv6 utilizes to reach multiple recipients efficiently without prior address knowledge. Client messages destined for servers or relay agents, such as Solicit messages, are sent to the link-local FF02::1:2 (All_DHCP_Relay_Agents_and_Servers). Relay agents forwarding client requests to servers may use the site-local FF05::1:3 (All_DHCP_Servers) if no specific server is known, though is preferred when possible. Server responses to clients are typically to the client's address but can employ in specific scenarios. Relay agents play a crucial role in extending DHCPv6 across subnets by encapsulating client messages in Relay-Forward messages and server responses in Relay-Reply messages, both transmitted using port 547 between the relay and server. The relay agent includes the link-address (its on the client-facing ) and peer-address (the client's ) in these messages to maintain context. Initial DHCPv6 messages from clients employ link-local addresses as the source, with multicast destinations scoped to the link for locality. Once a global unicast address is assigned, subsequent messages can use global addressing for end-to-end communication, improving in routed networks. Transport errors in DHCPv6, such as unreachable destinations, are handled through IPv6's mechanisms, which provide feedback on delivery failures, while protocol-specific errors use embedded status codes rather than retransmission timers defined elsewhere.

Message Handling

Message Types

DHCPv6 employs a set of standardized message types to facilitate communication between clients, servers, and relay agents in IPv6 networks. These messages enable dynamic configuration of addresses, prefixes, and other parameters, with each type serving a distinct role in the protocol's operation. Unlike DHCPv4, DHCPv6 messages lack fixed fields for specific parameters and instead rely on a flexible options structure following the core header. Note that an update to the specification (draft-ietf-dhc-rfc8415bis, in RFC Editor Queue as of November 2025) incorporates errata, clarifies UDP port usage, and obsoletes certain options like IA_TA and server unicast. The basic format of a DHCPv6 message begins with a 1-octet message type field, which identifies the message's purpose using numeric codes defined by the (IANA), followed by a 3-octet transaction ID for matching requests and responses, and then a variable-length options field containing configuration data. This design allows for extensibility without rigid field allocations.

Core Unicast Messages

The protocol defines ten primary unicast message types for direct client-server interactions. The following table enumerates these messages, their codes, and roles:
Message TypeCodeRole
Solicit1Sent by a client to locate available DHCPv6 servers and initiate .
Advertise2Sent by a server in response to a Solicit, advertising its and offering parameters such as addresses or prefixes.
Request3Sent by a client to request specific parameters, typically in reply to an Advertise message during initial assignment.
Confirm4Sent by a client to verify the validity of assigned addresses, often after detecting a link change or potential .
Renew5Sent by a client to the assigning to extend the lifetimes of leased addresses or prefixes.
Rebind6Sent by a client to any available to extend lease lifetimes when the original is unreachable.
Decline9Sent by a client to inform the that an assigned is unusable, such as due to a detected duplicate .
Release8Sent by a client to release leased addresses or prefixes back to the , relinquishing their use.
Information-Request11Sent by a client to obtain parameters without requesting leases, supporting stateless DHCPv6.
Reconfigure10Sent by a to a client to initiate a refresh or update, prompting the client to request new parameters.
These messages form the foundation of stateful DHCPv6 operations, where clients acquire and manage dynamic resources.

Relay Messages

In environments with relay agents, two additional message types encapsulate client and server communications across network boundaries. Relay-Forward (code 12) is sent by a relay agent to forward a client's message toward one or more s, preserving the original message within its options. Conversely, Relay-Reply (code 13) is sent by a to a relay agent, encapsulating the server's response for delivery back to the client. These relay types ensure scalability in multi-hop topologies without altering the underlying messages.

Usage Contexts

For initial address or prefix assignment, the protocol typically involves Solicit, Advertise, and Request messages exchanged between clients and servers to negotiate and confirm resources. Lease maintenance relies on Renew and Rebind messages to extend resource lifetimes proactively, preventing service disruptions. In stateless scenarios, clients use Information-Request messages to retrieve non-address parameters, such as DNS server addresses, without entering a leased state. DHCPv6 does not define dedicated error message types; instead, errors and status indications are conveyed through the Status Code option embedded in standard messages, such as NoAddrsAvail (code 2) to signal unavailability of addresses during a Request. This approach integrates feedback directly into the protocol flow, enhancing efficiency.

Client and Server Identifiers

In DHCPv6, clients and servers are uniquely identified to enable stateful address assignment and management, distinguishing them from the stateless autoconfiguration in IPv6. The primary mechanism is the DHCP Unique Identifier (DUID), a variable-length identifier ranging from 2 to 128 octets, designed to remain stable for the lifetime of a or to facilitate consistent binding of network addresses and configuration parameters. DUIDs are generated once per and can take several forms based on specific types defined in the . The DUID-LLT type combines a link-layer address with the time of manufacture or first boot, providing a time-based uniqueness; DUID-EN uses an enterprise-specific number for vendor-defined identification; DUID-LL employs only the link-layer address for simplicity; and DUID-UUID utilizes a for software-generated stability across hardware changes. These types ensure flexibility while avoiding reliance on potentially changeable hardware details like MAC addresses. The Client Identifier option (option type 1) encapsulates the client's DUID within DHCPv6 messages sent by the client, allowing servers to recognize and associate requests with specific clients across transactions. Similarly, the Server Identifier option (type 2) carries the server's DUID in responses such as Advertise and Reconfigure messages, enabling clients to select a preferred server when multiple advertisements are received or to verify the source of reconfiguration attempts. Identity Associations (IAs) further bind addresses to client identities using the DUID. The IA_NA (Identity Association for Non-temporary Addresses) groups one or more non-temporary addresses assigned to the client, while the IA_TA (Identity Association for Temporary Addresses) handles temporary addresses for , such as those used in privacy extensions; both are tied to the client's DUID for management and renewal. However, the IA_TA option is planned for obsoletion in the forthcoming revision of 8415 (draft-ietf-dhc-rfc8415bis, as of November 2025), with temporary addresses to be managed solely via Stateless Address Autoconfiguration (SLAAC) privacy extensions per 8981. Relay agents, which forward messages between clients and servers, may include a Identifier option to uniquely identify themselves and track forwarded messages, aiding in and state maintenance across network segments. For enhanced , particularly in scenarios where link-layer addresses could leak identifying information, RFC 6939 defines the Client Link-Layer option (code 79), which allows relay agents connected to the same link as the client to include the client's link-layer address in Relay-Forward messages, enabling servers to correlate client sessions in dual-stack deployments.

Configuration Process

Address Assignment

In DHCPv6, stateful address assignment enables clients to obtain IPv6 addresses and other configuration parameters from a DHCPv6 server through a structured exchange of messages. The process begins when a client, upon connecting to a network or needing a new address, multicasts a Solicit message to discover available servers; this message includes an Identity Association for Non-temporary Addresses (IA_NA) option to specify the request for one or more addresses. Servers that receive the Solicit respond with unicast or multicast Advertise messages, each containing proposed addresses from their address pools, along with associated lifetimes and other tentative configuration details. The client then selects one server—typically based on preferences such as server priority—and sends a Request message to that server—unicast if a Server Unicast option was included in the Advertise message, otherwise multicast—echoing the IA_NA and the specific addresses it wishes to acquire. Finally, the selected server validates the request and sends a unicast Reply message confirming the assignment, binding the addresses to the client with specified lease times and including any additional options. Lease management in DHCPv6 ensures addresses remain valid and adaptable to changes through defined timers and . Each assigned address includes a preferred , indicating the period during which the address is recommended for use, and a valid , specifying the total duration the address remains usable before it must be released. To proactively renew leases, the client uses two renewal timers: T1, which is typically set to 50% of the preferred and triggers the client to send a Renew message to the original , and T2, set to 80% of the preferred , which prompts a Rebind message to any available if renewal fails. If the preferred expires before renewal, the client stops using the address for new connections but retains it until the valid ends; a valid lifetime of 0xffffffff () indicates a permanent . For networks requiring subnet delegation, DHCPv6 supports prefix delegation (PD) where a requesting router client obtains a prefix to assign addresses to hosts on its downstream subnetwork. The client includes an Identity Association for Prefix Delegation (IA_PD) option in its Solicit message to request one or more prefixes, and the server responds in Advertise and Reply messages with delegated prefixes, each governed by T1 and T2 timers relative to the prefix's preferred lifetime, similar to non-temporary address management. This allows hierarchical address distribution, with the delegating router acting as a sub-prefix allocator for its local network. To accelerate assignment in environments with low contention, the Rapid Commit option permits a streamlined two-message exchange. When the client includes the Rapid Commit option in its Solicit and the server supports it, the server may immediately respond with a Reply message containing the assigned addresses or prefixes, omitting the Advertise and Request steps. This reduces latency, particularly useful for mobile clients or high-speed initial configurations. DHCPv6 clients must verify validity when changing network , such as during events, by sending a to any available . The checks if the remains appropriate for the new and replies with either or an indication to restart the assignment process, preventing use of invalid addresses. While stateful assignment focuses on dynamic addressing, DHCPv6 also supports stateless operation where clients use an Information-Request to obtain non-address configurations like DNS servers without requesting leases.

Option Negotiation

DHCPv6 options provide a flexible for conveying parameters beyond basic client and server identification, enabling the exchange of information such as DNS servers, domain search lists, and time synchronization details. Each option follows a standardized : a 16-bit option code identifying the , a 16-bit option length specifying the size of the data field in octets, and a variable-length option data field containing the actual parameters. Options support nesting, where sub-options are encapsulated within container options, such as Identity Association (IA) options that group related address or prefix assignments. This allows for hierarchical organization, ensuring that complex configurations can be scoped appropriately without fragmenting the overall message. Key options in DHCPv6 include those for address and prefix associations, as well as common parameters. The IA_NA (option code 3) serves as a container for non-temporary assignments, encapsulating IA Address options with details like , preferred lifetime, and valid lifetime. Similarly, IA_TA (option code 4) manages temporary addresses for privacy-enhanced operations, while IA_PD (option code 25) handles for scenarios, containing IA Prefix sub-options with prefix, length, and lifetimes. For DNS configuration, option 23 carries addresses of recursive name servers, and option 24 specifies domain search lists as a sequence of domain names. Other notable options encompass NTP servers (option 56) for time , providing a list of addresses and sub-options for service parameters, and SIP servers (options 21 for domain names and 22 for addresses) to support VoIP setups. The negotiation process begins with the client specifying desired options in its Solicit or Request messages using the Option Request option (ORO, code 6), which lists the codes of options it requires from the . The then includes the requested options—along with any additional ones it deems appropriate—in its Advertise or Reply messages, encapsulating them directly or within IA containers as needed. For relay agent verification, the Echo Request option (code 9) allows agents to request that the echo back specific relay options, ensuring integrity in forwarded messages without altering the core client- exchange. This additive approach means s append options to responses, but clients must request them explicitly to receive them, promoting efficient tailored to client needs. Status codes, conveyed via the Status Code option (code 13), are embedded within relevant options or messages to signal the outcome of negotiation attempts, using a 16-bit code and optional descriptive message. Common codes include (0), indicating a successful operation, and UnspecFail (1), for unspecified failures. These codes provide granular feedback, such as NoAddrsAvail (2) within IA_NA for address shortages or NoPrefixAvail (6) in IA_PD contexts, allowing clients to handle failures gracefully. Vendor-specific options enable extensions through the Vendor-specific Information option (code 17), which includes an enterprise number followed by sub-options tailored to the vendor's implementation. This structure supports proprietary configurations while maintaining compatibility with the base protocol. DHCPv6 option negotiation has inherent limitations: configurations cannot be dynamically updated except through Reconfigure messages, which trigger clients to renew requests for potentially modified options. Furthermore, options are strictly additive—servers cannot subtract or override previously granted parameters—requiring clients to manage persistent state across interactions.

Security Considerations

Vulnerabilities and Threats

DHCPv6 deployments are susceptible to rogue server attacks, where unauthorized entities impersonate legitimate servers to distribute invalid or malicious configuration parameters, such as incorrect addresses or DNS servers. This can result in denial-of-service () conditions by assigning non-routable addresses or enable man-in-the-middle (MITM) interception by redirecting traffic through attacker-controlled gateways. Resource exhaustion attacks target DHCPv6 servers through flooding with Solicit messages, often amplified by the protocol's use of addresses like FF02::1:2, which broadcasts requests across the and overwhelms processing or depletes available pools. Such floods can prevent legitimate clients from obtaining configurations, leading to widespread unavailability. Eavesdropping poses a significant due to DHCPv6's lack of built-in , allowing passive on the local to intercept unencrypted messages and capture sensitive information, including client identifiers (DUIDs), requested options, and assigned addresses. This exposure can facilitate further reconnaissance or targeted attacks without alerting participants. Relay agent spoofing involves forging DHCPv6 relay messages to redirect client requests to unauthorized servers or inject false information, such as remote identifiers, potentially compromising or enabling unauthorized access across segments. Attackers can exploit the 's role in forwarding to bypass local protections. IPv6-specific risks arise from DHCPv6's integration with Neighbor Discovery (), where spoofed Router Advertisements (RAs) with the 'M' flag set can coerce clients into relying solely on stateful DHCPv6 for addressing, amplifying vulnerabilities if combined with rogue server responses or ND-based redirection attacks. This interplay allows attackers to manipulate address acquisition flows more effectively than in IPv4 equivalents.

Authentication Mechanisms

DHCPv6 provides mechanisms to verify the and of messages exchanged between clients, servers, and agents, primarily through the option and supporting protocols. These mechanisms aim to prevent unauthorized changes and protect against impersonation by rogue entities. However, authentication is not enabled by default and requires of shared keys or other security associations. The option, identified by option code 11 (OPTION_AUTH), is used exclusively for the Reconfigure Key Authentication Protocol (RKAP) to authenticate Reconfigure messages (message type 10). The option includes fields for , , Replay Detection Method (RDM), replay detection data, and authentication information. RKAP is specified as value 3 and uses HMAC-MD5 ( value 1) to generate the authentication information, with a variable-length field containing the computed hash. Replay detection is integrated via an RDM field, which uses a 64-bit (e.g., based on NTP) or a monocounter to ensure messages are not reused, preventing replay attacks. Only one Authentication option is permitted per message. Client and server identifiers, such as the DUID, are used in the authentication to scope keys appropriately. The Reconfigure Key Authentication Protocol (RKAP), specified as protocol value 3 in the Authentication option, secures Reconfigure messages to protect against unauthorized server-initiated updates. It uses a 128-bit shared reconfigure key, which is conveyed in within the initial Reply message from the server to the client. The server generates an -MD5 over the Reconfigure message using this key, including the replay detection data, to authenticate the sender. Clients verify the HMAC and discard unauthenticated Reconfigure messages, mitigating risks from malicious reconfiguration attempts. RKAP requires pre-shared keys between client and server, limiting its deployment due to overhead. Integration with SEcure Neighbor Discovery (SEND), defined in RFC 3971, indirectly enhances DHCPv6 security by protecting the initial discovery phase. SEND uses Cryptographically Generated Addresses (CGA) to bind addresses to public keys via cryptographic hashes, securing (NDP) messages like Router Advertisements that may indicate DHCPv6 server availability. This prevents address spoofing in link-local communications, which could otherwise facilitate DHCPv6 man-in-the-middle attacks during client discovery. While SEND does not directly authenticate DHCPv6 messages, it provides a foundation for trusted network attachment before DHCPv6 exchanges begin. For broader security, RFC 8415 recommends the use of to provide , , and for messages between DHCPv6 servers and relay agents, as detailed in RFC 8213. can employ authentication headers () or encapsulating security payloads () with pre-shared keys or certificates, but it is optional and not mandated for client-server interactions. This approach is preferred over DHCPv6-specific authentication for relay-server links due to its standardization and support for encryption. DHCPv6 lacks built-in end-to-end by default, relying instead on network-level protections such as trusted relay agents within controlled environments to forward messages without modification. Without explicit , messages are vulnerable to interception or tampering in untrusted networks. In Session Initiation Protocol (SIP) environments, RFC 3319 extends DHCPv6 with options for SIP server discovery (e.g., OPTION_SIP_SERVER_D) that leverage the option to ensure authenticated delivery of SIP-specific parameters.

Standards and Extensions

Core RFCs

The foundational standards for DHCPv6 were initially established by RFC 3315 in July 2003, which defined the core protocol for dynamic allocation of addresses and other parameters to clients, including message formats, transmission procedures, and support for both stateful address assignment and stateless modes. This specification outlined the basic client-server interaction model, where clients solicit configurations via Solicit messages and servers respond with Advertise, Request, and Reply exchanges to manage identity association states like IA_NA for non-temporary addresses. However, RFC 3315 has been obsoleted by RFC 8415 in November 2018, which incorporates updates from numerous errata, extensions, and clarifications while maintaining for the base protocol operations. IPv6 Prefix Delegation, a key mechanism for hierarchical address distribution in networks such as those involving , is specified in 3633 from December 2003, which introduces the Identity Association for Prefix Delegation (IA_PD) option to enable delegating routers to assign prefixes to requesting routers. This details the prefix delegation process, including the use of IA_PD containers within Request and Reply messages to negotiate prefix lengths and lifetimes, facilitating scalable in access networks. Like RFC 3315, 3633 is obsoleted by 8415, which integrates its definitions and resolves interactions with other stateful options. Configuration options for (DNS) servers and search lists are defined in RFC 3646 from December 2003, specifying DHCPv6 option code 23 for conveying lists of addresses of recursive DNS servers and option code 24 for domain search list information to aid client name resolution. These options allow servers to provide essential non-address parameters during the configuration exchange, ensuring clients can perform DNS queries without additional protocols. Relay agent enhancements, including the Remote-ID option (code 37), are outlined in 4649 from August 2006, enabling DHCPv6 relay agents to insert identifiers for the remote host or circuit endpoint into forwarded messages for improved troubleshooting and policy application in multi-hop environments. Subsequent updates include 7550 from May 2015, which identifies issues with the coexistence of multiple stateful options (such as IA_NA and IA_PD) in DHCPv6 messages and provides recommendations for clearer protocol behavior, including restrictions on option ordering and processing to prevent ambiguity in client-server interactions. 8415 further tracks and incorporates errata from prior specifications, ensuring the protocol's robustness. The DHCPv6 protocol suite holds Proposed Standard status within the IETF, reflecting its maturity through iterative refinements for interoperability and deployment clarity.

Relay Agents and Extensions

DHCPv6 relay agents facilitate communication between clients and servers located on different links by intercepting client messages and forwarding them to servers using the Relay-Forward message (type 12), while servers respond via the Relay-Reply message (type 13). These messages encapsulate the original client or server content within a Relay-Message option and include header fields such as hop-count (initialized to 0 and incremented per relay), link-address (the relay agent's address on the client's link), and peer-address (the source address of the incoming packet). Relay agents add specific options to provide context, including the Interface-ID option (code 18), which identifies the incoming interface for accurate reply routing, and the Remote-ID option (code 37), which conveys additional information about the originating host or network element. The Remote-ID option, defined in RFC 4649, enables relay agents to append opaque data, such as circuit IDs or port numbers, to help servers associate requests with specific remote entities without modifying client behavior. Complementing this, the Subscriber-ID option (code 38) from RFC 4580 allows relay agents in access networks to insert a stable, provider-assigned identifier for the subscriber, independent of the client's hardware or the relay's configuration, thereby supporting per-subscriber policy enforcement. To ensure , DHCPv6 relay agents implement prevention by incrementing the hop-count in each Relay-Forward and discarding any exceeding the limit of 32 hops, mitigating forwarding cycles in misconfigured networks. Additionally, relay agents support server addresses, enabling clients or intermediate relays to discover and reach the nearest available through multicast-like distribution, which enhances scalability in large deployments without requiring . These mechanisms address common issues like duplication or routing failures across diverse network topologies. Extensions to relay functionality have expanded DHCPv6 capabilities beyond core forwarding. For instance, RFC 6422 introduces relay-supplied options, allowing agents to insert configuration parameters—such as DNS servers or domain search lists—directly into Relay-Reply messages, bypassing the limitation of one-way client-relay communication. Vendor-specific extensions leverage the Vendor Class Identifier (option 16) and Vendor-specific Information (option 17) to carry proprietary data; a representative example is Cisco's use of these options to deliver TFTP server addresses for provisioning, encapsulating IPv6-specific parameters. Further enhancements include support for virtual subnet selection via options defined in 6607, which enable relay agents to specify virtual interfaces or subnets, aiding in environments with overlaid or segmented addressing like data centers. For scenarios involving multiple networks, the multiple provisioning architecture in 7556 integrates with DHCPv6 relays to tag options with identifiers, preventing conflicts when nodes connect to overlapping providers. 6977 extends relay roles by permitting agents to initiate reconfiguration requests to servers, notifying clients of updates like address renewals without direct server-to-client paths. Standardization efforts continued after RFC 8415 with additional extensions, including RFC 9243 (2022) which defines a data model for DHCPv6 configuration and management, RFC 9663 (2024) for using DHCPv6 to allocate unique prefixes per client in large broadcast networks, and RFC 9686 (December 2024) which specifies a method for devices to inform DHCPv6 servers of self-generated or statically configured addresses. This update improves overall protocol robustness, such as refined handling of unknown messages and enhanced relay support, fostering better interoperability in modern deployments.

References

  1. [1]
    Information on RFC 8415 - » RFC Editor
    This document describes the Dynamic Host Configuration Protocol for IPv6 (DHCPv6): an extensible mechanism for configuring nodes with network configuration ...
  2. [2]
    RFC 3315 - Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
    The Dynamic Host Configuration Protocol for IPv6 (DHCP) enables DHCP servers to pass configuration parameters such as IPv6 network addresses to IPv6 nodes.
  3. [3]
    RFC 8415 - Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
    This document describes the Dynamic Host Configuration Protocol for IPv6 (DHCPv6): an extensible mechanism for configuring nodes with network configuration ...
  4. [4]
    draft-ietf-dhc-v6opts-00
    Internet Engineering Task Force C. Perkins INTERNET DRAFT IBM 22 November 1995 Options for DHCPv6 draft-ietf-dhc-v6opts-00.txt Status of This Memo This ...Missing: initial | Show results with:initial
  5. [5]
    draft-ietf-dhc-dhcpv6-00
    Dynamic Host Configuration Protocol for IPv6 (DHCPv6) · This is an older version of an Internet-Draft that was ultimately published as RFC 3315. Expired & ...Missing: 1990s | Show results with:1990s
  6. [6]
    Dynamic Host Configuration (dhc)
    ### Summary of DHC Working Group and DHCPv6 Role
  7. [7]
    RFC 3315 - Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
    The Dynamic Host Configuration Protocol for IPv6 (DHCP) enables DHCP servers to pass configuration parameters such as IPv6 network addresses to IPv6 nodes.
  8. [8]
    The transition to IPv6: Are we there yet? - APNIC Blog
    May 4, 2022 · The IPv6 transition is underway, with about 30% of users using IPv6, but it is not complete and is not uniformly distributed.
  9. [9]
    https://datatracker.ietf.org/doc/html/rfc8415#section-14
  10. [10]
    https://datatracker.ietf.org/doc/html/rfc8415#section-7.1
  11. [11]
    https://datatracker.ietf.org/doc/html/rfc8415#section-6
  12. [12]
    https://datatracker.ietf.org/doc/html/rfc8415#section-1.2
  13. [13]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.1
  14. [14]
    https://datatracker.ietf.org/doc/html/rfc8415#section-3
  15. [15]
    https://datatracker.ietf.org/doc/html/rfc8415#section-21.21
  16. [16]
    https://datatracker.ietf.org/doc/html/rfc8415#section-6.3
  17. [17]
    https://datatracker.ietf.org/doc/html/rfc8415#section-11
  18. [18]
    https://datatracker.ietf.org/doc/html/rfc8415#section-21.2
  19. [19]
    https://datatracker.ietf.org/doc/html/rfc8415#section-5
  20. [20]
    https://datatracker.ietf.org/doc/html/rfc8415#section-5.1
  21. [21]
    [PDF] DHCP for IPv6 (DHCPv6) - Allied Telesis
    DHCPv6 is used to delegate IPv6 prefixes and to allocate IPv6 addresses. It offers stateful address autoconfiguration, and complements Stateless Address ...
  22. [22]
    https://datatracker.ietf.org/doc/html/rfc8415#section-7
  23. [23]
    https://datatracker.ietf.org/doc/html/rfc8415#section-5.2
  24. [24]
    https://datatracker.ietf.org/doc/html/rfc8415#section-19
  25. [25]
    https://datatracker.ietf.org/doc/draft-ietf-dhc-rfc8415bis/
  26. [26]
    https://datatracker.ietf.org/doc/html/rfc8415#section-7.3
  27. [27]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.1
  28. [28]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.3.1
  29. [29]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.2
  30. [30]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.3
  31. [31]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.4
  32. [32]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.5
  33. [33]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.8
  34. [34]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.7
  35. [35]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.6
  36. [36]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.11
  37. [37]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18
  38. [38]
    https://datatracker.ietf.org/doc/html/rfc8415#section-19.1
  39. [39]
    https://datatracker.ietf.org/doc/html/rfc8415#section-19.2
  40. [40]
    https://datatracker.ietf.org/doc/html/rfc8415#section-6.2
  41. [41]
    https://datatracker.ietf.org/doc/html/rfc8415#section-6.1
  42. [42]
    https://datatracker.ietf.org/doc/html/rfc8415#section-21.13
  43. [43]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.3.2
  44. [44]
    https://datatracker.ietf.org/doc/html/rfc8981
  45. [45]
    https://datatracker.ietf.org/doc/html/rfc6939
  46. [46]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.2
  47. [47]
    https://datatracker.ietf.org/doc/html/rfc8415#section-14.2
  48. [48]
    https://datatracker.ietf.org/doc/html/rfc8415#section-13.3
  49. [49]
    https://datatracker.ietf.org/doc/html/rfc8415#section-21.1
  50. [50]
    https://datatracker.ietf.org/doc/html/rfc8415#section-21.4
  51. [51]
    https://datatracker.ietf.org/doc/html/rfc8415#section-21.5
  52. [52]
    https://datatracker.ietf.org/doc/html/rfc8415#section-21.7
  53. [53]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.3
  54. [54]
    https://datatracker.ietf.org/doc/rfc4994#section-2
  55. [55]
    https://datatracker.ietf.org/doc/html/rfc8415#section-21.17
  56. [56]
    https://datatracker.ietf.org/doc/html/rfc8415#section-18.2.10
  57. [57]
    https://datatracker.ietf.org/doc/html/rfc8415#section-22
  58. [58]
    https://datatracker.ietf.org/doc/html/rfc3315#section-23
  59. [59]
    https://datatracker.ietf.org/doc/html/rfc6977#section-9
  60. [60]
    https://datatracker.ietf.org/doc/html/rfc8415#section-20
  61. [61]
    https://datatracker.ietf.org/doc/html/rfc8415#section-21.11
  62. [62]
    https://datatracker.ietf.org/doc/html/rfc8415#section-20.3
  63. [63]
    https://datatracker.ietf.org/doc/html/rfc8415#section-20.4
  64. [64]
    RFC 3971 - SEcure Neighbor Discovery (SEND) - IETF Datatracker
    IPv6 nodes use the Neighbor Discovery Protocol (NDP) to discover other nodes on the link, to determine their link-layer addresses to find routers.
  65. [65]
    https://datatracker.ietf.org/doc/html/rfc8415#section-20.1
  66. [66]
    RFC 8213 - Security of Messages Exchanged between Servers and ...
    This document specifies the optional requirements for relay agent and server implementations to support IPsec authentication and encryption.
  67. [67]
    RFC 3633 - IPv6 Prefix Options for Dynamic Host Configuration ...
    RFC 3633 defines new DHCP options for automated IPv6 prefix delegation, allowing a delegating router to delegate prefixes to authorized requesting routers.
  68. [68]
    RFC 3646 - DNS Configuration options for Dynamic Host ...
    DNS Configuration options for Dynamic Host Configuration Protocol for IPv6 (DHCPv6) · RFC - Proposed Standard December 2003. Report errata. Was draft-ietf-dhc- ...
  69. [69]
    RFC 4649 - Relay Agent Remote-ID Option - IETF Datatracker
    This memo defines a new Relay Agent Remote-ID option for the Dynamic Host Configuration Protocol for IPv6 (DHCPv6).
  70. [70]
    RFC 7550 - Issues and Recommendations with Multiple Stateful ...
    Issues and Recommendations with Multiple Stateful DHCPv6 Options (RFC 7550, ; obsoleted by RFC 8415)
  71. [71]
    RFC 4580 - Relay Agent Subscriber-ID Option - IETF Datatracker
    This memo defines a new Relay Agent Subscriber-ID option for the Dynamic Host Configuration Protocol for IPv6 (DHCPv6).
  72. [72]
    RFC 6422 - Relay-Supplied DHCP Options - IETF Datatracker
    Introduction The DHCPv6 specification [RFC3315] allows DHCP relay agents to forward DHCPv6 messages between clients and servers that are not on the same IPv6 ...
  73. [73]
    DHCP and DHCPv6: Options Differences - Infoblox Blog
    Jul 30, 2024 · The RFC “IPv6-Only Preferred Option for DHCPv4” (RFC 8925) specifies a method to use a DHCP option (over IPv4) to disable the IPv4 protocol on a ...
  74. [74]
    RFC 7556 - Multiple Provisioning Domain Architecture
    It outlines a solution framework for some of the issues experienced by nodes that can be attached to multiple networks simultaneously.
  75. [75]
    RFC 6977 - Triggering DHCPv6 Reconfiguration from Relay Agents
    ... spoofing of Reconfigure-Request messages. DHCPv6 servers MUST silently discard Reconfigure-Request messages originating from unknown relay agents. 10 ...
  76. [76]
    RFC 4704 - The Dynamic Host Configuration Protocol for IPv6 ...
    This document specifies a new DHCPv6 option, the Client FQDN option, which can be used by DHCPv6 clients and servers to exchange information about the client's ...