[Dnsmasq-discuss] DHCPv6 with multiple IA

Simon Kelley simon at thekelleys.org.uk
Mon Feb 12 22:55:38 UTC 2024 


On 06/02/2024 22:29, Bertrand Jacquin wrote:
> Hi,
> 
> As per RFC8415 section 21.6, IA Address option 5 offered by the server
> specifying (temporary or not) address, may appear more than once so the
> client can be offered more than one address to use.
> 
> This is supported by AWS EC2 (aws ec2 assign-ipv6-addresses
> --ipv6-address-count), allowing to segment IP address for different
> usage (container, application specific ..) where DHCP reply look like
> the following (full pcap attached):
> 
>      Identity Association for Non-temporary Address
>          Option: Identity Association for Non-temporary Address (3)
>          Length: 96
>          IAID: 16092fc9
>          T1: 70
>          T2: 112
>          IA Address
>              Option: IA Address (5)
>              Length: 24
>              IPv6 address: 2a05:d018:c28:1a00::e564
>              Preferred lifetime: 140
>              Valid lifetime: 450
>          IA Address
>              Option: IA Address (5)
>              Length: 24
>              IPv6 address: 2a05:d018:c28:1a00::3504
>              Preferred lifetime: 140
>              Valid lifetime: 450
>          IA Address
>              Option: IA Address (5)
>              Length: 24
>              IPv6 address: 2a05:d018:c28:1a00::3501
>              Preferred lifetime: 140
>              Valid lifetime: 450
> 
> Looking at replicating such setup with dnsmasq, --dhcp-host
> documentation specifies "A single --dhcp-host may contain an IPv4
> address or one or more IPv6 addresses, or both" by providing a prefix
> length. However it appears dnsmasq only ever assign a single address to
> the client based on DUID.
> 
> Is my understand correct ? How could dnsmasq be configured to return
> multiple IA option 5 for a given client ?
> 


Good question.


Looking at the code, a DHCPADVERTISE packet ought to have the following 
addresses in it.

1) All the addresses suggested by the client in the SOLICIT packet which 
are usable with the configuration (mainly, which have suitable 
dhcp-range declarations.

2) All addresses from --dhcp-host declaration which are usable, as above.

3) Addresses of any existing leases held by the DUID/IAID supplied.

4) A randomly assigned address for any in-scope dhcp-range declaration 
which doesn't have a address in one of the preceding classes.



Which would appear to do what you want. I would not be very surprised if 
this sort of functionality has never been thoroughly tested. only a few 
percent of dnsmasq installations will use DHCPv6, and a smaller 
percentage will do radical things like multiple addresses.


[LATER]

Indeed, I just added a dhcp-host declaration for a host on my network, 
with two fixed IPv6 addresses. dnsmasq returns the address it already 
has a lease for, and one of the configured addresses. I think I can see 
the problem.....


Simon.




> Thanks,
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss

More information about the Dnsmasq-discuss mailing list