What is DHCPv6 Prefix Delegation? Coming from IPv4, you’re already familiar with DHCP (for IPv4) which hands out IPv4 addresses to clients. The same applies to (stateful) DHCPv6: it hands out IPv6 addresses to clients.
However, with IPv6 we’re heavily dealing with subnets rather than just single addresses. Again, you’re familiar with IPv4: For an IPv4-based ISP connection, you’re getting either a single public IPv4 address or a small subnet such as a /29, /28, or the like for your WAN interface. For an IPv6-based ISP connection, you’re getting a subnet which includes multiple unique subnets to be used for other layer 3 segments rather than a single address (with NAT on the CPE). This is where DHCPv6 prefix delegation (commonly abbreviated as DHCPv6-PD) kicks in: It hands out IPv6 subnets to routers.
Let’s have a closer look:
As always, a picture is worth a thousand words (click for full screen):
(The arrows in this sketch do not indicate the DHCPv6 protocol flow, but the direction of the information flow.)
Of course, it is possible to use a DHCPv6 relay from the ISP’s point of view. That is: Not the ISP router itself but an independent DHCPv6 server takes care of all prefixes.
The default prefix length that ISPs SHOULD give to an end site is a /48. However, ISPs tend to hand out /48 only to business customers while /56 to residential customers. Refer to RIPE-690 “Best Current Operational Practice for Operators: IPv6 prefix assignment for end-users – persistent vs non-persistent, and what size to choose”. Anyway:
DHCPv6 Prefix Delegation on the Wire
You can find DHCPv6 packets with prefix delegation in the Ultimate PCAP, display filter: dhcpv6.option.type == 25. Here’s a screenshot showing the “Advertise” message from the ISP router to the CPE from the end user. You can see the typical DHCPv6 address (Non-temporary Address, 3) along with the recursive DNS name server (23), as well as the additional “Identity Association for Prefix Delegation“, option number 25, which includes a /56 prefix in this example:
I have warned you!
Please note that you should always prefer a static IPv6 prefix!!! Using dynamic prefixes with DHCPv6-PD is ridiculous. It causes problems and instability – without any advantages. Why are (German) ISPs using it? 1) They are selling it as a privacy option 🤦 and 2) they want you to upgrade to a business connection. That’s it. Luckily, at least my ISP, Deutsche Glasfaser (FTTH), always delegates the same /56 prefix per customer. This is still done via DHCPv6 prefix delegation (which contains the name “dynamic” in it) but on a static basis. Thank you! Details about the connection establishment from them here (only in German).
Again: DO NOT USE an ISP connection with dynamic IPv6 prefixes for an enterprise. I’m serious. You will regret it!
However, speaking of residential ISP connections, we have to deal with it. :(
Soli Deo Gloria!