strange extra IP IPv6 addresses

Question

My local network runs IPv4 and IPv6. The IPv6 is mostly experimental, as my internet service provider uses IPv4. I'm running DHCP for IPv6 on a W2K8R2 server. Several computers on my LAN have IPv6 disabled, and others have it enabled.

The IPv6 configuration which results on the computers with IPv6 enabled is peculiar. I can see the address handed out by the DHCP server, but there are other addresses which I don't recognize and don't make sense to me. There's also the linklocal address, but I know about that.

This is a snapshot of running ipconfig /all. The address from the DHCP server is circled in green (0000:0000:0000:00b0). But there's these other addresses which I don't understand. They use the same prefix as the DHCP server, but the suffix looks random (64 bits of random). This happens in Windows 7 and also Windows 11 (and presumably the versions inbetween?). The DHCP server doesn't report these extra addresses as leases.

What are these addresses, what are they for ? Where do they come from ? Is there any way I can get rid of them ?

Answer 1

These addresses have been configured through SLAAC (RFC4862) because your ICMPv6 Router Advertisements have the "Autonomous address configuration" flag set. For each advertised prefix that has this flag, the host will configure:

1. an address with a fixed suffix (interface ID), either using the traditional EUI64 scheme or RFC7217 hash-based scheme or something similar;

2. optionally, an address with a randomly-generated suffix, per the RFC4941 "Privacy Extensions" specification.

SLAAC is the primary address auto-configuration mechanism in IPv6 and works independently from DHCPv6 (indeed it predates DHCPv6 by a few years); some hosts don't support DHCPv6 at all and use SLAAC exclusively, while others will use both at the same time if your network has both available.

The router or the DHCP server won't report these addresses as leases because they're not leased at all; they're generated independently by the host from just the network prefix (with duplicate detection), hence the 'Stateless' in the name.

When "Privacy Extensions" are enabled, the host will use the temporary address for outgoing connections and will rotate it every ~10 hours or so, in order to make client tracking slightly more difficult. The temporary addresses can be disabled through netsh on Windows.

To prevent automatic configuration of the non-temporary address, disable the "Autonomous" flag in your Router Advertisements. (It'll break IPv6 connectivity for devices that aren't capable of DHCPv6 – e.g. Android still refuses to implement it this day.)