What is SLAAC and How Does It Work?

Introduction

Stateless Address Autoconfiguration (SLAAC) is one of IPv6's most significant innovations, enabling devices to automatically configure their own globally routable IP addresses without requiring centralized servers or manual intervention. Defined in RFC 4862 (published September 2007), SLAAC fundamentally changes how networks handle address assignment, making IPv6 deployment simpler and more scalable than its IPv4 predecessor.

Unlike IPv4's mandatory dependency on DHCP servers for automatic addressing, SLAAC allows hosts to generate their own addresses using locally available information combined with network prefix announcements from routers. This "stateless" approach means no server needs to maintain records of which addresses are assigned to which devices—a crucial advantage for large-scale deployments and Internet of Things (IoT) scenarios.

What is SLAAC?

SLAAC (Stateless Address Autoconfiguration) is a mechanism defined in RFC 4862 that enables each host on an IPv6 network to automatically configure a unique address without requiring:

Manual configuration of host addresses
Centralized DHCP servers maintaining state tables
Complex network infrastructure for address management

The protocol operates at the network layer using ICMPv6 messages and requires minimal router configuration. SLAAC addresses the autoconfiguration needs of both link-local communication and global Internet connectivity.

Key Components

An IPv6 address configured via SLAAC consists of two parts:

Network Prefix (64 bits): Advertised by routers, identifies the network/subnet
Interface Identifier (64 bits): Generated by the host, uniquely identifies the device on that network

This 64/64 split is fundamental to SLAAC's operation and represents a significant departure from IPv4's variable-length subnet masks.

How SLAAC Works: The Autoconfiguration Process

SLAAC operates through a five-step process involving ICMPv6 messages exchanged between hosts and routers:

Step 1: Link-Local Address Generation

When an IPv6 interface initializes, the host first generates a link-local address—a special address valid only on the local network segment. The link-local address format is:

fe80::/10 + 54 zero bits + 64-bit Interface Identifier

Example: fe80::21a:c2ff:fe49:7890

Link-local addresses enable local communication before any router involvement and serve as the foundation for the remaining autoconfiguration steps.

Step 2: Duplicate Address Detection (DAD)

Before assigning the link-local address to its interface, the host must verify the address is unique on the local link. The Duplicate Address Detection (DAD) process works as follows:

Host sends an ICMPv6 Neighbor Solicitation (NS) message to the newly generated address
The message asks "Is anyone using this address?"
If another node responds with a Neighbor Advertisement, the address is a duplicate and the process fails
If no response arrives after a timeout period, the address is unique and assigned to the interface

DAD operates similarly to IPv4's Gratuitous ARP but is built into the IPv6 specification from the ground up.

Step 3: Router Solicitation (RS)

With a valid link-local address configured, the host needs to discover routers and learn the network prefix for generating a global unicast address. The host sends an ICMPv6 Router Solicitation (RS) message:

Destination: ff02::2 (all-routers multicast address)
Source: Host's link-local address
Purpose: Request prefix information from routers

This proactive discovery allows hosts to configure addresses immediately upon network connection rather than waiting for periodic router announcements.

Step 4: Router Advertisement (RA)

Routers respond to RS messages (or send periodic unsolicited announcements) with ICMPv6 Router Advertisement (RA) messages:

Destination: ff02::1 (all-nodes multicast address)
Source: Router's link-local address
Contents: Network prefix(es), prefix length, router lifetime, flags, MTU, and other parameters

Router Advertisement messages are the heart of SLAAC. They contain critical information including:

Prefix Information: The /64 network prefix to use for address generation
A-flag (Autonomous): When set, instructs hosts to perform SLAAC
M-flag (Managed): When set, tells hosts to use stateful DHCPv6 for address assignment
O-flag (Other): When set, indicates DHCPv6 can provide additional configuration (DNS, NTP, etc.)
Router Lifetime: How long this router should be used as a default gateway

Routers typically send unsolicited RAs every 200 seconds, ensuring new devices and network changes are quickly accommodated.

Step 5: Global Address Configuration

Upon receiving the Router Advertisement, the host combines the advertised prefix with its interface identifier to create a globally routable IPv6 address:

Global Address = [64-bit Network Prefix from RA] + [64-bit Interface Identifier]

The host also:

Sets the router's link-local address as its default gateway
Configures the prefix length (typically /64)
Starts using the address for global communication

A second DAD procedure may be performed on the global address to ensure uniqueness.

Generating Interface Identifiers: EUI-64

The traditional method for generating the 64-bit interface identifier is the EUI-64 (Extended Unique Identifier-64) process, which derives the identifier from the device's 48-bit MAC address:

EUI-64 Conversion Process

Input: 48-bit MAC address (e.g., 00:1a:c2:49:78:90)

Step 1: Split the MAC Address

First 24 bits: Organizationally Unique Identifier (OUI) = 00:1a:c2
Last 24 bits: Device identifier = 49:78:90

Step 2: Insert FFFE in the Middle

Place the hexadecimal value FF:FE between the two halves
Result: 00:1a:c2:FF:FE:49:78:90

Step 3: Flip the Universal/Local (U/L) Bit

Convert the first byte to binary: 00000000
Flip bit 7 (the 7th bit from the left): 00000010
Convert back to hex: 02
Final interface identifier: 021a:c2ff:fe49:7890

Complete IPv6 Address Example:

Prefix: 2001:db8:1234:5678::/64
Interface ID: 021a:c2ff:fe49:7890
Full Address: 2001:db8:1234:5678:021a:c2ff:fe49:7890

Why Flip the U/L Bit?

The universal/local bit indicates whether the MAC address is globally unique (assigned by IEEE) or locally administered. Flipping this bit from 0 to 1 signals that the address has been modified and is now being used in a different context (IPv6 interface identifier vs. Ethernet MAC).

Privacy Extensions: Temporary Addresses

The EUI-64 method has a significant privacy drawback: the interface identifier remains constant across all networks and never changes. This enables tracking of devices as they move between networks—a major privacy concern initially outlined in RFC 3041 (2001) and refined in RFC 4941 (2007), now obsoleted by RFC 8981 (2021).

The Privacy Problem

Since the MAC address is embedded in the IPv6 address, observers can:

Track a device's location as it moves between networks
Correlate activity across different websites and services
Identify individual users regardless of network changes

This persistent identifier undermines user privacy in a way that IPv4's frequently-changing DHCP addresses do not.

RFC 8981: Temporary Address Extensions

Privacy extensions solve this problem by generating randomized interface identifiers that change periodically. Modern operating systems implement RFC 8981, which specifies:

Temporary Address Characteristics:

Interface identifiers are cryptographically random (not based on MAC addresses)
Addresses have limited lifetimes: preferred (default 1 day) and valid (default 2 days)
New temporary addresses are generated before old ones expire
Multiple addresses coexist during transition periods

Dual Address Operation: Devices using privacy extensions maintain two global addresses simultaneously:

Stable address (EUI-64 or RFC 7217): Used for receiving incoming connections, persistent server identity
Temporary address: Used for outgoing connections, changes regularly for privacy

Applications automatically select the appropriate address based on connection direction and privacy preferences.

RFC 7217: Stable Privacy Addresses

RFC 7217 (2014) provides a middle ground between EUI-64's persistence and temporary addresses' instability. It generates stable interface identifiers using a hash function:

Interface_ID = Hash(Prefix || Interface || Network_ID || Secret)

This approach provides:

Stable addresses within each network (consistent address per SSID)
Different addresses across networks (enhancing privacy)
No MAC address exposure
Predictable addressing for network troubleshooting

Many modern operating systems now default to RFC 7217 instead of EUI-64 for SLAAC addresses.

SLAAC vs DHCPv6: Comparison

IPv6 offers two primary addressing methods: SLAAC and DHCPv6 (Dynamic Host Configuration Protocol for IPv6). Understanding when to use each is critical for network design.

SLAAC Advantages

Simplicity: No server infrastructure required—routers simply announce prefixes Scalability: Handles unlimited devices without server capacity constraints Resilience: No single point of failure; multiple routers can provide redundancy Zero-touch deployment: Devices self-configure immediately upon connection IoT-friendly: Minimal overhead suitable for resource-constrained devices Android compatibility: Android devices exclusively support SLAAC (no DHCPv6 support)

SLAAC Limitations

Limited configuration options: Cannot natively provide DNS servers, NTP servers, domain names Reduced control: Administrators cannot enforce specific address assignments Audit challenges: No centralized logs of which device has which address Prefix dependency: All configuration derives from router advertisements DNS configuration gap: Requires additional mechanisms (RDNSS/DNSSL options in RAs, or stateless DHCPv6)

DHCPv6 Advantages

Centralized control: Administrators can assign specific addresses to specific devices Rich configuration: Provides DNS, NTP, SIP servers, domain search lists, and more Audit trail: Server logs record address assignments with timestamps Flexible addressing: Supports custom address schemes beyond SLAAC's algorithmic generation Stateful tracking: Useful for compliance and security monitoring

DHCPv6 Limitations

Infrastructure requirement: Requires DHCPv6 server deployment and maintenance Complexity: More configuration and troubleshooting overhead Scalability concerns: Server capacity limits number of clients Android incompatibility: Android devices do not support DHCPv6 Single point of failure: Server downtime disrupts address assignment

Hybrid Approaches

Most modern networks combine SLAAC and DHCPv6 in hybrid configurations:

SLAAC + Stateless DHCPv6:

Addresses assigned via SLAAC (M-flag = 0, A-flag = 1)
Additional configuration (DNS, etc.) via DHCPv6 (O-flag = 1)
Best of both worlds: simple addressing with rich configuration

SLAAC + RDNSS/DNSSL:

Router Advertisements include DNS server addresses (RFC 8106)
No DHCPv6 required
Works with all clients including Android

DHCPv6 for servers, SLAAC for clients:

Critical infrastructure uses DHCPv6 for predictable addresses
End-user devices use SLAAC for simplicity

Practical Deployment Scenarios

Home Networks

Typical configuration: Pure SLAAC with RDNSS

Router performs SLAAC using ISP-provided /64 or /56 prefix
DNS servers provided via RA RDNSS option
Privacy extensions enabled by default on end devices
Zero configuration required for new devices

Enterprise Networks

Typical configuration: SLAAC + Stateless DHCPv6

SLAAC provides addresses (A-flag = 1, M-flag = 0, O-flag = 1)
DHCPv6 provides DNS, NTP, domain search lists
Servers and infrastructure use static addresses or DHCPv6 reservations
Privacy extensions often disabled on corporate devices for audit purposes

IoT Deployments

Typical configuration: Pure SLAAC

Minimal overhead suits resource-constrained devices
Massive scalability without server bottlenecks
Each device self-configures upon power-on
EUI-64 addresses enable device tracking within infrastructure

Public WiFi / Guest Networks

Typical configuration: SLAAC with privacy extensions

Quick onboarding without DHCP server load
Privacy extensions protect user tracking between sessions
Short prefix lifetimes allow rapid renumbering
DNS via RDNSS avoids DHCPv6 complexity

Testing Your IPv6 Configuration

Want to verify your device is using SLAAC correctly? Visit test-ipv6.run, a comprehensive IPv6 connectivity testing tool that:

Detects whether your device has IPv6 connectivity
Tests both IPv4-only and IPv6-only connections
Evaluates dual-stack behavior (sites with both A and AAAA records)
Measures IPv4 vs IPv6 latency
Identifies broken IPv6 configurations (addresses assigned but non-functional)
Provides a readiness score for IPv6 deployment

The test results can reveal whether SLAAC has successfully configured your device, whether privacy extensions are active (check if your address contains recognizable MAC address patterns), and whether your IPv6 connection performs well compared to IPv4.

Advantages of SLAAC

Plug-and-Play Networking: Devices obtain working addresses within seconds of connection, no configuration required

Infrastructure Simplification: Eliminates DHCP server deployment, maintenance, capacity planning, and failover complexity

Improved Resilience: Distributed architecture with no single point of failure; any router can provide autoconfiguration

Massive Scalability: No server bottleneck limits address assignment; supports millions of devices on large networks

Lower Latency: No client-server negotiation delay; addressing happens immediately using local information

Reduced Attack Surface: No DHCP server to compromise; stateless operation limits security vulnerabilities

Limitations and Considerations

Configuration Constraints: SLAAC alone cannot provide DNS servers, domain names, NTP servers, or other advanced configuration (requires RDNSS/DNSSL RA options or stateless DHCPv6)

Address Assignment Control: Administrators cannot enforce specific address assignments or create reservations as with DHCP

Audit and Compliance: No centralized logging of address assignments makes it difficult to correlate addresses with users/devices at specific times

Privacy Trade-offs: EUI-64 addresses enable persistent device tracking; privacy extensions complicate network troubleshooting

Router Dependency: All configuration derives from RAs; misconfigured or absent routers break autoconfiguration

Address Stability: Temporary addresses change frequently, complicating whitelisting, firewall rules, and long-lived connections

Security Considerations

Rogue Router Advertisements

Malicious devices can send fake RAs to:

Redirect traffic through attacker-controlled gateways
Cause denial-of-service by advertising invalid prefixes
Enable man-in-the-middle attacks

Mitigation: RA Guard (RFC 6105) on switches blocks Router Advertisements from unauthorized ports, preventing rogue router attacks.

Neighbor Discovery Attacks

ICMPv6 Neighbor Discovery (used by SLAAC) is vulnerable to:

Neighbor cache exhaustion
Address spoofing
Duplicate Address Detection DoS

Mitigation: SEND (Secure Neighbor Discovery, RFC 3971) cryptographically secures ND messages but is rarely deployed due to complexity.

Privacy Implications

SLAAC addresses can reveal:

Device manufacturer (via OUI in EUI-64 addresses)
Device movement and correlation across networks
User behavior patterns

Mitigation: Enable privacy extensions (RFC 8981) by default on end-user devices; use RFC 7217 stable privacy addresses for balance.

Conclusion

SLAAC represents a fundamental architectural shift in network address assignment, embracing decentralization and self-configuration over centralized control. By eliminating the DHCP server bottleneck and enabling truly plug-and-play networking, SLAAC makes IPv6 deployment practical at scales impossible with IPv4.

The evolution from EUI-64's simplicity through RFC 4941's privacy extensions to RFC 8981's modern temporary addressing demonstrates the protocol's maturity and responsiveness to real-world deployment experience. Today's hybrid approaches—combining SLAAC's simplicity with DHCPv6's configuration richness—offer network architects flexible tools for diverse deployment scenarios.

For most networks, SLAAC forms the foundation of IPv6 addressing, supplemented by additional mechanisms (RDNSS, stateless DHCPv6) only when needed. Understanding SLAAC's operation, benefits, and limitations is essential for anyone deploying or managing modern IPv6 networks.

Test your own IPv6 connectivity and SLAAC configuration at test-ipv6.run to verify your network is configured correctly and achieving optimal IPv6 performance.