Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Dedicated Session Database and Vendor-Specific Attributes for DHCPv4 and DHCPv6 Subscribers Overview

    The Dynamic Host Configuration Protocol (DHCP) server can serve as a DHCP local server, a DHCP client, or a DHCP relay agent, for both DHCPv4 and DHCPv6 subscribers.

    Currently, some of the client (or client) parameters—for example, the DHCPv4 and DHCPv6 packet header—cannot be passed to and from the RADIUS server. From Junos OS Release 17.4 onward, enhancements are made to facilitate better communication between the DHCP servers (both DHCPv4 and DHCPv6) and the RADIUS server. The client parameters are saved in a session database and sent to the RADIUS server so that the RADIUS server authenticates the client and also respond with the options to be sent back to that client.

    Client Options

    The client options can be configured in multiple locations such as DHCPv4 or DHCPv6 servers, or in the RADIUS server. If the client configuration is available in multiple locations, a conflict can arise regarding the source of the configuration details. In case of such conflicts, the following order of preference is considered:

    • Options received from the RADIUS server through vendor-specific attributes (VSAs)
    • Options received from the RADIUS server through SDB_SERVER_DHCP_OPTIONS or SDB_SERVER_DHCPV6_OPTIONS
    • DHCP local configuration, which is present on the DHCP server

    As an example of the aforementioned preference, consider the case of DHCPv4 lease time. If the AUTHD_ATTR_SESSION_TIMEOUT option, which is a VSA stored in the RADIUS server, is returned from the RADIUS server, preference is given to it. If this option is not returned, preference is given to option 51 in SDB_SERVER_DHCP_OPTIONS for DHCPv4. If that option is also not returned, the configuration option is sourced from DHCP local configuration.

    Similarly, for DHCPv6 lease time, the first preference is given to the AUTHD_ATTR_SESSION_TIMEOUT option from the RADIUS server. If AUTHD_ATTR_SESSION_TIMEOUT is not present, the RADIUS-sourced option valid-lifetime or preferred-lifetime takes the precedence. If that is also not available then the option is sourced from the DHCPv6 local configuration.

    Exchange of DHCPv4 Client, DHCPv4 Server, and Radius-Sourced Options

    The following steps illustrate the process of exchange of configuration options between a DHCPv4 client (also known as client), a DHCPv4 server, and the RADIUS server:

    • A discover message is received from a DHCPv4 client to the DHCPv4 server.
    • DHCP option is saved to a session database.

      Prior to Junos OS Release 17.4R1, the same attribute was used to store both DHCPv4 and DHCPv6 options. However, with the support for single-session DHCP dual-stack, there are separate session database attributes for DHCPv4 and DHCPv6.

    • DHCP header information is saved in the session database.

      A new session database attribute, SDB_DHCP_HEADER, is added to store the header information, and this information is sent to the RADIUS server for authentication.

    • An access request message is sent from the DHCPv4 server and when an access accept message is received from the RADIUS server, the DHCPv4 options are saved to the SDB_SERVER_DHCP_OPTIONS session database attribute and sent to the client.
    • DHCPv4 server-specific options are added to the packet.

      Note: The DHCPv4 server can source both solicited and unsolicited from the local configuration. Thus, it is important to prevent duplication while the options are added.

    • DHCPv4 lease information is extracted from the RADIUS-sourced DHCP option 51.

      SDB_SERVER_DHCP_OPTION session database attribute is used to check whether option 51 (lease time) is sourced by RADIUS. If yes, then the attribute value is extracted and saved in the client data structure. If not sourced by RADIUS, the attribute value is taken from the local pool configuration or the DHCPv4 attribute configuration, which is an existing functionality. A similar check is performed for option 58 (renewal time (T1)) and option 59 (rebinding time (T2)).

    • An offer message is sent from the DHCPv4 server to DHCPv4 client.

    Table 1 illustrates the session database attributes added or changed for DHCPv4 flow:

    Table 1: Session Database Attributes for DHCPv4 Server

    Session Database Attribute

    Description

    SDB_DHCP_OPTIONS

    Already available. Used to store only the DHCPv4 option.

    SDB_SERVER_DHCP_OPTIONS

    Already available. Used for storing the DHCPv4 options sourced by the RADIUS server.

    SDB_DHCP_HEADER

    New session database attribute added to save the DHCPv4 header information.

    Exchange of DHCPv6 Client, DHCPv6 Server, and RADIUS-Sourced Options

    The following steps illustrate the process of exchange of configuration options between a DHCPv6 client (also known as client), a DHCPv6 server, and the RADIUS server:

    • A solicit message is received from a client (DHCPv6 client) to the DHCPv6 server.
    • DHCPv6 options are saved in the session database of DHCPv6 server.

      Prior to Junos OS Release 17.4R1, DHCPv6 options parameter was saved in SDB_DHCP_OPTIONS session database attribute. Because there is single-session DHCP dual-stack support now, there is need to have separate session database attributes for saving DHCPv4 and DHCPv6 options. If the client is part of a single-session dual-stack configuration, the DHCPv6 options session database attribute SDB_DHCPV6_OPTIONS is used. These DHCPv6 options are directly copied to the session database without any changes and sent to the RADIUS server.

      Note: DHCPv6 auth-option (option 11) is also part of these options.

    • DHCPv6 message header is saved to the session database.

      A new session database attribute SDB_DHCPV6_HEADER is added to copy the DHCPv6 message header.

    • An access request message is sent from the DHCPv6 server and receives an access accept message from the RADIUS server, which contains RADIUS-sourced DHCPv6 options that are stored in a new session database attribute SDB_SERVER_DHCPV6_OPTIONS.
    • DHCPv6 lease information is extracted from the RADIUS-sourced DHCPv6 option.

      In case of DHCPv6, the lease time is embedded within the OPTION_IA_NA and OPTION_IA_PD. Client lease time is started with these values from RADIUS Server. If the IA_ADDRESS or IA_PREFIX or IA_NA or IA_PD is not sourced by RADIUS, the same is taken from the local pool and delegated pool configuration.

    • DHCPV6 server specific options are added to the packet.

      Note: DHCPv6 server can source both solicited and unsolicited from the local configuration. Thus, it is important to prevent duplication while the options are added.

    • An advertise message is sent from the DHCPv6 server to the DHCPv6 client.

    Table 2 illustrates the session database attributes added or changed for DHCPv6 :

    Table 2: Session Database Attributes for DHCPv6 Server

    Session Database Attribute

    Description

    SDB_DHCPV6_OPTIONS

    New session database attribute added to store the client sourced DHCPv6 option from the incoming message.

    SDB_SERVER_DHCPV6_OPTIONS

    New session database attribute added to store the RADIUS-sourced DHCPv6 option.

    SDB_DHCPV6_HEADER

    New session database attribute added to save the DHCPv6 header information.

    Modified: 2017-11-30