WAN and LAN Addressing Using DHCPv6 IA_NA and DHCPv6 Prefix Delegation

 

Using DHCPv6 IA_NA with DHCPv6 Prefix Delegation Overview

You can use DHCPv6 IA_NA to assign a global IPv6 address to the CPE WAN link and DHCPv6 prefix delegation to provide prefixes for use on the subscriber LAN. DHCPv6 IA_NA and DHCPv6 prefix delegation are done in a single DHCPv6 session. If the CPE sends both the IA_NA and IA_PD options in the same DHCPv6 Solicit message, the BNG returns both a single IPv6/128 address and an IPv6 prefix.

When at least one address is successfully allocated, the router creates a subscriber entry and binds the entry to the assigned address. If both addresses are successfully allocated, the router creates a single subscriber entry and binds both addresses to that entry.

Lease Times and Session Timeouts for DHCPv6 IA_NA and DHCPv6 Prefix Delegation

When you use DHCPv6 IA_NA together with DHCPv6 prefix delegation, note the following about session timeouts and lease times:

  • A session timeout from AAA has the highest precedence and overrides local pool lease times.

  • For DHCPv6 local server, the minimum lease time associated with an address pool takes precedence over pools with longer lease times. For example, if a CPE obtains an IA_NA address from a pool with a lease time of 3600, and a prefix from a pool with a lease time of 7200, the lease time returned in the Reply message from the BNG is 3600.

  • If AAA does not return a session timeout and the address pool does not have a configured lease time, the default setting of 86,400 (one day) is used.

Behavior When CPE Sends Separate Renew Requests for IA_NA and IA_PD Address Types

In some networks, the DHCPv6 client CPE device does both of the following:

  • Initiates negotiation for both the IA_NA and IA_PD address types in a single solicit message.

  • Sends separate lease renew requests for the IA_NA and the IA_PD and the renew requests are received back-to-back.

Starting in Junos OS Release 17.2R3, 17.4R2, 18.1R3, and 18.3R1, the jdhcpd process extends the lease for both address types in this situation.

  1. When the reply is received for the first renew request, if a renew request is pending for the second address type, the client stays in the renewing state, the lease is extended for the first IA, and the client entry is updated.

  2. When the reply is received for the second renew request, the lease is extended for the second IA and the client entry is updated again.

In earlier releases, the behavior is different for this situation:

  1. The client transitions to the bound state instead of staying in the renewing state. The lease is extended for the first IA and the client entry is updated.

  2. When the reply is received for the second renew request, the lease is not renewed for the second address type and the reply is forwarded to the client. Consequently, when that lease ages out, the binding for that address type is cleared, the access route is removed, and subsequent traffic is dropped for that address or address prefix.

DHCPv6 Options in a DHCPv6 Multiple Address Environment

In a DHCPv6 environment, DHCPv6 clients can use a single DHCPv6 Solicit message to request multiple addresses (for example, IA_NA address, IA_PD address, or both), as well as the DNS server address (DHCPv6 attribute 23). When a client requests multiple addresses, DHCPv6 uses the following guidelines to determine how options are returned to the client.

  • DNS server address—Whenever a client requests an IA_PD address (either alone or with an IA_NA address) and also requests a DNS server address, DHCPv6 returns a DNS address only when one is specified in the IA_PD pool. If the IA_PD pool does not include a DNS address, DHCPv6 ignores any DNS address configured in the IA_NA pool.

    If the client requests an IA_NA address (but not an IA_PD address) and also a DNS server address, DHCPv6 returns a DNS address if one is configured in the IA_NA pool.

  • Lease time—DHCPv6 returns the shortest value of the lease times configured in the IA_NA pool, the IA_PD pool, and authd. DHCPv6 uses this value to set the lifetimes and the Renew and Rebind timers.

Note

By default, DHCPv6 local server returns the DNS server address as a global DHCPv6 option. You can override the current default behavior if you want DHCPv6 to return the DNS server address at the suboption level.

Methods for Obtaining Addresses for Both DHCPv6 Prefix Delegation and DHCPv6 IA_NA

You can set up the BNG to select global IPv6 addresses to be delegated to the requesting router in one the following ways:

  • An external source such as a AAA RADIUS server or a DHCP server using the DHCPv6 relay agent.

  • Dynamic assignment from a local pool of prefixes or global IPv6 addresses that is configured on the BNG

Address assignment for prefix delegation and IA_NA are independent. For example, you can use AAA RADIUS for DHCPv6 IA_NA, and use a local pool for prefix delegation.

Address Pools for DHCPv6 Prefix Delegation and DHCPv6 IA_NA

You need two separate address pools for prefix delegation and IA_NA. The pool used for IA_NA contains /128 addresses, and the pool for prefix delegation contains /56 or /48 addresses.

You can specify the name of a delegated pool to use for prefix delegation, which means that you do not need to use AAA to obtain the pool name. In this configuration, if you have also specified a pool match order, the specified delegated pool takes precedence.

You can configure pool attributes so that the IA_NA pool and the prefix delegation pool can specify different SIP servers for DNS addresses. DHCPv6 options that the BNG returns to the CPE are based on the pool from which the addresses were allocated. These options that are returned are based on the DHCPv6 Option Request option (ORO), which can be configured globally or within the IA_NA and IA_PD request.

Using a AAA RADIUS Server to Obtain IPv6 Addresses and Prefixes

When the BNG needs to obtain a global IPv6 address for the CPE WAN link and a DHCPv6 prefix, it uses the values in one of the following RADIUS attributes:

  • Framed-IPv6-Prefix—The attribute contains a global IPv6 address and a prefix. A prefix length of 128 is associated with the global IPv6 address. Prefix lengths less than 128 are associated with prefixes.

  • Framed-IPv6-Pool—The attribute contains the name of an address-assignment pool configured on the BNG, from which the BNG can select a global IPv6 address or an IPv6 prefix to send to the CPE.

Both attributes are sent from the RADIUS server to the BNG in RADIUS Access-Accept messages.

Junos OS Predefined Variable for Multiple DHCPv6 Address Assignment

To configure dynamic DHCPv6 address assignment for both DHCPv6 IA_NA and DHCPv6 prefix delegation, use the $junos-subscriber-ipv6-multi-address predefined variable In your dynamic profile. You use this variable in place of the $junos-subscriber-ipv6-address variable, which supports a single IPv6 address or prefix. The $junos-subscriber-ipv6-multi-address variable is applied as a demultiplexing source address, and is expanded to include both the host and prefix addresses.

You include the $junos-subscriber-ipv6-multi-address variable at the [edit dynamic-profile profile-name interfaces interface-name unit logical-unit-number family inet6 demux-source] hierarchy level.

Multiple DHCPv6 IA_NA and IA_PD Requests per Client Interface

DHCPv6 relay agent supports multiple IA_NA and IA_PD requests within a single DHCPv6 Solicit message. The requests can be any combination of IA_NA and IA_PD addresses, up to a maximum of eight requests. As part of the multiple IA request support, each address lease is assigned its own lease time expiration, independent of the other leases. The use of independent lease timers ensures that when one lease is torn down, the other active leases are maintained. You can use the show dhcpv6 relay binding and show dhcpv6 relay binding detail commands to display the status of the individual lease times.

The DHCPv6 support for multiple IA requests enables you to use prefix delegation to designate blocks of addresses, as described in RFC 3633, IPv6 Prefix Options for DHCPv6. For example, you might want to delegate multiple address blocks to a customer premises equipment (CPE) router as a means to simplify flow classification and service monetization in your IPv6 environment.

Example: Configuring a Dual Stack That Uses DHCPv6 IA_NA and DHCPv6 Prefix Delegation over PPPoE

Requirements

This example uses the following hardware and software components:

  • MX Series 5G Universal Routing Platform

  • Junos OS Release 11.4 or later

Overview

This design uses DHCPv6 IA_NA and DHCPv6 prefix delegation in your subscriber access network as follows:

  • The access network is PPPoE.

  • DHCPv6 IA_NA is used to assign a global IPv6 address on the WAN link. The address comes from a local pool that is specified using AAA RADIUS.

  • DHCPv6 prefix delegation is used for subscriber LAN addressing. It used a delegated prefix from a local pool that is specified using AAA RADIUS.

  • DHCPv4 is used for subscriber LAN addressing.

  • DHCPv6 subscriber sessions are layered over an underlying PPPoE subscriber session.

Topology

Figure 1: PPPoE Subscriber Access Network with DHCPv6 IA_NA and DHCPv6 Prefix Delegation
PPPoE Subscriber Access Network with DHCPv6 IA_NA and
DHCPv6 Prefix Delegation

Table 1 describes the configuration components used in this example.

Table 1: Configuration Components Used in Dual Stack with DHCPv6 IA_NA and DHCPv6 Prefix Delegation

Configuration Component

Component Name

Purpose

Dynamic Profile

pppoe-subscriber-profile

Profile that creates a PPPoE logical interface when the subscriber logs in.

Interfaces

ge-0/2/5

Interface used for communication with the RADIUS server.

ge-0/3/0

Underlying Ethernet interface.

demux0

VLAN demux interface that runs over the underlying Ethernet interface.

lo0

Loopback interface for use in the access network. The loopback interface is automatically used for unnumbered interfaces.

Address-Assignment Pools

pool v4-pool

Pool that provides IPv4 addresses for the subscriber LAN.

pool v6-ia-na-pool

Pool that provides a global IPv6 address to the CPE WAN link.

pool v6-pd-pool

Pool that provides a pool of prefixes that are delegated to the CPE and used for assigning IPv6 global addresses on the subscriber LAN.

Configuration

CLI Quick Configuration

The following is the complete configuration for this example:

Configuring a DHCPv6 Local Server for DHCPv6 over PPPoE

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To layer DHCPv6 above the PPPoE IPv6 family (inet6), associate DHCPv6 with the PPPoE interfaces by adding the PPPoE interfaces to the DHCPv6 local server configuration. Because this example uses a dynamic PPPoE interface, we are using the pp0.0 (PPPoE) logical interface as a wildcard to indicate that a DHCPv6 binding can be made on top of a PPPoE interface.

To configure a DHCPv6 local server:

  1. Access the DHCPv6 local server configuration.
  2. Create a group for dynamic PPPoE interfaces and assign a name.

    The group feature groups a set of interfaces and then applies a common DHCP configuration to the named interface group.

  3. Add an interface for dynamic PPPoE logical interfaces.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring a Dynamic Profile for the PPPoE Logical Interface

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

Create a dynamic profile for the PPPoE logical interface. This dynamic profile supports both IPv4 and IPv6 sessions on the same logical interface.

To configure the dynamic profile:

  1. Create and name the dynamic profile.
  2. Add a routing instance to the profile.
  3. Configure a PPPoE logical interface (pp0) that is used to create logical PPPoE interfaces for the IPv4 and IPv6 subscribers.
  4. Specify $junos-interface-unit as the predefined variable to represent the logical unit number for the pp0 interface. The variable is dynamically replaced with the actual unit number supplied by the network when the subscriber logs in.
  5. Specify $junos-underlying-interface as the predefined variable to represent the name of the underlying Ethernet interface on which the router creates the dynamic PPPoE logical interface. The variable is dynamically replaced with the actual name of the underlying interface supplied by the network when the subscriber logs in.
  6. Configure the router to act as a PPPoE server when a PPPoE logical interface is dynamically created.
  7. Configure the IPv4 family for the pp0 interface. Specify the unnumbered address to dynamically create loopback interfaces. Because the example uses routing instances, assign the predefined variable $junos-loopback-interface.
  8. Configure the IPv6 family for the pp0 interface. Specify the unnumbered address to dynamically create loopback interfaces. Because the example uses routing instances without router advertisement, assign the predefined variable $junos-loopback-interface.
  9. Configure one or more PPP authentication protocols for the pp0 interface.
  10. Enable keepalives and set an interval for keepalives. We recommend an interval of 30 seconds.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring a Loopback Interface

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure a loopback interface:

  1. Create the loopback interface and specify a unit number.
  2. Configure the interface for IPv4.
  3. Configure the interface for IPv6.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring a VLAN Demux Interface over an Ethernet Underlying Interface

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure a VLAN demux interface over an Ethernet underlying interface:

  1. Configure the underlying Ethernet interface.
  2. Create the VLAN demux interface, and specify a unit number.
  3. Configure the VLAN tags.
  4. Specify the underlying Ethernet interface.
  5. Specify the dynamic profile.
  6. Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on the same VLAN interface.
  7. (Optional) Specify that you want the demux interface to use Proxy ARP.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring an Interface for Communication with RADIUS Server

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure the interface:

  1. Create the interface, specify a unit number, and configure the address.
  2. Configure the interface for IPv4 and specify the address.
  3. Specify that Gigabit Ethernet options are not automatically negotiated.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Specifying the BNG IP Address

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Best Practice

We strongly recommend that you configure the BNG IP address, thereby avoiding unpredictable behavior if the interface address on a loopback interface changes.

Step-by-Step Procedure

To configure the IP address of the BNG:

  1. Access the routing-options configuration.
  2. Specify the IP address or the BNG.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring RADIUS Server Access

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure RADIUS servers:

  1. Create a RADIUS server configuration, and specify the address of the server.
  2. Configure the required secret (password) for the server. Secrets enclosed in quotation marks can contain spaces.
  3. Configure the source address that the BNG uses when it sends RADIUS requests to the RADIUS server.
  4. (Optional) Configure the number of times that the router attempts to contact a RADIUS accounting server. You can configure the router to retry from 1 through 16 times. The default setting is 3 retry attempts.
  5. (Optional) Configure the length of time that the local router or switch waits to receive a response from a RADIUS server. By default, the router or switch waits 3 seconds. You can configure the timeout to be from 1 through 90 seconds.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring RADIUS Server Access Profile

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

To configure a RADIUS server access profile:

  1. Create a RADIUS server access profile.
  2. Specify the order in which authentication methods are used.
  3. Specify the address of the RADIUS server used for authentication and the server used for accounting.
  4. Configure RADIUS accounting values for the access profile.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Configuring Local Address-Assignment Pools

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

Configure three address-assignment pools for DHCPv4, DHCPv6 IA_NA, and DHCPv6 prefix delegation.

To configure the address-assignment pools:

  1. Configure the address-assignment pool for DHCPv4.
  2. Configure the address-assignment pool for DHCPv6 IA_NA.
  3. Configure the address-assignment pool for DHCPv6 prefix delegation.
  4. (Optional) Enable duplicate prefix protection.

Results

From configuration mode, confirm your configuration by entering the show command.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying Active Subscriber Sessions

Purpose

Verify active subscriber sessions.

Action

From operational mode, enter the show subscribers summary command.

user@host>show subscribers summary

Meaning

The fields under Subscribers by State show the number of active subscribers.

The fields under Subscribers by Client Type show the number of active DHCP and PPPoE subscriber sessions.

Verifying Both IPv4 and IPv6 Address in Correct Routing Instance

Purpose

Verify that the subscriber has both an IPv4 and IPv6 address and is placed in the correct routing instance.

Action

From operational mode, enter the show subscribers command.

user@host>show subscribers

Meaning

The Interface field shows that two subscriber sessions are running on the same interface. The IP Address field shows that one session is assigned an IPv4 address, and the second session is assigned an IPv6 address by DHCPv6 IA_NA.

The LS:RI field shows that the subscriber is placed in the correct routing instance and that traffic can be sent and received.

Verifying Dynamic Subscriber Sessions

Purpose

Verify dynamic PPPoE and DHCPv6 subscriber sessions. In this example configuration the DHCPv6 subscriber session should be layered over the underlying PPPoE subscriber session.

Action

From operational mode, enter the show subscribers detail command.

user@host>show subscribers detail

Meaning

When a subscriber has logged in and started both an IPv4 and an IPv6 session, the output shows the active underlying PPPoE session and the active DHCPv6 session.

The Session ID field for the PPPoE session is 2. The Underlying Session ID for the DHCP session is 2, which shows that the PPPoE session is the underlying session.

Verifying DHCPv6 Address Pools Used for DHCPv6 Prefix Delegation

Purpose

Verify the delegated address pool used for DHCPv6 prefix delegation and the length of the IPv6 prefix that was delegated to the CPE.

Action

From operational mode, enter the show subscribers extensive command.

user@host>show subscribers extensive

Meaning

The IPv6 Delegated Address Pool field shows the name of the pool that DHCPv6 used to assign the IPv6 address for this subscriber session.

Verifying DHCPv6 Address Bindings

Purpose

Display the address bindings in the client table on the DHCPv6 local server.

Action

From operational mode, enter the show dhcpv6 server binding detail command.

user@host>show dhcpv6 server binding detail

Meaning

The Client IPv6 Address field shows the /128 address that was assigned to the CPE WAN link using DHCPv6 IA_NA.

The Client Pool Name field shows the name of the address pool that was used to assign the Client IPv6 Address.

Verifying PPP Options Negotiated with the Remote Peer

Purpose

Verify PPP options negotiated with the remote peer.

Action

From operational mode, enter the show ppp interface interface extensive command.

user@host>show ppp interface pp0.1073741825 extensive

Meaning

The output shows the PPP options that were negotiated with the remote peer.

Under IPCP, the Negotiated options field shows the IPv4 local and remote addresses that were negotiated by IPCP.

Under IPV6CP, the Negotiated options field shows the IPv6 local and remote interface identifier that were negotiated by IPv6CP.

Release History Table
Release
Description
Starting in Junos OS Release 17.2R3, 17.4R2, 18.1R3, and 18.3R1, the jdhcpd process extends the lease for both address types in this situation.