Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Example: Configuring a Dual Stack That Uses NDRA over PPPoE

    This example shows a dual-stack configuration for a residential subscriber with a single PC. It uses NDRA to provide a prefix used to obtain a global IPv6 address for the PC.

    Requirements

    This example uses the following hardware and software components:

    • MX Series 3D Universal Edge Router
    • Junos OS Release 11.4 or later

    Overview

    This design uses NDRA in your subscriber access network as follows:

    • The access network is PPPoE.
    • NDRA is used to assign a global IPv6 address on the WAN link. The prefixes used in router advertisements come from a local pool that is specified by AAA RADIUS.

    Topology

    Figure 1: PPPoE Subscriber Access Network with NDRA

    PPPoE Subscriber Access Network with NDRA

    Table 1 describes the configuration components used in this example.

    Table 1: Configuration Components Used in Dual Stack with NDRA and DHCPv6 Prefix Delegation

    Configuration Component

    Component Name

    Purpose

    Dynamic profiles

    DS-dyn-ipv4v6-ndra

    Profile that creates a PPPoE logical interface when the subscriber logs in.

    Interfaces

    ge-3/3/0

    Underlying Ethernet interface.

    lo0

    Loopback interface for use in the access network. The loopback interface is automatically used for unnumbered interfaces.

    Address-assignment pools

    default-ipv4-pool-2

    Pool that provides IPv4 addresses for the subscriber LAN.

    ndra-2010

    Pool that provides IPv6 prefixes used in router advertisements. These prefixes are used to create a global IPv6 address that is assigned to the CPE WAN link.

    Configuration

    To configure this example, perform these tasks:

    CLI Quick Configuration

    The following is the complete configuration for this example:

    dynamic-profiles {DS-dyn-ipv4v6-ra {interfaces {pp0 {unit "$junos-interface-unit" {ppp-options {chap;pap;}pppoe-options {underlying-interface "$junos-underlying-interface";server;}keepalives interval 30;family inet {unnumbered-address lo0.0;}family inet6 {address $junos-ipv6-address;}}}}protocols {router-advertisement {interface "$junos-interface-name" {prefix $junos-ipv6-ndra-prefix;}}}}}
    system {services {dhcp-local-server {dhcpv6 {group DHCPv6-over-pppoe {interface pp0.0;}}}}}
    interfaces {ge-3/3/0 {unit 1004 {description "dynamic ipv4v6 dual stack, ndra, dhcpv6 pd";encapsulation ppp-over-ether;vlan-id 1004;pppoe-underlying-options {duplicate-protection;dynamic-profile DS-dyn-ipv4v6-ra;}}}lo0 {description "dynamic ipv4v6 dual stack, ndra, dhcpv6 pd";unit 0 {family inet {address 77.1.1.1/32 {primary;}}family inet6 {address 2030:0:0:0::1/64 {primary;}}}}}
    routing-options {router-id 10.0.0.0;}
    access {radius-server {10.9.0.9 {secret "$9$lXRv87GUHm5FYgF/CA1I"; ## SECRET-DATAtimeout 45;retry 4;source-address 10.0.0.1;}}profile Access-Profile {authentication-order radius;radius {authentication-server 10.9.0.9;accounting-server 10.9.0.9;}accounting {order [ radius none ];update-interval 120;statistics volume-time;}}address-assignment {pool default-ipv4-pool-2 {family inet {network 10.10.0.0/16;range r5 {low 10.10.0.1;high 10.10.250.250;}}}pool ndra-2010 {family inet6 {prefix 2010:0:0:0::/48;range L prefix-length 64;}}}address-protection;}

    Configuring a Dynamic Profile for the PPPoE Logical Interface

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    edit dynamic-profiles DS-dyn-ipv4v6-raedit interfaces pp0 unit $junos-interface-unitset family inet unnumbered-address lo0.0set family inet6 address $junos-ipv6-addressset pppoe-options underlying-interface "$junos-underlying-interface"set pppoe-options serverset ppp-options papset ppp-options chapset keepalives interval 30up 3 edit protocols router-advertisement edit interface $junos-interface-name set prefix $junos-ipv6-ndra-prefix

    Step-by-Step Procedure

    Create a dynamic profile for the PPPoE logical interface. This dynamic profile supports both IPv4 and IPv6 sessions on the same logical interface.

    To configure the dynamic profile:

    1. Create and name the dynamic profile.
      [edit]user@host# edit dynamic-profiles DS-dyn-ipv4v6-ra
    2. Configure a PPPoE logical interface (pp0) that is used to create logical PPPoE interfaces for the IPv4 and IPv6 subscribers.
      [edit dynamic-profiles DS-dyn-ipv4v6-ra]user@host# edit interfaces pp0
    3. Specify $junos-interface-unit as the predefined variable to represent the logical unit number for the pp0 interface. The variable is dynamically replaced with the actual unit number supplied by the network when the subscriber logs in.
      [edit dynamic-profiles DS-dyn-ipv4v6-ra interfaces pp0]user@host# edit unit $junos-interface-unit
    4. Specify $junos-underlying-interface as the predefined variable to represent the name of the underlying Ethernet interface on which the router creates the dynamic PPPoE logical interface. The variable is dynamically replaced with the actual name of the underlying interface supplied by the network when the subscriber logs in.
      [edit dynamic-profiles DS-dyn-ipv4v6-ra interfaces pp0 unit "$junos-interface-unit"]user@host# set pppoe-options underlying-interface $junos-underlying-interface
    5. Configure the router to act as a PPPoE server when a PPPoE logical interface is dynamically created.
      [edit dynamic-profiles DS-dyn-ipv4v6-ra interfaces pp0 unit "$junos-interface-unit"]user@host# set pppoe-options server
    6. Configure the IPv4 family for the pp0 interface. Specify the unnumbered address to dynamically create loopback interfaces.
      [edit dynamic-profiles DS-dyn-ipv4v6-ra interfaces pp0 unit "$junos-interface-unit"]user@host# set family inet unnumbered-address lo0.0
    7. Configure the IPv6 family for the pp0 interface. Because the example uses router advertisement, assign the predefined variable $junos-ipv6-address.
      [edit dynamic-profilesDS-dyn-ipv4v6-ra interfaces pp0 unit "$junos-interface-unit"]user@host# set family inet6 unnumbered-address $junos-ipv6-address
    8. Configure one or more PPP authentication protocols for the pp0 interface.
      [edit dynamic-profiles DS-dyn-ipv4v6-ra interfaces pp0 unit "$junos-interface-unit"]user@host# set ppp-options chap user@host# set ppp-options pap
    9. Enable keepalives and set an interval for keepalives. We recommend an interval of 30 seconds.
      [edit dynamic-profiles DS-dyn-ipv4v6-ra interfaces pp0 unit "$junos-interface-unit"]user@host# set keepalives interval 30
    10. Access the router advertisement configuration.
      [edit dynamic-profiles DS-dyn-ipv4v6-ra]user@host# edit protocols router-advertisement
    11. Specify the interface on which the NDRA configuration is applied.
      [edit dynamic-profiles DS-dyn-ipv4v6-ra protocols router-advertisement]user@host# edit interface $junos-interface-name
    12. Specify a prefix value contained in router advertisement messages sent to the CPE on interfaces created with this dynamic profile. If you specify the $junos-ipv6-ndra-prefix predefined variable, the actual value is obtained from a local pool or through AAA.
      [edit dynamic-profiles DS-dyn-ipv4v6-ra protocols router-advertisement interface "$junos-interface-name"]user@host# set prefix $junos-ipv6-ndra-prefix

    Results

    From configuration mode, confirm your configuration by entering the show command.

    [edit dynamic-profiles DS-dyn-ipv4v6-ra]user@host# show
    interfaces {pp0 {unit "$junos-interface-unit" {ppp-options {chap;pap;}pppoe-options {underlying-interface "$junos-underlying-interface";server;}keepalives interval 30;family inet {unnumbered-address lo0.0;}family inet6 {address $junos-ipv6-address;}}}}protocols {router-advertisement {interface "$junos-interface-name" {prefix $junos-ipv6-ndra-prefix;}}}

    If you are done configuring the device, enter commit from configuration mode.

    Configuring a Loopback Interface

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    edit interfaces lo0 unit 0set family inet address 77.1.1.1/32 primaryset family inet6 address 2030:0:0:0::1/64 primary

    Step-by-Step Procedure

    To configure a loopback interface:

    1. Create the loopback interface and specify a unit number.
      [edit]user@host# edit interfaces lo0 unit 0
    2. Configure the interface for IPv4.
      [edit interfaces lo0 unit 0]user@host# set family inet address 77.1.1.1/32 primary
    3. Configure the interface for IPv6.
      [edit interfaces lo0 unit 0]user@host# set family inet6 address 2030:0:0:0::1/64 primary

    Results

    From configuration mode, confirm your configuration by entering the show command.

    [edit interfaces lo0]user@host# show
    unit 0 {family inet {address 77.1.1.1/32 {primary;}}family inet6 {address 2030:0:0:0::1/64 {primary;}}}

    If you are done configuring the device, enter commit from configuration mode.

    Configuring a Static Underlying Ethernet Interface for Dynamic PPPoE Subscriber Interfaces

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    edit interfaces ge-3/3/0 unit 1004set description "dynamic ipv4v6 dual stack, ndra, dhcpv6 pd"set encapsulation ppp-over-etherset vlan-id 1004set pppoe-underlying-options duplicate-protectionset pppoe-underlying-options dynamic-profile DS-dyn-ipv4v6-ra

    Step-by-Step Procedure

    To configure the underlying Ethernet interface:

    1. Specify the name and logical unit number of the static underlying Ethernet interface to which you want to attach the IPv4 and IPv6 dynamic profile.
      [edit]user@host# edit interfaces ge-3/3/0 unit 1004
    2. Configure a description for the interface.
      [edit interfaces ge-3/3/0 unit 1004]user@host# set description "dynamic ipv4v6 dual stack, ndra, dhcpv6 pd”
    3. Configure PPPoE encapsulation on the underlying interface.
      [edit interfaces ge-3/3/0 unit 1004]user@host# set encapsulation ppp-over-ether
    4. Configure the VLAN ID.
      [edit interfaces ge-3/3/0 unit 1004]user@host# set vlan-id 1004
    5. Attach the dynamic profile to the underlying interface.
      [edit interfaces ge-3/3/0 unit 1004]user@host# set pppoe-underlying-options dynamic-profile DS-dyn-ipv4v6-ra
    6. (Optional) Prevent multiple PPPoE sessions from being created for the same PPPoE subscriber on the same VLAN interface.
      [edit interfaces ge-3/3/0 unit 1004]user@host# set pppoe-underlying-options duplicate-protection

    Results

    From configuration mode, confirm your configuration by entering the show command.

    [edit interfaces]user@host# show
    ge-3/3/0 {unit 1004 {description "dynamic ipv4v6 dual stack, ndra, dhcpv6 pd";encapsulation ppp-over-ether;vlan-id 1004;pppoe-underlying-options {duplicate-protection;dynamic-profile DS-dyn-ipv4v6-ra;}}}

    If you are done configuring the device, enter commit from configuration mode.

    Specifying the BNG IP Address

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    edit routing-options set router-id 10.0.0.0

    Best Practice: We strongly recommend that you configure the BNG IP address to avoid unpredictable behavior if the interface address on a loopback interface changes.

    Step-by-Step Procedure

    To configure the IP address of the BNG:

    1. Access the routing-options configuration.
      [edit]user@host# edit routing-options
    2. Specify the IP address or the BNG.
      [edit routing-options]user@host# set router-id 10.0.0.0

    Results

    From configuration mode, confirm your configuration by entering the show command.

    [edit routing-options]user@host# show router-id 10.0.0.0;

    If you are done configuring the device, enter commit from configuration mode.

    Configuring RADIUS Server Access

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    edit access radius-server 10.9.0.9set secret "$9$lXRv87GUHm5FYgF/CA1I"set timeout 45 set retry 4 set source-address 10.0.0.1

    Step-by-Step Procedure

    To configure RADIUS servers:

    1. Create a RADIUS server configuration, and specify the address of the server.
      [edit]user@host# edit access radius-server 10.9.0.9
    2. Configure the required secret (password) for the server. Secrets enclosed in quotation marks can contain spaces.
      [edit access radius-server 10.9.0.9]user@host# set secret "$9$lXRv87GUHm5FYgF/CA1I"
    3. Configure the source address that the BNG uses when it sends RADIUS requests to the RADIUS server.
      [edit access radius-server 10.9.0.9]user@host# set source address 10.0.0.1
    4. (Optional) Configure the number of times that the router attempts to contact a RADIUS accounting server. You can configure the router to retry from 1 through 16 times. The default setting is 3 retry attempts.
      [edit access radius-server 10.9.0.9]user@host# set retry 4
    5. (Optional) Configure the length of time that the local router or switch waits to receive a response from a RADIUS server. By default, the router or switch waits 3 seconds. You can configure the timeout to be from 1 through 90 seconds.
      [edit access radius-server 10.9.0.9]user@host# set timeout 45

    Results

    From configuration mode, confirm your configuration by entering the show command.

    [edit access]user@host# show
    radius-server {10.9.0.9 {secret "$9$lXRv87GUHm5FYgF/CA1I"; ## SECRET-DATAtimeout 45;retry 4;source-address 10.0.0.1;}}

    If you are done configuring the device, enter commit from configuration mode.

    Configuring RADIUS Server Access Profile

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    edit access profile Access-Profileset authentication-order radiusset radius authentication-server 10.9.0.9set radius accounting-server 10.9.0.9set accounting order radiusset accounting order noneset accounting update-interval 120set accounting statistics volume-time

    Step-by-Step Procedure

    To configure a RADIUS server access profile:

    1. Create a RADIUS server access profile.
      [edit]user@host# edit access profile Access-Profile
    2. Specify the order in which authentication methods are used.
      [edit access profile Access-Profile]user@host# set authentication-order radius
    3. Specify the address of the RADIUS server used for authentication and the server used for accounting.
      [edit access profile Access-Profile]user@host# set radius authentication-server 10.9.0.9user@host# set radius accounting-server 10.9.0.9
    4. Configure RADIUS accounting values for the access profile.
      [edit access profile Access-Profile]user@host# set accounting order [ radius none ]user@host# set accounting update-interval 120user@host# set accounting statistics volume-time

    Results

    From configuration mode, confirm your configuration by entering the show command.

    [edit access]user@host# show
    profile Access-Profile {authentication-order radius;radius {authentication-server 10.9.0.9;accounting-server 10.9.0.9;}accounting {order [ radius none ];update-interval 120;statistics volume-time;}}

    If you are done configuring the device, enter commit from configuration mode.

    Configuring Local Address-Assignment Pools

    CLI Quick Configuration

    To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

    edit accessset address-assignment pool default-ipv4-pool-2 family inet network 10.10.0.0/16set address-assignment pool default-ipv4-pool-2 family inet range r5 low 10.10.0.1set address-assignment pool default-ipv4-pool-2 family inet range r5 high 10.10.250.250set address-assignment pool ndra-2010 family inet6 prefix 2010:0:0:0::/48set address-assignment pool ndra-2010 family inet6 range L prefix-length 64set address-protection

    Step-by-Step Procedure

    Configure three address-assignment pools for DHCPv4, DHCPv6 prefix delegation, and NDRA.

    To configure the address-assignment pools:

    1. Configure the address-assignment pool for DHCPv4.
      [edit]user@host# edit access address-assignment pool default-ipv4-pool-2user@host# edit family inetuser@host# set network 10.10.0.0/16user@host# set range r5 low 10.10.0.1user@host# set range r5 high 10.10.250.250
    2. Configure the address-assignment pool for NDRA.
      [edit]user@host# edit access address-assignment pool ndra-2010user@host# edit family inet6user@host# set prefix 2010:0:0:0::/48user@host# set range L prefix-length 64
    3. (Optional) Enable duplicate prefix protection.
      [edit access]user@host# set address-protection

    Results

    From configuration mode, confirm your configuration by entering the show command.

    [edit access]user@host# show
    address-assignment {pool default-ipv4-pool-2 {family inet {network 10.10.0.0/16;range r5 {low 10.10.0.1;high 10.10.250.250;}}}pool ndra-2010 {family inet6 {prefix 2010:0:0:0::/48;range L prefix-length 64;}}}address-protection;

    If you are done configuring the device, enter commit from configuration mode.

    Verification

    Confirm that the configuration is working properly.

    Verifying Active Subscriber Sessions

    Purpose

    Verify active subscriber sessions.

    Action

    From operational mode, enter the show subscribers summary command.

    user@host>show subscribers summary
    Subscribers by State
   Active: 2
   Total: 2

Subscribers by Client Type
   DHCP: 1
   PPPoE: 1
   Total: 2

    Meaning

    The fields under Subscribers by State show the number of active subscribers.

    The fields under Subscribers by Client Type show the number of active DHCP and underlying PPPoE subscriber sessions.

    Verifying Both IPv4 and IPv6 Address in Correct Routing Instance

    Purpose

    Verify that the subscriber has both an IPv4 and IPv6 address and is placed in the correct routing instance.

    Action

    From operational mode, enter the show subscribers command.

    user@host>show subscribers
    Interface          IP Address/VLAN ID   User Name                LS:RI
pp0.1073741864     2.2.0.5              dual-stack-v4v6-pd  default:default
*                  2010:0:0:8::/64
pp0.1073741864     2040:2000:2000:5::/64                    default:default

    Meaning

    The Interface field shows that there are two subscriber sessions running on the same interface. The IP Address field shows that one session is assigned an IPv4 address, and one session is assigned on IPv6 address.

    The LS:RI field shows that the subscriber is placed in the correct routing instance and that traffic can be sent and received.

    Verifying Dynamic Subscriber Sessions

    Purpose

    Verify that the dynamic subscriber session is active and that the IPv6 prefix is obtained from the NDRA pool.

    Action

    From operational mode, enter the show subscribers detail command.

    user@host>show subscribers detail
    Type: PPPoE
User Name: dual-stack-v4v6-nas
IP Address: 2.2.0.4
IP Netmask: 255.255.0.0
IPv6 User Prefix: 2010:0:0:6::/64
Logical System: default
Routing Instance: default
Interface: pp0.1073741859
Interface type: Dynamic
Dynamic Profile Name: DS-dyn-ipv4v6-ra
MAC Address: 00:00:64:10:04:02
State: Active
Radius Accounting ID: 81
Session ID: 81
Login Time: 2012-01-17 14:19:41 PST

    Meaning

    The IPv6 User Prefix field shows the prefix that was obtained from the NDRA pool. The State field shows that the session is active.

    Verifying the NDRA Prefix Pool and Prefix Length

    Purpose

    Verify the pool used for NDRA and the prefix length used with the pool

    Action

    From operational mode, enter the show subscribers extensive command.

    user@host>show subscribers extensive
    Type: PPPoE
User Name: dual-stack-v4v6-nas
IP Address: 2.2.0.4
IP Netmask: 255.255.0.0
IPv6 User Prefix: 2010:0:0:6::/64
Logical System: default
Routing Instance: default
Interface: pp0.1073741859
Interface type: Dynamic
Dynamic Profile Name: DS-dyn-ipv4v6-ra
MAC Address: 00:00:64:10:04:02
State: Active
Radius Accounting ID: 81
Session ID: 81
Login Time: 2012-01-17 14:19:41 PST
IPv6 Delegated Address Pool: ndra-2010
IPv6 Delegated Network Prefix Length: 48
IPv6 Interface Address: 2010:0:0:6::1/64

    Meaning

    Under the PPPoE session, the IPv6 Delegated Address Pool field shows the name of the pool used for NDRA prefixes. The IPv6 Delegated Network Prefix Length field shows the length of the prefix used to assign the IPv6 address for this subscriber session. The IPv6 Interface Address field shows the IPv6 address assigned to the CPE interface from the NDRA pool.

    Verifying the Status of the PPPoE Logical Interface

    Purpose

    Display status information about the PPPoE logical interface (pp0).

    Action

    From operational mode, enter the show interfaces pp0.logical command.

    user@host>show interfaces pp0.1073741859
    Logical interface pp0.1073741859 (Index 388) (SNMP ifIndex 674)
    Flags: Point-To-Point SNMP-Traps 0x4000 Encapsulation: PPPoE
    PPPoE:
      State: SessionUp, Session ID: 10,
      Session AC name: almach, Remote MAC address: 00:00:64:10:04:02,
      Underlying interface: ge-3/3/0.1004 (Index 354)
    Bandwidth: 1000mbps
    Input packets : 15
    Output packets: 44
  Keepalive settings: Interval 30 seconds, Up-count 1, Down-count 3
  LCP state: Opened
  NCP state: inet: Opened, inet6: Opened, iso: Not-configured, mpls: Not-configured
  CHAP state: Closed
  PAP state: Success
    Protocol inet, MTU: 65531
      Flags: Sendbcast-pkt-to-re
      Addresses, Flags: Is-Primary
        Local: 77.1.1.1
    Protocol inet6, MTU: 65531
      Addresses, Flags: Is-Preferred Is-Primary
        Destination: 2010:0:0:6::/64, Local: 2010:0:0:6::1
        Local: fe80::2a0:a50f:fc63:a842

    Meaning

    The Local field under Protocol inet shows the IPv4 address of the pp0 interface. This is the IPv4 address configured for the loopback interface.

    The Destination field under Protocol inet6 shows the IPv6 address obtained through NDRA. This is the value of the $junos-ipv6-ndra-prefix variable configured in the dynamic profile.

    The Local field under Protocol inet6 shows the value of the $junos-ipv6-address variable configured for family inet6 in the pp0 configuration of the dynamic profile.

    Verifying Router Advertisements

    Purpose

    Verify that router advertisements are being sent and that router solicits are being received.

    Action

    From operational mode, enter the show ipv6 router-advertisement command.

    user@host>show ipv6 router-advertisement
    Interface: pp0.1073741859
  Advertisements sent: 3, last sent 00:09:53 ago
  Solicits received: 0
  Advertisements received: 0

    If you have a large number of subscriber interfaces, you can display router advertisements for a specific interface.

    user@host>show ipv6 router-advertisement interface pp0.1073741859
    Interface: pp0.1073741859
  Advertisements sent: 3, last sent 00:10:31 ago
  Solicits received: 0
  Advertisements received: 0

    Meaning

    The display shows the number of advertisements that the router sent, the number of solicits that the router received, and the number of advertisements that the router received.

     

    Related Documentation

     

    Published: 2013-07-09

    Previous Page Next Page