Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Duplicate IPv6 Prefix Detection in the AAA User Profile Database Overview

    You can configure AAA service to detect duplicates of both IP and IPv6 Neighbor Discovery router advertisement prefixes, Framed-IPv6-Prefixes, and DHCPv6 delegated prefixes by validating the prefixes against the AAA database instead of the IP route table. If AAA detects a non-unique IP address or IPv6 prefix, the corresponding subscriber session is terminated.

    In some network environments where the same customer logs in from multiple locations, terminating sessions with duplicate IP addresses and IPv6 prefixes might result in breaking subscriber setup. The enhanced duplicate prefix detection capability is disabled by default. Because the prefix is validated against the AAA table, enabling the enhanced prefix detection capability may impact performance.

    AAA maintains a new table for IPv6 prefixes and Framed-IP-Address information for subscribers. The AAA service checks for duplication of IP addresses and prefixes in this new table after PPP authorization. If a duplicate address or prefix is detected by AAA before a subscriber is granted access, the subscriber is denied access. However, in some cases, when two subscribers with the same IPv6 prefix log in simultaneously, the duplicate might be detected only after access is granted to both subscribers. AAA terminates the duplicate subscriber session immediately upon detecting the duplicate IPv6 prefix.

    The following scenarios can occur during the establishment of subscriber sessions:

    • When the RADIUS server assigns the same IPv6-NdRa-Prefix or Delegated-IPv6-Prefix to two subscribers, the second subscriber that contains the same prefix as the first subscriber is disconnected.
    • When the RADIUS server assigns the same Framed-IPv6-Prefix to two dual-stack subscribers, the second subscriber session is rejected.
    • When the RADIUS server assigns the same Framed-IP-Address and different IPv6 prefixes to two subscribers, the second subscriber session is terminated.

    Note: AAA cannot detect duplicates of overlapping IPv6 prefixes. Also, the aaa duplicate-prefix-check-extension command detects duplicate prefixes globally for all VRs and is not limited to detecting duplicates on a per-VR basis.

    Published: 2014-08-20