Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
DHCPv6 Local Address Pools for Allocation of IPv6 Prefixes Overview
In previous releases, you configured DHCPv6 local servers on a virtual router to delegate IPv6 prefixes to DHCPv6 clients. In this release, you can configure IPv6 local address pools to allocate IPv6 prefixes to clients in networks that use DHCPv6. These pools can be used to assign prefixes from a delegating router, which is an E Series router configured as a DHCPv6 local server, to the requesting router, which is the customer premises equipment (CPE) at the edge of the remote client site that acts as the DHCP client.
The DHCPv6 prefix delegation feature is useful in scenarios in which the delegating router does not have information about the topology of the networks in which the customer edge device or requesting router is located. In such cases, the delegating router requires only the identity of the requesting router to choose a prefix for delegation. An IPv6 local pool is configured on the delegating router, which contains information about the prefixes, their validity periods, and other parameters to control their assignment to the requesting routers. The delegating router is configured with a set of prefixes that is used to assign to a CPE or DHCPv6 client, when it first establishes a connection with an Internet service provider (ISP).
When the delegating router receives a request from a DHCPv6 client, it selects an available prefix and delegates it to the client. The DHCPv6 client subnets the delegated prefix and assigns the prefixes to links at the customer edge.
Keep the following points in mind when you configure IPv6 local address pools to assign prefixes to requesting routers:
- You must enable the IPv6 local address pool feature to be able to configure IPv6 local address pools.
- You can configure IPv6 local address pools for DHCP to allocate prefixes to client requests that are received over PPP or non-PPP links, such as VLAN, S-VLAN, or Ethernet.
- You can configure multiple local address pools on a single virtual router, up to a maximum of 500 pools per virtual router.
- You can also configure multiple address pools on multiple virtual routers. Each IPv6 local address pool must have a unique name.
- You can configure a valid and preferred lifetime for each IPv6 prefix, which determines the length of time the requesting router can use the prefix.
- You can configure multiple prefix ranges in an IPv6 local pool. The ranges can have the same or different assigned prefix lengths.
- You cannot configure overlapping prefix ranges in an IPv6 local pool. If you try to configure a prefix range that overlaps with an existing prefix range in the IPv6 local pool, an error message is displayed stating that the prefix range could not be configured. Similarly, an error message is displayed if you try to configure a prefix range in an IPv6 local pool that overlaps with a prefix range in another IPv6 local pool on the same virtual router.
- You can configure certain prefix ranges to be excluded from being used for delegation to the requesting router.
- You can configure the IPv6 addresses of a primary and secondary DNS server in an IPv6 local pool. The DNS server addresses are returned to the client in DHCPv6 responses as part of the DNS Recursive Name Server option.
- You can configure a list of up to four domain names in an IPv6 local pool to be used during the resolution of hostnames to IP addresses. These domain names are returned to clients in the DHCPv6 responses as part of the Domain Search List option.
- You can configure an IPv6 local address pool in an AAA domain map to assign prefixes to requesting DHCPv6 clients using the ipv6 prefix-pool-name command in Domain Map Configuration mode. If the authentication server returns the IPv6 local address pool name in the Framed-IPv6-Pool attribute of the RADIUS-Access-Accept message, this pool overrides the IPv6 local address pool configured in the domain map.
- You cannot delete a pool or a prefix range from which prefixes have been allocated to requesting routers or DHCPv6 clients. However, you can forcibly delete such a pool or prefix range by using the force keyword in the ipv6 local pool poolName and prefix commands. If a pool is deleted or the prefix range associated with the pool is deleted, and prefixes have been assigned to DHCPv6 clients or requesting routers, the corresponding DHCPv6 bindings are also deleted.
- When multiple prefix ranges are configured in a pool,
the DHCPv6 prefix delegation feature allocates prefixes from the configured
ranges in the order of the assigned prefix length. The delegating
router or the DHCv6 server attempts to allocate a prefix from the
range with lowest assigned prefix length. If this attempt fails because
the pool has been fully allocated, the server tries to allocate a
prefix from the subsequent prefix ranges. These ranges could have
the same prefix length as the first one or a higher length.
Note: Although you can configure an IPv6 local pool with the assigned prefix length as /128, which implies a full IPv6 address, this assignment is not useful for the DHCPv6 prefix delegation feature because it assigns a prefix with a length of only /64 or less. A pool with an assigned prefix length of /128 is useful when complete IPv6 addresses are assigned to the DHCPv6 clients.
When a PPP user establishes a PPP connection with the E Series router functioning as a remote access server, the subscriber is first authenticated using the RADIUS protocol. The Access-Accept message returned from the RADIUS server can contain different IPv6 attributes, including the Framed-IPv6-Pool attribute, which contains the name of the IPv6 pool from which a prefix needs to be assigned to the subscriber. The prefix is assigned to the subscriber using the DHCPv6 prefix delegation feature, which is covered in the next section.
DHCPv6 Prefix Delegation Example
Consider a scenario in which a number of devices on a home network are connected to a customer premises equipment, CPE1, which is the requesting router. CPE1 is connected using a PPP link to the provider edge device, PE1, which is an E Series router operating as the DHCPv6 server or delegating router. After the IPv6 link is formed between CPE1 and PE1 and the IPv6 link-local address is created, CPE1 requests and obtains prefixes that are shorter than /64 (usually of length, /48) from PE1.
CPE1 is connected to the home network. CPE1 divides the single delegated prefix that it received from PE1 into multiple /64 prefixes and assigns one /64 prefix to each of the links in the home network. The address allocation mechanism in the subscriber network can be performed using ICMPv6 neighbor discovery in router advertisements, DHCPv6, or a combination of these two methods.
When PE1 receives a request for prefix delegation from CPE1, PE1 assigns prefixes from the list of unallocated prefixes in the IPv6 local pool.
Order of Preference in Determining the Local Address Pool for Allocating Prefixes
You can configure multiple local address pools on a virtual router. When multiple pools are configured, the pool that is used to allocate the prefix to the requesting router is selected using the following order of preference: If a pool name is returned by the RADIUS server in the Framed-IPv6-Pool attribute, that pool is used to delegate the prefix to the client.
- If the RADIUS server does not return a pool name in the Framed-IPv6-Pool attribute, the pool name configured in the AAA domain map is used.
- If no local address pool name is configured in the AAA domain map, the IPv6 address of the interface on which the request was received is used to determine the pool.
- If the interface address matches with any of the prefix ranges configured in the IPv6 local address pool on the router, that pool is used to delegate the prefix to the client.
Order of Preference in Allocating Prefixes and Assigning DNS Addresses to Requesting Routers
Prefix delegation can be configured at the interface level and at the router level. Also, certain VSA attributes returned in the RADIUS Access-Accept message from the authentication server can impact the selection of the prefix to be assigned to the requesting router. The level of preference attached to each of these prefix delegation configurations is crucial. The delegating router uses the following order of preference to determine the source from which the DHCPv6 prefix is delegated to the requesting router from the DHCPv6 server:
- An interface that is configured for prefix delegation is given priority over the RADIUS attributes returned in the Access-Accept message or the prefixes configured in the IPv6 local address pool on the delegating router.
- The RADIUS server might return one or more of the following
attributes in the Access-Accept message in response to the client
authentication request:
- Ipv6-NdRa-Prefix (VSA 26-129)
- Framed-IPv6-Prefix (RADIUS IETF attribute 97)
- Delegated-IPv6-Prefix (RADIUS IETF attribute 123)
- Framed-IPv6-Pool (RADIUS IETF attribute 100)
If any of the first three attributes are returned, then the prefix contained in those attributes is used and the pool name in the Framed-IPv6-Pool attribute is ignored. For example, if both the Delegated-IPv6-Prefix or Framed-IPv6-Prefix, and Framed-IPv6-Pool attributes are returned from the RADIUS server, the DHCPv6 prefix delegation mechanism uses the Delegated-IPv6-Prefix attribute to advertise the prefix to clients.
- If prefix delegation is not configured at the interface level and if no prefix is returned from the attribute in the RADIUS Access-Accept message, the prefix configured in the IPv6 local pool is delegated to the requesting router.
If you configured a list of IPv6 DNS servers and a string of domain names in the IPv6 local address pool, the order of preference in returning the DNS server address or domain name to the requesting client in the DHCPv6 response is as follows:
- Information returned from the RADIUS server for DNS servers only
- Information from the pool
- Locally configured DNS attributes
