IPv6 Prefix Allocation Using Neighbor Discovery Router Advertisements from IPv6 Address Pools Overview

You can configure IPv6 local address pools for Neighbor Discovery router advertisements on a virtual router in order to allocate prefixes to Neighbor Discovery clients. These pools can be used to assign prefixes from the E Series router.

An IPv6 local address pool for Neighbor Discovery router advertisements is configured on the router running the B-RAS application, which contains information about the prefixes. When the B-RAS application running on the E Series router receives a request from a PPP IPv6 client, it selects an available prefix and allocates it to the client.

Allocation of Neighbor Discovery Prefixes for IPv6 Subscribers over PPP Links

When a PPP user establishes a PPP connection with the E Series router functioning as a remote access server, the subscriber is first authenticated using the RADIUS protocol. The Access-Accept message returned from the RADIUS server can contain different IPv6 attributes, including the IPv6-NdRa-Pool attribute, which contains the name of the IPv6 pool from which a prefix needs to be assigned to the subscriber. The prefix is assigned to the subscriber using the Neighbor Discovery router advertisements feature.

Order of Preference in Determining the Local Address Pool for Allocating Prefixes for Neighbor Discovery Router Advertisements

You can configure multiple local address pools for Neighbor Discovery router advertisements on a virtual router. When multiple pools are configured, the pool that is used to allocate the prefix to the requesting PPPv6 subscriber is selected using the following order of preference:

1. If the aaa dhcpv6-ndra-pool override command is not configured and a pool name is returned by the RADIUS server in the IPv6-Ndra-Pool attribute, that pool is used to allocate the prefix to the client.
2. If the aaa dhcpv6-ndra-pool override command is configured and a pool name is returned by the RADIUS server in the Framed-Ipv6-Pool attribute, that pool is used to allocate the prefix to the client.
3. If the RADIUS server does not return a pool name in either of the above-mentioned points, based on the aaa dhcpv6-ndra-pool override command, the pool name configured in the AAA domain map is used.

Order of Preference in Assigning Prefixes when Neighbor Discovery Router Advertisements are Configured on an Interface

The router running the B-RAS application uses the following order of preference to determine the source from which the Neighbor Discovery router advertisements prefix is allocated to the requesting PPPv6 subscriber from the Neighbor Discovery Router Advertisements server:

1. An interface that is configured for the Neighbor Discovery router advertisements prefix is given priority over the RADIUS attributes returned in the Access-Accept message or the prefixes configured in the IPv6 local address pool for Neighbor Discovery router advertisements on the router running the B-RAS application.
2. The RADIUS server might return one or more of the following attributes in the Access-Accept message in response to the client authentication request:
   • Ipv6-NdRa-Prefix (VSA 26-129)
   • Framed-IPv6-Prefix (RADIUS IETF attribute 97)
   • Framed-IPv6-Pool (RADIUS IETF attribute 100)
   • IPv6-Ndra-Pool (VSA 26-157)

   If either of the first two attributes are returned, then the prefix contained in those attributes is used, and the pool name in the Framed-IPv6-Pool or Ipv6-Ndra-Pool attribute is ignored.

3. If the RADIUS server does not return any of the above-mentioned attributes, the IPv6 prefix pool name of the Neighbor Discovery router advertisements mentioned in the AAA domain map will be used to allocate the prefix to the requesting PPPv6 subscriber.

Guidelines for Allocating Neighbor Discovery Prefixes Using IPv6 Address Pools

The following are guidelines for allocating prefixes using IPv6 address pools for Neighbor Discovery router advertisements:

• You must enable the IPv6 local address pool for the Neighbor Discovery router advertisements feature to be able to configure IPv6 local address pools for Neighbor Discovery router advertisements.
• You can configure IPv6 local address pools for Neighbor Discovery router advertisements to allocate prefixes to client requests that are received over PPP.
• You can configure multiple local address pools on a single virtual router up to a maximum of 500 pools per virtual router.
• You can also configure multiple address pools on multiple virtual routers. Each IPv6 local address pool must have a unique name.
• You can configure up to ten prefix ranges in an IPv6 local address pool. The ranges can have only /64 prefix length.
• You can configure a maximum of 1,048,576 prefixes per prefix range to be used for allocation of prefixes to clients using Neighbor Discovery router advertisements. If you attempt to configure prefixes after the maximum limit of prefixes per prefix range is exceeded, a warning message stating that automatic truncation will be performed is displayed.
• You can configure a maximum of 400,000,000 prefixes throughout the system for allocation of prefixes using Neighbor Discovery router advertisements. An error message is displayed if you attempt to configure a prefix for a pool when this maximum system-wide limit is exceeded.
• If you configure the maximum number of IPv6 prefixes, which is 1,048,576 per prefix range, for the first 383 local address pools for Neighbor Discovery router advertisements by using the ipv6 local ndra-pool poolName command, the system-wide maximum limitation of 400,000,000 is reached. In such a case, if you attempt to configure the IPv6 prefix ranges to be allocated for the 384th pool, an error message is displayed stating that the prefix cannot be configured. Although all of the 500 IPv6 local address pools are configured correctly, you cannot configure prefixes for Neighbor Discovery from the 384th pool through the 500th pool because the maximum number of prefixes supported for the entire system is reached with the 383rd pool.
• You cannot configure overlapping prefix ranges in an IPv6 local pool. If you try to configure a prefix range that overlaps with an existing prefix range in the IPv6 local pool, an error message is displayed stating that the prefix range could not be configured. Similarly, an error message is displayed if you try to configure a prefix range in an IPv6 local pool that overlaps with a prefix range in another IPv6 local pool on the same virtual router.
• You can configure certain prefix ranges to be excluded from being used for allocation to the requesting subscriber.
• You can configure the name of an IPv6 local address pool in an AAA domain map using the ipv6-ndra-pool-name command in Domain Map Configuration mode. If the authentication server returns the IPv6 local address pool name in the Framed-IPv6-Pool attribute or Ipv6-NdRa-Pool attribute of the RADIUS-Access-Accept message, this pool overrides the IPv6 local address pool configured in the domain map.
• You cannot delete a pool or a prefix range from which prefixes have been allocated to requesting routers or Neighbor Discovery router advertisements clients. However, you can forcibly delete such a pool or prefix range by using the force keyword in the ipv6 local ndra-pool poolName and ndraprefix commands. If a pool is deleted or the prefix range associated with the pool is deleted forcibly, corresponding subscribers will be logged out forcibly.
• Two new RADIUS attributes are added: Ipv6-Ndra-Pool and Delegated-Ipv6-Pool. For more information on these attributes see Unresolved xref
• You can issue the aaa dhcpv6-ndra-pool override command to use Framed-Ipv6-Pool attribute for IPv6 Neighbor Discovery router advertisements and the Delegated-Ipv6-Pool attribute for DHCPv6 Prefix Delegation. The no version of this command causes the Ipv6-NdRa-Pool attribute to be used for IPv6 Neighbor Discovery router advertisements and the Framed-Ipv6-Pool attribute to be used for DHCPv6 Prefix Delegation.
• If you want the IPv6-NdRa-Prefix attribute to be included in the Acct-Start messages that the router sends to the RADIUS server, you can use the radius include ipv6-ndra-prefix acct-start enable command. In such a case, the prefix allocated to the subscriber from the IPv6 local address pool for Neighbor Discovery is included in the Ipv6-NdRa-Prefix attribute or the Framed-Ipv6-Prefix attribute.

  Similarly, to cause the Ipv6-NdRa-Prefix attribute to be included in the Acct-Stop messages sent to the RADIUS server, you can use the radius include ipv6-ndra-prefix acct-stop enable command. You can use the disable keyword with the radius include ipv6-ndra-prefix acct-start and radius include ipv6-ndra-prefix acct-stop commands to prevent the Ipv6-NdRa-Prefix attribute to be sent in the Acct-Start or Acct-Stop messages.