Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

DHCPv6 Relay Agent

DHCPv6 Relay Agent Overview

When a DHCPv6 client logs in, the DHCPv6 relay agent uses the AAA service framework to interact with the RADIUS server to provide authentication and accounting. The RADIUS server, which is configured independently of DHCP, authenticates the client and supplies the IPv6 prefix and client configuration parameters, such as session timeout and the maximum number of clients allowed per interface.

Note:

The PTX Series Packet Transport Routers do not support authentication for DHCPv6 relay agents.

Note:

The following DHCPv6 functionalities are not supported on ACX Series routers:

  • Subscriber authentication for DHCPv6 relay agents

  • DHCP snooping

  • DHCPv6 client

  • Liveness detection

  • Dynamic profiles

  • Option 37 support for remote ID insertion

  • Bidirectional Forwarding Detection (BFD) for DHCPv6 relay

The DHCPv6 relay agent is compatible with the DHCP local server and the DHCP relay agent, and can be enabled on the same interface as either the DHCP local server or DHCP relay agent.

To configure the DHCPv6 relay agent on the router (or switch), you include the dhcpv6 statement at the [edit forwarding-options dhcp-relay] hierarchy level.

You can also include the dhcpv6 statement at the following hierarchy levels:

  • [edit logical-systems logical-system-name forwarding-options dhcp-relay]

  • [edit logical-systems logical-system-name routing-instances routing-instance-name forwarding-options dhcp-relay]

  • [edit routing-instances routing-instance-name forwarding-options dhcp-relay]

See DHCPv6 Monitoring and Management for commands specific to viewing and clearing DHCPv6 bindings and statistics.

DHCPv6 Relay Agent Options

You can configure DHCPv6 relay agent to include additional information in the client-originated DHCP packets that the relay agent forwards to a DHCPv6 server. This support is equivalent to the option 82 support provided by the DHCPv4 relay agent. The DHCPv6 server uses the additional information in the packets to determine the IPv6 address to assign to the client. The server might also use the information for other purposes; for example, to determine which services to grant the client, or to provide additional security against threats such as address spoofing. The DHCPv6 server sends its reply back to the DHCPv6 relay agent, and the agent removes the option information from the message, and then forwards the packet to the client.

You can configure the DHCPv6 relay agent to include the following options in the packet the relay agent sends to the DHCPv6 server:

  • Relay Agent Interface-ID (option 18)—An ASCII string that identifies the interface on which the client DHCPv6 packet is received. This is the equivalent of the DHCPv4 relay agent option 82 Agent Circuit ID suboption (suboption 1).

  • Relay Agent Remote-ID (option 37)—An ASCII string assigned by the DHCPv6 relay agent that securely identifies the client. This is the equivalent of the DHCPv4 relay agent option 82 Agent Remote ID suboption (suboption 2).

Configuring DHCPv6 Relay Agent Options

You can configure DHCPv6 relay agent to insert optional information in the DHCPv6 packets that the relay receives from clients and forwards to a DHCPv6 server. To configure the optional information, you specify the type of information you want to include in the packets. You use the relay-agent-interface-id statement to include Relay Agent Interface-ID (option 18) in the packets, or the relay-agent-remote-id statement to include Relay Agent Remote-ID (option 37).

When you enable the DHCPv6 options support, you can optionally configure DHCPv6 relay agent to include a prefix or the interface description as part of the option information. For dual-stack environments, you can also specify that the DHCPv6 relay agent use the DHCPv4 option 82 information to populate DHCPv6 option 18 or option 37.

To enable insertion of DHCPv6 options:

  1. Specify that you want to configure DHCPv6 relay agent support.
  2. Configure DHCPv6 relay agent to insert the Relay Agent Interface-ID option, the Relay Agent Remote-ID option, or both.
    • To insert Relay Agent Interface-ID (option 18):

    • To insert Relay Agent Remote-ID (option 37):

  3. (Optional) Specify additional information that you want to include in option 18 or option 37. The relay-agent-interface-id and relay-agent-remote-id statements both support inclusion of a prefix, interface description, or the DHCPv4 option 82 information. For example:
    • To prepend prefix information—This example prepends a prefix that consists of the hostname and logical system name to option 18. You use the relay-agent-remote-id statement to add the prefix to option 37.

    • To include the textual interface description—This example uses the description for the device interface instead of the interface identifier in option 18. You use the relay-agent-remote-id statement to add the interface description to option 37.

    • To use the DHCPv4 option-82 value—This example uses the DHCPv4 option-82 (suboption 2) value for the DHCPv6 option 37 value. You use the relay-agent-interface-id statement to use DHCPv4 option 82 (suboption 1) in DHCPv6 option 18.

      This example also includes the optional strict keyword to specify that the router drops Solicit packets if the packets do not include an option 82 value. If you do not include the strict keyword, the router sends the RELAY-FORW message without adding option 37. The strict keyword is not supported for the relay-agent-interface-id statement.

Inserting DHCPv6 Interface-ID Option (Option 18) In DHCPv6 Packets

You can configure DHCPv6 relay agent to insert the DHCPv6 Interface-ID (option 18) in the packets that the relay sends to a DHCPv6 server. You can configure the option 18 support at either the DHCPv6 global or group level.

When you configure option 18 support, you can optionally include the following additional information:

  • Prefix—Specify the prefix option to add a prefix to the interface identifier. The prefix can be any combination of hostname, logical system name, and routing instance name.

  • Interface description—Specify the use-interface-description option to include the textual interface description instead of the interface identifier. You can include either the device interface description or the logical interface description.

  • Option 82 Agent Circuit ID suboption (suboption 1)—Specify the use-option-82 option to include the DHCPv4 Option 82 Agent Circuit ID suboption (suboption 1). This configuration is useful in a dual-stack environment, which has both DHCPv4 and DHCPv6 subscribers that reside over the same underlying logical interface. The router checks for the option 82 suboption 1 value and inserts it into the outgoing packets. If no DHCPv4 binding exists or if the binding does not have an option 82 suboption 1 value, the router sends the packets without adding an option 18.

Note:

If you specify one of the optional configurations, and the specified information does not exist (for example, there is no interface description), DHCPv6 relay ignores the optional configuration and inserts the default interface identifier in the packets.

To insert the DHCPv6 Interface-ID option (option 18) in DHCPv6 packets:

  1. Configure the DHCPv6 relay to include option 18.
  2. (Optional) Specify the prefix to include in option 18.
  3. (Optional) Specify that option 18 include the textual description of the interface. You can specify either the logical interface description or the device interface description.
  4. (Optional) Specify that option 18 use the DHCPv4 Option 82 Agent Circuit ID suboption (suboption 1) value.

Inserting DHCPv6 Remote-ID Option (Option 37) In DHCPv6 Packets

Starting in Junos OS Release 14.1, you can configure DHCPv6 relay agent to insert DHCPv6 Remote-ID (option 37) in the packets that the relay sends to a DHCPv6 server. You can configure option 37 support at either the DHCPv6 global or group level.

When you configure option 37 support, you can optionally include the following information:

  • Prefix—Specify the prefix option to add a prefix to the interface identifier. The prefix can be any combination of hostname, logical system name, and routing instance name.

  • Interface description—Specify the use-interface-description option to include the textual interface description instead of the interface identifier. You can include either the device interface description or the logical interface description.

  • Option 82 Agent Remote-ID suboption (suboption 2)—Specify the use-option-82 option to use the value of the DHCPv4 option 82 Remote-ID suboption (suboption 2). This configuration is useful in a dual-stack environment, which has both DHCPv4 and DHCPv6 subscribers that reside over the same underlying logical interface. The router checks for the option 82 suboption 2 value and inserts it into the outgoing packets.

Note:

If you specify one of the optional configurations, and the specified information does not exist (for example, there is no interface description), DHCPv6 relay ignores the optional configuration and inserts the default interface identifier in the packets.

To insert the DHCPv6 Remote-ID option (option 37) in DHCPv6 packets:

  1. Configure the DHCPv6 relay to include option 37.
  2. (Optional) Specify the prefix to include with the option 37 information.
  3. (Optional) Specify that option 37 include the textual description of the interface. You can specify either the logical interface description or the device interface description.
  4. (Optional) Specify that option 37 use the DHCPv4 option 82 Remote-ID suboption (suboption 2) value.

    If no DHCPv4 binding exists, or if the binding does not include an option 82 suboption 2 value, by default the router sends the packets without adding option 37. However, you can use the optional strict keyword to specify that the router drop packets that do not have a suboption 2 value.

Release History Table
Release
Description
14.1
Starting in Junos OS Release 14.1, you can configure DHCPv6 relay agent to insert DHCPv6 Remote-ID (option 37) in the packets that the relay sends to a DHCPv6 server.