Hi, I need some help here. I have an issue with dhcpv6-client. I have
some questions.
My symptoms are as such.
I can get dhcpv6 to my internal clients but i think some things are a
little off wack. DHCPV6 IS ACTIVE. Here is a list.
1. DNS server binding doesnt happen. Thats my goal, I have no other
goals. (dhcp-attributes -> dns-server).
2. I think that comcast forces temporary addresses and im pretty sure
it does, so i dont know if anyone has anything to say about that.
3. If you look at my irb.0 prefixing you can see that it has two
bindings one a /64 and another an /80 . Is this a sign of improper
injecting? Ive seen that /80 are lan side on other articles on the
net. Im assuming that dhcpv6-client is enough to make dhcpv6 active,
but do I need dhcp-local-server -> to give the dns servers binding?
My take is that comcast only lets you use dhcpv6-client. Any comments?
4. I realize comcast may have changed its use in that it used to
allocate a /48 . In fact thats the /64 i see. But the /80, that
confuses me. 128-80=48 . Is this why im stuck? Did they 180 this
like I think they did about 4 years ago? Is it just me?
HEELLPP?
## Last changed: 2020-12-23 08:02:11 GMT
version 15.1X49-D150.2;
system {
host-name MySRX300;
time-zone GMT;
root-authentication {
encrypted-password "$5$jONKTyXf$FVjMtn.0LU5.Lqg70vJg.c3bE.udT2CjINk5zC8Mvf2";
}
name-server {
75.75.75.75;
75.75.76.76;
8.8.8.8;
8.8.4.4;
}
login {
user myuser {
uid 2000;
class super-user;
authentication {
encrypted-password "$5$bAOhrT3.$cpqrCXQFnRzrF76M2fW8BImrgrnv0gOoMcQ.dGNvPW.";
}
}
}
services {
ssh;
telnet;
xnm-clear-text;
dhcp-local-server {
dhcpv6 {
overrides {
rapid-commit;
process-inform {
pool pool-1;
}
delegated-pool pool-2;
}
group group-for-pooling {
interface irb.0;
}
}
group jweb-default-group {
interface irb.0;
}
}
web-management {
http;
https {
system-generated-certificate;
}
session {
idle-timeout 60;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file interactive-commands {
interactive-commands any;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
security {
log {
mode stream;
report;
}
forwarding-options {
family {
inet6 {
mode flow-based;
}
}
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set nsw_srcnat {
from zone Internal;
to zone Internet;
rule nsw-src-interface {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone Internal to-zone Internet {
policy All_Internal_Internet {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Internal {
interfaces {
irb.0 {
host-inbound-traffic {
system-services {
ping;
dhcp;
dhcpv6;
http;
https;
ssh;
telnet;
}
}
}
}
}
security-zone Internet {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ping;
dhcp;
dhcpv6;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
arp-resp restricted;
proxy-arp restricted;
family inet {
dhcp-client {
retransmission-attempt 21600;
retransmission-interval 4;
update-server;
force-discover;
}
}
family inet6 {
dhcpv6-client {
client-type stateful;
client-ia-type ia-na;
client-ia-type ia-pd;
prefix-delegating {
preferred-prefix-length 64;
sub-prefix-length 64;
}
update-router-advertisement {
interface irb.0;
}
client-identifier duid-type duid-ll;
update-server;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
vlan {
members vlan0;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
vlan {
members vlan0;
}
}
}
}
ge-0/0/3 {
unit 0 {
family ethernet-switching {
vlan {
members vlan0;
}
}
}
}
ge-0/0/4 {
unit 0 {
family ethernet-switching {
vlan {
members vlan0;
}
}
}
}
ge-0/0/5 {
unit 0 {
family ethernet-switching {
vlan {
members vlan0;
}
}
}
}
ge-0/0/6 {
unit 0 {
family ethernet-switching {
vlan {
members vlan0;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
vlan {
members vlan0;
}
}
}
}
irb {
unit 0 {
family inet {
address 192.168.1.1/24;
}
family inet6 {
address 2001:558:4010:15:65c:6c00:1f:xxxx/63;
address 2601:204:d400:105:65c:6c00:1f:xxxx/64;
address fe80::65c:6c00:1f:xxxx/64;
}
}
}
}
forwarding-options {
hash-key {
family inet {
layer-3;
layer-4;
}
}
}
routing-options {
router-id 192.168.1.1;
}
protocols {
l2-learning {
global-mode switching;
}
rstp {
interface all;
}
}
access {
address-assignment {
pool jweb-default-pool {
family inet {
network 192.168.1.0/24;
range jweb-default-range {
low 192.168.1.2;
high 192.168.1.254;
}
dhcp-attributes {
server-identifier 192.168.1.1;
domain-name xxxx.xx.comcast.net;
name-server {
75.75.75.75;
75.75.76.76;
8.8.8.8;
8.8.4.4;
}
router {
192.168.1.1;
}
netbios-node-type m-node;
propagate-settings irb;
}
host Roku3600 {
hardware-address xx:xx:xx:xx:xx:xx;
ip-address 192.168.1.230;
}
host amazon-xxxxxxxxx {
hardware-address xx:xx:xx:xx:xx:xx;
ip-address 192.168.1.240;
}
host android-xxxxxxxxxxxxx {
hardware-address xx:xx:xx:xx:xx:xx;
ip-address 192.168.1.67;
}
}
}
pool pool-1 {
family inet6 {
prefix 2001:558:5516:37::0/64;
range v6-range2 {
low 2001:558:5516:37::1/64;
high 2001:558:5516:37:ffff:ffff:ffff:ffff/64;
}
dhcp-attributes {
dns-server {
2001:558:feed::1;
2001:558:feed::2;
2001:4860:4860::8888;
2001:4860:4860::8844;
}
propagate-settings ge-0/0/0;
}
}
}
pool pool-2 {
family inet6 {
prefix 2601:204:ce00:5550::0/64;
range 2601-range {
low 2601:204:ce00:5550::1/64;
high 2601:204:ce00:5550:ffff:ffff:ffff:ffff/64;
}
dhcp-attributes {
dns-server {
2001:558:feed::1;
2001:558:feed::2;
2001:4860:4860::8888;
2001:4860:4860::8844;
}
propagate-settings ge-0/0/0;
}
}
}
}
}
vlans {
vlan0 {
vlan-id 2;
l3-interface irb.0;
}
}
myuser@MySRX300> show dhcpv6 client binding detail
Client Interface/Id: ge-0/0/0.0
Hardware Address: 04:5c:6c:1f:84:00
State: BOUND(DHCPV6_CLIENT_STATE_BOUND)
ClientType: STATEFUL
Lease Expires: 2021-02-07 15:00:13 GMT
Lease Expires in: 281099 seconds
Lease Start: 2021-02-03 15:00:13 GMT
Bind Type: IA_PD
Preferred prefix length 48
Sub prefix length 48
Client DUID: LL0x3-04:5c:6c:1f:84:00
Rapid Commit: Off
Server Identifier: fe80::201:5cff:xxxx:xxxx
Update Server Yes
Client IP Prefix: 2601:204:d400:216::/64
DHCP options:
Name: server-identifier, Value: LL_TIME0x1-0x15d6d13d-84:2b:2b:fc:70:f9
Update RA interfaces:
Interface: irb.0
RA Prefix: 2601:204:d400:216::/80
myuser@MySRX300> show interfaces ge-0/0/0.0 extensive
Logical interface ge-0/0/0.0 (Index 73) (SNMP ifIndex 514) (Generation 138)
Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
Traffic statistics:
Input bytes : 587994222
Output bytes : 79118535
Input packets: 643106
Output packets: 322177
Local statistics:
Input bytes : 4240319
Output bytes : 426150
Input packets: 25517
Output packets: 5099
Transit statistics:
Input bytes : 583753903 0 bps
Output bytes : 78692385 0 bps
Input packets: 617589 0 pps
Output packets: 317078 0 pps
Security: Zone: Internet
Allowed host-inbound traffic : dhcp ping dhcpv6
Flow Statistics :
Flow Input statistics :
Self packets : 26380
ICMP packets : 943
VPN packets : 0
Multicast packets : 20913
Bytes permitted by policy : 582758811
Connections established : 927
Flow Output statistics:
Multicast packets : 0
Bytes permitted by policy : 78675205
Flow error statistics (Packets dropped due to):
Address spoofing: 0
Authentication failed: 0
Incoming NAT errors: 0
Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT: 0
No parent for a gate: 0
No one interested in self packets: 0
No minor session: 0
No more sessions: 0
No NAT gate: 0
No route present: 1608
No SA for incoming SPI: 0
No tunnel found: 0
No session for a gate: 0
No zone or NULL zone binding 0
Policy denied: 0
Security association not active: 0
TCP sequence number out of window: 11
Syn-attack protection: 0
User authentication errors: 0
Protocol inet, MTU: 1500, Generation: 152, Route table: 0
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Destination: 73.66.xx/22, Local: 73.xx.xx.xx, Broadcast: 73.xx.xx.xx, Generation: 160
Protocol inet6, MTU: 1500
Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 1, Curr new hold cnt: 0, NH drop cnt: 0
Generation: 153, Route table: 0
Flags: None
Addresses, Flags: Is-Primary
Destination: Unspecified, Local: 2001:558:6012:32:xxxx:xxxx:fc2a:447b
Generation: 164
Addresses, Flags: Is-Preferred
Destination: fe80::/64, Local: fe80::65c:6cff:fe1f:xxxx
Generation: 152
myuser@MySRX300> show interfaces irb.0 extensive
Logical interface irb.0 (Index 72) (SNMP ifIndex 509) (Generation 137)
Flags: Up SNMP-Traps 0x0 Encapsulation: ENET2
Bandwidth: 1000mbps
Routing Instance: default-switch Bridging Domain: vlan0
Traffic statistics:
Input bytes : 93777138
Output bytes : 599039735
Input packets: 403878
Output packets: 641754
Local statistics:
Input bytes : 3949858
Output bytes : 16812586
Input packets: 14650
Output packets: 48850
Transit statistics:
Input bytes : 89827280 224 bps
Output bytes : 582227149 152 bps
Input packets: 389228 0 pps
Output packets: 592904 0 pps
Security: Zone: Internal
Allowed host-inbound traffic : dhcp http https ping ssh telnet dhcpv6
Flow Statistics :
Flow Input statistics :
Self packets : 14805
ICMP packets : 32
VPN packets : 0
Multicast packets : 21113
Bytes permitted by policy : 82013639
Connections established : 22178
Flow Output statistics:
Multicast packets : 0
Bytes permitted by policy : 597220076
Flow error statistics (Packets dropped due to):
Address spoofing: 0
Authentication failed: 0
Incoming NAT errors: 0
Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT: 0
No parent for a gate: 0
No one interested in self packets: 0
No minor session: 0
No more sessions: 0
No NAT gate: 0
No route present: 10000
No SA for incoming SPI: 0
No tunnel found: 0
No session for a gate: 0
No zone or NULL zone binding 0
Policy denied: 0
Security association not active: 0
TCP sequence number out of window: 1
Syn-attack protection: 0
User authentication errors: 0
Protocol inet, MTU: 1500, Generation: 150, Route table: 0
Flags: Sendbcast-pkt-to-re, Is-Primary
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: 192.168.1/24, Local: 192.168.1.1, Broadcast: 192.168.1.255, Generation: 144
Protocol inet6, MTU: 1500
Max nh cache: 100000, New hold nh limit: 100000, Curr nh cnt: 4, Curr new hold cnt: 0, NH drop cnt: 0
Generation: 151, Route table: 0
Flags: None
Addresses, Flags: Is-Default Is-Preferred Is-Primary
Destination: 2001:558:4010:14::/63, Local: 2001:558:4010:15:65c:6c00:1f:xxxx
Generation: 182
Addresses, Flags: Is-Preferred
Destination: 2601:204:d400:105::/64, Local: 2601:204:d400:105:65c:6c00:1f:xxxx
Generation: 184
Addresses, Flags: Is-Preferred
Destination: 2601:204:d400:216::/80, Local: 2601:204:d400:216::1
Generation: 168
Addresses, Flags: Is-Preferred
Destination: fe80::/64, Local: fe80::65c:6c00:1f:xxxx
Generation: 150
myuser@MySRX300> show ipv6 router-advertisement
Interface: irb.0
Advertisements sent: 120, last sent 00:01:07 ago
Solicits received: 22, last received 01:28:12 ago
Advertisements received: 0
Solicited router advertisement unicast: Disable
adrian@MySRX300> show ipv6 neighbors
IPv6 Address Linklayer Address State Exp Rtr Secure Interface
2601:204:d400:105:2109:afa3:908f:xxxx
xx:xx:xx:xx:xx:xx stale 847 no no ge-0/0/5.0
2601:204:d400:105:dc06:1662:18c8:xxxx
xx:xx:xx:xx:xx:xx stale 502 no no ge-0/0/5.0
fe80::201:5cff:feac:xxxx xx:xx:xx:xx:xx:xx stale 845 yes no ge-0/0/0.0
fe80::7e38:adff:fe9e:xxxx xx:xx:xx:xx:xx:xx stale 630 no no ge-0/0/5.0
fe80::d489:9220:22e4:xxxx xx:xx:xx:xx:xx:xx stale 847 no no ge-0/0/5.0
------------------------------
Adrian Aguinaga
B.S.C.M. I.T.T. Tech
(Construction Management)
A.A.S. I.T.T. Tech
(Drafting & Design)
------------------------------