Routing

Expand all | Collapse all

Single-session dual-stack subscribers - how it works?

Jump to Best Answer
  • 1.  Single-session dual-stack subscribers - how it works?

    Posted 03-21-2018 09:38

    Hello everybody!

    I`m trying set up single-session dual-stacked subscribers in my lab, using information from here https://www.juniper.net/documentation/en_US/junos/topics/concept/subscriber-management-dhcp-local-server-dual-stack-overview.html

    So i`ve upgraded my mx104 to 17.4R1.16 and made simple setup:

    show system services dhcp-local-server
    dhcpv6 {
        group stacked-subscribers {
            dynamic-profile IP-DHCPv4-DHCPv6;
            overrides {
                dual-stack DUAL-STACK;
            }
            interface ge-0/0/4.0;
        }
    }
    pool-match-order {
        ip-address-first;
    }
    duplicate-clients-in-subnet incoming-interface;
    overrides {
        client-discover-match incoming-interface;
    }
    group stacked-subscribers {
        overrides {
            dual-stack DUAL-STACK;
        }
        dynamic-profile IP-DHCPv4-DHCPv6;
        interface ge-0/0/4.0;
    }
    dual-stack-group DUAL-STACK {
        authentication {
            username-include {
                user-prefix DUAL-STACK;
                interface-name;
            }
        }
        dynamic-profile IP-DHCPv4-DHCPv6;
        classification-key {
            mac-address;
        }
        protocol-master inet;
        liveness-detection {
            method {
                layer2-liveness-detection {
                    transmit-interval 300;
                    max-consecutive-retries 5;
                }
            }
        }
    }
    

    On the radius side i got:

    DUAL-STACK.ge-0/0/4:4020-3000 Auth-Type := Accept
            Framed-IP-Address := "10.200.4.2",
    		Framed-IP-Netmask := "255.255.252.0",it.d/freeradius restart
            Framed-IPv6-Prefix := "2a22:f440:000a:0003:0000:0000:0000:7919/128",    
            Delegated-IPv6-Prefix := "2a22:f440:000a:f919:0000:0000:0000:0000/64"

    all seems ok:

     run show subscribers
    Interface           IP Address/VLAN ID                      User Name                      LS:RI
    demux0.3221225520   0x8100.4020 0x8100.3000                                           default:default
    demux0.3221225520   10.200.4.2                              DUAL-STACK.ge-0/0/4:4020-3000       default:default
    *                   2a22:f440:a:3::7919
    *                   2a22:f440:a:f919::/64
    

    But on subscriber side i got only ipv4 address:

     run show dhcp server binding
    IP address        Session Id  Hardware address   Expires     State      Interface
    10.200.4.2        84          c4:12:f5:d4:aa:eb  224         BOUND      demux0.3221225520
    
    run show dhcpv6 server binding
    <EMPTY>


  • 2.  RE: Single-session dual-stack subscribers - how it works?

     
    Posted 03-21-2018 10:00

    In show subscribers you may see ipv6 address because that assigned via the radius return attributes.

    You may require some config changes. before that, check show dhcpv6 server statistics and check you're getting Solicit?

    if yes, Is MX sending out Advertise?

     

    Attach yourc onfig & a pcap when dialing the subscriber.

     

     

     



  • 3.  RE: Single-session dual-stack subscribers - how it works?

    Posted 03-22-2018 01:58

    Hello karand.

    Statistics show that MX receiving solocit messages

    run show dhcpv6 server statistics
    Dhcpv6 Packets dropped:
        Total               0
    
    Advertise Delay:
        DELAYED                    0
        INPROGRESS                 0
        TOTAL                      0
    
    Messages received:
        DHCPV6_DECLINE             0
        DHCPV6_SOLICIT             16
        DHCPV6_INFORMATION_REQUEST 0
        DHCPV6_RELEASE             0
        DHCPV6_REQUEST             0
        DHCPV6_CONFIRM             0
        DHCPV6_RENEW               0
        DHCPV6_REBIND              0
        DHCPV6_RELAY_FORW          0
        DHCPV6_LEASEQUERY          0
    
    Messages sent:
        DHCPV6_ADVERTISE           0
        DHCPV6_REPLY               0
        DHCPV6_RECONFIGURE         0
        DHCPV6_RELAY_REPL          0
        DHCPV6_LEASEQUERY_REPLY    0
        DHCPV6_LEASEQUERY_DATA     0
        DHCPV6_LEASEQUERY_DONE     0
    

    Also when i remove overrides dual-stack for dhcpv6 my subscriber receiving requested address.

    Subscriber-related configuration looks like this:

    show groups SUBSCRIBERS-TEST
    interfaces {
        <*> {
            description "SUBSCRIBERS ACCESS";
            flexible-vlan-tagging;
            auto-configure {
                stacked-vlan-ranges {
                    dynamic-profile TEST-PROFILE {
                        accept [ dhcp-v4 dhcp-v6 ];
                        ranges {
                            4000-4020,2200-4000;
                        }
                    }
                }
                remove-when-no-subscribers;
            }
            mtu 9192;
            encapsulation flexible-ethernet-services;
        }
    }
    
    show dynamic-profiles TEST-PROFILE
    interfaces {
        demux0 {
            no-traps;
            interface-mib;
            unit "$junos-interface-unit" {
                demux-source [ inet inet6 ];
                no-traps;
                proxy-arp unrestricted;
                vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
                demux-options {
                    underlying-interface "$junos-underlying-interface";
                }
                family inet {
                    rpf-check fail-filter rpf-pass-dhcp;
                    unnumbered-address lo0.0 preferred-source-address 10.200.4.1;
                }
                family inet6 {
                    unnumbered-address lo0.0 preferred-source-address 2a22:f440:a:3::1;
                }
            }
        }
    }
    protocols {
        router-advertisement {
            interface "$junos-interface-name" {
                max-advertisement-interval 900;
                min-advertisement-interval 300;
                managed-configuration;
                other-stateful-configuration;
            }
        }
    }
    
    
     show interfaces ge-0/0/4
    apply-groups SUBSCRIBERS-TEST;
    description "TEST INTERFACE";
    flexible-vlan-tagging;
    encapsulation flexible-ethernet-services;
    unit 4084 {
        description "Office MGT 214.0/24";
        encapsulation vlan-bridge;
        vlan-id 4084;
    }
    unit 0 {
        family inet {
            address 10.200.4.1/32;
        }
        family inet6 {
            address 2a22:f440:a:3::1/128;
        }
    }
    show system services dhcp-local-server
    dhcpv6 {
        group ipv6-stacked-subscribers {
            dynamic-profile IP-DHCPv4-DHCPv6;
            overrides {
                dual-stack DUAL-STACK;
            }
            interface ge-0/0/4.0;
        }
    }
    pool-match-order {
        ip-address-first;
    }
    duplicate-clients-in-subnet incoming-interface;
    overrides {
        client-discover-match incoming-interface;
    }
    group 1 {
        overrides {
            dual-stack DUAL-STACK;
        }
        dynamic-profile IP-DHCPv4-DHCPv6;
        interface ge-0/0/4.0;
    }
    dual-stack-group DUAL-STACK {
        authentication {
            username-include {
                user-prefix DUAL-STACK;
                interface-name;
            }
        }
        dynamic-profile IP-DHCPv4-DHCPv6;
        classification-key {
            mac-address;
        }
        protocol-master inet;
        liveness-detection {
            method {
                layer2-liveness-detection {
                    transmit-interval 300;
                    max-consecutive-retries 5;
                }
            }
        }
    }
    
     show dynamic-profiles IP-DHCPv4-DHCPv6
    interfaces {
        "$junos-interface-ifd-name" {
            unit "$junos-underlying-interface-unit" {
                family inet {
                    unnumbered-address lo0.0 preferred-source-address 10.200.4.1;
                }
                family inet6 {
                    unnumbered-address lo0.0 preferred-source-address 2a22:f440:a:3::1;
                }
            }
        }
    }
    

    subs.pcap captured from ge-0/0/4 ( subs interface ) attached to the post.

     



  • 4.  RE: Single-session dual-stack subscribers - how it works?
    Best Answer

     
    Posted 03-23-2018 01:12

    Hi,

    You don't require dynamic-profile (IP-DHCPv4-DHCPv6) here in this stanza

     

    show system services dhcp-local-server
    dhcpv6 {
        group ipv6-stacked-subscribers {
            dynamic-profile IP-DHCPv4-DHCPv6;

     

    Those v6 addresses next to * is becuase its single-session dual-stack, the underlying interface xe-2/0/1.3221225518 reminds same. In this case, session_id=61

     

    {master}[edit groups dual-stack-dhcp]
    labroot@jtac-MX960-r2004-re0# run show subscribers
    Interface           IP Address/VLAN ID                      User Name                      LS:RI
    xe-2/0/1.3221225518 0x8100.100 0x8100.200                                             default:default
    xe-2/0/1.3221225518 100.0.0.154                             karand@dual.com           default:default
    *                   2000::93
    *                   4000::800:0:0/88

     

     

    labroot@jtac-MX960-r2004-re0# run show subscribers extensive
    Type: VLAN
    Logical System: default
    Routing Instance: default
    Interface: xe-2/0/1.3221225518
    Interface type: Dynamic
    Underlying Interface: xe-2/0/1
    Dynamic Profile Name: AUTOCONF-SVLAN-PROF
    Dynamic Profile Version: 2
    State: Active
    Session ID: 60
    PFE Flow ID: 66
    Stacked VLAN Id: 0x8100.100
    VLAN Id: 0x8100.200
    Login Time: 2018-03-23 13:29:17 IST

    Type: DHCP
    User Name: karand@dual.com
    IP Address: 100.0.0.154
    IP Netmask: 255.255.0.0
    Domain name server inet: 10.1.2.3 10.1.2.3
    IPv6 Address: 2000::93
    IPv6 Prefix: 4000::800:0:0/88
    Logical System: default
    Routing Instance: default
    Interface: xe-2/0/1.3221225518
    Interface type: Static
    Underlying Interface: xe-2/0/1.3221225518
    MAC Address: 00:11:01:00:00:01
    State: Active
    Radius Accounting ID: 61
    Session ID: 61
    PFE Flow ID: 66
    Stacked VLAN Id: 100
    VLAN Id: 200
    Login Time: 2018-03-23 13:29:17 IST
    DHCP Options: len 9
    35 01 01 37 04 01 03 3a 3b
    DHCPV6 Options: len 40
    00 08 00 02 00 00 00 01 00 0e 00 01 00 01 22 47 98 b8 00 11
    01 00 00 01 00 03 00 0c 00 00 00 0a 00 04 9d 40 00 07 62 00
    DHCP Header: len 44
    01 01 06 00 41 58 29 39 00 00 00 00 00 00 00 00 00 00 00 00
    00 00 00 00 00 00 00 00 00 11 01 00 00 01 00 00 00 00 00 00
    00 00 00 00
    DHCPV6 Header: len 4
    01 02 29 34
    IP Address Pool: POOL-V4-100
    IPv6 Address Pool: POOL-V6-NA
    IPv6 Delegated Address Pool: POOL-V6-PD

     

    labroot@jtac-MX960-r2004-re0# run show dhcpv6 server binding
    Prefix                  Session Id  Expires  State    Interface    Client DUID
    2000::93/128            61          3520     BOUND    xe-2/0/1.3221225518 LL_TIME0x1-0x224798b8-00:11:01:00:00:01

    labroot@jtac-MX960-r2004-re0# run show dhcp server binding
    IP address        Session Id  Hardware address   Expires     State      Interface
    100.0.0.154       61          00:11:01:00:00:01  3510        BOUND      xe-2/0/1.3221225518

     


    {master}[edit groups dual-stack-dhcp]
    labroot@jtac-MX960-r2004-re0# run show route | match access
    100.0.0.154/32     *[Access-internal/12] 00:02:39
    2000::93/128       *[Access-internal/12] 00:02:38
    4000::800:0:0/88   *[Access/13] 00:02:38

     

     

    Have a look at my conifg:


    {master}[edit groups dual-stack-dhcp]
    labroot@jtac-MX960-r2004-re0# show system services dhcp-local-server
    dhcpv6 {
        group v6-dhcp-client-0 {
            overrides {
                delegated-pool POOL-V6-PD;
                delete-binding-on-renegotiation;
                dual-stack "DS_Group_For_Server-Clients;";
            }
        }
        group v4-rtClient-0 {
            overrides {
                delete-binding-on-renegotiation;
                dual-stack DS_Group_For_Server-Clients;
            }
            interface xe-2/0/1.0;
        }
    }
    group 1 {
        overrides {
            dual-stack DS_Group_For_Server-Clients;
        }
        interface xe-2/0/1.0;
    }
    dual-stack-group DS_Group_For_Server-Clients {
        authentication {
            password jtac123;
            username-include {
                user-prefix "karand@dual.com";
            }
        }
        inactive: dynamic-profile DHCP-DYNAMIC-PROFILE-DUAL-STACK;
    }

    {master}[edit groups dual-stack-dhcp]
    labroot@jtac-MX960-r2004-re0# show interfaces xe-2/0/1
    flexible-vlan-tagging;
    auto-configure {
        stacked-vlan-ranges {
            dynamic-profile AUTOCONF-SVLAN-PROF {
                accept any;
                ranges {
                    any,any;
                }
            }
        }
        remove-when-no-subscribers;
    }

    {master}[edit groups dual-stack-dhcp]
    labroot@jtac-MX960-r2004-re0# show dynamic-profiles AUTOCONF-SVLAN-PROF
    routing-instances {
        "$junos-routing-instance" {
            interface "$junos-interface-name" {
                any;
            }
        }
    }
    interfaces {
        "$junos-interface-ifd-name" {
            unit "$junos-interface-unit" {
                proxy-arp;
                vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
                family inet {
                    unnumbered-address "$junos-loopback-interface";
                }
                family inet6 {
                    unnumbered-address "$junos-loopback-interface";
                }
            }
        }
    }

     

     

     



  • 5.  RE: Single-session dual-stack subscribers - how it works?

     
    Posted 03-23-2018 01:24

    Also, to call out your config, you do require demux0 or ge-0/0/4.xxx for subscriber?

     

    In your dynamic-profile test-profile, you have configured subscriber interface demux0 and in under the dhcp-local-server dhcpv4 group interface is ge-0/0/4. Configure demux0 under dhcp-local-server dhcpv6 group & in group1.

     

    set dhcp-local-server dhcpv6 group <name> interface demux0

    set dhcp-local-server group <name> interface demux0

     

     



  • 6.  RE: Single-session dual-stack subscribers - how it works?

    Posted 03-26-2018 04:35

    Hello karand.

    looks like ther is issue with single-session dual-stack.

    With configuration like this:

    dhcpv6 {
        overrides {
            delete-binding-on-renegotiation;
            dual-stack DS;
        }
        group ipv6-stacked-subscribers {
            interface demux0.0;
        }
    }
    pool-match-order {
        ip-address-first;
    }
    duplicate-clients-in-subnet incoming-interface;
    overrides {
        client-discover-match incoming-interface;
        dual-stack DS;
    }
    group ipv6-stacked-subscribers {
        overrides {
            delete-binding-on-renegotiation;
        }
        interface demux0.0;
    }
    dual-stack-group DS {
        authentication {
            username-include {
                user-prefix DUAL-STACK;
                interface-name;
            }
        }
        dynamic-profile IP-DHCPv4-DHCPv6;
        classification-key {
            mac-address;
        }
    }
    

    I removed protocol master from configuration

    So now i got bindings for subscribers on dhcpv4 and dhcpv6

    but

    demux0.3221225491   0x8100.4020 0x8100.3000                                           default:default
    demux0.3221225491   10.200.4.7                                                        default:default
    demux0.3221225491   10.200.4.8                              DUAL-STACK.ge-0/0/4:4020-3000       default:default
    *                   2a22:f440:a:3::9
    

    As you can see i got subscriber with 10.200.4.7 that went pass authorization process

     run show dhcp server binding
    IP address        Session Id  Hardware address   Expires     State      Interface
    10.200.4.7        21          c4:12:f5:d4:aa:eb  291         BOUND      demux0.3221225491
    

    And dual-stack subscriber with ip address 10.200.4.9 and dhcpv6 binding:

    run show dhcpv6 server binding
    Prefix                  Session Id  Expires  State    Interface    Client DUID
    2a22:f440:a:3::9/128    22          595      BOUND    demux0.3221225491 LL_TIME0x1-0x22208122-c8:ff:28:26:96:1f
    

     

     



  • 7.  RE: Single-session dual-stack subscribers - how it works?

    Posted 03-27-2018 08:20

    Looks like there is issue with primary-key:

     run show dhcpv6 server binding detail
    
    Session Id:  24
         Client IPv6 Address:                   2a22:f440:a:3::15/128
         Lease Expires:                         2010-02-17 13:54:25 EET
         Lease Expires in:                      676 seconds
         Preferred Lease Expires:               2010-02-17 13:54:25 EET
         Preferred Lease Expires in:            676 seconds
         Client DUID:                           LL_TIME0x1-0x22208122-c4:12:f5:d4:aa:eb
         State:                                 BOUND(DHCPV6_LOCAL_SERVER_STATE_BOUND)
         Lease Start:                           2010-02-17 13:24:24 EET
         Last Packet Received:                  2010-02-17 13:39:25 EET
         Incoming Client Interface:             demux0.3221225493
         Client Interface Svlan Id:             4020
         Client Interface Vlan Id:              3000
         Client Pool Name:                      v6-ia-na-pool
         Client Prefix Pool Name:               v6-ia-na-pool
         Client Profile Name:                   IP-DHCPv4-DHCPv6
         Client Id Length:                      14
         Client Id:                             /0x00010001/0x22208122/0xc412f5d4/0xaaeb
         Dual Stack Group                       DS
         Dual Stack key                         MAC/
    

    There is key - mac address and dual-stack group assigned

    But when i check dhcp server binding state:

    Client IP Address:  10.200.4.17
         Hardware Address:             c4:12:f5:d4:aa:eb
         State:                        BOUND(LOCAL_SERVER_STATE_BOUND)
         Protocol-Used:                DHCP
         Lease Expires:                2010-02-17 13:46:45 EET
         Lease Expires in:             202 seconds
         Lease Start:                  2010-02-17 13:24:15 EET
         Last Packet Received:         2010-02-17 13:41:45 EET
         Incoming Client Interface:    demux0.3221225493
         Client Interface Svlan Id:    4020
         Client Interface Vlan Id:     3000
         Server Identifier:            10.200.4.1
         Session Id:                   23
         Client Pool Name:             10-200-4-0
    

    No DS group assigned



  • 8.  RE: Single-session dual-stack subscribers - how it works?

    Posted 03-27-2018 08:41

    And finally working config is 

    dhcpv6 {
        overrides {
            delete-binding-on-renegotiation;
            dual-stack DS;
        }
        group ipv6-stacked-subscribers {
            interface demux0.0;
        }
    }
    pool-match-order {
        ip-address-first;
    }
    duplicate-clients-in-subnet incoming-interface;
    overrides {
        client-discover-match incoming-interface;
        dual-stack DS;
    }
    group ipv6-stacked-subscribers {
        interface demux0.0;
    }
    dual-stack-group DS {
        authentication {
            username-include {
                user-prefix DUAL-STACK;
                interface-name;
            }
        }
        dynamic-profile IP-DHCPv4-DHCPv6;
        classification-key {
            mac-address;
        }
        protocol-master inet;
    }
    

    Problem was with overrides settings, which not inherits settings from overrides statement up one level.

     



  • 9.  RE: Single-session dual-stack subscribers - how it works?

    Posted 03-27-2018 09:00

    And a little appendix for the post above:

    You will brake your DUAL-STACK if you change CLIENT DUID. So if your client has mac address of c4:12:f5:d4:aa:eb and DUID LL_TIME0x1-0x22208122-c4:12:f5:d4:aa:eb it will work fine.

    If you got DUID demux0.3221225511 LL_TIME0x1-0x22208122-aa:aa:aa:aa:aa:aa (for example you can change duid via regedit in Windows) then your dual-stack session will only have binding on master protocol. 

    So it will be great if there will be classification-key something like incoming-interface or subscriber-interface wich is suitable for C-VLAN.



  • 10.  RE: Single-session dual-stack subscribers - how it works?

    Posted 02-17-2019 21:59

    Hi!

    I'm also trying to configure BNG with single-session dual-stack subscribers. I'm facing a issue. BNG shows it has provided iana and pd ipv6 to subscribers but subscribers doesn't get pd prefix.

     

    root@bng-ss-ds-ip-demux# run show subscribers 

    Interface             IP Address/VLAN ID                      User Name                      LS:RI

    demux0.3221225578     0x8100.3800 0x8100.401                                            default:default      

    demux0.3221225578     100.64.0.8                                                        default:default      

    *                     2001:db8:0:1::6

    *                     2001:db8:1::/64

     

    Packet capture shows BNG is advertising iana address only. But here in subscriber list it shows both iana and pd. A bit confused.



  • 11.  RE: Single-session dual-stack subscribers - how it works?

     
    Posted 02-17-2019 23:08

    Hi Manoj,

     

    show subscribers is showing the address means AAA has assigned the address. It doesn't mean that DHCPv6 negotiation for v6PD is completed.

     

    Kindly open new thread with DHCP traceoption and configuration.

     

    Regards,

    Rahul