Routing

Hello everybody!

I`m trying set up single-session dual-stacked subscribers in my lab, using information from here https://www.juniper.net/documentation/en_US/junos/topics/concept/subscriber-management-dhcp-local-server-dual-stack-overview.html

So i`ve upgraded my mx104 to 17.4R1.16 and made simple setup:

show system services dhcp-local-server
dhcpv6 {
    group stacked-subscribers {
        dynamic-profile IP-DHCPv4-DHCPv6;
        overrides {
            dual-stack DUAL-STACK;
        }
        interface ge-0/0/4.0;
    }
}
pool-match-order {
    ip-address-first;
}
duplicate-clients-in-subnet incoming-interface;
overrides {
    client-discover-match incoming-interface;
}
group stacked-subscribers {
    overrides {
        dual-stack DUAL-STACK;
    }
    dynamic-profile IP-DHCPv4-DHCPv6;
    interface ge-0/0/4.0;
}
dual-stack-group DUAL-STACK {
    authentication {
        username-include {
            user-prefix DUAL-STACK;
            interface-name;
        }
    }
    dynamic-profile IP-DHCPv4-DHCPv6;
    classification-key {
        mac-address;
    }
    protocol-master inet;
    liveness-detection {
        method {
            layer2-liveness-detection {
                transmit-interval 300;
                max-consecutive-retries 5;
            }
        }
    }
}

On the radius side i got:

DUAL-STACK.ge-0/0/4:4020-3000 Auth-Type := Accept
        Framed-IP-Address := "10.200.4.2",
		Framed-IP-Netmask := "255.255.252.0",it.d/freeradius restart
        Framed-IPv6-Prefix := "2a22:f440:000a:0003:0000:0000:0000:7919/128",    
        Delegated-IPv6-Prefix := "2a22:f440:000a:f919:0000:0000:0000:0000/64"

all seems ok:

 run show subscribers
Interface           IP Address/VLAN ID                      User Name                      LS:RI
demux0.3221225520   0x8100.4020 0x8100.3000                                           default:default
demux0.3221225520   10.200.4.2                              DUAL-STACK.ge-0/0/4:4020-3000       default:default
*                   2a22:f440:a:3::7919
*                   2a22:f440:a:f919::/64

But on subscriber side i got only ipv4 address:

 run show dhcp server binding
IP address        Session Id  Hardware address   Expires     State      Interface
10.200.4.2        84          c4:12:f5:d4:aa:eb  224         BOUND      demux0.3221225520

run show dhcpv6 server binding
<EMPTY>

In show subscribers you may see ipv6 address because that assigned via the radius return attributes.

You may require some config changes. before that, check show dhcpv6 server statistics and check you're getting Solicit?

if yes, Is MX sending out Advertise?

Attach yourc onfig & a pcap when dialing the subscriber.

Hello karand.

Statistics show that MX receiving solocit messages

run show dhcpv6 server statistics
Dhcpv6 Packets dropped:
    Total               0

Advertise Delay:
    DELAYED                    0
    INPROGRESS                 0
    TOTAL                      0

Messages received:
    DHCPV6_DECLINE             0
    DHCPV6_SOLICIT             16
    DHCPV6_INFORMATION_REQUEST 0
    DHCPV6_RELEASE             0
    DHCPV6_REQUEST             0
    DHCPV6_CONFIRM             0
    DHCPV6_RENEW               0
    DHCPV6_REBIND              0
    DHCPV6_RELAY_FORW          0
    DHCPV6_LEASEQUERY          0

Messages sent:
    DHCPV6_ADVERTISE           0
    DHCPV6_REPLY               0
    DHCPV6_RECONFIGURE         0
    DHCPV6_RELAY_REPL          0
    DHCPV6_LEASEQUERY_REPLY    0
    DHCPV6_LEASEQUERY_DATA     0
    DHCPV6_LEASEQUERY_DONE     0

Also when i remove overrides dual-stack for dhcpv6 my subscriber receiving requested address.

Subscriber-related configuration looks like this:

show groups SUBSCRIBERS-TEST
interfaces {
    <*> {
        description "SUBSCRIBERS ACCESS";
        flexible-vlan-tagging;
        auto-configure {
            stacked-vlan-ranges {
                dynamic-profile TEST-PROFILE {
                    accept [ dhcp-v4 dhcp-v6 ];
                    ranges {
                        4000-4020,2200-4000;
                    }
                }
            }
            remove-when-no-subscribers;
        }
        mtu 9192;
        encapsulation flexible-ethernet-services;
    }
}

show dynamic-profiles TEST-PROFILE
interfaces {
    demux0 {
        no-traps;
        interface-mib;
        unit "$junos-interface-unit" {
            demux-source [ inet inet6 ];
            no-traps;
            proxy-arp unrestricted;
            vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
            demux-options {
                underlying-interface "$junos-underlying-interface";
            }
            family inet {
                rpf-check fail-filter rpf-pass-dhcp;
                unnumbered-address lo0.0 preferred-source-address 10.200.4.1;
            }
            family inet6 {
                unnumbered-address lo0.0 preferred-source-address 2a22:f440:a:3::1;
            }
        }
    }
}
protocols {
    router-advertisement {
        interface "$junos-interface-name" {
            max-advertisement-interval 900;
            min-advertisement-interval 300;
            managed-configuration;
            other-stateful-configuration;
        }
    }
}


 show interfaces ge-0/0/4
apply-groups SUBSCRIBERS-TEST;
description "TEST INTERFACE";
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 4084 {
    description "Office MGT 214.0/24";
    encapsulation vlan-bridge;
    vlan-id 4084;
}
unit 0 {
    family inet {
        address 10.200.4.1/32;
    }
    family inet6 {
        address 2a22:f440:a:3::1/128;
    }
}
show system services dhcp-local-server
dhcpv6 {
    group ipv6-stacked-subscribers {
        dynamic-profile IP-DHCPv4-DHCPv6;
        overrides {
            dual-stack DUAL-STACK;
        }
        interface ge-0/0/4.0;
    }
}
pool-match-order {
    ip-address-first;
}
duplicate-clients-in-subnet incoming-interface;
overrides {
    client-discover-match incoming-interface;
}
group 1 {
    overrides {
        dual-stack DUAL-STACK;
    }
    dynamic-profile IP-DHCPv4-DHCPv6;
    interface ge-0/0/4.0;
}
dual-stack-group DUAL-STACK {
    authentication {
        username-include {
            user-prefix DUAL-STACK;
            interface-name;
        }
    }
    dynamic-profile IP-DHCPv4-DHCPv6;
    classification-key {
        mac-address;
    }
    protocol-master inet;
    liveness-detection {
        method {
            layer2-liveness-detection {
                transmit-interval 300;
                max-consecutive-retries 5;
            }
        }
    }
}

 show dynamic-profiles IP-DHCPv4-DHCPv6
interfaces {
    "$junos-interface-ifd-name" {
        unit "$junos-underlying-interface-unit" {
            family inet {
                unnumbered-address lo0.0 preferred-source-address 10.200.4.1;
            }
            family inet6 {
                unnumbered-address lo0.0 preferred-source-address 2a22:f440:a:3::1;
            }
        }
    }
}

subs.pcap captured from ge-0/0/4 ( subs interface ) attached to the post.

Hi,

You don't require dynamic-profile (IP-DHCPv4-DHCPv6) here in this stanza

show system services dhcp-local-server
dhcpv6 {
    group ipv6-stacked-subscribers {
        dynamic-profile IP-DHCPv4-DHCPv6;

Those v6 addresses next to * is becuase its single-session dual-stack, the underlying interface xe-2/0/1.3221225518 reminds same. In this case, session_id=61

{master}[edit groups dual-stack-dhcp]
labroot@jtac-MX960-r2004-re0# run show subscribers
Interface           IP Address/VLAN ID                      User Name                      LS:RI
xe-2/0/1.3221225518 0x8100.100 0x8100.200                                             default:default
xe-2/0/1.3221225518 100.0.0.154                             karand@dual.com           default:default
*                   2000::93
*                   4000::800:0:0/88

labroot@jtac-MX960-r2004-re0# run show subscribers extensive
Type: VLAN
Logical System: default
Routing Instance: default
Interface: xe-2/0/1.3221225518
Interface type: Dynamic
Underlying Interface: xe-2/0/1
Dynamic Profile Name: AUTOCONF-SVLAN-PROF
Dynamic Profile Version: 2
State: Active
Session ID: 60
PFE Flow ID: 66
Stacked VLAN Id: 0x8100.100
VLAN Id: 0x8100.200
Login Time: 2018-03-23 13:29:17 IST

Type: DHCP
User Name: karand@dual.com
IP Address: 100.0.0.154
IP Netmask: 255.255.0.0
Domain name server inet: 10.1.2.3 10.1.2.3
IPv6 Address: 2000::93
IPv6 Prefix: 4000::800:0:0/88
Logical System: default
Routing Instance: default
Interface: xe-2/0/1.3221225518
Interface type: Static
Underlying Interface: xe-2/0/1.3221225518
MAC Address: 00:11:01:00:00:01
State: Active
Radius Accounting ID: 61
Session ID: 61
PFE Flow ID: 66
Stacked VLAN Id: 100
VLAN Id: 200
Login Time: 2018-03-23 13:29:17 IST
DHCP Options: len 9
35 01 01 37 04 01 03 3a 3b
DHCPV6 Options: len 40
00 08 00 02 00 00 00 01 00 0e 00 01 00 01 22 47 98 b8 00 11
01 00 00 01 00 03 00 0c 00 00 00 0a 00 04 9d 40 00 07 62 00
DHCP Header: len 44
01 01 06 00 41 58 29 39 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 11 01 00 00 01 00 00 00 00 00 00
00 00 00 00
DHCPV6 Header: len 4
01 02 29 34
IP Address Pool: POOL-V4-100
IPv6 Address Pool: POOL-V6-NA
IPv6 Delegated Address Pool: POOL-V6-PD

labroot@jtac-MX960-r2004-re0# run show dhcpv6 server binding
Prefix                  Session Id  Expires  State    Interface    Client DUID
2000::93/128            61          3520     BOUND    xe-2/0/1.3221225518 LL_TIME0x1-0x224798b8-00:11:01:00:00:01

labroot@jtac-MX960-r2004-re0# run show dhcp server binding
IP address        Session Id  Hardware address   Expires     State      Interface
100.0.0.154       61          00:11:01:00:00:01  3510        BOUND      xe-2/0/1.3221225518

{master}[edit groups dual-stack-dhcp]
labroot@jtac-MX960-r2004-re0# run show route | match access
100.0.0.154/32     *[Access-internal/12] 00:02:39
2000::93/128       *[Access-internal/12] 00:02:38
4000::800:0:0/88   *[Access/13] 00:02:38

Have a look at my conifg:

{master}[edit groups dual-stack-dhcp]
labroot@jtac-MX960-r2004-re0# show system services dhcp-local-server
dhcpv6 {
    group v6-dhcp-client-0 {
        overrides {
            delegated-pool POOL-V6-PD;
            delete-binding-on-renegotiation;
            dual-stack "DS_Group_For_Server-Clients;";
        }
    }
    group v4-rtClient-0 {
        overrides {
            delete-binding-on-renegotiation;
            dual-stack DS_Group_For_Server-Clients;
        }
        interface xe-2/0/1.0;
    }
}
group 1 {
    overrides {
        dual-stack DS_Group_For_Server-Clients;
    }
    interface xe-2/0/1.0;
}
dual-stack-group DS_Group_For_Server-Clients {
    authentication {
        password jtac123;
        username-include {
            user-prefix "karand@dual.com";
        }
    }
    inactive: dynamic-profile DHCP-DYNAMIC-PROFILE-DUAL-STACK;
}

{master}[edit groups dual-stack-dhcp]
labroot@jtac-MX960-r2004-re0# show interfaces xe-2/0/1
flexible-vlan-tagging;
auto-configure {
    stacked-vlan-ranges {
        dynamic-profile AUTOCONF-SVLAN-PROF {
            accept any;
            ranges {
                any,any;
            }
        }
    }
    remove-when-no-subscribers;
}

{master}[edit groups dual-stack-dhcp]
labroot@jtac-MX960-r2004-re0# show dynamic-profiles AUTOCONF-SVLAN-PROF
routing-instances {
    "$junos-routing-instance" {
        interface "$junos-interface-name" {
            any;
        }
    }
}
interfaces {
    "$junos-interface-ifd-name" {
        unit "$junos-interface-unit" {
            proxy-arp;
            vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
            family inet {
                unnumbered-address "$junos-loopback-interface";
            }
            family inet6 {
                unnumbered-address "$junos-loopback-interface";
            }
        }
    }
}

Also, to call out your config, you do require demux0 or ge-0/0/4.xxx for subscriber?

In your dynamic-profile test-profile, you have configured subscriber interface demux0 and in under the dhcp-local-server dhcpv4 group interface is ge-0/0/4. Configure demux0 under dhcp-local-server dhcpv6 group & in group1.

set dhcp-local-server dhcpv6 group <name> interface demux0

set dhcp-local-server group <name> interface demux0

Hello karand.

looks like ther is issue with single-session dual-stack.

With configuration like this:

dhcpv6 {
    overrides {
        delete-binding-on-renegotiation;
        dual-stack DS;
    }
    group ipv6-stacked-subscribers {
        interface demux0.0;
    }
}
pool-match-order {
    ip-address-first;
}
duplicate-clients-in-subnet incoming-interface;
overrides {
    client-discover-match incoming-interface;
    dual-stack DS;
}
group ipv6-stacked-subscribers {
    overrides {
        delete-binding-on-renegotiation;
    }
    interface demux0.0;
}
dual-stack-group DS {
    authentication {
        username-include {
            user-prefix DUAL-STACK;
            interface-name;
        }
    }
    dynamic-profile IP-DHCPv4-DHCPv6;
    classification-key {
        mac-address;
    }
}

I removed protocol master from configuration

So now i got bindings for subscribers on dhcpv4 and dhcpv6

but

demux0.3221225491   0x8100.4020 0x8100.3000                                           default:default
demux0.3221225491   10.200.4.7                                                        default:default
demux0.3221225491   10.200.4.8                              DUAL-STACK.ge-0/0/4:4020-3000       default:default
*                   2a22:f440:a:3::9

As you can see i got subscriber with 10.200.4.7 that went pass authorization process

 run show dhcp server binding
IP address        Session Id  Hardware address   Expires     State      Interface
10.200.4.7        21          c4:12:f5:d4:aa:eb  291         BOUND      demux0.3221225491

And dual-stack subscriber with ip address 10.200.4.9 and dhcpv6 binding:

run show dhcpv6 server binding
Prefix                  Session Id  Expires  State    Interface    Client DUID
2a22:f440:a:3::9/128    22          595      BOUND    demux0.3221225491 LL_TIME0x1-0x22208122-c8:ff:28:26:96:1f

Looks like there is issue with primary-key:

 run show dhcpv6 server binding detail

Session Id:  24
     Client IPv6 Address:                   2a22:f440:a:3::15/128
     Lease Expires:                         2010-02-17 13:54:25 EET
     Lease Expires in:                      676 seconds
     Preferred Lease Expires:               2010-02-17 13:54:25 EET
     Preferred Lease Expires in:            676 seconds
     Client DUID:                           LL_TIME0x1-0x22208122-c4:12:f5:d4:aa:eb
     State:                                 BOUND(DHCPV6_LOCAL_SERVER_STATE_BOUND)
     Lease Start:                           2010-02-17 13:24:24 EET
     Last Packet Received:                  2010-02-17 13:39:25 EET
     Incoming Client Interface:             demux0.3221225493
     Client Interface Svlan Id:             4020
     Client Interface Vlan Id:              3000
     Client Pool Name:                      v6-ia-na-pool
     Client Prefix Pool Name:               v6-ia-na-pool
     Client Profile Name:                   IP-DHCPv4-DHCPv6
     Client Id Length:                      14
     Client Id:                             /0x00010001/0x22208122/0xc412f5d4/0xaaeb
     Dual Stack Group                       DS
     Dual Stack key                         MAC/

There is key - mac address and dual-stack group assigned

But when i check dhcp server binding state:

Client IP Address:  10.200.4.17
     Hardware Address:             c4:12:f5:d4:aa:eb
     State:                        BOUND(LOCAL_SERVER_STATE_BOUND)
     Protocol-Used:                DHCP
     Lease Expires:                2010-02-17 13:46:45 EET
     Lease Expires in:             202 seconds
     Lease Start:                  2010-02-17 13:24:15 EET
     Last Packet Received:         2010-02-17 13:41:45 EET
     Incoming Client Interface:    demux0.3221225493
     Client Interface Svlan Id:    4020
     Client Interface Vlan Id:     3000
     Server Identifier:            10.200.4.1
     Session Id:                   23
     Client Pool Name:             10-200-4-0

No DS group assigned

And finally working config is 

dhcpv6 {
    overrides {
        delete-binding-on-renegotiation;
        dual-stack DS;
    }
    group ipv6-stacked-subscribers {
        interface demux0.0;
    }
}
pool-match-order {
    ip-address-first;
}
duplicate-clients-in-subnet incoming-interface;
overrides {
    client-discover-match incoming-interface;
    dual-stack DS;
}
group ipv6-stacked-subscribers {
    interface demux0.0;
}
dual-stack-group DS {
    authentication {
        username-include {
            user-prefix DUAL-STACK;
            interface-name;
        }
    }
    dynamic-profile IP-DHCPv4-DHCPv6;
    classification-key {
        mac-address;
    }
    protocol-master inet;
}

Problem was with overrides settings, which not inherits settings from overrides statement up one level.

And a little appendix for the post above:

You will brake your DUAL-STACK if you change CLIENT DUID. So if your client has mac address of c4:12:f5:d4:aa:eb and DUID LL_TIME0x1-0x22208122-c4:12:f5:d4:aa:eb it will work fine.

If you got DUID demux0.3221225511 LL_TIME0x1-0x22208122-aa:aa:aa:aa:aa:aa (for example you can change duid via regedit in Windows) then your dual-stack session will only have binding on master protocol. 

So it will be great if there will be classification-key something like incoming-interface or subscriber-interface wich is suitable for C-VLAN.

Hi!

I'm also trying to configure BNG with single-session dual-stack subscribers. I'm facing a issue. BNG shows it has provided iana and pd ipv6 to subscribers but subscribers doesn't get pd prefix.

root@bng-ss-ds-ip-demux# run show subscribers 

Interface             IP Address/VLAN ID                      User Name                      LS:RI

demux0.3221225578     0x8100.3800 0x8100.401                                            default:default      

demux0.3221225578     100.64.0.8                                                        default:default      

*                     2001:db8:0:1::6

*                     2001:db8:1::/64

Packet capture shows BNG is advertising iana address only. But here in subscriber list it shows both iana and pd. A bit confused.

Hi Manoj,

show subscribers is showing the address means AAA has assigned the address. It doesn't mean that DHCPv6 negotiation for v6PD is completed.

Kindly open new thread with DHCP traceoption and configuration.

Regards,

Rahul