Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.

  • 1.  Dhcp v6-ia works but authd Failed to create address entry

    Posted 08-03-2018 09:17

    v6-ia /218 is working and I can see the route is created normally

     

    show route 2001:db8:1000::2

     

    inet6.0: 11 destinations, 11 routes (11 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    2001:db8:1000::2/128
    *[Access-internal/12] 00:01:14
    Private unicast

     

    CPE also get the correct 2001:db8:1000::2/128 address.


    but i got the error in log:

    authd[14288]: Failed to create address entry 2001:db8:1000::2

     

    Why authd advertise that error if everything is working? How to eliminate that error?

     

    Config:

    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" no-traps
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" ppp-options chap
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" ppp-options pap
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" ppp-options mtu 1492
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" pppoe-options underlying-interface "$junos-underlying-interface"
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" pppoe-options server
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" keepalives interval 30
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet rpf-check
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet tcp-mss 1452
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet unnumbered-address lo0.0
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 rpf-check
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 tcp-mss 1452
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 address $junos-ipv6-address
    set dynamic-profiles PPPOE-PROFILE interfaces pp0 unit "$junos-interface-unit" family inet6 unnumbered-address lo0.0
    set dynamic-profiles PPPOE-PROFILE protocols router-advertisement interface "$junos-interface-name" no-managed-configuration
    set dynamic-profiles PPPOE-PROFILE protocols router-advertisement interface "$junos-interface-name" other-stateful-configuration
    set dynamic-profiles PPPOE-PROFILE protocols router-advertisement interface "$junos-interface-name" default-lifetime 0
    set dynamic-profiles PPPOE-PROFILE protocols router-advertisement interface "$junos-interface-name" prefix $junos-ipv6-ndra-prefix

     

    set interfaces lo0 unit 0 family inet6 address 2001:db8:1000::1/128 primary
    set interfaces lo0 unit 0 family inet6 address 2001:db8:1000::1/128 preferred

    delete access address-assignment pool v6-ia-na-pool
    set access address-assignment pool v6-ia-na-pool family inet6 prefix 2001:db8:1000:0000::/64
    set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 low 2001:db8:1000::2/128
    set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 high 2001:db8:1000::ffff:ffff/128


    set system services dhcp-local-server dhcpv6 group group-pppoe overrides delete-binding-on-renegotiation
    set system services dhcp-local-server dhcpv6 group group-pppoe overrides top-level-status-code
    set system services dhcp-local-server dhcpv6 group group-pppoe interface pp0.0
    set system services dhcp-local-server dhcpv6 server-duid-type duid_ll

     



  • 2.  RE: Dhcp v6-ia works but authd Failed to create address entry

     
    Posted 08-03-2018 10:55

    Hi,

     

    Please share the complete authd logs.

     

    labroot@jtac-mx960-r2032# show system processes general-authentication-service
    traceoptions {
    file authd size 100m;
    flag all;
    }

     

    Regards,

    Rahul



  • 3.  RE: Dhcp v6-ia works but authd Failed to create address entry

    Posted 08-03-2018 12:16
      |   view attached

    Follow atached the log

    Attachment(s)

    txt
    log.txt   59 KB 1 version


  • 4.  RE: Dhcp v6-ia works but authd Failed to create address entry

     
    Posted 08-08-2018 07:56

    Hi,

     

    Looks like my last post was not through.

     

    I can see CPE is requesting both IANA and IAPD. Can you please create PD pool and test?

     

    set access address-assignment pool test family inet6 prefix X:X:X::/40
    set access address-assignment pool test family inet6 range r1 prefix-length 56

     

    labroot@jtac-mx960-r2004-re0# set system services dhcp-local-server dhcpv6 overrides delegated-pool test

     

    Aug 3 16:02:43.201069 V6NA: req: yes pool: v6-ia-na-pool address: 2001:db8:1000::8
    Aug 3 16:02:43.201076 V6PD: req: yes pool: v6-ia-na-pool prefix: null/0

     

    Aug 3 16:02:44.201126 Unable to create address entry
    Aug 3 16:02:44.201140 Failed to create address entry 2001:db8:1000::8



  • 5.  RE: Dhcp v6-ia works but authd Failed to create address entry

    Posted 08-08-2018 09:15

    Looks like the error are hiting the log file even after I configure the PD.

     

    Bug?

     



  • 6.  RE: Dhcp v6-ia works but authd Failed to create address entry

     
    Posted 08-08-2018 22:14
    Configuration issue. As you’ve JTAC case logged. We can do live troubleshooting.

    Regards,
    Rahul


  • 7.  RE: Dhcp v6-ia works but authd Failed to create address entry

     
    Posted 08-21-2018 02:50

    I’ve tested the couple of releases and see that error message is seen from 17.3R3. Issue is not present in 16.1R7.

     

    Please find the events.

     

    • When the underlying PPPoE session logs in, it requests that authd allocate it an V4NA, V6NA, and V6PD.
    • Authd allocates only a V4NA. This is perfectly valid if RADIUS (or another external authority) does not supply a V6NA, V6PD or associated pool names from which to allocate them.
    • When the associated DHCPv6 session logs in over the PPPoE session, it will attempt to inherit the V6NA and V6PD from the underling PPPoE session.  But of course, there are none.
    • So, when JDHCPd submits an auth login request for the DHCPv6 session, it asks AUTHd to allocate a V6NA and V6PD.
    • AUTHd allocates a V6NA from a local pool based on network-match rules.  It allocates a V6PD based upon the delegated pool name configured in the DHCP config stanza
    • Recall that the underlying PPPoE session is used to manage this PPP dual stack subscriber from an AAA perspective. After JDHCPd subsequently submits a family activate request to authd for the DHCPv6 session, it will then copy the V6NA and V6PD that was just allocated to the DHCP session by AUTHd to the underlying PPPoE session’s SDB entry.  JDHCPd will then ask AUTH to trigger an address-change interim immediate accounting update.  This is necessary because from an accounting perspective the only session that matters is the underlying PPPoE session.
    • It is at this point that AUTHd is generating the error log messages because it doesn’t like the fact that the addresses being changed in the underling PPPoE session are actually owned by a different (DHCP) session.

     

    Workaround

     

    A workaround for this issue is to configure RADIUS to supply the framed ipv6 address pool name and the delegated ipv6 prefix pool name when the PPP subscriber session authenticates.  This will prevent JDHCPd from asking AUTHd to trigger an address-change immediate interim accounting update.



  • 8.  RE: Dhcp v6-ia works but authd Failed to create address entry
    Best Answer

     
    Posted 08-27-2018 19:41

    The error message is coming out due to additional checking now being done by authd in later releases. Functionally, everything is working and no issues outside of a log message are seen.

     

    Regards,

    Rahul