Junos OS

 View Only
last person joined: 5 days ago 

Ask questions and share experiences about Junos OS.

  • 1.  MX PPPoE IPv6 IA_NA + IA_PD

    Posted 01-08-2018 15:32

    I am trying to get an MX104 BNG to provide /128 IPv6 addresses using DHCPv6 IA_NA as well as a prefix using IA_PD.  I've set it up identically to what Juniper docs show, but it's not working. I've done a pcap off a CPE and I see the CPE sending a SOLICIT asking for IA_NA and IA_PD and the MX sends back an ADVERTISE with a valid prefix for PD from the pool, however for the NA it shows status code 3 "NoBinding".  The CPE again SOLICITS a NA and the MX ADVERTISEs back with "NoAddrAvail".

     

    Also, the prefix for PD that the MX hands out does not get installed in the routing table and when running "show dhcpv6 server binding" I sometimes see it listed as "SELECTING" status, but never goes BOUND.  In my pcap I do see the SOLICIT->ADVERTISE->REQUEST->REPLY all happen, so I'm not sure why it never transitions to BOUND.

     

    So neither IA_NA or IA_PD seems to be functioing.  It's odd to me that I don't have to explicitly define what pool IA_NA uses...apparently it just uses whatever it happens to find in "address-pool" configurations?


    Relevant config:

     

    dynamic-profiles {
        pppoe-profile {
            interfaces {
                pp0 {
                    unit "$junos-interface-unit" {
                        ppp-options {
                            chap;
                            pap;
                        }
                        pppoe-options {
                            underlying-interface "$junos-underlying-interface";
                            server;
                        }
                        keepalives interval 30;
                        family inet {
                            rpf-check;
                            unnumbered-address lo0.0;
                        }
                        family inet6 {
                            unnumbered-address lo0.0;
                        }
                    }
                }
            }
            routing-options {
                access {
                    route $junos-framed-route-ip-address-prefix {
                        qualified-next-hop "$junos-interface-name";
                    }
                }
            }
        }
        dual-vlan-prof {
            interfaces {
                "$junos-interface-ifd-name" {
                    unit "$junos-interface-unit" {
                        no-traps;
                        vlan-tags outer "$junos-stacked-vlan-id" inner "$junos-vlan-id";
                        family pppoe {
                            duplicate-protection;
                            dynamic-profile pppoe-profile;
                        }
                    }
                }
            }
        }
        single-vlan-prof {
            interfaces {
                "$junos-interface-ifd-name" {
                    unit "$junos-interface-unit" {
                        vlan-id "$junos-vlan-id";
                        family pppoe {
                            duplicate-protection;
                            dynamic-profile pppoe-profile;
                        }
                    }
                }
            }
        }
    }

    access {
        address-assignment {
            pool FNB-V6-PD-POOL1 {
                family inet6 {
                    prefix 2607:xxxx:xxxx::/48;
                    range pd-range prefix-length 64;
                }
            }
            pool FNB-V6-IA-NA-POOL {
                family inet6 {
                    prefix 2607:xxxx:xxxx:x::/64;
                    range v6-range {
                        low 2607:xxxx:xxxx:x::1/128;
                        high 2607:xxxx:xxxx:x:ffff:ffff:ffff:ffff/128;
                    }
                }
            }
        }
        address-protection;
    }

    system {

        services {
            dhcp-local-server {
                dhcpv6 {
                    overrides {
                        delegated-pool FNB-V6-PD-POOL1;
                    }
                    group DHCPv6oPPPoE {
                        interface pp0.0;
                    }
                }
            }
        }

    }



  • 2.  RE: MX PPPoE IPv6 IA_NA + IA_PD
    Best Answer

     
    Posted 01-08-2018 18:33

    Hi,

     

    By convention, when sourcing IPv6 IA_NA +IA_PD from local pools without external authority, the local address is typically borrowed from a loopback interface. 
    Network match semantics will be used to identify a local pool to satisfy the IA_NA /128 address (thus local address and IA_NA pool are in the same subnet and the NA pool should be configured to provide /128 addresses not prefixes). 
    The DHCPv6 overrides delegated-pool should specify the IPv6 address pool from which to source the delegated prefix (thus network match is not used for this).

     

    Please change the IPv6 address on loopback to match with the IANA pool. In case issue is seen again, please collect the authd logs and share the same.

     

    LAB# show system processes general-authentication-service
    traceoptions {
        file authd size 100m;
        flag all;
    }



  • 3.  RE: MX PPPoE IPv6 IA_NA + IA_PD

    Posted 01-08-2018 19:16

    rnayar,

     

    Thank you.  I have a client now BOUND for both the IA_NA /128 and the /64 PD which has never happened before, so definitely progress.  There are still other clients that are refusing to go BOUND and just keep shuffling through the pool in SELECTING state.  I did a pcap on one of them and it doesn't seem like they ever offer a REQUEST after the MX sends the ADVERTISE....again, not sure why...maybe just broken implementations on the requesting-router's part.

     

    Do you know of any documentation stating that the IA_NA pool needs to be in the same network as the loopback used?  I don't recall reading that anywhere in all the docs I've read on Juniper's website.

     

    Thank you for the help.