Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.
Back to discussions
Expand all | Collapse all

Framed-IPv6-Prefix using DHCP instead of NDRA

  • 1.  Framed-IPv6-Prefix using DHCP instead of NDRA

    Posted 07-31-2018 09:14

    I use dhcp for delegate a prefix for clients.

    Using radius parameter: Delegated-IPv6-Prefix

    Configuration:

    set system services dhcp-local-server dhcpv6 group group-pppoe overrides multi-address-embedded-option-response
    set system services dhcp-local-server dhcpv6 group group-pppoe interface pp0.0

     

    For CPE Wan I use router advertisement

    Using Radius parameter: Framed-IPv6-Prefix

    Configuration:

    set dynamic-profiles PPPOE-PROFILE protocols router-advertisement interface "$junos-interface-name" prefix $junos-ipv6-ndra-prefix

     

    I've a lot of CPE prefering the NDRA address using DHCP insted of SLAAC. So I have to many dhcp solicits flood:

     

    12:55:37.613430 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 solicit
    12:55:37.613634 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 advertise
    12:55:38.625374 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 request
    12:55:38.625536 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 reply
    12:55:38.805517 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 solicit
    12:55:38.806129 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 advertise
    12:55:39.816850 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 request
    12:55:39.817002 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 reply
    12:55:42.121527 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 solicit
    12:55:42.122034 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 advertise
    12:55:42.886552 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 request
    12:55:42.886719 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 reply
    12:55:43.630131 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 solicit
    12:55:43.630886 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 advertise
    12:55:44.414257 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 request
    12:55:44.414446 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 reply
    12:55:45.548878 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 solicit
    12:55:45.549601 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 advertise
    12:55:46.265599 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 request
    12:55:46.265750 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 reply
    12:55:46.473938 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 solicit
    12:55:46.474152 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 advertise
    12:55:47.485372 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 request
    12:55:47.485548 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 reply
    12:55:48.643573 In IP6 fe80::yyyy:yyyy:yyyy:yyyy.546 > ff02::1:2.547: dhcp6 solicit
    12:55:48.643867 Out IP6 fe80::xxxx:xxxx:xxxx:xxxx.547 > fe80::yyyy:yyyy:yyyy:yyyy.546: dhcp6 advertise

     

    Instead of changing all my CPEs for RA - SLAAC is that possible to use DHCP for Framed-IPv6-Prefix parameter? Or use RA and DHCP, whenever the CPE preference?



  • 2.  RE: Framed-IPv6-Prefix using DHCP instead of NDRA
    Best Answer

     
    Posted 07-31-2018 09:39

    HI,

     

    You can use DHCPv6 IANA for CPE WAN and IAPD for LAN.

    Please note IANA you need to use /128. Framed-IPv6-Prefix as /128 or configure pool with prefix-length as /128.

     

    Regards,
    Rahul



  • 3.  RE: Framed-IPv6-Prefix using DHCP instead of NDRA

     
    Posted 07-31-2018 09:43

    Hi,

     

    Please find the below link.

     

    https://www.juniper.net/documentation/en_US/junos/topics/concept/subscriber-management-dual-stack-dhcpv6-iana-plus-pd.html

     

    Regards,

    Rahul



  • 4.  RE: Framed-IPv6-Prefix using DHCP instead of NDRA

    Posted 08-01-2018 07:43

    I'm testing it and when I use /128  the CPE interface won't get fe80 gateway, so can't access any ipv6 address.



  • 5.  RE: Framed-IPv6-Prefix using DHCP instead of NDRA

     
    Posted 08-01-2018 07:53

    Hi,

     

    How are you assigning the address? In case you're using pool, loopback address should match the subnet like we do for DHCPv4.

    Are you seeing access and access-internal route under inet6.0?

     

    Regards,

    Rahul



  • 6.  RE: Framed-IPv6-Prefix using DHCP instead of NDRA

    Posted 08-01-2018 09:12

    Yes,

    I can see routes

     

     

    Working for router advertisement Framed-IPv6-Prefix /64 and ipv4 /32

    If I change radius Framed-IPv6-Prefix to a /128 route I also get the correct internal routes:

     

    show route | match Access | count
    Count: 2 lines

     

    but remote end (cpe) doesn't get the gateway. 

     



  • 7.  RE: Framed-IPv6-Prefix using DHCP instead of NDRA

    Posted 08-02-2018 06:17

    The thing is:

    If I use dhcp ia-na the default gateway is not advertised. I think that protocol just is able to advertise address and dns.

     

    set system services dhcp-local-server dhcpv6 group group-pppoe overrides multi-address-embedded-option-response
    set system services dhcp-local-server dhcpv6 group group-pppoe interface pp0.0

     

    So I enabled router advertisement.

     

    set dynamic-profiles PPPOE-PROFILE protocols router-advertisement interface "$junos-interface-name" managed-configuration
    set dynamic-profiles PPPOE-PROFILE protocols router-advertisement interface "$junos-interface-name" other-stateful-configuration

     

    Now I get a default gateway but after I get a dhcp address from ia-na the default gateway continues but I can't ping any ipv6 anymore neither the junos lo0 inet6.

     

    set access address-assignment pool v6-ia-na-pool family inet6 prefix 2001:db8:1000:0000::/64
    set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 low 2001:db8:1000::2/128
    set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 high 2001:db8:1000::ffff:ffff/128

     

    set interfaces lo0 unit 0 family inet6 address 2001:db8:1000::1/128 primary
    set interfaces lo0 unit 0 family inet6 address 2001:db8:1000::1/128 preferred

     

     

    show route 2001:db8:1000::17/128 

     

    2001:db8:1000::17/128
    *[Access-internal/12] 00:01:56
    Private unicast

     

    I capture packets and CPE receives juniper ping echo request but can't send back the echo reply.

     



  • 8.  RE: Framed-IPv6-Prefix using DHCP instead of NDRA

     
    Posted 08-02-2018 07:18

    When you're using DHCPv6 PD, there is no need to configure router-advertisement under the dynamic-profile as it is used for IPv6 NDRA.

     

    Do you have below configuration?

     

    set dynamic-profiles X interfaces X unit "$junos-interface-unit" family inet6 unnumbered-address "$junos-loopback-interface"

     

    Regards,

    Rahul



  • 9.  RE: Framed-IPv6-Prefix using DHCP instead of NDRA

    Posted 08-02-2018 07:53

    But if the CPE is a direct station like a windows or linux machine can't get ipv6 default route since dhcp client will not solicit a pd



  • 10.  RE: Framed-IPv6-Prefix using DHCP instead of NDRA

    Posted 08-02-2018 08:32

    Example:

    CPE link local:
    fe80::285d:ae27:22da:c301

    Juniper dhcp needs advertise the ipv6 address 2001:db8:1000:0000:285d:ae27:22da:c301/128


    For test I have done:

    set access address-assignment pool v6-ia-na-pool family inet6 prefix 2001:db8:1000:0000::/64
    set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 low 2001:db8:1000:0000:285d:ae27:22da:c301/128
    set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 high 2001:db8:1000:0000:285d:ae27:22da:c301/128

     

    So now we have to find a way that juniper dhcp server advertise a ia-na address generated from the CPE mac address to match the CPE link local.



  • 11.  RE: Framed-IPv6-Prefix using DHCP instead of NDRA

    Posted 08-02-2018 13:19

    finally working! 

     

    The workaround is to use both methods with a trick.

    For a windows operating system if we have multiple addresses the choice will be the greater one.

    For instance 2001:db8 is greater than 2002:db8. So windows will prefer 2002:db8 address. Since my public prefix ($junos-ipv6-ndra-prefix) is greater, so will be the one to take precedence over dhcp address. 

     

    set dynamic-profiles PPPOE-PROFILE protocols router-advertisement interface "$junos-interface-name" no-managed-configuration
    set dynamic-profiles PPPOE-PROFILE protocols router-advertisement interface "$junos-interface-name" other-stateful-configuration
    set dynamic-profiles PPPOE-PROFILE protocols router-advertisement interface "$junos-interface-name" prefix $junos-ipv6-ndra-prefix

     

    set access address-assignment pool v6-ia-na-pool family inet6 prefix 2001:db8:1000:0000::/64
    set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 low 2001:db8:1000::2/128
    set access address-assignment pool v6-ia-na-pool family inet6 range v6-range-0 high 2001:db8:1000::ffff:ffff/128

     

     

    Now time to test for others devices and operating systems 🙂