Good morning,
I'm assisting a customer setup DHCPv6 Relay on an MX480 BNG that points to a public server upstream. They have this working already for v4, and we are introducing IPv6. This is in a subscriber environment and we are using the same tagged pseudowire interface for v4 and v6 relay traffic, so basic layer 2 functionality through bridge domains and tagged interfaces to the router is confirmed working already.
Every client in the VLAN is assigned an IP in a global unicast /44 and then given a /56 PD route from there. I've attached the relevant config to the post. From the router side, everything appears to work as expected. A subscriber comes online, a /128 access-internal is injected along with a /56 pointing to that assigned IP. All good so far. Below is what it looks like with the dummy prefix 2000:1000:1110::/44 and /56s. These are two separate subscribers.
user@router> show route protocol access-internal
PUBLIC.inet6.0:
+ = Active Route, - = Last Active, * = Both
2000:1000:1110::68/128
*[Access-internal/12] 2w4d 06:20:12
Private unicast
2000:1000:1110::c6e/128
*[Access-internal/12] 1d 17:32:56
Private unicast
user@router> show subscribers detail | no-more
Type: DHCP
IPv6 Address: 2000:1000:1110::68
IPv6 Prefix: 2000:1000:111f:a000::/56
Logical System: default
Routing Instance: PUBLIC
Interface: ps1.10
.
.
.
Type: DHCP
IPv6 Address: 2000:1000:1110::c6e
IPv6 Prefix: 2000:1000:111f:b000::/56
Logical System: default
Routing Instance: PUBLIC
Interface: ps1.10
user@router> show route protocol access-internal 2000:1000:111f:a000::/56
2000:1000:111f:a000::/56
*[Access/13] 2w4d 05:40:00
Private unicast
user@router> show route protocol access-internal 2000:1000:111f:b000::/56
2000:1000:111f:b000::/56
*[Access/13] 2w4d 05:40:00
Private unicast
This in a lab environment, and a third party router takes the IP in a /44 and a laptop behind the router gets an IP in the /56 PD. While everything looks as expected on the MX480 side, the issue is that neither the downstream laptop or router can ping or SSH to the MX480's v6 loopback in the routing-instance whether or not an RE filter is applied. They can, however, access the internet and everything upstream. Basically any RE destined traffic coming in from the subscriber facing pseudowire fails. What I see is that when a subscriber comes online, a "demux0.10" interface is then created and when running a "monitor traffic interface ps1.10" command, the router does not respond to NS solicitations from the downstream router when pings to the local loopback are running.
I've attached the relevant configs to this thread. Upstream we are running IS-IS and BGP for IPV6, but I don't think that's in play here as that is functioning normally.
Has anyone run into this before, and is this some kind of Juniper limitation for subscriber management? This thread below is the closest thing I found, but no solution was found or posted.
https://community.juniper.net/discussion/dhcpv6-relay-and-demux0