Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] PPPoE IPv6 Auto-Discovered route is inactive

0

0

Article ID: KB21959 KB Last Updated: 15 Nov 2011Version: 1.0
Summary:
This article describes the issue of the PPPoE IPv6 Auto-Discovered route being inactive.
Symptoms:

Topology:

SSG-20(eth0/0)-------------------ERX320 PPPoE server

In this case, when IPv6 over PPPoE is on the eth0/0 interface and PPPoE is connected, the auto discovered IPv6 route state is inactive as show below:
ssg20-wlan-> get pppoe all
Column E: Y - Instance is enabled, N - Instance is disabled
 Id PPPoE Instance E Interface      User       Mac addr     State
---------------------------------------------------------------------------
  0 pppoe-ip~      Y ethernet0/0    lab        0014f6e5cfc0 Connected       

ssg20-wlan-> exec pppoe name pppoe-ipv6 disconnect
ssg20-wlan->
ssg20-wlan-> exec pppoe name pppoe-ipv6 connect 
ssg20-wlan->
ssg20-wlan-> get pppoe all
Column E: Y - Instance is enabled, N - Instance is disabled
 Id PPPoE Instance E Interface      User       Mac addr     State
---------------------------------------------------------------------------
  0 pppoe-ip~      Y ethernet0/0    lab        0014f6e5cfc0 Negotiation(PPP)
ssg20-wlan-> get pppoe all
Column E: Y - Instance is enabled, N - Instance is disabled
 Id PPPoE Instance E Interface      User       Mac addr     State
---------------------------------------------------------------------------
  0 pppoe-ip~      Y ethernet0/0    lab        0014f6e5cfc0 Connected       
ssg20-wlan->
ssg20-wlan-> get route v6


IPv6 Dest-Routes for  (0 entries)
--------------------------------------------------------------------------------------
H: Host C: Connected S: Static A: Auto-Exported
I: Imported R: RIP/RIPng P: Permanent D: Auto-Discovered
N: NHRP
iB: IBGP eB: EBGP O: OSPF/OSPFv3 E1: OSPF external type 1
E2: OSPF/OSPFv3 external type 2 trailing B: backup route


IPv6 Dest-Routes for (1 entries)
--------------------------------------------------------------------------------------
ID IP-Prefix Interface
Gateway P Pref Mtr Vsys
--------------------------------------------------------------------------------------
81 ::/0 eth0/0 <========================Here
fe80::90:1a00:142:5361 D 252 1 Root

ssg20-wlan->
ssg20-wlan-> get int

A - Active, I - Inactive, U - Up, D - Down, R - Ready

H - IPv6 Host Mode, O - IPv6 Router Mode
Interfaces in vsys Root:
Name IP Address Zone MAC/INT-ID VLAN State VSD
serial0/0 0.0.0.0/0 Null N/A - D -
eth0/0 41.1.1.46/32 Untrust 0014.f6e5.cfc0 - U -
2200:7:8:0:214:f6ff:fee5:cfc0/64 0214f6fffee5cfc0 H
eth0/1 0.0.0.0/0 DMZ 0014.f6e5.cfc5 - D -
Cause:
The firewall sent out ICMPv6 NS, but did not receive the ICMPv6 NA from the ERX320 PPPoE server. As a result, the auto discovered IPv6 route is inactive due to ND check failure.



Solution:
In this case, regarding ERX IPv6 over PPPoE behavior, ERX uses ICMPv6 ND/RA to assign an IPv6 prefix and static routes to the CPE, as shown in the IPv4/IPv6 connection setup below. So, it is expected that the ERX will not process ICMPv6 NS packets.
CPE------------------------------ERX BRAS-------------------RADIUS
                 LCP Conf Req -->		
                              <-- LCP Conf Ack		
             LCP PAP Auth Req -->			
                                 RADIUS Access-Request -->	
                                                       <-- Access-Accept 
                                                           (Framed-IPv6-Prefix, Delegate-Prefix, ...)
                              <-- PPP PAP Auth Ack	
            normal PPP-IPCPv4 <-> normal PPP-IPCPv4	
              IPv6CP Conf Req -->			
              (if-id from MAC)				
                              <-- IPv6CP Conf NAK (new If-Id)		
  IPv6CP Conf Req (new If-Id) -->			
                              <-- IPv6CP Conf ACK		
                  (ICMPv6 RS) -->			
                              <-- ICMPv6 RA (Framed-IPv6-Prefix, other-config-flag set)

Root cause:

The PPPOE interface creates a NDP entry for the default gateway. When the NDP entry sends packets to test the server, it receives no reply and the NDP reachable test fails. It will notify the route to go down.

Solution:

PPPOE is a point to point protocol. It does not need the NDP entry to send traffic. So the NDP entry should not notify the route reachability. This issue is addressed in ScreenOS 6.2.0r12 and 6.3.0r10 or any later version.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search