This article provides information on how to configure the SRX as a DHCPv6 client with auto-prefix delegation.
Since support for DHCPv6 prefix delegation has been introduced, users had to manually configure other settings like DNS because the SRX couldn’t pass on this information from the ISP. Starting with the 12.1X46-D40, 12.1X47-D30, 12.3X48-D20, and 15.1X49-D20 releases, clients will be able to request additional information from the DHCP server once they pick an IP from the pool advertised in the RA.
Setup:
+---------+ +----------------+ +----------------+
| ISP | ------ ge-0/0/3-| SRX with PD |-ge-0/0/4 ------------ ge-0/0/1-| Client SRX |
+---------+ +----------------+ +----------------+
SRX1 SRX2
In this scenario, the ISP delegates a /48 to your local SRX. For the sake of the example, another SRX acts as an end user. In a typical network, this SRX will be either a PC or a mobile device. Currently only stateless DHCP is supported with prefix delegation. On the SRX connected to the ISP, configuration is done in multiple places, as shown below:
Set up the interface as a DHCPv6 client and configure it to ask for prefix delegation.
set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client client-type statefull
set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client client-ia-type ia-pd
set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/4.0 other-stateful-configuration
set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/4.0 max-advertisement-interval 20
set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/4.0 min-advertisement-interval 10
set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client req-option dns-server
set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client update-server
Configure an IPv6 pool that will copy the data received from the ISP to the server.
access address-assignment pool p1 family inet6 prefix 2003::/16
Note that the prefix is 2003::/16 because the ISP assigns a /48 subnet to the SRX from a larger pool. If you have a static /48 or higher subnet assigned to you, you can change this value to the specific subnet allocated.
set access address-assignment pool p1 family inet6 dhcp-attributes propagate-settings ge-0/0/3.0Configure the local DHCP server to use the pool created in Step 2.
set system services dhcp-local-server dhcpv6 overrides interface-client-limit 10
set system services dhcp-local-server dhcpv6 overrides process-inform pool p1
set system services dhcp-local-server dhcpv6 group ipv6 interface ge-0/0/4.0
On the end-user side, the SRX is configured as follows:
ge-0/0/1 {
unit 0 {
family inet6 {
dhcpv6-client {
client-type autoconfig;
client-ia-type ia-na;
client-identifier duid-type duid-ll;
req-option dns-server;
}
}
}
}
Verification:
SRX with PD:
root@SRX1> show ipv6 router-advertisement
Interface: ge-0/0/3.0
Advertisements sent: 464, last sent 00:04:05 ago
Solicits received: 0
Advertisements received: 12856
Advertisement from fe80::20c:29ff:fe41:e6de, heard 00:00:04 ago
Managed: 1 [0]
Other configuration: 1 [0]
Reachable time: 0 ms
Default lifetime: 333 sec [1800 sec]
Retransmit timer: 0 ms
Current hop limit: 64
Prefix: 2003:0:2::/120
Valid lifetime: 2592000 sec
Preferred lifetime: 604800 sec
On link: 1
Autonomous: 1
Interface: ge-0/0/4.0
Advertisements sent: 14926, last sent 00:00:11 ago
root@SRX1> show dhcpv6 client binding
IP/prefix Expires State ClientType Interface Client DUID
2003:0:1a::/48 65481 BOUND STATEFUL ge-0/0/3.0 LL0x3-00:0c:29:66:5b:ad
SRX acting as end user on the LAN:
root@SRX2> show ipv6 router-advertisement
Interface: ge-0/0/1.0
Advertisements received: 8591
Advertisement from fe80::20c:29ff:fe66:5bb7, heard 00:00:02 ago
Managed: 0
Other configuration: 1 [0]
Reachable time: 0 ms
Default lifetime: 60 sec [1800 sec]
Retransmit timer: 0 ms
Current hop limit: 64
Prefix: 2003:0:1a:1::/64
Valid lifetime: 86400 sec
Preferred lifetime: 86400 sec
On link: 1
Autonomous: 1
root@SRX2> show dhcpv6 client binding
IP/prefix Expires State ClientType Interface Client DUID
2003:0:1a:1:20c:29ff:fea6:ac8b/128 86397 BOUND AUTO ge-0/0/1.0 LL0x3-00:0c:29:a6:ac:8b
2003:0:1a:1::/64 86397 BOUND AUTO ge-0/0/1.0 LL0x3-00:0c:29:a6:ac:8b
root@SRX2> show dhcpv6 client statistics
=======================================================
…
Messages received:
DHCPV6_REPLY 1
Messages sent:
DHCPV6_INFORMATION_REQUEST 5
root@SRX2> show route table inet6.0
inet6.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
::/0 *[Access-internal/12] 1d 05:44:28
> to fe80::20c:29ff:fe66:5bb7 via ge-0/0/1.0
2003:0:1a:1::/64 *[Access-internal/12] 1d 05:44:28
> to fe80::20c:29ff:fe66:5bb7 via ge-0/0/1.0
2003:0:1a:1:20c:29ff:fea6:ac8b/128
*[Direct/0] 1d 05:44:28
> via ge-0/0/1.0
[Local/0] 1d 05:44:28
Local via ge-0/0/1.0
fe80::/64 *[Direct/0] 1d 05:44:45
> via ge-0/0/1.0
fe80::20c:29ff:fea6:ac8b/128
*[Local/0] 1d 05:44:45
Local via ge-0/0/1.0
root@SRX2% cat /etc/resolv.conf
# dhcpdv6 added entries
nameserver 2003::1:1:234
Troubleshooting:
If for some reason this solution is not fully working for you, enable the following traceoptions and open a JTAC case:
set system processes dhcp-service traceoptions file dhcp-trace
set system processes dhcp-service traceoptions file size 10m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag all