Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Configuring the SRX as a DHCPv6 client with auto-prefix delegation

0

0

Article ID: KB30509 KB Last Updated: 13 Oct 2015Version: 1.0
Summary:

This article provides information on how to configure the SRX as a DHCPv6 client with auto-prefix delegation.

Cause:

Since support for DHCPv6 prefix delegation has been introduced, users had to manually configure other settings like DNS because the SRX couldn’t pass on this information from the ISP. Starting with the 12.1X46-D40, 12.1X47-D30, 12.3X48-D20, and 15.1X49-D20 releases, clients will be able to request additional information from the DHCP server once they pick an IP from the pool advertised in the RA.

Solution:

Setup:


+---------+                        +----------------+                                             +----------------+
| ISP       | ------  ge-0/0/3-| SRX with PD    |-ge-0/0/4 ------------ ge-0/0/1-| Client SRX     |
+---------+                        +----------------+                                             +----------------+
                                            SRX1                                                                SRX2

In this scenario, the ISP delegates a /48 to your local SRX. For the sake of the example, another SRX acts as an end user. In a typical network, this SRX will be either a PC or a mobile device. Currently only stateless DHCP is supported with prefix delegation. On the SRX connected to the ISP, configuration is done in multiple places, as shown below:

  1. Set up the interface as a DHCPv6 client and configure it to ask for prefix delegation.

    set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client client-type statefull
    set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client client-ia-type ia-pd
    set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/4.0 other-stateful-configuration
    set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/4.0 max-advertisement-interval 20
    set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/4.0 min-advertisement-interval 10
    set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
    set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client req-option dns-server
    set interfaces ge-0/0/3 unit 0 family inet6 dhcpv6-client update-server
  2. Configure an IPv6 pool that will copy the data received from the ISP to the server.

    access address-assignment pool p1 family inet6 prefix 2003::/16

    Note that the prefix is 2003::/16 because the ISP assigns a /48 subnet to the SRX from a larger pool. If you have a static /48 or higher subnet assigned to you, you can change this value to the specific subnet allocated.

    set access address-assignment pool p1 family inet6 dhcp-attributes propagate-settings ge-0/0/3.0
  3. Configure the local DHCP server to use the pool created in Step 2.

    set system services dhcp-local-server dhcpv6 overrides interface-client-limit 10
    set system services dhcp-local-server dhcpv6 overrides process-inform pool p1
    set system services dhcp-local-server dhcpv6 group ipv6 interface ge-0/0/4.0
  4. On the end-user side, the SRX is configured as follows:

    ge-0/0/1 {
          unit 0 {
              family inet6 {
                      dhcpv6-client {
                                  client-type autoconfig;
                                  client-ia-type ia-na;
                                  client-identifier duid-type duid-ll;
                                  req-option dns-server;
                               }
                       }
              }
    }

Verification:

SRX with PD:

root@SRX1> show ipv6 router-advertisement
  Interface: ge-0/0/3.0
  Advertisements sent: 464, last sent 00:04:05 ago
  Solicits received: 0
  Advertisements received: 12856
  Advertisement from fe80::20c:29ff:fe41:e6de, heard 00:00:04 ago
  Managed: 1 [0]
  Other configuration: 1 [0]
  Reachable time: 0 ms
  Default lifetime: 333 sec [1800 sec]
  Retransmit timer: 0 ms
  Current hop limit: 64
  Prefix: 2003:0:2::/120
  Valid lifetime: 2592000 sec
  Preferred lifetime: 604800 sec
  On link: 1
  Autonomous: 1
  Interface: ge-0/0/4.0
  Advertisements sent: 14926, last sent 00:00:11 ago

root@SRX1> show dhcpv6 client binding

  IP/prefix       Expires State ClientType Interface  Client DUID
  2003:0:1a::/48  65481   BOUND STATEFUL   ge-0/0/3.0 LL0x3-00:0c:29:66:5b:ad

SRX acting as end user on the LAN:

root@SRX2> show ipv6 router-advertisement
  Interface: ge-0/0/1.0
  Advertisements received: 8591
  Advertisement from fe80::20c:29ff:fe66:5bb7, heard 00:00:02 ago
  Managed: 0
  Other configuration: 1 [0]
  Reachable time: 0 ms
  Default lifetime: 60 sec [1800 sec]
  Retransmit timer: 0 ms
  Current hop limit: 64
  Prefix: 2003:0:1a:1::/64
  Valid lifetime: 86400 sec
  Preferred lifetime: 86400 sec
  On link: 1
  Autonomous: 1

root@SRX2> show dhcpv6 client binding

  IP/prefix                          Expires State ClientType Interface   Client DUID
  2003:0:1a:1:20c:29ff:fea6:ac8b/128 86397   BOUND AUTO       ge-0/0/1.0  LL0x3-00:0c:29:a6:ac:8b
  2003:0:1a:1::/64                   86397   BOUND AUTO       ge-0/0/1.0  LL0x3-00:0c:29:a6:ac:8b

root@SRX2> show dhcpv6 client statistics

=======================================================


Messages received:
  DHCPV6_REPLY 1

Messages sent:
  DHCPV6_INFORMATION_REQUEST 5


root@SRX2> show route table inet6.0

inet6.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

 ::/0 *[Access-internal/12] 1d 05:44:28
                              > to fe80::20c:29ff:fe66:5bb7 via ge-0/0/1.0
 2003:0:1a:1::/64 *[Access-internal/12] 1d 05:44:28
                              > to fe80::20c:29ff:fe66:5bb7 via ge-0/0/1.0
2003:0:1a:1:20c:29ff:fea6:ac8b/128
                              *[Direct/0] 1d 05:44:28
                              > via ge-0/0/1.0
                              [Local/0] 1d 05:44:28
                                  Local via ge-0/0/1.0
fe80::/64 *[Direct/0] 1d 05:44:45
                              > via ge-0/0/1.0
fe80::20c:29ff:fea6:ac8b/128
                             *[Local/0] 1d 05:44:45
                                  Local via ge-0/0/1.0

root@SRX2% cat /etc/resolv.conf
# dhcpdv6 added entries
nameserver 2003::1:1:234

Troubleshooting:

If for some reason this solution is not fully working for you, enable the following traceoptions and open a JTAC case:

set system processes dhcp-service traceoptions file dhcp-trace
set system processes dhcp-service traceoptions file size 10m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag all
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search