Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] How to configure DHCPv6 server for DHCPv6 client using IA-PD and IA-NA

0

0

Article ID: KB30752 KB Last Updated: 31 Mar 2016Version: 1.0
Summary:

This article explains how a DHCPv6 client(SRX) using IA_NA and IA_PD obtains the IPv6 address from an SRX device which is running as the DHCPv6 server. This article provides commands to configure and verify an entire configuration suite.

Symptoms:

This article will provide a configuration suite using SRX devices for DHCPv6 Topology as shown below.

Topology





Cause:
 
Solution:

All the configurations below have been confirmed using Junos OS 12.1X46-D45.

Configuration:

SRX1 DHCPv6 server

  • DHCPv6 server configuration
    /*delegated-pool <PD address pool > is needed, when DHCPv6 server act as both PD and NA server.
    set system services dhcp-local-server dhcpv6 overrides interface-client-limit 100
    set system services dhcp-local-server dhcpv6 group my-group overrides interface-client-limit 200
    set system services dhcp-local-server dhcpv6 group my-group overrides delegated-pool v6-pd-pool
    set system services dhcp-local-server dhcpv6 group my-group interface ge-0/0/1.0
  • Interface configuration
    set interfaces ge-0/0/1 unit 0 family inet6 address 3000::1/64
  • Router advertisement configuration
    set protocols router-advertisement interface ge-0/0/1.0 max-advertisement-interval 10
    set protocols router-advertisement interface ge-0/0/1.0 min-advertisement-interval 5
    set protocols router-advertisement interface ge-0/0/1.0 other-stateful-configuration
    set protocols router-advertisement interface ge-0/0/1.0 prefix 3000::/64
  • Enable IPv6 (chassis reboot is required)
    set security forwarding-options family inet6 mode flow-based
  • PD address pool configuration
    set access address-assignment pool v6-pd-pool family inet6 prefix 2001:1:1::/48
    set access address-assignment pool v6-pd-pool family inet6 range vp-pd prefix-length 48
  • NA address pool configuration
    set access address-assignment pool v6-na-pool family inet6 prefix 3000::/64
    set access address-assignment pool v6-na-pool family inet6 range v6-range low 3000::2/128
    set access address-assignment pool v6-na-pool family inet6 range v6-range high 3000::10/128
SRX2 DHCPv6 client (PD/NA)
  • Interface configuration
    set interfaces ge-0/0/1 unit 0 family inet6 dhcpv6-client client-type statefull
    set interfaces ge-0/0/1 unit 0 family inet6 dhcpv6-client client-ia-type ia-pd
    set interfaces ge-0/0/1 unit 0 family inet6 dhcpv6-client client-ia-type ia-na
    set interfaces ge-0/0/1 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/2.0 max-advertisement-interval 10
    set interfaces ge-0/0/1 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/2.0 min-advertisement-interval 5
    set interfaces ge-0/0/1 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
  • Router advertisement configuration
    /*This is to receive router advertisement from the server to create default route automatically.
    set protocols router-advertisement interface ge-0/0/1.0
  • Enable IPv6 (chassis reboot is required)
    set security forwarding-options family inet6 mode flow-based
SRX3 DHCPv6 Client (Auto config)
  • Interface configuration
    set interfaces fe-0/0/0 unit 0 family inet6 dhcpv6-client client-type autoconfig
    set interfaces fe-0/0/0 unit 0 family inet6 dhcpv6-client client-ia-type ia-na
    set interfaces fe-0/0/0 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
  • Router advertisement configuration
    /*This is to receive router advertisement from PD device to create default route automatically.
    set protocols router-advertisement interface fe-0/0/0.0
  • Enable IPv6 (chassis reboot is required)
    set security forwarding-options family inet6 mode flow-based

Note: On DHCPv6 Server SRX, for Router advertisement configuration, "prefix 3000::/64"  is configured in this article. If "equal or less than /48 prefix" is preferred, see PR1161394 (addressed from 12.1X46-D50, 12.1X47-D40, 12.3X48-D30).

Verification:

SRX1 DHCPv6 server

root@SRX1> show dhcpv6 server binding detail

Session Id:  46
     Client IPv6 Prefix:                    2001:1:1::/48
     Client IPv6 Address:                   3000::2/128
     Client DUID:                           LL0x1-3c:94:d5:98:90:01
     State:                                 BOUND(DHCPV6_LOCAL_SERVER_STATE_BOUND)
     Lease Expires:                         2016-03-16 02:15:34 UTC
     Lease Expires in:                      84778 seconds
     Lease Start:                           2016-03-15 02:15:34 UTC
     Last Packet Received:                  2016-03-15 02:15:35 UTC
     Incoming Client Interface:             ge-0/0/1.0
     Server Ip Address:                     0.0.0.0
     Client Pool Name:                      v6-na-pool
     Client Prefix Pool Name:               v6-pd-pool
     Client Id Length:                      10
     Client Id:                             /0x00030001/0x3c94d598/0x9001
 
root@SRX1> show route table inet6
 
 
inet6.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
 
2001:1:1::/48      *[Access/13] 00:27:04   <<<<<< Route for end device will be automatically generated
                    > to fe80::3e94:d5ff:fe98:8601 via ge-0/0/1.0
3000::/64          *[Direct/0] 3d 19:09:08
                    > via ge-0/0/1.0
3000::1/128        *[Local/0] 3d 19:09:08
                      Local via ge-0/0/1.0
3000::2/128        *[Access-internal/12] 00:27:04
                    > to 3000::1 via ge-0/0/1.0
fe80::/64          *[Direct/0] 2w4d 22:24:52
                    > via ge-0/0/1.0
fe80::b2c6:9aff:fe7d:6901/128
                   *[Local/0] 2w4d 22:25:00
                      Local via ge-0/0/1.0
 
root@SRX1> show ipv6 router-advertisement
Interface: ge-0/0/1.0
  Advertisements sent: 13, last sent 00:00:08 ago
  Solicits received: 0
  Advertisements received: 0
 
root@SRX1>

SRX2 DHCPv6 client (PD/NA)

root@SRX2> show dhcpv6 client binding detail
 
Client Interface: ge-0/0/1.0
     Hardware Address:             3c:94:d5:98:86:01
     State:                        BOUND(DHCPV6_CLIENT_STATE_BOUND)
     ClientType:                   STATEFUL
     Lease Expires:                2016-03-16 02:17:50 UTC
     Lease Expires in:             84739 seconds
     Lease Start:                  2016-03-15 02:17:50 UTC
     Bind Type:                    IA_NA IA_PD
     Client DUID:                  LL0x3-3c:94:d5:98:86:01
     Rapid Commit:                 Off
     Server Ip Address:            fe80::b2c6:9aff:fe7d:6901
     Client IP Address:            3000::2/128
     Client IP Prefix:             2001:1:1::/48
 
DHCP options:
    Name: server-identifier, Value: VENDOR0x00000583-0x41453530
 
root@SRX2> show route table inet6
 
inet6.0: 8 destinations, 10 routes (8 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
 
::/0               *[Access-internal/12] 00:27:43
                    > to fe80::b2c6:9aff:fe7d:6901 via ge-0/0/1.0
2001:1:1:1::/64    *[Direct/0] 00:27:45
                    > via ge-0/0/2.0
2001:1:1:1::1/128  *[Local/0] 00:27:45    <<<<<< IPv6 address allocated by Prefix delegation 
                      Local via ge-0/0/2.0
3000::/64          *[Access-internal/12] 00:27:43
                    > to fe80::b2c6:9aff:fe7d:6901 via ge-0/0/1.0
3000::2/128        *[Direct/0] 00:27:43  <<<<<< IPv6 address assigned by DHCPv6 server
                    > via ge-0/0/1.0
                    [Local/0] 00:27:43
                      Local via ge-0/0/1.0
fe80::/64          *[Direct/0] 17:52:39
                    > via ge-0/0/1.0
                    [Direct/0] 00:27:45
                    > via ge-0/0/2.0
fe80::3e94:d5ff:fe98:8601/128
                   *[Local/0] 17:52:39
                      Local via ge-0/0/1.0
fe80::3e94:d5ff:fe98:8602/128
                   *[Local/0] 00:27:45
                      Local via ge-0/0/2.0

 
root@SRX2> show ipv6 router-advertisement
Interface: ge-0/0/1.0
  Advertisements sent: 0, last sent 00:03:34 ago
  Solicits received: 0
  Advertisements received: 21
  Advertisement from fe80::b2c6:9aff:fe7d:6901, heard 00:00:07 ago
    Managed: 0
    Other configuration: 1 [0]
    Reachable time: 0 ms
    Default lifetime: 30 sec [1800 sec]
    Retransmit timer: 0 ms
    Current hop limit: 64
    Prefix: 3000::/64
      Valid lifetime: 2592000 sec
      Preferred lifetime: 604800 sec
      On link: 1
      Autonomous: 1
Interface: ge-0/0/2.0
  Advertisements sent: 15, last sent 00:00:00 ago
  Solicits received: 0
  Advertisements received: 0

 
root@SRX2>

SRX3 DHCPv6 client (Autoconfig)

root@SRX3> show dhcpv6 client binding detail
 
Client Interface: fe-0/0/0.0
     Hardware Address:             00:26:88:38:b5:00
     State:                        BOUND(DHCPV6_CLIENT_STATE_BOUND)
     ClientType:                   AUTO
     Lease Expires:                2016-03-16 02:35:48 UTC
     Lease Expires in:             86391 seconds
     Lease Start:                  2016-03-15 02:35:48 UTC
     Bind Type:                    IA_NA
     Client DUID:                  LL0x3-00:26:88:38:b5:00
     Rapid Commit:                 Off
     Server Ip Address:            ::/0
     Client IP Address:            2001:1:1:1:226:88ff:fe38:b500/128
     Client IP Prefix:             2001:1:1:1::/64
 
root@SRX3> show route table inet6
 
inet6.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
 
::/0               *[Access-internal/12] 00:28:22
                    > to fe80::3e94:d5ff:fe98:8602 via fe-0/0/0.0
2001:1:1:1::/64    *[Access-internal/12] 00:28:22
                    > to fe80::3e94:d5ff:fe98:8602 via fe-0/0/0.0
2001:1:1:1:226:88ff:fe38:b500/128
                   *[Direct/0] 00:28:22
                    > via fe-0/0/0.0
                    [Local/0] 00:28:22
                      Local via fe-0/0/0.0
fe80::/64          *[Direct/0] 17:22:30
                    > via fe-0/0/0.0
fe80::226:88ff:fe38:b500/128
                   *[Local/0] 17:22:30
                      Local via fe-0/0/0.0

 
root@SRX3> show ipv6 router-advertisement
Interface: fe-0/0/0.0
  Advertisements sent: 0, last sent 00:02:11 ago
  Solicits received: 0
  Advertisements received: 24
  Advertisement from fe80::3e94:d5ff:fe98:8602, heard 00:00:03 ago
    Managed: 0
    Other configuration: 0
    Reachable time: 0 ms
    Default lifetime: 30 sec [1800 sec]
    Retransmit timer: 0 ms
    Current hop limit: 64
    Prefix: 2001:1:1:1::/64
      Valid lifetime: 86400 sec
      Preferred lifetime: 86400 sec
      On link: 1
      Autonomous: 1
 
root@SRX3>

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search