Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Example - Configuring DHCPv6 PD over PPPoE

0

0

Article ID: KB30824 KB Last Updated: 19 Sep 2017Version: 3.0
Summary:

This article provides an example on how to configure DHCPv6 PD over PPPoE.

 
Note: The following steps are also documented more formally here: Example - Configuring DHCPv6 Prefix Delegation (PD) over Point-to-Point Protocol over Ethernet (PPPoE)
 
Symptoms:

To provide a configuration suite using SRX devices for a DHCPv6 topology as described below:

Topology

Solution:

Configurations:

 

SRX1 DHCPv6 Server

  • DHCPv6 server configration
    set system services dhcp-local-server dhcpv6 overrides interface-client-limit 100
    set system services dhcp-local-server dhcpv6 group my-group overrides interface-client-limit 200
    set system services dhcp-local-server dhcpv6 group my-group overrides delegated-pool v6-pd-pool
    set system services dhcp-local-server dhcpv6 group my-group interface pp0.0
  • PPPoE configuratinon
    Host-name is needed to establish PPPoE session
    set system host-name SRX1
    set interfaces ge-0/0/1 unit 0 encapsulation ppp-over-ether
    set interfaces pp0 unit 0 ppp-options chap access-profile prof-ge001
    set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/1.0
    set interfaces pp0 unit 0 pppoe-options server
    set interfaces pp0 unit 0 family inet6 address 3000::1/64
  • Router advertisement configuration
    set protocols router-advertisement interface pp0.0 max-advertisement-interval 20
    set protocols router-advertisement interface pp0.0 min-advertisement-interval 10
    set protocols router-advertisement interface pp0.0 managed-configuration
    set protocols router-advertisement interface pp0.0 other-stateful-configuration
    set protocols router-advertisement interface pp0.0 prefix 3000::1/64
  • Enable IPv6 (chassis reboot is required)
    set security forwarding-options family inet6 mode flow-based
  • PPPoE profile configuration
    set access profile prof-ge001 client test_user chap-secret test
  • PD address pool configuration
    set access address-assignment pool v6-pd-pool family inet6 prefix 2001:1:1::/48
    set access address-assignment pool v6-pd-pool family inet6 range vp-pd prefix-length 48
    set access address-assignment pool v6-pd-pool family inet6 dhcp-attributes dns-server 3000::1
  • Security zone configuration
    DHCPv6 is needed to permit in host-inbound-traffic configuration to receive DHCPv6 packet
    set security zones security-zone trust interface pp0.0 host-inbound-traffic system-services dhcpv6

SRX2 DHCPv6 Client (PD)

  • DHCPv6 server configuration for autoconfig device
    set system services dhcp-local-server dhcpv6 overrides interface-client-limit 10
    set system services dhcp-local-server dhcpv6 overrides process-inform pool p1
    set system services dhcp-local-server dhcpv6 group ipv6 interface ge-0/0/2.0
  • PPPoE configuration
    Host-name is needed to establish PPPoE session
    set system host-name SRX2
    set interfaces ge-0/0/1 unit 0 encapsulation ppp-over-ether
    set interfaces pp0 unit 0 ppp-options chap default-chap-secret test
    set interfaces pp0 unit 0 ppp-options chap local-name test_user
    set interfaces pp0 unit 0 ppp-options chap passive
    set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/1.0
    set interfaces pp0 unit 0 pppoe-options client
  • DHCPv6 client configuration
    set interfaces pp0 unit 0 family inet6 dhcpv6-client client-type statefull
    set interfaces pp0 unit 0 family inet6 dhcpv6-client client-ia-type ia-pd
    set interfaces pp0 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/2.0 other-stateful-configuration
    set interfaces pp0 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/2.0 max-advertisement-interval 10
    set interfaces pp0 unit 0 family inet6 dhcpv6-client update-router-advertisement interface ge-0/0/2.0 min-advertisement-interval 5
    set interfaces pp0 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
    set interfaces pp0 unit 0 family inet6 dhcpv6-client req-option dns-server
    set interfaces pp0 unit 0 family inet6 dhcpv6-client update-server set protocols router-advertisement interface pp0.0
  • Enable ipv6(Chassis reboot is required)
    set security forwarding-options family inet6 mode flow-based
  • DHCPv6 server propagate configuration
    This is to propagate DNS server information to end device
    set access address-assignment pool p1 family inet6 prefix 2001::/16
    set access address-assignment pool p1 family inet6 dhcp-attributes propagate-settings pp0.0
  • Security zone configuration
    DHCPv6 is needed to permit in host-inbound-traffic configuration to receive DHCPv6 packet
    set security zones security-zone untrust interface pp0.0 host-inbound-traffic system-services dhcpv6
    set security zones security-zone trust interface ge-0/0/2.0 host-inbound-traffic system-services dhcpv6

SRX3 DHCPv6 client(Auto)

  • DHCPv6 client configuration
    set interfaces fe-0/0/0 unit 0 family inet6 dhcpv6-client client-type autoconfig
    set interfaces fe-0/0/0 unit 0 family inet6 dhcpv6-client client-ia-type ia-na
    set interfaces fe-0/0/0 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
    set interfaces fe-0/0/0 unit 0 family inet6 dhcpv6-client req-option dns-server
  • Router advertisement configuration
    This is to receive router advertisement from PD device to create default route automatically.
    set protocols router-advertisement interface fe-0/0/0.0
  • Enable IPv6(Chassis reboot is required)
    set security forwarding-options family inet6 mode flow-based
  • Security zone configuration
    DHCPv6 is needed to permit in host-inbound-traffic configuration to receive DHCPv6 packet
    set security zones security-zone trust interface fe-0/0/0.0 host-inbound-traffic system-services dhcpv6

    Note: On DHCPv6 Server SRX, for Router advertisement configuration, "prefix 3000::/64" is configured in this article.
    If "equal or less than /48 prefix" is preferred, see PR1161394 (addressed from 12.1X46-D50, 12.1X47-D40, 12.3X48-D30).

Verification:

SRX1 DHCPv6 Server
root@SRX1> show dhcpv6 server binding detail

Session Id:  75
     Client IPv6 Prefix:                    2001:1:1::/48
     Client DUID:                           LL0x1-3c:94:d5:98:90:01
     State:                                 BOUND(DHCPV6_LOCAL_SERVER_STATE_BOUND)
     Lease Expires:                         2016-03-26 10:12:37 JST
     Lease Expires in:                      86213 seconds
     Lease Start:                           2016-03-25 10:12:37 JST
     Last Packet Received:                  2016-03-25 10:12:50 JST
     Incoming Client Interface:             pp0.0
     Server Ip Address:                     0.0.0.0
     Client Prefix Pool Name:               v6-pd-pool
     Client Id Length:                      10
     Client Id:                             /0x00030001/0x3c94d598/0x9001

root@SRX1> show route table inet6.0

inet6.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

2001:1:1::/48      *[Access/13] 00:03:45     <<<<<< Route for end device will be automatically generated
                    > to fe80::3e94:d50f:fc98:8600 via pp0.0
3000::/64          *[Direct/0] 00:04:04
                    > via pp0.0
3000::1/128        *[Local/0] 19:53:18
                      Local via pp0.0
fe80::b2c6:9a0f:fc7d:6900/128
                   *[Local/0] 19:53:18
                      Local via pp0.0

root@SRX1> show interfaces pp0.0 terse
Interface               Admin Link Proto    Local                 Remote
pp0.0                   up    up   inet6    3000::1/64
                                            fe80::b2c6:9a0f:fc7d:6900/64

SRX2 DHCPv6 Client(PD)

root@SRX2> show dhcpv6 client binding detail

Client Interface: pp0.0
     Hardware Address:             3c:94:d5:98:86:01
     State:                        BOUND(DHCPV6_CLIENT_STATE_BOUND) <<<<< SRX is bound to prefix via pp0.0
     ClientType:                   STATEFUL
     Lease Expires:                2016-03-26 10:12:50 JST
     Lease Expires in:             86232 seconds
     Lease Start:                  2016-03-25 10:12:50 JST
     Bind Type:                    IA_PD
     Client DUID:                  LL0x29-3c:94:d5:98:86:01
     Rapid Commit:                 Off
     Server Ip Address:            fe80::b2c6:9a0f:fc7d:6900
     Update Server                 Yes
     Client IP Prefix:             2001:1:1::/48
DHCP options:
    Name: server-identifier, Value: VENDOR0x00000583-0x41453530
    Name: dns-recursive-server, Value: 3000::1

root@SRX2> show dhcpv6 server binding detail

root@SRX2> show route table inet6.0
inet6.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

::/0               *[Access-internal/12] 00:03:35
                    > to fe80::b2c6:9a0f:fc7d:6900 via pp0.0
2001:1:1:1::/64    *[Direct/0] 00:03:48
                    > via ge-0/0/2.0
2001:1:1:1::1/128  *[Local/0] 00:03:48      <<<<<< IPv6 address allocated by Prefix delegation 
                      Local via ge-0/0/2.0
3000::/64          *[Access-internal/12] 00:03:35
                    > to fe80::b2c6:9a0f:fc7d:6900 via pp0.0
fe80::/64          *[Direct/0] 00:03:48
                    > via ge-0/0/2.0
fe80::3e94:d50f:fc98:8600/128
                   *[Local/0] 19:05:19
                      Local via pp0.0
fe80::3e94:d5ff:fe98:8602/128
                   *[Local/0] 00:03:48
                      Local via ge-0/0/2.0
root@SRX2> show interfaces pp0.0 terse
Interface               Admin Link Proto    Local                 Remote
pp0.0                   up    up   inet6    fe80::3e94:d50f:fc98:8600/64

root@SRX2> show interfaces ge-0/0/2.0 terse
Interface               Admin Link Proto    Local                 Remote
ge-0/0/2.0              up    up   inet6    2000:1:1:1::1/64
                                            fe80::3e94:d5ff:fe98:8602/64

root@SRX2> show ipv6 router-advertisement
Interface: pp0.0
  Advertisements sent: 3, last sent 00:01:56 ago
  Solicits received: 0
  Advertisements received: 10
  Advertisement from fe80::b2c6:9a0f:fc7d:6900, heard 00:00:08 ago
    Managed: 1 [0]
    Other configuration: 1 [0]
    Reachable time: 0 ms
    Default lifetime: 60 sec [1800 sec]
    Retransmit timer: 0 ms
    Current hop limit: 64
    Prefix: 3000::/64
      Valid lifetime: 2592000 sec
      Preferred lifetime: 604800 sec
      On link: 1
      Autonomous: 1
Interface: ge-0/0/2.0
  Advertisements sent: 24, last sent 00:00:03 ago
  Solicits received: 0
  Advertisements received: 0

SRX3 DHCPv6 client(Auto)

root@SRX3> show dhcpv6 client binding detail

Client Interface: fe-0/0/0.0
     Hardware Address:             00:26:88:38:b5:00
     State:                        BOUND(DHCPV6_CLIENT_STATE_BOUND)
     ClientType:                   AUTO
     Lease Expires:                2016-03-26 10:15:35 JST
     Lease Expires in:             86395 seconds
     Lease Start:                  2016-03-25 10:15:35 JST
     Bind Type:                    IA_NA
     Client DUID:                  LL0x3-00:26:88:38:b5:00
     Rapid Commit:                 Off
     Server Ip Address:            fe80::3e94:d5ff:fe98:8602
     Client IP Address:            2001:1:1:1:226:88ff:fe38:b500/128
     Client IP Prefix:             2001:1:1:1::/64

DHCP options:
    Name: server-identifier, Value: VENDOR0x00000583-0x414c3131
    Name: dns-recursive-server, Value: 3000::1    <<<<< DNS information will be shown here when SRX successfully acquired DNS information from PD device by DHCPv6

root@SRX3> show route table inet6.0

inet6.0: 5 destinations, 6 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

::/0               *[Access-internal/12] 00:02:36
                    > to fe80::3e94:d5ff:fe98:8602 via fe-0/0/0.0
2001:1:1:1::/64    *[Access-internal/12] 00:02:36
                    > to fe80::3e94:d5ff:fe98:8602 via fe-0/0/0.0
2001:1:1:1:226:88ff:fe38:b500/128
                   *[Direct/0] 00:02:36
                    > via fe-0/0/0.0
                    [Local/0] 00:02:36
                      Local via fe-0/0/0.0
fe80::/64          *[Direct/0] 1w3d 15:51:19
                    > via fe-0/0/0.0
fe80::226:88ff:fe38:b500/128
                   *[Local/0] 1w3d 15:51:19
                      Local via fe-0/0/0.0

root@SRX3> show ipv6 router-advertisement
Interface: fe-0/0/0.0
  Advertisements sent: 1, last sent 00:02:45 ago
  Solicits received: 0
  Advertisements received: 8
  Advertisement from fe80::3e94:d5ff:fe98:8602, heard 00:00:02 ago
    Managed: 0
    Other configuration: 1 [0]
    Reachable time: 0 ms
    Default lifetime: 30 sec [1800 sec]
    Retransmit timer: 0 ms
    Current hop limit: 64
    Prefix: 2001:1:1:1::/64
      Valid lifetime: 86400 sec
      Preferred lifetime: 86400 sec
      On link: 1
      Autonomous: 1

Troubleshooting:

If dhcpv6 state does not change to BOUND after configuring or system reboot, please try following commands first.

  • Server device
    >clear dhcpv6 server binding all
  • Client device
    clear dhcpv6 client binding all
    request dhcpv6 client renew all
If above commands did not work, please enable following traceoptions and open JTAC case.
set system processes dhcp-service traceoptions file dhcp-trace
set system processes dhcp-service traceoptions file size 10m
set system processes dhcp-service traceoptions level all
set system processes dhcp-service traceoptions flag all
Modification History:

2017-09-19:  Minor edit. Added link to technical documentation in the Summary section.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search