Juniper SRX as a DHCPv6 PD Client on a PPPoE Interface

Recently my ISP fixed the compatibility issues between their Huawei BRAS and my Junos router. After some digging, I managed to get some IPv6 address allocation for all my client devices. Here’s how I achieved it.

Disclaimer: This article assumes you have basic understanding on IPv6 as we are not going to dig into the very details of the IPv6 standards.

Planning

My router is a Juniper SRX300 (JUNOS Software Release [19.4R3-S1.3]). I have a PPPoE interface configured in a routing instance as the uplink, and multiple irb interfaces in another routing instance as the local networks. SLAAC requires at least a /64 IPv6 section per layer 2, so I have to request a DHCPv6 PD for more than /64 (my ISP currently allows up to /56) and chop the address blocks into smaller chunks, one per VLAN.

DHCPv6 Client on PPPoE

Very basic config and doesn’t have much variations. Here you can also propagate your ISP’s DNS config to your clients, but I chose to opt out.

Prepare for Router Advertisement on LAN Interfaces

There are 2 methods to configure RA on a interface. One is to configure a static IPv6 range under protocols router-advertisement (only available under the default routing instance, and works for all the routing instances in current logical system), another is to use dhcpv6-client update-router-advertisement under a interface for dynamically-acquired address blocks. These two methods are exclusive. My ISP only offers dynamic addresses, so I’ll go with the latter one.

Enable the “other” flag here since we’ll use stateless DHCPv6 to send DNS config to the clients.

Stateless DHCPv6

We can use stateless DHCPv6 server to set DNS, search domain, etc. for SLAAC clients. You may use RDNSS too, but it falls out of the scope of this article. Stateless DHCPv6 only works if the “other” flag is set in the RA, so make sure you set it.

Notes:

  • If your LAN interface is in a routing instance, set everything below inside the routing instance
  • access address-assignment pool <*> family is exclusive; config one family and you’ll lose everything for the other family
  • access address-assignment pool <*> family inet6 prefix is required even if the pool is only used for stateless DHCPv6; just config something so that the client address can match the pool
  • You can config one pool for all DHCPv6 groups under system services dhcp-local-server dhcpv6 overrides process-inform pool if their config is the same

DHCPv6 Client Stuck

If your PPPoE session is kicked by BRAS, the DHCPv6 client might get stuck. Use the following event script to solve the problem. (Don’t forget to adjust the interface name and routing instance name!)


References

Leave a Reply

Your email address will not be published. Required fields are marked *