Recently my ISP fixed the compatibility issues between their Huawei BRAS and my Junos router. After some digging, I managed to get some IPv6 address allocation for all my client devices. Here’s how I achieved it.<\/p>\n
Disclaimer: This article assumes you have basic understanding on IPv6 as we are not going to dig into the very details of the IPv6 standards.<\/p>\n
<\/p>\n
My router is a Juniper SRX300 (JUNOS Software Release [19.4R3-S1.3]). I have a PPPoE interface configured in a routing instance as the uplink, and multiple irb interfaces in another routing instance as the local networks. SLAAC requires at least a \/64 IPv6 section per layer 2, so I have to request a DHCPv6 PD for more than \/64 (my ISP currently allows up to \/56) and chop the address blocks into smaller chunks, one per VLAN.<\/p>\n
Very basic config and doesn’t have much variations. Here you can also propagate your ISP’s DNS config to your clients, but I chose to opt out.<\/p>\n
set interfaces pp0 unit 0 ppp-options initiate-ncp ipv6\r\nset interfaces pp0 unit 0 family inet6 rpf-check\r\nset interfaces pp0 unit 0 family inet6 dhcpv6-client client-type stateful\r\nset interfaces pp0 unit 0 family inet6 dhcpv6-client client-ia-type ia-pd\r\nset interfaces pp0 unit 0 family inet6 dhcpv6-client rapid-commit\r\nset interfaces pp0 unit 0 family inet6 dhcpv6-client prefix-delegating preferred-prefix-length 56\r\nset interfaces pp0 unit 0 family inet6 dhcpv6-client prefix-delegating sub-prefix-length 64\r\nset interfaces pp0 unit 0 family inet6 dhcpv6-client client-identifier duid-type duid-ll\r\nset interfaces pp0 unit 0 family inet6 dhcpv6-client retransmission-attempt 5\r\nset interfaces pp0 unit 0 family inet6 dhcpv6-client update-server<\/pre>\nPrepare for Router Advertisement on LAN Interfaces<\/h1>\n
There are 2 methods to configure RA on a interface. One is to configure a static IPv6 range under protocols router-advertisement<\/span> (only available under the default routing instance, and works for all the routing instances in current logical system), another is to use dhcpv6-client update-router-advertisement<\/span> under a interface for dynamically-acquired address blocks. These two methods are exclusive. My ISP only offers dynamic addresses, so I’ll go with the latter one.<\/p>\n
Enable the “other” flag here since we’ll use stateless DHCPv6 to send DNS config to the clients.<\/p>\n
set interfaces irb unit 100 family inet6 rpf-check\r\nset interfaces pp0 unit 0 family inet6 dhcpv6-client update-router-advertisement interface irb.100 other-stateful-configuration<\/pre>\nStateless DHCPv6<\/h1>\n
We can use stateless DHCPv6 server to set DNS, search domain, etc. for SLAAC clients. You may use RDNSS too, but it falls out of the scope of this article. Stateless DHCPv6 only works if the “other” flag is set in the RA, so make sure you set it.<\/p>\n
Notes:<\/p>\n
\n
- If your LAN interface is in a routing instance, set everything below inside the routing instance<\/li>\n
- access address-assignment pool <*> family<\/span> is exclusive; config one family and you’ll lose everything for the other family<\/li>\n
- access address-assignment pool <*> family inet6 prefix<\/span> is required even if the pool is only used for stateless DHCPv6; just config something so that the client address can match the pool<\/li>\n
- You can config one pool for all DHCPv6 groups under system services dhcp-local-server dhcpv6 overrides process-inform pool<\/span> if their config is the same<\/li>\n<\/ul>\n
set system services dhcp-local-server dhcpv6 overrides interface-client-limit 255\r\nset system services dhcp-local-server dhcpv6 overrides rapid-commit\r\nset system services dhcp-local-server dhcpv6 overrides process-inform\r\nset system services dhcp-local-server dhcpv6 group LAN overrides process-inform pool LAN_V6\r\nset system services dhcp-local-server dhcpv6 group LAN interface irb.100\r\n\r\nset access address-assignment pool LAN_V6 family inet6 prefix 2000::\/3\r\nset access address-assignment pool LAN_V6 family inet6 dhcp-attributes dns-server 2001:4860:4860::8888\r\nset access address-assignment pool LAN_V6 family inet6 dhcp-attributes dns-server 2001:4860:4860::8844\r\nset access address-assignment pool LAN_V6 family inet6 dhcp-attributes valid-lifetime 3600\r\nset access address-assignment pool LAN_V6 family inet6 dhcp-attributes preferred-lifetime 1800<\/pre>\nDHCPv6 Client Stuck<\/h1>\n
If your PPPoE session is kicked by BRAS, the DHCPv6 client might get stuck. Use the following event script to solve the problem. (Don’t forget to adjust the interface name and routing instance name!)<\/p>\n
set event-options policy PPPOE_DHCPV6_REQ events SNMP_TRAP_LINK_UP\r\nset event-options policy PPPOE_DHCPV6_REQ attributes-match SNMP_TRAP_LINK_UP.interface-name matches pp0.0\r\nset event-options policy PPPOE_DHCPV6_REQ then execute-commands commands \"request dhcpv6 client renew routing-instance ISP interface pp0.0\"<\/pre>\n
\nReferences<\/h1>\n
\n
- SLAAC-to-Basics (Part 2 of 2: Configuring SLAAC)<\/a><\/li>\n
- How to: SLAAC\/DHCPv6 on Juniper vSRX<\/a><\/li>\n
- Configuring the SRX as a DHCPv6 client with auto-prefix delegation<\/a><\/li>\n
- DHCPv6 Server<\/a><\/li>\n
- [SRX] Example – Configuring DHCPv6 PD over PPPoE<\/a><\/li>\n
- IPv6 over FTTC on the Juniper SRX110<\/a><\/li>\n
- DHCPv6 Client on Juniper SRX-110<\/a><\/li>\n<\/ul>\n
<\/div>\n","protected":false},"excerpt":{"rendered":"Recently my ISP fixed the compatibility issues between their Huawei BRAS and my Junos router. After some digging, I managed to get some IPv6 address allocation for all my client devices. Here’s how I achieved it. Disclaimer: This article assumes you have basic understanding on IPv6 as we are not going to dig into the […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[13,14],"tags":[],"class_list":["post-272","post","type-post","status-publish","format-standard","hentry","category-juniper","category-junos-os"],"acf":[],"_links":{"self":[{"href":"https:\/\/blog.swineson.me\/en\/wp-json\/wp\/v2\/posts\/272"}],"collection":[{"href":"https:\/\/blog.swineson.me\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.swineson.me\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.swineson.me\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.swineson.me\/en\/wp-json\/wp\/v2\/comments?post=272"}],"version-history":[{"count":3,"href":"https:\/\/blog.swineson.me\/en\/wp-json\/wp\/v2\/posts\/272\/revisions"}],"predecessor-version":[{"id":275,"href":"https:\/\/blog.swineson.me\/en\/wp-json\/wp\/v2\/posts\/272\/revisions\/275"}],"wp:attachment":[{"href":"https:\/\/blog.swineson.me\/en\/wp-json\/wp\/v2\/media?parent=272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.swineson.me\/en\/wp-json\/wp\/v2\/categories?post=272"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.swineson.me\/en\/wp-json\/wp\/v2\/tags?post=272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}