ESMv6: PPPoE Dual Stack Hosts
This chapter describes ESMv6 PPPoE dual stack host configurations.
Topics in this chapter include:
Applicability
This chapter is applicable to SR OS routers and was initially based on Release 8.0.R4. The CLI is updated to Release 15.0.R1.
Prerequisites:
Routed CO (IES/VPRN service) with Enhanced Subscriber Management (ESM)
Bridged or routed home gateway
The focus of this chapter is on PPPoE IPv6. IPv4 configuration is shown for completeness.
Overview
PPPoE Dual Stack
A PPPoE dual stack subscriber may support both IPv4 and IPv6 simultaneously. The dual stack hosts share a common subscriber identification policy and have a common sla-profile and subscriber-profile and are linked together through one PPPoE session.
For PPPoE dual stack hosts, one subscriber host is created for IPv4 and another one for the IPv6 address family.
ESM for IPv6 is supported through RADIUS and local user database (LUDB) for authentication, address assignment and authorization.
PPPoE dual stack subscriber-hosts are supported for bridged and routed home gateways.
Dual Stack PPPoE Bridged Gateway Service
In the dual stack PPPoE host service, the PPPoE session is initiated directly from a dual stack device in the home network. PPPoE is used to carry IPv6 and (optionally) IPv4 traffic from the device to the broadband remote access server (BRAS), also called broadband network gateway (BNG).
Unlike the routed gateway application examples (see later), no IPv6 prefix delegation occurs in the bridged gateway service. Instead, a global unicast address prefix (/64) is advertised using Router Advertisements (RAs) directly to the PPPoE interface on the host.
The device addresses are self-assigned through stateless auto configuration (SLAAC). where SLAAC makes use of ICMPv6 router-advertisements to announce these IPv6 prefixes. The SLAAC prefixes have a mandatory length of /64.
This application is targeted at operators who currently use a bridging modem in the customer premises and who want to incrementally add IPv6 capability without a change of the modem on the customer site.
Dual Stack PPPoE Routed Gateway Service
The dual stack PPPoE routed gateway service runs over a dual stack PPPoE session between a dual stack router and BNG. It allows operators using PPPoE in their networks (with either PPPoE to the RG or PPPoA with translation to PPPoE in the DSLAM) to deploy IPv6 services in conjunction with existing IPv4 services.
Because a routed RG is used, a unique subscriber IPv6 prefix is delegated to the dual stack router for use within the home network. DHCPv6 is used to provide prefix delegation (PD). No WAN IPv6 address assignment is supported in this model. The dual stack router does not perform any NAT for IPv6 traffic.
SLAAC
The IPv6 stateless auto configuration (SLAAC) mechanism requires no manual configuration of hosts, minimal configuration of routers, and no additional servers (such as DHCP). The stateless mechanism allows a host to generate its own address using a combination of locally available information and information advertised by routers. Routers advertise /64 prefixes, by an ICMPv6 router advertisement, that identify the subnet(s) associated with a link, while hosts generate a 64-bit ‟interface identifier” that uniquely identifies an interface on a subnet. An address is formed by combining the two.
DHCPv6
The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) is defined in RFC 3315. The protocol enables DHCPv6 servers to pass configuration parameters such as IPv6 network addresses or DNSv6 addresses to IPv6 nodes.
For further information on DHCPv6, see ESMv6: IPoE Dual Stack Hosts.
Prefix Delegation
Prefix Delegation (PD) is a mechanism for automated delegation of IPv6 prefixes using DHCPv6. A delegating router delegates a long-lived IPv6 prefix to a requesting router. The delegating router does not require knowledge about the topology of the links in the network to which the prefixes will be assigned.
For further information on Prefix Delegation, see ESMv6: IPoE Dual Stack Hosts.
Configuration
ESMv6 for PPPoE is applicable in a routed CO environment. Details of non-specific dual stack configurations like authentication-policies, sla-profile, subscriber-profile, accounting-policies and QoS policies are out of scope for this chapter.
The minimal RADIUS authentication configuration and ESM string configuration is added for completeness.
configure
router
radius-server
server "radius-172.16.1.2" address 172.16.1.2 secret vsecret1 create
accept-coa
exit
exit
exit
configure
aaa
radius-server-policy "rsp-1" create
servers
router "Base"
source-address 192.0.2.1
server 1 name "radius-172.16.1.2"
exit
exit
exit
configure
subscriber-mgmt
authentication-policy "auth-1" create
description "RADIUS authentication policy"
pppoe-access-method pap-chap
radius-server-policy "rsp-1"
exit
exit
configure
subscriber-mgmt
sla-profile "sla-profile-1" create
exit
sub-profile "sub-profile-1" create
exit
sub-ident-policy "sub-ident-1" create
sub-profile-map
use-direct-map-as-default
exit
sla-profile-map
use-direct-map-as-default
exit
exit
exit
Service
Dual Stack PPPoE for Bridged Gateway
Message Flow for a Dual Stack PPPoE Host shows the message flow for a dual stack PPPoE host behind a bridged gateway corresponding with the configured service.
For dual stack PPPoE, the BNG initiates the IPv6 control protocol (IPv6CP) protocol to the client during the session setup phase if the appropriate attributes have been returned by the RADIUS server on authentication. The RADIUS attribute that triggers the setup of a dual stack PPPoE host in bridged mode is framed-ipv6-prefix which should contain a /64 prefix for the client. When a PPPoE host has successfully completed the IPv6CP negotiation, the BNG will transmit an RA to the PPPoE host containing the prefix and any other option that is configured. The host can request optional IPv6 DNS server information from the BNG by sending a DHCPv6 information-request.
The following example shows a minimal configuration to enable dual stack subscribers in an IES service context with the ESM IPv6-specific parts in bold.
configure
service
ies 1 customer 1 create
subscriber-interface "sub-int-1" create
address 10.1.0.254/16
ipv6
subscriber-prefixes
prefix 2001:db8:c001:100::/56 wan-host
exit
exit
group-interface "group-int-1" create
ipv6
router-advertisements
prefix-options
autonomous
exit
no shutdown
exit
dhcp6
proxy-server
client-applications ppp
no shutdown
exit
exit
exit
authentication-policy "auth-1"
sap 1/1/1:1 create
sub-sla-mgmt
sub-ident-policy "sub-ident-1"
multi-sub-sap 10
no shutdown
exit
exit
pppoe
session-limit 10
sap-session-limit 10
no shutdown
exit
exit
exit
no shutdown
exit
exit
IPv6 subscriber prefixes must be defined in the subscriber-interface>ipv6>subscriber-prefixes context.
Three types of prefixes can be configured where wan-host is required for the bridged gateway scenario and pd is used for the dual stack PPPoE routed gateway scenario.
wan-host — Prefix from which the IPv6 addresses are assigned (by DHCPv6 IA_NA) for the IPoEv6 routed gateway WAN interface (network facing) or a prefix from which /64 prefixes are assigned for the PPPoE (by RA SLAAC) hosts in the bridged gateway model.
pd — Prefix from which the IPv6 prefix delegation prefixes are assigned that are to be used by the IPoEv6 or PPPoEv6 routed gateway for allocation in the home network (LAN interfaces).
pd wan-host (both) — Prefix from which both IPv6 addresses (wan-host) and IPv6 prefix delegation prefixes (pd) can be assigned. This requires that the delegated prefix length is set to 64 bits.
Subscriber Prefix Parameters and Subscriber Prefix Subnetting for SLAAC provide an overview of the subscriber-prefix parameters that apply and an example of subscriber prefix subnetting for SLAAC.
Subscriber Prefix Type |
Prefix Length |
DHCPv6 Option |
SLAAC |
RADIUS AVP |
Must be subnetted as |
|---|---|---|---|---|---|
wan-host |
/32..63 |
N/A |
yes |
[97]Framed-IPv6-Prefix |
/64 |
Subscriber prefix |
Framed-IPv6-Prefix |
Hosts |
|
|---|---|---|---|
2001:db8:c001:100::/56 |
2001:db8:c001:101::/64 |
pppoev6-host-1 |
|
2001:db8:c001:102::/64 |
pppoev6-host-2 |
||
2001:db8:c001:103::/64 |
pppoev6-host-3 |
||
<snip> |
<snip> |
||
2001:db8:c001:1FF::/64 |
pppoev6-host-256 |
||
2001:db8:c001:200::/56 |
2001:db8:c001:201::/64 |
PPPoEv6-host-257 |
|
2001:db8:c001:202::/64 |
PPPoEv6-host-258 |
||
2001:db8:c001:203::/64 |
PPPoEv6-host-259 |
||
<snip> |
<snip> |
||
2001:db8:c001:2FF::/64 |
PPPoEv6-host-512 |
Dual Stack PPPoE for Routed Gateway
Dual Stack PPPoE for Routed Gateway shows the message flow for a dual stack PPPoE host located behind a routed gateway corresponding with the configured service.
Initially, a PPPoE routed gateway follows the same steps as a dual stack PPPoE host. The BNG receives a prefix from RADIUS (in this case through a delegated-ipv6-prefix attribute), which is used as a trigger to initiate the IPv6CP protocol to the client. The prefix that is offered to the client should have the same prefix length as the one configured under the subscriber interface ipv6 context (delegated-prefix length).This length should be between 48 and 64 bits, inclusive.
After the IPv6CP protocol has completed, the client must run the DHCPv6 protocol over its PPPoE tunnel to receive a delegated prefix (IA_PD) and optionally IPv6 DNS server information.
This delegated prefix can then be subdivided by the client and distributed over its own downstream interfaces. During the DHCPv6 message exchange, no extra RADIUS request will be made; the information is stored during the initial PPPoE authentication until the client starts DHCPv6. Only after DHCPv6 has completed, the IPv6 subscriber host will be instantiated, and the BNG will start sending RAs if configured. (It is a mandatory requirement for the BNG to send RAs which makes enabling router-advertisements under the group-level mandatory). The router advertisements do not contain any prefix information, which has already been provided by DHCPv6, but it is used as an indication to the client that its default gateway should be the BNG.
configure
service
ies 1 customer 1 create
subscriber-interface "sub-int-1" create
address 10.1.0.254/16
ipv6
delegated-prefix-len 56
subscriber-prefixes
prefix 2001:db8:d001::/48 pd
exit
exit
group-interface "group-int-1" create
ipv6
router-advertisements
prefix-options
autonomous
exit
no shutdown
exit
dhcp6
proxy-server
client-applications ppp
no shutdown
exit
exit
exit
authentication-policy "auth-1"
sap 1/1/1:1 create
sub-sla-mgmt
sub-ident-policy "sub-ident-1"
multi-sub-sap 10
no shutdown
exit
exit
pppoe
session-limit 10
sap-session-limit 10
no shutdown
exit
exit
exit
no shutdown
exit
exit
exit
IPv6 subscriber prefixes must be defined at the subscriber-interface>ipv6>subscriber-prefixes context, see Dual Stack PPPoE Bridged Gateway Service.
Subscriber prefixes are subnetted in fixed length subnets that are assigned to subscriber hosts:
/delegated-prefix-len (/48..64) for p subscriber prefixes
The delegated prefix length is configured in the subscriber-interface>ipv6 context. The recommended value is /56 (default = /64). The configured length applies to all pd subscriber prefixes on a subscriber-interface.
Subscriber-Prefix Parameters and Prefix Subnetting for delegated-prefix-length /56 provide an overview of the subscriber-prefix parameters that apply and an example of prefix subnetting for delegated-prefix-length /56.
Subscriber Prefix Type |
Prefix Length |
DHCPv6 Option |
SLAAC |
RADIUS AVP |
Must be sub netted as |
|---|---|---|---|---|---|
pd |
/48..64 * |
IA-PD |
N/A |
[123] Delegated-IPv6-Prefix |
/delegated-prefix-len |
*Must be smaller than configured delegated prefix length.
Subscriber Prefix and /56 delegated-prefix-len |
Framed-IPv6-Prefix |
Hosts |
|---|---|---|
2001:db8:d001::/48 |
2001:db8:d001:100::/56 |
Responsibility Home Gateway (HGW) |
Responsibility HGW |
||
Responsibility HGW |
||
2001:db8:d001:200::/56 |
Responsibility HGW |
|
Responsibility HGW |
||
Responsibility HGW |
||
<snip> |
-- |
|
2001:db8:d001:FF00::/56 |
Responsibility HGW |
|
Responsibility HGW |
||
Responsibility HGW |
||
<snip> |
-- |
-- |
2001:db8:d002::/48 |
2001:db8:d002:100::/56 |
Responsibility HGW |
Responsibility HGW |
||
Responsibility HGW |
||
2001:db8:d002:200::/56 |
Responsibility HGW |
|
Responsibility HGW |
||
Responsibility HGW |
||
<snip> |
-- |
|
2001:db8:d002:FF00::/56 |
Responsibility HGW |
|
Responsibility HGW |
||
Responsibility HGW |
RADIUS
The RADIUS authentication policy shown at the beginning of the Configuration section must be applied to the group-interface, and is used for both IPv4 and IPv6.
configure
service
ies 1 customer 1 create
subscriber-interface "sub-int-1" create
group-interface "group-int-1" create
authentication-policy "auth-1"
exit
exit
exit
exit
exit
IPv4 and IPv6 configuration information can come from LUDB or AAA/RADIUS.
Commonly used RADIUS Attribute Value pairs (AVPs) that are applicable for PPPoE IPv6 subscriber hosts are listed in RADIUS AVPs.
RADIUS AVP |
Type |
Purpose |
|---|---|---|
Framed-IPv6-Prefix [97] |
ipv6prefix |
Maps to SLAAC (RFC 4862) /64 Prefix-information in ICMPv6 RA. |
Delegated-IPv6-Prefix [123] |
ipv6prefix |
Maps to IA_PD for prefix delegation (RFC 3633) in DHCPv6 |
Alc-Ipv6-Primary-Dns [26-6527-105] |
ipv6addr |
Maps to DNS recursive name server option (RFC 3646) in DHCPv6 |
Alc-Ipv6-Secondary-Dns [26-6527-106] |
ipv6addr |
Maps to DNS recursive name server option (RFC 3646) in DHCPv6 |
Dual Stack PPPoE for Bridged Gateway
The following shows a sample of a FreeRADIUS user record to authenticate a dual stack PPPoE subscriber for a bridged gateway:
bridged@domain1 Cleartext-Password := "letmein"
Framed-IP-Address = 10.1.0.1,
Framed-IP-Netmask = 255.255.255.0,
Alc-Subsc-ID-Str = "%{User-name}",
Alc-Subsc-Prof-Str = "sub-profile-1",
Alc-SLA-Prof-Str = "sla-profile-1",
Framed-IPv6-Prefix = "2001:db8:c001:0101::/64",
Alc-IPv6-Primary-DNS = "2001:db8:dddd:1::1",
Alc-IPv6-Secondary-DNS = "2001:db8:dddd:2::1",
Dual Stack PPPoE for Routed Gateway
The following shows a sample of a FreeRADIUS user record to authenticate a dual stack PPPoE subscriber for a routed gateway:
routed@domain1 Cleartext-Password := "letmein"
Framed-IP-Address = 10.1.0.2,
Framed-IP-Netmask = 255.255.255.0,
Alc-Subsc-ID-Str = "%{User-name}",
Alc-Subsc-Prof-Str = "sub-profile-1",
Alc-SLA-Prof-Str = "sla-profile-1",
Delegated-IPv6-Prefix = "2001:db8:d001:0100::/56",
Alc-IPv6-Primary-DNS = "2001:db8:dddd:1::1",
Alc-IPv6-Secondary-DNS = "2001:db8:dddd:2::1",
A RADIUS user’s configuration with multiple delegated-ipv6-prefixes for the same dual stack PPPoE host will result in a single DHCPv6 advertise message sent by the BNG with a single IA_PD option and single IA-Prefix. The other RADIUS configured delegated-IPv6-prefixes are silently dropped by the BNG.
Router Advertisements
ICMPv6 router advertisements have two major functions.
Default router function for hosts
Address auto-configuration for hosts aka SLAAC
Unsolicited RA must explicitly be enabled on a group interface (default shutdown) and are refreshed with a pseudo random timer. The boundaries of this random timer are configurable with the min-advertisement parameter (minimum with default set to 900s) and max-advertisement (maximum with default set to 1800s).
configure
service
ies 1 customer 1 create
subscriber-interface "sub-int-1" create
group-interface "group-int-1" create
ipv6
router-advertisements
max-advertisement 1800 # default 30 min
min-advertisement 900 # default 15 min
no shutdown
exit
exit
exit
exit
exit
exit
The router-advertisements router-lifetime parameter (default 4500 sec) specifies how long the host is allowed to use the originator of the RA as default gateway. This timer is configurable between 2700 and 9000 seconds.
Configuring a router-advertisements router-lifetime timer smaller than the router-advertisements min-advertisement timer results in a dual stack PPPoE host without a default gateway.
configure
service
ies 1 customer 1 create
subscriber-interface "sub-int-1" create
group-interface "group-int-1" create
ipv6
router-advertisements
router-lifetime 4500
no shutdown
exit
exit
exit
exit
exit
exit
The following prefix-options autonomous parameter specifies whether or not offered RADIUS IPv6 prefix can be used for stateless address configuration (SLAAC). The prefix-options lifetime parameter defines how long the host is allowed to use this prefix. Configuring a prefix-option valid-lifetime smaller than the router-advertisements min-advertisement timer results in host traffic being sourced with the link-local address instead of global unique IPv6 address.
configure
service
ies 1 customer 1 create
subscriber-interface "sub-int-1" create
group-interface "group-int-1" create
ipv6
router-advertisements
prefix-options
autonomous # required for SLAAC
on-link
preferred-lifetime 3600 # default 1 hour
valid-lifetime 86400 # default 24 hours
exit
no shutdown
exit
exit
exit
exit
exit
exit
exit
The following is a snapshot from an ICMPv6 RA message with default timer settings with a focus on the SLAAC function.
Internet Control Message Protocol v6
Type: 134 (Router advertisement)
---snip---
ICMPv6 Option (Prefix information)
Type: Prefix information (3)
Length: 32
Prefix length: 64
Flags: 0x40
1... .... = on link
.1.. .... = Auto # Auto-Configuration flag
..0. .... = Not router address
...0 .... = Not site prefix
Valid lifetime: 86400 # Default value 24 hour
Preferred lifetime: 3600 # Default value 1 hour
Prefix: 2001:DB8:C001:101:: # SLAAC prefix
SLAAC-related parameters are listed in SLAAC-Related Parameters .
Parameter |
Description (RFC-4861) |
Value Range (Default) |
|---|---|---|
prefix-options: autonomous |
Autonomous address-configuration flag. When set indicates that this prefix can be used for stateless address auto configuration (SLAAC) |
(no) |
prefix-options: preferred-lifetime |
The length of time in seconds that the addresses generated from the prefix through stateless address auto configuration (SLAAC) remains preferred. |
0..4294967295 s (3600s) 1hour |
prefix-options: valid-lifetime |
The length of time in seconds that the prefix is valid for the purpose of on-link determination. |
0..4294967295 s (86400s) 24hours |
Router advertisements parameters common to PPPoEv6 and IPoEv6 are listed and explained in ESMv6: IPoE Dual Stack Hosts.
For dual stack PPPoE hosts, the default values, as shown in the following output, can be used. Timer values equal to zero (reachable-time and retransmit-time) causes the host to use its own timers for that function. The reachable-time is used by the host for Neighbor_Unreachable_Detection (NUD) whereas the retransmit-time is used by the host for Duplicate_Address_Detection (DAD). DAD is normally only performed by dual stack IPoE hosts and not by dual stack PPPoE hosts.
configure
service
ies 1 customer 1 create
subscriber-interface "sub-int-1" create
group-interface "group-int-1" create
ipv6
router-advertisements
current-hop-limit 64
dns-options
no include-dns
rdnss-lifetime 3600
exit
no force-mcast
no managed-configuration
no mtu
no other-stateful-configuration
reachable-time 0
retransmit-time 0
no shutdown
exit
exit
exit
exit
exit
DHCPv6 Proxy Server
Dual Stack PPPoE for Bridged Gateway
Dual stack PPPoE hosts using SLAAC for address assignment do not require DHCPv6. SR OS supports DNSv6 information through the RA DNS Option (RFC 5006, IPv6 Router Advertisement Option for DNS Configuration), and can also be configured to use DHCPv6 information requests and replies to retrieve the DNSv6 information. This requires the DHCPv6 proxy server to be enabled (the default is shutdown) and PPPoE defined as client-application (default=dhcp only). No lease state is kept for this DNSv6 information and therefore it is known as stateless DHCPv6.
configure
service
ies 1 customer 1 create
subscriber-interface "sub-int-1" create
group-interface "group-int-1" create
ipv6
dhcp6
proxy-server
client-applications ppp
no shutdown
exit
exit
exit
exit
exit
exit
exit
exit
Dual Stack PPPoE for Routed Gateway
An IPv6 PPPoE routed gateway initiates, after successful IPv6CP negotiation, a DHCPv6 session to request its configuration data (IPv6 PD prefixes, DNS servers). A DHCPv6 proxy server in the BNG maintains the DHCPv6 session with the IPv6 PPPoE subscriber host. The DHCPv6 proxy server must be enabled (the default is shutdown) and PPPoE defined as client-application (default=dhcp only).
configure
service
ies 1 customer 1 create
subscriber-interface "sub-int-1" create
group-interface "group-int-1" create
ipv6
dhcp6
proxy-server
server-id duid-ll
renew-timer min 30 # default
rebind-timer min 48 # default
valid-lifetime days 1 # default
preferred-lifetime hrs 1 # default
client-applications ppp
no shutdown
exit
exit
A number of timers associated with IPv6 addresses and IPv6 prefixes within DHCPv6 identity associations can be configured in the DHCPv6 proxy server context. These timers are valid for IPoEv6 and PPPoEv6 sessions and are listed and further explained in ESMv6: IPoE Dual Stack Hosts.
There is never RADIUS re-authentication for dual stack PPPoE routed gateways on DHCPv6 renewals as indicated in DHCPv6 Renewals.
DHCPv6 Lease State
The DHCPv6 lease state table keeps track of the DHCPv6 host states. The DHCP lease information for a specific host is extracted from the DHCPv6 reply message in case of DHCPv6. Stateful (with lease state) DHCPv6 is applicable for dual stack PPPoE on routed gateway where Stateless (without lease state) DHCPv6 is optional and applicable for dual stack PPPoE on bridged gateways.
For more information on DHCPV6 lease states, see ESMv6: IPoE Dual Stack Hosts.
Operation
Dual Stack PPPoE for Bridged Gateway
A PPPoEv6 dual stack subscriber scenario for a bridged home gateway consumes two subscriber host entries shared by a common subscriber.
IPv4 host-addressing by IPCP
IPv6 wan-host addressing by SLAAC
*A:BNG# show service active-subscribers subscriber bridged@domain1"bridged@domain1"
===============================================================================
Active Subscribers
===============================================================================
-------------------------------------------------------------------------------
Subscriber bridged@domain1 (sub-profile-1)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
(1) SLA Profile Instance sap:1/1/1:1 - sla:sla-profile-1
-------------------------------------------------------------------------------
IP Address
MAC Address Session Origin Svc Fwd
-------------------------------------------------------------------------------
10.1.0.1
00:0c:29:00:00:11 PPP 1 IPCP 1 Y
2001:db8:c001:101::/64
00:0c:29:00:00:11 PPP 1 SLAAC 1 Y
-------------------------------------------------------------------------------
===============================================================================
*A:BNG#
The hierarchy parameter for active-subscribers gives a top level down overview for this subscriber.
*A:BNG# show service active-subscribers hierarchy subscriber "bridged@domain1"
===============================================================================
Active Subscribers Hierarchy
===============================================================================
-- bridged@domain1 (sub-profile-1)
|
+-- sap:1/1/1:1 - sla:sla-profile-1
|
+-- PPP-session - mac:00:0c:29:00:00:11 - sid:1 - svc:1
|
|-- 10.1.0.1 - IPCP
|
+-- 2001:db8:c001:101::/64 - SLAAC
===============================================================================
*A:BNG#
IPCP and IPv6CP are in an opened state for the dual stack PPPoE session and their origin is RADIUS, as shown below.
*A:BNG# show service id 1 pppoe session ip-address 10.1.0.1 detail
===============================================================================
PPPoE sessions for svc-id 1
===============================================================================
Sap Id Mac Address Sid Up Time Type
IP/L2TP-Id/Interface-Id MC-Stdby
-------------------------------------------------------------------------------
1/1/1:1 00:0c:29:00:00:11 1 0d 00:01:27 local
10.1.0.1
02:0C:29:FF:FE:00:00:11
LCP State : Opened
IPCP State : Opened
IPv6CP State : Opened
PPP MTU : 1492
PPP Auth-Protocol : CHAP
PPP User-Name : bridged@domain1
Subscriber-interface : sub-int-1
Group-interface : group-int-1
IP Origin : radius
DNS Origin : none
NBNS Origin : none
Subscriber : "bridged@domain1"
Sub-Profile-String : "sub-profile-1"
SLA-Profile-String : "sla-profile-1"
---snip---
IPv6 Prefix : 2001:db8:c001:101::/64
IPv6 Prefix Origin : radius
IPv6 Prefix Pool : ""
IPv6 Del.Pfx. : N/A
IPv6 Del.Pfx. Origin : none
IPv6 Del.Pfx. Pool : ""
IPv6 Address : N/A
IPv6 Address Origin : none
IPv6 Address Pool : ""
Primary IPv6 DNS : 2001:db8:dddd:1::1
Secondary IPv6 DNS : 2001:db8:dddd:2::1
---snip---
-------------------------------------------------------------------------------
Number of sessions : 1
===============================================================================
*A:BNG#
The IPv6 routing table for dual stack hosts is displayed using the protocol keyword sub-mgmt.
*A:BNG# show router route-table ipv6 protocol sub-mgmt
===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8:c001:101::/64 Remote Sub Mgmt 00h01m37s 0
[group-int-1] 0
-------------------------------------------------------------------------------
No. of Routes: 1
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
*A:BNG#
DNSv6
DNSv6 information, in a dual stack PPPoE bridged gateway model, is optionally retrieved through stateless DHCPv6 information requests. Debugging is done through debug commands or/and observation by statistics counters.
100 2017/04/19 14:16:40.01 CEST MINOR: DEBUG #2001 Base TIP
"TIP: DHCP6_PKT
Incoming DHCP6 Msg : INFO_REQUEST (11)
on itf group-int-1
Trans Id : 0xcef3f0
Option : CLIENTID (1), Length : 14
LLT : HwTyp=0001,T=322878930,LL=000c29c851ca
00010001133ebdd2000c29c851ca
Option : ELAPSED_TIME (8), Length : 2
Time : 100 seconds
Option : ORO (6), Length : 4
Requested Option : DNS_NAME_SRVR (23)
101 2017/04/19 14:16:40.02 CEST MINOR: DEBUG #2001 Base TIP
"TIP: DHCP6_PKT
Outgoing DHCP6 Msg : REPLY (7)
to itf group-int-1
Trans Id : 0xcef3f0
Option : SERVERID (2), Length : 10
LL : HwTyp=0001,LL=24b1ff000000
0003000124b1ff000000
Option : CLIENTID (1), Length : 14
LLT : HwTyp=0001,T=322878930,LL=000c29c851ca
00010001133ebdd2000c29c851ca
Option : DNS_NAME_SRVR (23), Length : 32
Server : 2001:db8:dddd:1::1
Server : 2001:db8:dddd:2::1
DHCPv6 statistics can be shown as follows:
*A:BNG# show router dhcp6 statistics
===========================================================================
DHCP6 statistics (Router: Base)
===========================================================================
Msg-type Rx Tx Dropped
---------------------------------------------------------------------------
1 SOLICIT 0 0 0
2 ADVERTISE 0 0 0
3 REQUEST 0 0 0
4 CONFIRM 0 0 0
5 RENEW 0 0 0
6 REBIND 0 0 0
7 REPLY 0 0 0
8 RELEASE 0 0 0
9 DECLINE 0 0 0
10 RECONFIGURE 0 0 0
11 INFO_REQUEST 0 0 0
12 RELAY_FORW 0 0 0
13 RELAY_REPLY 0 0 0
14 LEASEQUERY 0 0 0
15 LEASEQUERY_REPLY 0 0 0
---------------------------------------------------------------------------
Dhcp6 Drop Reason Counters :
---------------------------------------------------------------------------
1 Dhcp6 oper state is not Up on src itf 0
2 Dhcp6 oper state is not Up on dst itf 0
3 Relay Reply Msg on Client Itf 0
---snip---
38 Packet dropped by DHCP filter 0
39 Packet dropped because authentication failed 0
===========================================================================
*A:BNG#
To clear the statistics use following command:
*A:BNG# clear router dhcp6 statistics
Entries, for dual stack PPPoE subscribers, in the IPv4 ARP and/or IPv6 neighbor cache table are counted as internal entries and are shown from the summary parameter.
*A:BNG# show router arp summary
============================================================
ARP Table Summary (Router: Base)
============================================================
Local ARP Entries : 3
Static ARP Entries : 0
Dynamic ARP Entries : 1
Managed ARP Entries : 0
Internal ARP Entries : 1
BGP-EVPN ARP Entries : 0
------------------------------------------------------------
No. of ARP Entries : 5
============================================================
*A:BNG#
*A:BNG# show router neighbor summary
=================================================================
Neighbor Table Summary (Router: Base)
=================================================================
Static Nbr Entries : 0
Dynamic Nbr Entries : 0
Managed Nbr Entries : 0
Internal Nbr Entries : 1
Evpn Nbr Entries : 0
-----------------------------------------------------------------
No. of Neighbor Entries : 1
=================================================================
*A:BNG#
Dual Stack PPPoE for Routed Gateway
A PPPoEv6 dual stack subscriber scenario for a routed CPE consumes two subscriber host entries sharing a common subscriber.
IPv4 host addressing through IPCP
IPv6 pd addressing through DHCPv6
*A:BNG# show service active-subscribers subscriber routed@domain1"routed@domain1"
===============================================================================
Active Subscribers
===============================================================================
-------------------------------------------------------------------------------
Subscriber routed@domain1 (sub-profile-1)
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
(1) SLA Profile Instance sap:1/1/1:1 - sla:sla-profile-1
-------------------------------------------------------------------------------
IP Address
MAC Address Session Origin Svc Fwd
-------------------------------------------------------------------------------
10.1.0.2
00:0c:29:00:00:12 PPP 1 IPCP 1 Y
2001:db8:d001:100::/56
00:0c:29:00:00:12 PPP 1 DHCP6-PD 1 Y
-------------------------------------------------------------------------------
===============================================================================
*A:BNG#
The hierarchy parameter for active-subscribers gives a top level down overview for this subscriber.
*A:BNG# show service active-subscribers hierarchy subscriber "routed@domain1"
===============================================================================
Active Subscribers Hierarchy
===============================================================================
-- routed@domain1 (sub-profile-1)
|
+-- sap:1/1/1:1 - sla:sla-profile-1
|
+-- PPP-session - mac:00:0c:29:00:00:12 - sid:1 - svc:1
|
|-- 10.1.0.2 - IPCP
|
+-- 2001:db8:d001:100::/56 - DHCP6-PD
===============================================================================
*A:BNG#
IPCP and IPv6CP are in an opened state for the dual stack PPPoE session and their origin is RADIUS, as shown below.
*A:BNG# show service id 1 pppoe session ip-address 10.1.0.2 detail
===============================================================================
PPPoE sessions for svc-id 1
===============================================================================
Sap Id Mac Address Sid Up Time Type
IP/L2TP-Id/Interface-Id MC-Stdby
-------------------------------------------------------------------------------
1/1/1:1 00:0c:29:00:00:12 1 0d 00:00:55 local
10.1.0.2
02:0C:29:FF:FE:00:00:12
LCP State : Opened
IPCP State : Opened
IPv6CP State : Opened
PPP MTU : 1492
PPP Auth-Protocol : CHAP
PPP User-Name : routed@domain1
Subscriber-interface : sub-int-1
Group-interface : group-int-1
IP Origin : radius
DNS Origin : none
NBNS Origin : none
Subscriber : "routed@domain1"
Sub-Profile-String : "sub-profile-1"
SLA-Profile-String : "sla-profile-1"
---snip---
IPv6 Prefix : N/A
IPv6 Prefix Origin : none
IPv6 Prefix Pool : ""
IPv6 Del.Pfx. : 2001:db8:d001:100::/56
IPv6 Del.Pfx. Origin : radius
IPv6 Del.Pfx. Pool : ""
IPv6 Address : N/A
IPv6 Address Origin : none
IPv6 Address Pool : ""
Primary IPv6 DNS : 2001:db8:dddd:1::1
Secondary IPv6 DNS : 2001:db8:dddd:2::1
---snip---
-------------------------------------------------------------------------------
Number of sessions : 1
===============================================================================
*A:BNG#
The IPv6 routing table for dual stack hosts is displayed using the protocol keyword sub-mgmt.
*A:BNG# show router route-table ipv6 protocol sub-mgmt
===============================================================================
IPv6 Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
2001:db8:d001:100::/56 Remote Sub Mgmt 00h01m01s 0
[group-int-1] 0
-------------------------------------------------------------------------------
No. of Routes: 1
Flags: n = Number of times nexthop is repeated
B = BGP backup route available
L = LFA nexthop available
S = Sticky ECMP requested
===============================================================================
*A:BNG#
DNSv6
DNSv6 information, in a dual stack PPPoE routed gateway model, is optionally retrieved by stateful DHCPv6 information requests. Troubleshooting is done through debug commands or/and observation by statistics counters.
16 2017/04/19 09:38:54.26 CEST MINOR: DEBUG #2001 Base TIP
"TIP: DHCP6_PKT
Incoming DHCP6 Msg : SOLICIT (1)
on itf group-int-1
Trans Id : 0xe3f882
Option : CLIENTID (1), Length : 14
LLT : HwTyp=0001,T=545839492,LL=000c29000012
000100012088d984000c29000012
Option : IA_PD (25), Length : 12
IAID : 1
Time1: 0 seconds
Time2: 0 seconds
Option : ORO (6), Length : 2
Requested Option : DNS_NAME_SRVR (23)
"
17 2017/04/19 09:38:54.26 CEST MINOR: DEBUG #2001 Base TIP
"TIP: DHCP6_PKT
Outgoing DHCP6 Msg : ADVERTISE (2)
to itf group-int-1
Trans Id : 0xe3f882
Option : SERVERID (2), Length : 10
LL : HwTyp=0001,LL=14f2ff000000
0003000114f2ff000000
Option : CLIENTID (1), Length : 14
LLT : HwTyp=0001,T=545839492,LL=000c29000012
000100012088d984000c29000012
Option : DNS_NAME_SRVR (23), Length : 32
Server : 2001:db8:dddd:1::1
Server : 2001:db8:dddd:2::1
Option : IA_PD (25), Length : 41
IAID : 1
Time1: 1800 seconds
Time2: 2880 seconds
Option : IAPREFIX (26), Length : 25
Prefix : 2001:db8:d001:100::/56
Preferred Lifetime : 3600 seconds
Valid Lifetime : 86400 seconds
"
18 2017/04/19 09:38:54.27 CEST MINOR: DEBUG #2001 Base TIP
"TIP: DHCP6_PKT
Incoming DHCP6 Msg : REQUEST (3)
on itf group-int-1
Trans Id : 0x1971dc
Option : CLIENTID (1), Length : 14
LLT : HwTyp=0001,T=545839492,LL=000c29000012
000100012088d984000c29000012
Option : SERVERID (2), Length : 10
LL : HwTyp=0001,LL=14f2ff000000
0003000114f2ff000000
Option : IA_PD (25), Length : 12
IAID : 1
Time1: 0 seconds
Time2: 0 seconds
Option : ORO (6), Length : 2
Requested Option : DNS_NAME_SRVR (23)
"
19 2017/04/19 09:38:54.27 CEST MINOR: DEBUG #2001 Base TIP
"TIP: DHCP6_PKT
Outgoing DHCP6 Msg : REPLY (7)
to itf group-int-1
Trans Id : 0x1971dc
Option : SERVERID (2), Length : 10
LL : HwTyp=0001,LL=14f2ff000000
0003000114f2ff000000
Option : CLIENTID (1), Length : 14
LLT : HwTyp=0001,T=545839492,LL=000c29000012
000100012088d984000c29000012
Option : DNS_NAME_SRVR (23), Length : 32
Server : 2001:db8:dddd:1::1
Server : 2001:db8:dddd:2::1
Option : IA_PD (25), Length : 41
IAID : 1
Time1: 1800 seconds
Time2: 2880 seconds
Option : IAPREFIX (26), Length : 25
Prefix : 2001:db8:d001:100::/56
Preferred Lifetime : 3600 seconds
Valid Lifetime : 86400 seconds
"
Use the following command to display the DHCPv6 statistics.
*A:BNG# show router dhcp6 statistics
===========================================================================
DHCP6 statistics (Router: Base)
===========================================================================
Msg-type Rx Tx Dropped
---------------------------------------------------------------------------
1 SOLICIT 1 0 0
2 ADVERTISE 0 1 0
3 REQUEST 1 0 0
4 CONFIRM 0 0 0
5 RENEW 0 0 0
6 REBIND 0 0 0
7 REPLY 0 1 0
8 RELEASE 0 0 0
9 DECLINE 0 0 0
10 RECONFIGURE 0 0 0
11 INFO_REQUEST 0 0 0
12 RELAY_FORW 0 0 0
13 RELAY_REPLY 0 0 0
14 LEASEQUERY 0 0 0
15 LEASEQUERY_REPLY 0 0 0
---------------------------------------------------------------------------
Dhcp6 Drop Reason Counters :
---------------------------------------------------------------------------
1 Dhcp6 oper state is not Up on src itf 0
2 Dhcp6 oper state is not Up on dst itf 0
---snip---
38 Packet dropped by DHCP filter 0
39 Packet dropped because authentication failed 0
===========================================================================
*A:BNG#
Use the following command to clear the DHCPv6 statistics.
A:BNG-1# clear router dhcp6 statistics
Troubleshooting
Following tools are available for troubleshooting PPPoE dual stack scenarios.
system log (log-id 99)
debugging aids
protocol statistics
Log-id 99 is the default system log. Use appropriate filtering to reduce the output if needed.
*A:BNG# show log log-id 99
Following debug configuration is useful for troobleshooting PPPoE, RADIUS, DHCPv6 and ICMPv6.
debug
service
id 1
ppp
packet
mode egr-ingr-and-dropped
detail-level high
discovery
ppp
dhcp-client
exit
exit
exit
exit
exit
debug
router
radius
packet-type authentication accounting coa
detail-level high
exit
exit
exit
debug
router "Base"
ip
dhcp6
mode egr-ingr-and-dropped
detail-level high
exit
icmp6
exit
exit
exit
Use the following commands for showing protocol related statistics.
show router dhcp6 statistics
show service id 1 pppoe session statistics
Advanced Topics
RADIUS COA
For dual stack PPPoE subscriber hosts, RADIUS-triggered mid-session change or/and session terminations identify the subscriber host to be changed by the same prefix that was originally returned from RADIUS or by the host-session-id (If RADIUS accounting host-accounting is enabled and the accounting session-id format equals number). Changing either the IPv4 or IPv6 information will result in both the v4 and v6 subscriber hosts being modified. Further elaboration on accounting is out of scope in this document.
IPv6CP Interface ID
IPv6CP negotiates, unlike ipv4-addresses in IPv4CP, only interface-ids (interface-id: the last 64 bits of an IPv6 address is the interface identifier that is unique to the 64-bit prefix of the IPv6 address and is usually derived from the link-layer or MAC address).
Dual stack PPPoE subscribers and the BNG exchange their interface-ids during the NCP phase. For ESM subscriber-interfaces on the BNG the interface-id is derived from the chassis-mac address.
The BNG will nack the PPPoE host’s IPv6CP configuration request if the dual stack PPPoE host negotiates an interface-id equal zero or an interface-id equal to the BNG interface ID. In that scenario, the BNG offers in the IPv6CP nack message a suitable interface ID, see IPv6CP Nack Message Format.
The BNG terminates the session if the dual stack PPPoE hosts nacks its IPv6CP configuration request and offers something else to the BNG.
Table 7. IPv6CP Nack Message Format 1
2
3
4
5
6
7
8
SAP ID
Last 2 bytes MAC host
Session ID
Conclusion
This chapter provides configuration and troubleshooting commands for dual stack PPPoE subscribers on bridged or routed gateways. SLAAC is used as IPv6 address assignment for bridged gateway scenarios and stateful DHCPv6 prefix-delegation is used for address assignment for routed gateway scenarios. No RG WAN IPv6 address assignment is supported in this latter model.
DNSv6 addressing on a bridged gateway is retrieved by stateless DHCPv6 (information request and reply).