Stateless Address Autoconfiguration (SLAAC)
SLAAC management principles
In a Triple Play network, client devices can use SLAAC to dynamically obtain their IP address and other network configuration information.
During bootup, the client sends a Router Solicit (RS) message to get an IP prefix.
The BNG address server can assign a prefix statically to the subscriber through RADIUS or LUDB, or dynamically using the local address server.
The BNG address server replies to the client with a Router Advertisement which contains a /64 prefix.
Configuration overview
The ICMP6 Router Solicit is the primary trigger for SLAAC host creation. It is also possible to use the DHCPv4 message to trigger a SLAAC host creation using the ‟IPoE-linking” feature. The SLAAC host can use RADIUS or LUDB authentication, as well as bypass authentication. Address assignment can be assigned statically or dynamically. Static prefix assignment is accomplished through RADIUS or LUDB. Dynamic prefix assignment requires the use of the local-address-server (reusing the local DHCPv6 server), and a pool name returned from RADIUS or LUDB. The DHCPv6 server for SLAAC is used for address management only, there are no lease state associated with SLAAC users. The DHCPv6 server can be shared with regular DHCPv6 users as well.
Router-solicit trigger
The following example shows a router-solicit triggered configuration.
*A:eng-BNG-2>config>service>vprn>sub-if>grp-if>ipv6# info
----------------------------------------------
router-solicit
no shutdown
exit
To add authentication to the above configuration, there are two options.
For RADIUS authentication, like DHCP and PPP authentication, add a RADIUS policy under the group interface.
For LUDB, add the following to the router-solicit configuration.
*A:eng-BNG-2>config>service>vprn>sub-if>grp-if>ipv6# info
----------------------------------------------
router-solicit
user-db "slaac-users"
no shutdown
exit
SLAAC address assignment
After an RS is received to trigger the creation of a SLAAC host, address assignment can be provided statically or dynamically.
Static SLAAC prefix assignment
If using RADIUS, the attribute ‟framed-ipv6-prefix” VSA is used. The attribute must use a /64 prefix.
*A:eng-BNG-2>config>subscr-mgmt>loc-user-db>ipoe>host# info
----------------------------------------------
ipv6-slaac-prefix 2001::/64
Dynamic SLAAC prefix assignment
SLAAC prefix can be dynamically assigned to a user at real time. Prefixes are assignment through the local DHCPv6 pool. Therefore, a DHCPv6 pool must be defined first. The following displays an example configuration.
*A:eng-BNG-2>config>service>vprn>dhcp6# info
----------------------------------------------
local-dhcp-server "dhcp6-server" create
use-pool-from-client
pool "pool-01" create
prefix 2001::/32 wan-host create
exit
exit
exit
To associate the DHCPv6 server for SLAAC address assignment, the following configuration is used. The server name configured under local-address-assignment dhcp6-server matches the name configured under the DHCPv6 pool.
*A:eng-BNG-2>config>service>vprn>sub-if>grp-if# info
----------------------------------------------
local-address-assignment
ipv6
client-application ppp-slaac ipoe-slaac
server "dhcp6-server"
exit
no shutdown
exit
To specify the pool to be used for SLAAC prefix assignment, the pool name can either be returned from LUDB or RADIUS.
If using RADIUS, the attribute ‟Alc-slaac-ipv6-pool” is used.
If using LUDB, the following configuration is used.
*A:eng-BNG-2>config>subscr-mgmt>loc-user-db>ipoe>host# info
----------------------------------------------
ipv6-slaac-prefix-pool "pool-01"
In this example, the pool named ‟pool-01” provisioned in the LUDB or returned from RADIUS matches the pool name configured in the DHCP6 server. A prefix from the 2001::/32 pool is assigned to the SLAAC subscribers.
SLAAC prefix replacement
An SLAAC host prefix can be replaced with the VSA Alc-Ipv6-Slaac-Replacement-Prefix. This VSA is only supported through CoA or through the tools>subscr-mgmt>coa command. When a CoA is triggered, the original SLAAC host session terminates from the BNG. Depending on the accounting mode, an accounting stop message may be sent. Immediately following the termination of the original SLAAC host session, an SLAAC host with the new replacement prefix is created on the system. The SLAAC host inherits all the original host attributes, such as the subscriber profile and SLA profile. Nokia recommends against combining the VSA Alc-Ipv6-Slaac-Replacement-Prefix with other VSAs. An error in any of the VSAs can cause the SLAAC host recreation to fail. Service can only be restored after the subscriber performs an address request and authenticates.
The RA prefix replacement generates a single router advertisement containing both the old and new prefixes. The old prefix had both the valid and preferred lifetime parameters set to 0, informing the subscriber to deprecate the prefix as soon as possible. The new prefix has the valid and preferred lifetime parameters set as per the operator configuration. The subscriber can continue to use the old prefix for up to two hours after the RA. During the two hours, the 7750 SR drops subscriber traffic that does not match the anti-spoof criteria.
This feature is supported on an MCS setup. For persistence, the replacement SLAAC prefix is stored as the subscriber new prefix.
SLAAC prefixes that were assigned through local address assignment cannot be replaced. This feature ensures that when SLAAC replacement is performed, the address origin is not changed. This feature only replaces SLAAC host prefixes and cannot, for example, replace a DHCPv6 host with an SLAAC prefix. This feature is not supported for PPPoE sessions.