First off, credit due where credit deserved. ipv6_twit over at ipcalypse provided most of the original insight for this.
Relevant man pages.
http://manpages.ubuntu.com/manpages/lucid/man5/dhcp6c.conf.5.html
http://www.huge-man-linux.net/man5/radvd.conf.html
Building on the material by ipv6_twit over at ipcalypse, here is an example of DHCPv6-PD for multiple subnets.
Basics:
eth0 is WAN/upstream
eth1 is LAN
eth2 is WLAN
eth3 is DMZ
The ISP offers addresses for the ptp link from 2001:db8:88:100::/64
The ISP offers /48 delegations out of 2001:db8:ff00::/40.
We will configure the router to get a DHCPv6 address on the WAN interface and assign an address on each of the internal interfaces.
Starting with requesting a DHCPv6 address for the WAN interface.
interface eth0 { send ia-na 1; request domain-name-servers; request domain-name; script "/etc/wide-dhcpv6/dhcp6c-script"; }; id-assoc na 1 { };
This will put an address on the WAN interface from the 2001:db8:88:100::/64 DHCP pool.
Now we add in requesting a delegation and adding it to the LAN.
interface eth0 { send ia-na 1; request domain-name-servers; request domain-name; script "/etc/wide-dhcpv6/dhcp6c-script"; send ia-pd 1; }; id-assoc na 1 { }; id-assoc pd 1 { prefix-interface eth1 { sla-len 16; sla-id 0; ifid 1; }; };
The breakdown:
send ia-pd 1;
Sends the request for a single delegation.
id-assoc pd 1 {
Matches the id of the delegation request
prefix-interface eth1 {
Specifies the interface to apply it to.
sla-len 16;
The length of the delegation you are getting + this = 64. A /48 = 16, /56 = 8, /60 = 4, /64 = 0
sla-id 0;
Sets which prefix out of the delegation to use. This is 2^sla-id. If you have a /48, valid values would be 2^16 or 0-65535. If you had a /56, it would be 2^8 or 0-255. A /60 is 0-15
ifid 1;
This is the address to apply to the interface. Take the delegation, sla-id and this to make the interface address. If this is not specified, it will use the EUI-64 address.
This configuration would result in 2001:db8:ff00::1⁄64 being assigned to the interface, assuming the PD server assigned the first /48 out of the /40. Expanded a little bit so you can see the breakdown 2001:db8:ff00:**::1**/64
2001:db8:ff00::/48 is the delegation
:0: is the prefix. This matches the sla-id
:1 is the postfix as ipv6_twit calls it and matches the ifid.
Here is another exmaple.
interface eth0 { send ia-na 1; request domain-name-servers; request domain-name; script "/etc/wide-dhcpv6/dhcp6c-script"; send ia-pd 1; }; id-assoc na 1 { }; id-assoc pd 1 { prefix-interface eth1 { sla-len 8; sla-id 1e; ifid 22; }; };
Lets assume the delegation was /56 from the original /40. In this case 2001:d8b:ff00:1200::0/56 was assigned.
The prefix is 1e and interface ID is 22 which would result in 2001:d8b:ff00:121e::22/64 being assigned to eth1.
Now we want to add a prefix to eth2.
interface eth0 { send ia-na 1; request domain-name-servers; request domain-name; script "/etc/wide-dhcpv6/dhcp6c-script"; send ia-pd 1; }; id-assoc na 1 { }; id-assoc pd 1 { prefix-interface eth1 { sla-len 16; sla-id 0; ifid 1; }; prefix-interface eth2 { sla-len 16; sla-id 1; ifid 1; }; };
We are using the same prefix on both interfaces, so we don’t need to touch the interface stanza.
prefix-interface eth2 {
Add another prefix-interface stanza.
sla-len 16;
sla-len stays the same.
sla-id 1;
sla-id we need to change. Set to 1, we will get the second prefix out of the delegation.
ifid 1;
The interface ID can change or stay the same.
This results in 2001:db8:ff00:1::1⁄64 being assigned to the eth2 interface.
You can keep adding prefix-interface stanzas like these for as many /64s you have in your delegation.
The final example, is non-standard and probably won’t work in most cases, but I want to point out how it works.
This time, we want to get a new delegation from our ISP that is different than our first.
interface eth0 { send ia-na 1; request domain-name-servers; request domain-name; script "/etc/wide-dhcpv6/dhcp6c-script"; send ia-pd 1; send ia-pd 2; }; id-assoc na 1 { }; id-assoc pd 1 { prefix-interface eth1 { sla-len 16; sla-id 0; ifid 1; }; prefix-interface eth2 { sla-len 16; sla-id 1; ifid 1; }; }; id-assoc pd 2 { prefix-interface eth3 { sla-len 16; sla-id 16; }; };
Assuming the ISP delegated the second prefix in 2001:db8:ff00::/40 we would get 2001:db8:ff01::/48 for this delegation.
The address would be 2001:db8:ff01:f::de9f:dbff:fe29:75ca. (the actual host bits will be based on the interface’s MAC address)
Breaking it down.
send ia-pd 2;
Request another delegation.
id-assoc pd 2 {
Create a new id-assoc pd stanza.
prefix-interface eth3 [
Assign to eth3
sla-len 16;
Same prefix length, because that is what the ISP issues.
sla-id 16;
Using the 16th prefix out of the delegation.
Note, there is no ifid directive. This will default to using the EUI-64 postfix.
From there expand and extend your network as needed.
The configuration of radvd is the same as what is posted on ipcalypse, just additional interface stanzas.
interface eth1 { AdvSendAdvert on; prefix ::/64 { AdvOnLink on; AdvAutonomous on; }; }; interface eth2 { AdvSendAdvert on; prefix ::/64 { AdvOnLink on; AdvAutonomous on; }; }; interface eth3 { AdvSendAdvert on; prefix ::/64 { AdvOnLink on; AdvAutonomous on; }; };
Important to note incase you didn’t read the source. You need to enable forwarding and force RA.
/etc/sysctl.conf
net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.eth0.accept_ra=2
It is important that you ONLY set accept_ra=2 for the upstream/WAN interface. You do not want your router configuring another default gateway due to a route router on your LAN.
Lab Environment.
Do develop this config, I use a 60d eval of a Cisco CSR1000v. I did this because I ran across several sites decribing how to configure a PD server on the CSR, but none that were clear for wide-dhcpv6 as a server.
These two sites will get you most of the way.
http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a0080b8a116.shtml
http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_dhcp/configuration/xe-3s/ip6-dhcp-prefix-xe.html#GUID-EDB04D43-E1E2-4291-997A-30A767C29738
Here are the relevant configuration bits.
ipv6 unicast-routing ipv6 dhcp pool dhcp-pool prefix-delegation pool client-prefix-pool1 lifetime 1800 600 dns-server 2001:db8:88:100::10 domain-name example.com ! interface GigabitEthernet1 negotiation auto ipv6 address 2001:db8:88:100::1/64 ipv6 enable ipv6 dhcp server dhcp-pool ! ipv6 local pool client-prefix-pool1 2001:db8:ff00::/40 48