DHCPv6-PD configuration for multiple subnets

First off, credit due where credit deserved. ipv6_twit over at ipcalypse provided most of the original insight for this.

Relevant man pages.

http://manpages.ubuntu.com/manpages/lucid/man5/dhcp6c.conf.5.html

http://www.huge-man-linux.net/man5/radvd.conf.html

Building on the material by ipv6_twit over at ipcalypse, here is an example of DHCPv6-PD for multiple subnets.

Basics:

eth0 is WAN/upstream

eth1 is LAN

eth2 is WLAN

eth3 is DMZ

The ISP offers addresses for the ptp link from 2001:db8:88:100::/64

The ISP offers /48 delegations out of 2001:db8:ff00::/40.

We will configure the router to get a DHCPv6 address on the WAN interface and assign an address on each of the internal interfaces.

Starting with requesting a DHCPv6 address for the WAN interface.

interface eth0 {
 send ia-na 1;
 request domain-name-servers;
 request domain-name;
 script "/etc/wide-dhcpv6/dhcp6c-script";
};
id-assoc na 1 { };

This will put an address on the WAN interface from the 2001:db8:88:100::/64 DHCP pool.

Now we add in requesting a delegation and adding it to the LAN.

interface eth0 {
 send ia-na 1;
 request domain-name-servers;
 request domain-name;
 script "/etc/wide-dhcpv6/dhcp6c-script";
 send ia-pd 1;
};

id-assoc na 1 { };

id-assoc pd 1 {
 prefix-interface eth1 {
 sla-len 16;
 sla-id 0;
 ifid 1;
 };
};

The breakdown:

send ia-pd 1;

Sends the request for a single delegation.

id-assoc pd 1 {

Matches the id of the delegation request

prefix-interface eth1 {

Specifies the interface to apply it to.

sla-len 16;

The length of the delegation you are getting + this = 64. A /48 = 16, /56 = 8, /60 = 4, /64 = 0

sla-id 0;

Sets which prefix out of the delegation to use. This is 2^sla-id. If you have a /48, valid values would be 2^16 or 0-65535. If you had a /56, it would be 2^8 or 0-255. A /60 is 0-15

ifid 1;

This is the address to apply to the interface. Take the delegation, sla-id and this to make the interface address. If this is not specified, it will use the EUI-64 address.

This configuration would result in 2001:db8:ff00::¹⁄₆₄ being assigned to the interface, assuming the PD server assigned the first /48 out of the /40. Expanded a little bit so you can see the breakdown 2001:db8:ff00:**::1**/64

2001:db8:ff00::/48 is the delegation

:0: is the prefix. This matches the sla-id

:1 is the postfix as ipv6_twit calls it and matches the ifid.

Here is another exmaple.

interface eth0 {
 send ia-na 1;
 request domain-name-servers;
 request domain-name;
 script "/etc/wide-dhcpv6/dhcp6c-script";
 send ia-pd 1;
};

id-assoc na 1 { };

id-assoc pd 1 {
 prefix-interface eth1 {
 sla-len 8;
 sla-id 1e;
 ifid 22;
 };
};

Lets assume the delegation was /56 from the original /40. In this case 2001:d8b:ff00:1200::0/56 was assigned.

The prefix is 1e and interface ID is 22 which would result in 2001:d8b:ff00:121e::22/64 being assigned to eth1.

Now we want to add a prefix to eth2.

interface eth0 {
 send ia-na 1;
 request domain-name-servers;
 request domain-name;
 script "/etc/wide-dhcpv6/dhcp6c-script";
 send ia-pd 1;
};

id-assoc na 1 { };

id-assoc pd 1 {
 prefix-interface eth1 {
 sla-len 16;
 sla-id 0;
 ifid 1;
 };
 prefix-interface eth2 {
 sla-len 16;
 sla-id 1;
 ifid 1;
 };
};

We are using the same prefix on both interfaces, so we don’t need to touch the interface stanza.

prefix-interface eth2 {

Add another prefix-interface stanza.

sla-len 16;

sla-len stays the same.

sla-id 1;

sla-id we need to change. Set to 1, we will get the second prefix out of the delegation.

ifid 1;

The interface ID can change or stay the same.

This results in 2001:db8:ff00:1::¹⁄₆₄ being assigned to the eth2 interface.

You can keep adding prefix-interface stanzas like these for as many /64s you have in your delegation.

The final example, is non-standard and probably won’t work in most cases, but I want to point out how it works.

This time, we want to get a new delegation from our ISP that is different than our first.

interface eth0 {
 send ia-na 1;
 request domain-name-servers;
 request domain-name;
 script "/etc/wide-dhcpv6/dhcp6c-script";
 send ia-pd 1;
 send ia-pd 2;
};

id-assoc na 1 { };

id-assoc pd 1 {
 prefix-interface eth1 {
 sla-len 16;
 sla-id 0;
 ifid 1;
 };
 prefix-interface eth2 {
 sla-len 16;
 sla-id 1;
 ifid 1;
 };
};
id-assoc pd 2 {
 prefix-interface eth3 {
 sla-len 16;
 sla-id 16;
 };
};

Assuming the ISP delegated the second prefix in 2001:db8:ff00::/40 we would get 2001:db8:ff01::/48 for this delegation.

The address would be 2001:db8:ff01:f::de9f:dbff:fe29:75ca. (the actual host bits will be based on the interface’s MAC address)

Breaking it down.

send ia-pd 2;

Request another delegation.

id-assoc pd 2 {

Create a new id-assoc pd stanza.

prefix-interface eth3 [

Assign to eth3

sla-len 16;

Same prefix length, because that is what the ISP issues.

sla-id 16;

Using the 16th prefix out of the delegation.

Note, there is no ifid directive. This will default to using the EUI-64 postfix.

From there expand and extend your network as needed.

The configuration of radvd is the same as what is posted on ipcalypse, just additional interface stanzas.

interface eth1 {
 AdvSendAdvert on;
 prefix ::/64 {
 AdvOnLink on;
 AdvAutonomous on;
 };
};
interface eth2 {
 AdvSendAdvert on;
 prefix ::/64 {
 AdvOnLink on;
 AdvAutonomous on;
 };
};
interface eth3 {
 AdvSendAdvert on;
 prefix ::/64 {
 AdvOnLink on;
 AdvAutonomous on;
 };
};

Important to note incase you didn’t read the source. You need to enable forwarding and force RA.

/etc/sysctl.conf

net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.eth0.accept_ra=2

It is important that you ONLY set accept_ra=2 for the upstream/WAN interface. You do not want your router configuring another default gateway due to a route router on your LAN.

Lab Environment.

Do develop this config, I use a 60d eval of a Cisco CSR1000v. I did this because I ran across several sites decribing how to configure a PD server on the CSR, but none that were clear for wide-dhcpv6 as a server.

These two sites will get you most of the way.

http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a0080b8a116.shtml

http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_dhcp/configuration/xe-3s/ip6-dhcp-prefix-xe.html#GUID-EDB04D43-E1E2-4291-997A-30A767C29738

Here are the relevant configuration bits.

ipv6 unicast-routing
ipv6 dhcp pool dhcp-pool
 prefix-delegation pool client-prefix-pool1 lifetime 1800 600
 dns-server 2001:db8:88:100::10
 domain-name example.com
!
interface GigabitEthernet1
 negotiation auto
 ipv6 address 2001:db8:88:100::1/64
 ipv6 enable
 ipv6 dhcp server dhcp-pool
!
ipv6 local pool client-prefix-pool1 2001:db8:ff00::/40 48