Possible issue handling multiple DHCPv6 clients with prefix delegations on one interface

Hey folks,
I just switched ISPs and the new one supports IPv6 prefix delegation but only hands out /64s (nothing larger). I need three prefixes though, so I configured OpenWRT with three DHCPv6 clients on the same interface. This works fine when the clients are brought up one at a time but one or more stop working when the leases need to be renewed.

Here's an annotated tcpdump of a failed rebind.

A) The dhcp client sends a dhcp6 rebind to the modem and receives what looks like a valid dhcp6 reply. The client ID of 43681 corresponds to the value I configured in Luci to distinguish the three DHCP client interfaces (each has a different number). It's worth noting that the dhcp6 reply packet is identical to the one the router previously received when it first requested a lease (successfully).

17:10:32.637427 IP6 (flowlabel 0x87e96, hlim 1, next-header UDP (17) payload length: 111) fe80::849f:55ff:fee9:ca87.546 > ff02::1:2.547: [udp sum ok] dhcp6 rebind (xid=16808b (elapsed-time 65535) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_94 opt_95 opt_96) (client-ID type 43681) (Client-FQDN) (IA_PD IAID:1 T1:0 T2:0 (IA_PD-prefix 2600:1700:3ec3:20cf::/64 pltime:0 vltime:0)))

17:10:32.649192 IP6 (hlim 64, next-header UDP (17) payload length: 124) fe80::6e63:9cff:fedc:6f30.547 > fe80::849f:55ff:fee9:ca87.546: [udp sum ok] dhcp6 reply (xid=16808b (IA_PD IAID:1 T1:1800 T2:2880 (IA_PD-prefix 2600:1700:3ec3:20cf::/64 pltime:3600 vltime:3600)) (client-ID type 43681) (server-ID hwaddr/time type 1 time 669334940 6c639cdc6f30) (preference 255) (DNS-server 2600:1700:3ec3:20c0::1) (DNS-search-list attlocal.net.))

B) netifd prints a log message

LOG: Thu Mar 18 17:10:32 2021 daemon.notice netifd: Interface 'pd1' has lost the connection

C) The dhcp client didn't receive or didn't like the dhcp6 reply for some reason. It sends out a dhcp6 solicit and gets a dhcp6 advertise in return.

17:10:33.585284 IP6 (flowlabel 0x87e96, hlim 1, next-header UDP (17) payload length: 117) fe80::849f:55ff:fee9:ca87.546 > ff02::1:2.547: [udp sum ok] dhcp6 solicit (xid=bfa0d7 (elapsed-time 0) (option-request SIP-servers-domain SIP-servers-address DNS-server DNS-search-list SNTP-servers NTP-server AFTR-Name opt_67 opt_94 opt_95 opt_96 opt_82) (client-ID type 43681) (reconfigure-accept) (Client-FQDN) (IA_PD IAID:1 T1:0 T2:0 (IA_PD-prefix ::/64 pltime:0 vltime:0)))

17:10:33.586561 IP6 (hlim 64, next-header UDP (17) payload length: 128) fe80::6e63:9cff:fedc:6f30.547 > fe80::849f:55ff:fee9:ca87.546: [udp sum ok] dhcp6 advertise (xid=bfa0d7 (IA_PD IAID:1 T1:1800 T2:2880 (IA_PD-prefix 2600:1700:3ec3:20cf::/64 pltime:3600 vltime:3600)) (client-ID type 43681) (server-ID hwaddr/time type 1 time 669334940 6c639cdc6f30) (reconfigure-accept) (preference 255) (DNS-server 2600:1700:3ec3:20c0::1) (DNS-search-list attlocal.net.))

C) The dhcp client repeats the dhcp6 solicit six more times in the next minute and gets a corresponding dhcp6 advertise each time as above.

D) After all of those retries, the dhcp client seems to give up altogether.

My guess is that the three instances of odhcp6c are competing somehow since they're all listening to the same port (UDP port 546).

For example, it could be that the last client to claim the port wins. Or perhaps the clients can't distinguish which packets are meant for them (e.g. by dhcp6 client id) and end up in some confused state.

Of course, I'd be quite happy running just one dhcp6 client if it's able to request multiple prefix delegations at once. I don't see a way to configure this scenario today though. (I'd be even happier if my ISP supported larger prefix delegations but I don't see that happening anytime soon.)

Any ideas?
Jeff.

Ahh, odhcp6c uses SO_REUSEADDR.

So that means the last client to bind wins all the packets. Hmm. Not sure where to go from here.

Jeff.

Aha! Looks like odhcp6c supports requesting multiple prefixes by passing multiple -P arguments. It'll be neat if that works. :wink:

Now how do I set these arguments...?

Jeff.

Guess I'll just continue my little monologue in case anyone's interested...

It turns out that the "reqprefix" dhcp6 configuration option gets passed straight through to the odhcp6d argument list without escaping it (um?). So setting it to "64 -P64 -P64" effectively adds three -P options to the command line.

And I can see odhcp6d issuing three IA_PD options in its dhcp solicit packets now.

The modem also dutifully responds with three IA_PD options. Unfortunately they're all carrying the same delegated prefix. sigh

Jeff.

https://openwrt.org/docs/guide-user/network/wan/multiwan/mwan3#single_wan_port

1 Like

Will your ISP give you three separate PD?

My ISP give me one /56 PD. Then I can create multiple LAN interface with IPv6 enabled, OpenWrt will give each interface a suitable IPv6 Prefix so all downstream clients can got a valid IPv6 address.

1 Like

Unfortunately my ISP's modem only hands out /64 prefixes (up to 8 of them) using DHCPv6. It also sets up its routing table in response to those requests.

In any case, the macvlan workaround seems to have done the trick. Thanks @vgaetera!

For anyone following along, I resolved my issue in the following manner:

  1. Install kmod-macvlan

  2. Add three "config device" entries to /etc/config/network as described in the link above, each like this:

config device 'vwan1'
        option name 'vwan1'
        option type 'macvlan'
        option ifname 'eth1'
  1. Add three DHCPv6 clients, each like this:
config interface 'fiberpd1'
        option proto 'dhcpv6'
        option peerdns '0'
        option clientid 'aaa1'
        option defaultroute '0'
        option reqprefix '64'
        option ifname 'vwan1'
        option reqaddress 'none'
  1. Reboot

Et voila.

3 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.