Topic: How to Configure DHCPv6 client with prefix delegation on a :: /64 link

The content of this topic has been archived on 18 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Page 1 of 1

Post #1

bogdanbiv

26 Apr 2012, 05:48

Hello, how do I configure my router to allocate less than 64 bits to the host portion of the ipv6 address?

My ISP gives me an IPv6 prefix via PPPoE and DHCPv6 and initially an ipv6 was associated with the router wan interface (pppoe-wan).
However, after making configuration changes to assign ipv6 to lan and loopback interfaces, pppoe-wan does not receive such an address. What am I doing wrong?

Also what do I need to do to segment my :: /64 link into smaller subnets, say :: /72? I expected that if I allocate a Site Leve Aggregator of 8, the router would subtract that portion out of the :: /64 bits of the host. As it turns out the router makes this add_ifprefix: invalid prefix length 64 + 8 + 64 and that does not resolve to 128 bits.

This is the log I obtained with 'lan' section enabled and 'pppoe-wan' section commented out:

Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: client6_recv: receive reply from fe80::1 on pppoe-wan
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: dhcp6_get_options: get DHCP option server ID, len 25
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]:   DUID: 00:02:00:00:86:38:00:00:00:64:2a:57:32:27:4e:eb:e8:4c:dd:e9:4b:e7:c7:eb:3a
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: dhcp6_get_options: get DHCP option client ID, len 10
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]:   DUID: 00:03:00:06:20:4e:7f:6f:5e:64
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: dhcp6_get_options: get DHCP option DNS, len 32
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: dhcp6_get_options: get DHCP option IA_PD, len 41
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]:   IA_PD: ID=0, T1=0, T2=0
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: copyin_option: get DHCP option IA_PD prefix, len 25
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: copyin_option:   IA_PD prefix: 2xxx:xxxx:xxxx:1001::/64 pltime=4294967295 vltime=4294967295
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: info_printf: nameserver[0] 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:465:1
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: client6_script: script "/usr/bin/dhcp6c-state" terminated
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: get_ia: make an IA: PD-0
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: update_prefix: create a prefix 2xxx:xxxx:xxxx:xxxx::/64 pltime=4294967295, vltime=4294967295
Apr 26 04:58:00 capsuna2 daemon.info dhcp6c[1311]: add_ifprefix: invalid prefix length 64 + 8 + 64
Apr 26 04:58:00 capsuna2 daemon.info dhcp6c[1311]: update_ia: T1(4294967295) and/or T2(4294967295) is locally determined
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: dhcp6_remove_event: removing an event on pppoe-wan, state=REQUEST
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: dhcp6_remove_event: removing server (ID: 00:02:00:00:86:38:00:00:00:64:2a:57:32:27:4e:eb:e8:4c:dd:e9:4b:e7:c7:eb:3a)
Apr 26 04:58:00 capsuna2 daemon.debug dhcp6c[1311]: client6_recvreply: got an expected reply, sleeping.

My configuration file /etc/config/dhcp6c with pppoe-wan commented and lan uncommented:

config 'dhcp6c' 'basic'
        option 'enabled' '1'                            # 1 = enabled; 0 = disabled
        option 'interface' 'wan'                        # This is the interface the DHCPv6 client will run on
        option 'dns' 'dnsmasq'                          # Which DNS server you run (only dnsmasq currently supported)
        option 'debug' '1'                              # 1 = enable debugging; 0 = disable debugging

        # Send options (1 = send; 0 = do not send)
        option 'pd' '1'                                 # Prefix Delegation
        option 'na' '0'                                 # Non-Temporary Address
        option 'rapid_commit' '1'                       # Rapid Commit

        # Request options (1 = request; 0 = do not request)
        option 'domain_name_servers' '1'
        option 'domain_name' '0'
        option 'ntp_servers' '0'
        option 'sip_server_address' '0'
        option 'sip_server_domain_name' '0'
        option 'nis_server_address' '0'
        option 'nis_domain_name' '0'
        option 'nisp_server_address' '0'
        option 'nisp_domain_name' '0'
        option 'bcmcs_server_address' '0'
        option 'bcmcs_server_domain_name' '0'

        # Override the used DUID, by default it is derived from the interface MAC
        # The given value must be uppercase and globally unique!
        #option 'duid' '00:03:00:06:D8:5D:4C:A5:03:F2'

        # Script to run when a reply is received
        option 'script' '/usr/bin/dhcp6c-state'

# Define one or more interfaces on which prefixes should be assigned
#config 'interface' 'loopback'
#       option 'enabled' '1'                            # 1 = enabled; 0 = disabled
#       option 'sla_id' '0'                             # Site level aggregator identifier specified in decimal (subnet)
#       option 'sla_len' '8'                            # Site level aggregator length (64 - size of prefix being delegated)
                                                        # e.g. /60 from ISP -> 64 - 60 = 4

config 'interface' 'lan'
       option 'enabled' '1'
       option 'sla_id' '0'
       option 'sla_len' '8'

#config 'interface' 'pppoe-wan'
#        option 'enabled' '1'
#        option 'sla_id' '0'
#        option 'sla_len' '0'

(Last edited by bogdanbiv on 26 Apr 2012, 05:53)

Post #2

jow

26 Apr 2012, 09:44

You cannot re-delegate a /64. You need something like ndppd to proxy the external ndp queries to the internal network and vice versa.

Post #3

bogdanbiv

26 Apr 2012, 20:28

I don't understand how that would work, could you explain better?
Wouldn't that require that the DHCPv6 server from the ISP provide ip addresses for all computers on my network? I hope there is another way because I don't think my provider will do anything that big.

UPDATE: After rereading the instructions from the provider I've understand they provide 2 things:
1 IPv6 address ::/64 and 1 ::/64 IPv6 prefix to be used behind the router.
I have reverted to the value 0 for the sla_len, which I know it works.

However, there is another problem still: pppoe-wan interface does not hold a IPv6 address. How can I troubleshoot that?

UPDATE2:
I haven't changed anything in the /etc/config/dhcp6c client config, yet now pppoe-wan does get a valid global ipv6 address from ISP.
So, now I have full connectivity on my router. Now all that remains is to pass the prefix on my lan. Passing the prefix has been unsuccessful for me with dhcp6s server + radvd and now I believe I should try plain radvd, see the explanation below.

So far from what I've read about dhcp6 server http://wiki.openwrt.org/doc/howto/ipv6#dhcpv6 the config file needs a static ipv6 prefix or I need to make a script that takes the prefix on br-lan interface and expands it to minimum and maximum values in that ::/64 prefix and puts them in /etc/dhpc6s. This is much too complicated for me, so as I've heard that radvd can infer prefix from a configured interface I will try this.

UPDATE3:
This becomes some sort of a blog...
I've configured radvd to send out advertisments and this is what I've captured so far using radvdump:
at the source router:

interface br-lan
{
        AdvSendAdvert on;
        # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
        AdvManagedFlag off;
        AdvOtherConfigFlag off;
        AdvReachableTime 0;
        AdvRetransTimer 0;
        AdvCurHopLimit 64;
        AdvDefaultLifetime 1800;
        AdvHomeAgentFlag off;
        AdvDefaultPreference medium;
        AdvSourceLLAddress on;

        prefix 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:fe6f:5e63/64
        {
                AdvValidLifetime 86400;
                AdvPreferredLifetime 14400;
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        }; # End of prefix definition

};

at a client computer (Ubuntu 11.10):

interface eth0
{
        AdvSendAdvert on;
        # Note: {Min,Max}RtrAdvInterval cannot be obtained with radvdump
        AdvManagedFlag off;
        AdvOtherConfigFlag off;
        AdvReachableTime 0;
        AdvRetransTimer 0;
        AdvCurHopLimit 64;
        AdvDefaultLifetime 1800;
        AdvHomeAgentFlag off;
        AdvDefaultPreference medium;
        AdvSourceLLAddress on;

        prefix 2xxx:xxxx:xxxx:xxxx:xxxx:xxxx:fe6f:5e63/64
        {
                AdvValidLifetime 86400;
                AdvPreferredLifetime 14400;
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr off;
        }; # End of prefix definition

};

On both machines I've started radvdump without any parameters and it remains active on screen (something like "tail -f /file").
So client computer (Ubuntu) does receive the right prefix but does not save it. This seems to be the right track to follow, but I guess it needs minor tweaks.
So, till next update...

(Last edited by bogdanbiv on 27 Apr 2012, 07:25)

Post #4

bogdanbiv

29 Apr 2012, 17:44

I've managed to get a IPv6 address to a client.
The problem was that the client computer got IPv4 address allocation from the router before the router received a response from the ISP on the wan interface. Thus the router could not send IPv6 advertisments at the time, because it does not know itself what prefix it will receive from ISP. Later, when the router would send advertisements, it seems it would be discarded by the client computers.

To solve, this problem I forced the client computer to release and renew the IPv4 allocation from the router and with the new IPv4 allocation also came the IPv6 address.

Current working configuration for radvd:

config 'interface'
        option 'interface' 'lan'
        option 'AdvSendAdvert' '1'

config 'prefix'
        option 'interface' 'lan'
        option 'AdvOnLink' '1'
        option 'AdvAutonomous' '1'

However, even if once I got a ping response via WAN IPv6, now I cannot get any packets on IPv6 wan. I suspect the router does not save the gateway address. As a result next up I plan to test the setting
"Advertise Router address" config 'prefix' > option 'AdvRouterAddr' '1'

UPDATE: On the client computer in test, I have manually set the router br-lan IPv6 address as the gateway to the :: /0 world:

route -A inet6 add ::/0 gw 2xxx:xxxx:xxxx:xxxx:: /64 eth0

After this I could get an answer to ping6 command

PING ipv6.google.com(bud01s08-in-x11.1e100.net) 56 data bytes
64 bytes from bud01s08-in-x11.1e100.net: icmp_seq=1 ttl=52 time=104 ms
64 bytes from bud01s08-in-x11.1e100.net: icmp_seq=2 ttl=52 time=114 ms

(Last edited by bogdanbiv on 29 Apr 2012, 18:17)

The discussion might have continued from here.

Page 1 of 1