SRX Services Gateway
Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎06-30-2015 09:59 PM

@dfex wrote:

Okay - it looks like we're making some progress - just got a special build of 12.1X46 which addresses the IA-PD commit check/dependency issue and it appears to work fine.

 

PD itself is working and passing out addresses to internal hosts (via SLAAC) but I haven't had any success with DHCPv6 for passing out DNS etc yet.

 

Anyway, will keep you posted.


Any word on passing IA-PD down to clients through DHCPv6 on the LAN side?  Ideally, I'd like to pass along options I received from the upstream DHCPv6 server (e.g. name servers) down to clients.  Being able to pick which /64 out of the PD prefix lands on which inside interface would also be helpful; AFAIK, update-router-advertisement under an interface's dhcpv6-client basically just picks a /64 from the PD prfix at random (first available) without providing the administrator any control. Having the delegated prefix be a named object that can be referenced in config would be super handy.

While on the subject:

Any possibility of being able to pick up a default route from upstream via RA? I'm in a setup with LL only on the WAN interface (no ia-na or NDRA), and having to set a static ::/0 via the access side's link-local feels pretty janky and doesn't really seem like a long term stable solution.

 

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

[ Edited ]
‎07-02-2015 01:42 PM

@hslabbert wrote:

While on the subject:

Any possibility of being able to pick up a default route from upstream via RA? I'm in a setup with LL only on the WAN interface (no ia-na or NDRA), and having to set a static ::/0 via the access side's link-local feels pretty janky and doesn't really seem like a long term stable solution.

 


 

It appears that there actually is some support for this, but as far as I can tell I needed to push an additional GUA prefix via ND from the upstream Cisco device in order for the SRX to install ::/0.  There also seemed to be some order-of-operations stuff in play that resulted in the dhcpv6-pd lease being bound in some cases but the ::/0 route failing to install properly.

 

I'm still not able to find a method to reference the received PD prefix/lease or options (e.g. name servers; domain name) in a DHCPv6 server config on the SRX or specify which /64 out of the PD prefix should be used on which LAN interface if using update-router-advertisement, so that functionality would still be helpful to have.

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎07-09-2015 06:21 AM

Please be patient. There are improvements coming soon.

 

1. With PD you will be able to send options to clients, options like name-servers learned from the ISP. This can only be done in stateless mode, not statefull. The functionality is simple. When the client receives the RA, this advertisement will have the other configuration bit set to 1 which will inform the client to send DHCPV6_INFORMATION_REQUEST for additional data. The SRX will then send a DHCP_REPLY with that data.

2. When the SRX receives a RA from the upstream router, it will install a default route pointing to the link local address

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎07-09-2015 08:27 AM

@TheRealVicMackey wrote:

Please be patient. There are improvements coming soon.

 

1. With PD you will be able to send options to clients, options like name-servers learned from the ISP. This can only be done in stateless mode, not statefull. The functionality is simple. When the client receives the RA, this advertisement will have the other configuration bit set to 1 which will inform the client to send DHCPV6_INFORMATION_REQUEST for additional data. The SRX will then send a DHCP_REPLY with that data.

2. When the SRX receives a RA from the upstream router, it will install a default route pointing to the link local address


@Thanks, @TheRealVicMackey,

 

Just to be clear: you mean here that #1 and #2 are the features coming soon, not that they are already present?

 

"This can only be done in stateless mode, not statefull."

 

Referring the the SRX's dhcpv6 *service* here, correct?  As in, the clients on the LAN-side are using SLAAC + stateless dhcpv6 to fetch other-config options.

 

Is there a road-map/timeline for some of the relevant ipv6/dhcpv6 feature implementations on SRX?

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎07-10-2015 01:30 AM

Hi hslabbert,

By improvements I mean just that, not new features. And yes, I am talking about slaac stateless dhcp. It will be up to the PC to assign itself an ip from the pool advertised in the RA and then request additional details through dhcp. Unfortunately there is no roadmap that I can share with you. I will update the forum though when the releases are out and post a link to a kb.

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎09-20-2015 02:21 PM

More than 2 months later and still broken :-(

 

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎10-13-2015 12:20 AM

The extra functionality I was talking about is now implemented in the latest 12.1X46 release. More details about it are in this KB:

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB30509

 

Test it and report any issues you have with it. It would help if you opened a JTAC case and mentioned it here as well.

 

 

 

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎10-25-2015 10:03 AM

Does this fix the prefix delegation issue with providers like Comcast who hand out a /64?

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎10-28-2015 10:17 PM

@Layer3Man wrote:

Does this fix the prefix delegation issue with providers like Comcast who hand out a /64?


I just tested, and it appears to still be broken with Comcast's /64 PD.

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎12-26-2015 04:29 PM

Bumping this post as I'm incredibly disappointed to find that this still isn't supported for me. All the config in there, but it simply doesn't work. I found countless pages and site claiming support for it, even citations proclaiming DHCPv6 PD is specifically introduced in 12.1X45-D10 and the such...only to discover that it's still broken specifically for pp0 interfaces.

 

This is pretty poor tbh. What's the point in the IEEE writing and defining standards like RFC3633 in 2003 if manufacturers still don't fully support them in 2016.

 

What can I look at that *does* support DHCPv6 PD via a pp0 interface? J-series? Cisco 800/1800 or ASA 5505/5510?  Other?

 

 

Would the SRX work as a relay agent for the DHCPv6 PD solicit request? i.e From another device inside the network that does work? 

 

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎03-23-2016 09:47 PM

And still no progress?

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎08-01-2016 07:52 PM

Bump.

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

[ Edited ]
‎08-01-2016 10:02 PM

I tried this tonight with 12.3X48-D30.7 and to my surprise, it appears to actually be working on my Comcast internet connection.

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎01-11-2017 11:15 PM

Layer3Man - would you mind sharing your config? I've been fighting with a similar setup for ages.

 

Thanks,

Chuck

 

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎03-05-2017 04:07 PM

So no progress has been made in the past few years? 15.1X49-D75.5, still unable to get /56 from TWC (Spectrum) DHCPv6. Devices from other vendors worked as expected.

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎05-23-2017 04:42 PM

I'm running into this issue as well, using an SRX320 on Spectrum. I think I may have gotten to the root of the issue. According to this article, the DHCPv6 client cannot handle RA messages with multiple prefix info entries.

 

https://www.juniper.net/documentation/en_US/junos/topics/concept/security-dhcpv6-client-understandin...

 

When troubleshooting my IPv6 connectivity, I see four prefix entries in the RA packets coming from the CMTS. I suspect this to be the underlying issue, or why some folks are having success on other service providers. So until the above changes, it looks like those of us on Spectrum are out of luck.

 

C'mon, Juniper, IPv6 isn't new! Let's get this fixed, please! I've had a Cisco router doing this for years.

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎10-10-2017 09:46 PM

Can you share a packet capture of your DHCPv6 traffic on Spectrum?

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎04-28-2019 08:47 AM

Checking in after two years. IPv6 is still horrendously broken in Junos. I haven't been a Spectrum customer for quite a while, so unfortunately I'm not able to share a pcap. I have opened several tickets with JTAC related to IPv6 defects, and fortunately most have lead to fixes in recent Junos releases. I give Juniper due credit for their cooperation in finally getting these issues addressed, but we still have a long way to go. We've fixed three issues so far and I'm still opening tickets on a fairly regular basis.

 

I encountered the aforementioned default route issue again, this time on Google Fiber. Junos would not accept RA messages from the priovider which did not include exactly one PIO. Spectrum was sending three, Google was sending none. JTAC provided a private image which fixed this issue. The fix should make it into 15.1X49-D180.

I was also able to work around the issue by discovering the link-local address of the head-end router and setting a static default route toward it.

 

IPv6 turns 21 this year... We should be able to do better than this.

Highlighted
SRX Services Gateway

Re: Branch SRX as a DHCPv6 prefix delegation client?

‎08-07-2019 09:09 AM

SRX240 / 12.3X48-D75

Usually my ISP hands out a /56 ipv6 subnet,  but a prefix length /64 is working (when prefix is set to 56 => error "dhcpv6_client_process_ack_packet: delegating prefix is longer than preferred prefix length, ignore the ACK packet.")

Is the dhcpv6 client still buggy?

 

show dhcpv6 client binding detail

State: BOUND(DHCPV6_CLIENT_STATE_BOUND)
ClientType: STATEFUL
Bind Type: IA_NA IA_PD
Preferred prefix length 64
Sub prefix length 64
Client DUID: LL0x3-2c:6b:f5:xxxxx
Rapid Commit: Off
Server Ip Address: fe80::1
Update Server Yes
Client IP Address: 2a02:810d:8000:57:c99d:xxxx:yyyy:81f3/128
Client IP Prefix: 2a02:xxxx:yyyy:af8c::/64

Update RA interfaces:
Interface: ge-0/0/1.0
RA Prefix: 2a02:xxxx:yyyy:af8d::/64

 

Why do i get 2x /64 via PD? Thanks!

 

from the log file:

dhcpv6_client_doprefix_deligation_withou: recieved prefix=2a02:xxxx:yyyy:af8c:: len=64 delegate prefix=2a02:xxxx:yyyy:af8c
dhcpv6_client_doprefix_deligation_withou: delegate prefix=2a02:xxxx:yyyy:af8d:: len=64 for interface=ge-0/0/1.0
dhcpv6_client_doprefix_deligation_withou: ra_param.prefix = 2a02:xxxx:yyyy:af8d::/64