Using an *external* DHCPv6 server for prefix-delegation in conjunction with PPPoE

Frank Bulk frnkblk at iname.com
Fri Jan 14 15:31:58 CET 2011 

If the PD address is assigned to the WAN, what does the LAN get?

Frank

-----Original Message-----
From: ipv6-ops-bounces+frnkblk=iname.com at lists.cluenet.de
[mailto:ipv6-ops-bounces+frnkblk=iname.com at lists.cluenet.de] On Behalf Of
Per Carlson
Sent: Friday, January 14, 2011 7:53 AM
To: Mikael Abrahamsson
Cc: ipv6-ops at lists.cluenet.de
Subject: Re: Using an *external* DHCPv6 server for prefix-delegation in
conjunction with PPPoE

Hi.

After playing a bit more, I can answer my questions my self.

>> If you create a loopback interface with an PD address and use that as
>> unnumbered addresson the WAN interface, does that work?
>
> Yes, at least on a 1841 running 15.1(3)T [0].

It's even better: You can directly assign a PD address on the WAN interface:

interface FastEthernet0/1.1600
 encapsulation dot1Q 1600
 ipv6 address PREFIX ::/64 eui-64
 ipv6 enable
 ipv6 nd autoconfig default-route
 ipv6 dhcp client pd PREFIX rapid-commit
end

CPE#sh ipv6 interface FastEthernet0/1.1600
FastEthernet0/1.1600 is up, line protocol is up
  IPv6 is enabled, link-local address is FE80::219:AAFF:FE85:9981
  No Virtual link-local address(es):
  General-prefix in use for addressing
  Global unicast address(es):
    FD00:8C0:474E:9500:219:AAFF:FE85:9981, subnet is
FD00:8C0:474E:9500::/64 [EUI/CAL/PRE]
      valid lifetime 42847 preferred lifetime 26647
<snip/>

BNG#ping FD00:8C0:474E:9500:219:AAFF:FE85:9981
Sending 5, 100-byte ICMP Echos to
FD00:8C0:474E:9500:219:AAFF:FE85:9981, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/1/4 ms


>> That's what I advocated for the CPE router draft anyway, I sure hope it
>> works to do what you want to do (make the customer only have IPs from the
PD
>> space).
>
> I don't really see how this would improve anything. What's the point
> on assigning an IPv6 address on the WAN interface the BNG (PE) doesn't
> know about?

It do, the PD aggregate of course covers the WAN link. The BNG doesn't
need to know/care which subnet from the PD is used.

> And informing it by running SLAAC "backwards" (CPE assigns
> addresses to BNG) seams rather wierd... Risking the CPE sending a
> default route towards the BNG is even worse!

There is no need for SLAAC and thus no security risk.

In addition to those findings, I did discover a (new? can't find any
documentation) knob in IOS. By configuring an interface with "ipv6 nd
autoconfig default-route" it automatically installs a default-route
pointing to the BNG LL address. Nice!

CPE#sh ipv6 route
S   ::/0 [2/0]
     via FE80::207:84FF:FE22:FC1A, FastEthernet0/1.1600
<snip>

-- 
Pelle

RFC1925, truth 11:
 Every old idea will be proposed again with a different name and
 a different presentation, regardless of whether it works.

More information about the ipv6-ops mailing list