Stateful DHCPv6 Prefix delegation (Rapid-commit) [4/4]

Picture1: DHCPv6 prefix delegation topology

R1 configuration [> 12.4(24) T]:

Prefix delegation gives the possibility to centrally control IPv6 addresses used in remote sites.

Router R1 acts as the primary DHCPv6 server for the client router R2, which in turn acts as DHCP server for final clients.

For example R1 can be a service provider MPLS PE (Provider Edge) router, R2 a client CPE (Customer Premise Equipment) router and final DHCP clients (router R3 in our case).

R1 controls which prefix pools to delegate to a remote router after matching the configured client DUID (in our case 00030001CA02188C0008) present in the SOLLICIT message received from the client.

R1:

ipv6 dhcp pool PDCONF prefix-delegation 2001:DB8:23::/48 00030001CA02188C0008 dns-server 2001:DB8::57 domain-name nouri.com

The DHCPv6 server functionality is enabled on the interface fa0/0 facing R2, the intermediate server that will receive the delegated prefix 2001:DB8:23::/48.

interface FastEthernet0/0 ipv6 address 2001:DB8:12::1/64 ipv6 nd other-config-flag ipv6 dhcp server PDCONF rapid-commit

R2 configuration [> 12.4(24) T]:

Router R2 interfacefa0/0, facing the DHCPv6 server R1, acts as DHCPv6 client

interface FastEthernet0/0 ipv6 address 2001:DB8:12::2/64 ipv6 enable ipv6 dhcp client pd PDCONF rapid-commit

Router R2 interface fa0/1, facing the client R3, acts as a gateway router by announcing addresses from the delegated pool after assigning an interface ID to itself first, in this case (::2).

interface FastEthernet0/1 ipv6 address PDCONF ::2/64 ipv6 enable

And the client receives a prefix through SLAAC Router Advertisement.

R3:

interface FastEthernet0/0 ipv6 address autoconfig ipv6 enable

R3(config-if)#do sh ipv6 interface brief FastEthernet0/0 [up/up] FE80::C800:1AFF:FECC:8 2001:DB8:23:0:C800:1AFF:FECC:8 … R3(config-if)#

Verification:

R1 (Server):

R1#sh ipv6 dhcp pool DHCPv6 pool: PDCONF Static bindings: Binding for client 00030001CA021FF80008 IA PD: IA ID not specified; being used by 00040001 Prefix: 2001:DB8:23::/48 preferred lifetime 604800, valid lifetime 2592000 DNS server: 2001:DB8::57 Domain name: nouri.com Active clients: 1 R1#

The PDCONF pool is delegated to the client with the id=00030001CA021FF80008

R1#sh ipv6 dhcp interface FastEthernet0/0 is in server mode Using pool: PDCONF Preference value: 0 Hint from client: ignored Rapid-Commit: enabled R1#

R2 (intermediate client/server) before delegation:

R2#sh ipv6 dhcp interface FastEthernet0/0 is in client mode Prefix State is SOLICIT (7) Retransmission timer expires in 00:00:42 Address State is IDLE Prefix Rapid-Commit: enabled Address Rapid-Commit: disabled FastEthernet0/1 is in server mode Using pool: PDCONF Preference value: 0 Hint from client: ignored Rapid-Commit: enabled R2#

R2 (intermediate client/server) after delegation:

R2#sh ipv6 dhcp int FastEthernet0/0 is in client mode Prefix State is OPEN Renew will be sent in 3d11h Address State is IDLE List of known servers: Reachable via address: FE80::C803:CFF:FEBC:8 DUID: 00030001CA030CBC0008 Preference: 0 Configuration parameters: IA PD: IA ID 0x00040001, T1 302400, T2 483840 Prefix: 2001:DB8:23::/48 preferred lifetime 604800, valid lifetime 2592000 expires at Dec 10 2011 02:58 AM (2591829 seconds) DNS server: 2001:DB8::57 Domain name: nouri.com Information refresh time: 0 Prefix name: PDCONF Prefix Rapid-Commit: enabled Address Rapid-Commit: disabled FastEthernet0/1 is in server mode Using pool: PDCONF Preference value: 0 Hint from client: ignored Rapid-Commit: enabled R2#

Picture2: DHCP SOLLICIT sent by R2 to R1

DHCPv6 server responding to R2 SOLLICIT

R1(config-dhcpv6)# *Nov 10 02:58:18.579: IPv6 DHCP: Received SOLICIT from FE80::C802:1FFF:FEF8:8 on FastEthernet0/0 *Nov 10 02:58:18.583: IPv6 DHCP: Using interface pool PDCONF *Nov 10 02:58:18.583: IPv6 DHCP: Creating binding for FE80::C802:1FFF:FEF8:8 in pool PDCONF *Nov 10 02:58:18.583: IPv6 DHCP: Allocating IA_PD 00040001 in binding for FE80::C802:1FFF:FEF8:8 *Nov 10 02:58:18.587: IPv6 DHCP: Allocating prefix 2001:DB8:23::/48 in binding for FE80::C802:1FFF:FEF8:8, IAID 00040001 *Nov 10 02:58:18.591: IPv6 DHCP: Sending REPLY to FE80::C802:1FFF:FEF8:8 on FastEthernet0/0 R1(config-dhcpv6)#

Picture3: DHCP REPLY sent by R1 (the delegating server) to R2

About DUID (DHCP Unique Identifier)

DUID uniquely identifies the pair (client, server), it is based on the client and the server link-local address and the lowest numbered interface MAC.

DUID which remains the same across reboots.

rfc3315:

"DHCP clients use DUIDs to identify a server in messages where a server needs to be identified." "The DUID is designed to be unique across all DHCP clients and servers, and stable for any specific client or server - that is, the DUID used by a client or server SHOULD NOT change over time if at all possible; for example, a device's DUID should not change as a result of a change in the device's network hardware." "DUID is that the DUID must be globally unique" ... DUID Based on Link-layer Address [DUID-LL] 3(2 octets)+ HW type(2 octets)+ LL(6 octets)

R1: DUID on DHCPv6 server role

R1#sh ipv6 dhcp This device’s DHCPv6 unique identifier(DUID): 00030001CA030CBC0008 R1# sh ipv6 interface brief FastEthernet0/0 [up/up] FE80::C803:CFF:FEBC:8 2001:DB8:12::1 … R1#

R2: DUID on DHCPv6 client/server role

R2#sh ipv6 dhcp This device’s DHCPv6 unique identifier(DUID): 00030001CA021FF80008 R2# R2#sh ipv6 interface brief FastEthernet0/0 [up/up] FE80::C802:1FFF:FEF8:8 2001:DB8:12::2 … R2#