IPv6 Prefix Delegation to customers.

Hey Nanog,

I am in the process of building out a FTTH proof of concept, and I would really like to offer each of my customers a /48 of IPv6.

I’ve been able to announce my /32 to my upstreams, dual-stack all of my internal infrastructure no-problem, build v6 recursive name servers, etc.

This was fairly straight-forward.

Where I am struggling is the Prefix Delegation part. How are most folks getting the PD subnets into their IGPs? In my environment I don’t run the DHCP server process on the router that is directly connected to the clients. I have seen documentation that cisco and juniper DHCPv6 processes are smart enough to insert that prefix into the routing table when they hand it out, but how is this handled in an environment with a central DHCP server? I do not currently run any PPPOE in my environment and I don’t use RADIUS for the subscriber management. I would really just like to stick to DHCP ideally.

If anyone has any pointers, I would appreciate it.

Brandon Price

Senior Network Engineer

City of Sherwood, Sherwood Broadband

Desk: 503.625.4258

Cell: 971.979.2182

Unfortunately not too much help, but previous discussion on this turned up fairly empty:
https://mailman.nanog.org/pipermail/nanog/2019-May/101016.html
https://mailman.nanog.org/pipermail/nanog/2017-September/092416.html

Actually that one DOES contain some information.
TL;DR:
- check the "subscriber" or "broadband" functionality of your gear if it has something like that - check if the DHCPv6 relay functionality on your gear can inject the delegated prefixes into IGP or BGP
- if you just have an L2 up to the DHCPv6 server, you're most likely out of lack (an not only for the DHCPv6 part)
- you can always build something on your own if you have the ressources (take the delegated prefixes from your server, inject them into something like ExaBGP/BIRD/whatever that will re-announce them to your network).

Where I am struggling is the Prefix Delegation part. How are most folks getting the PD subnets into their IGPs? In my environment I don’t run the DHCP server process on the router that is directly connected to the clients.

In my environment I’ve been running Kea dhcp6 against Ciscos of varying platform (7600, ASR920, etc) and just them as a relay. In this case, the Cisco itself is installing a route as it snoops the relay action automatically. This was one of the harder things to wrap my head around before just slapping it in to see what happened and bam, routes. Router gets a WAN IP from the loopback via DHCPv6 as well, then gets PD assigned after.

interface Loopback10

vrf forwarding CGNAT

no ip address

ipv6 address 2001:DB8::1/64

!

interface VlanXXXX

vrf forwarding CGNAT

ip address 100.64.Y.Z 255.255.252.0

ip helper-address global 10.0.Y.Z

ip helper-address global 10.0.Y.Z

ip flow ingress

load-interval 30

ipv6 address FE80::1 link-local

ipv6 enable

ipv6 nd router-preference High

ipv6 dhcp relay destination 2001:DB8:0:A::BEEF source-address 2001:DB8:YZ01::1

ipv6 dhcp relay destination 2001:DB8:0:B::BEEF source-address 2001:DB8:YZ01::1

S 2001:DB8:YZ00:3F00::/56 [1/0]

via FE80::4665:7FFF:FE14:EDC2, VlanXXXX

Brandon, I vaguely recall that the dhcp relay snooping function is able to add those routes to the local route table… and then redistribution into the routing process occurs

Question similar to yours was asked here in 2017 – September…

https://mailman.nanog.org/pipermail/nanog/2017-September/092416.html

I responded with some IOS and Junos output from some of my lab gear…

https://mailman.nanog.org/pipermail/nanog/2017-September/092451.html

I may have to dig to find and confirm these things, or perhaps lab it up again. I need to anyway as I may need to get more serious about deploying v6 too.

-Aaron

Arista/Cisco have commands like this:

ipv6 dhcp relay install routes

You place on the interface to make this happen.

- Jared

Brandon,

Juniper routers also snoop on via the built-in DHCP relay for the prefix delegation (PD). The PD routes are inserted into the routing table as "access" routes with a next-hop of the WAN DHCP lease address for the CPE. I normally configure all this in a BGP signaled L3VPN that automatically propagates these "access" routes to the routers through my MPLS network. To link the PD pool of /48 prefixes to the right PE-CE access subnet, you create a shared-subnet in the DHCPv6 server that includes the /48 prefixes and the WAN prefix.

forwarding-options {
    dhcp-relay {
        dhcpv6 {
            overrides {
                allow-snooped-clients;
            }
            group group1 {
                active-server-group server-group1;
                relay-agent-interface-id {
                    use-option-82;
                }
                interface ae0.10;
            }
            server-group {
                server-group1 {
                   /* Central DHCPv6 servers */
                    2603:0:0:100::5;
                    2603:0:0:101::5;
                }
            }
        }
        forward-only;
        server-group {
            server-group1 {
                10.10.10.11;
                10.10.11.11;
            }
        }
        group group1 {
            active-server-group server-group1;
            overrides {
                allow-snooped-clients;
                layer2-unicast-replies;
                trust-option-82;
            }
           /* I only enable route-suppression of access routes for IPv4 */
            route-suppression {
                access-internal;
            }
            interface ae0.10;
        }
    }
}

-Steven

    Arista/Cisco have commands like this:
    
    ipv6 dhcp relay install routes
    
    You place on the interface to make this happen.
    
    - Jared