SYSTEM ADMINISTRATOR GUIDE 85/1543-CRA 119 1170/1-V1 Uen A2

Configuring IPV6 Subscriber Services

Copyright

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List

SmartEdge		is a registered trademark of Telefonaktiebolaget LM Ericsson.
NetOp		is a trademark of Telefonaktiebolaget LM Ericsson.

Contents

1	Overview
1.1	General IPv6 Protocol Concepts
1.2	SmartEdge Implementation of IPv6
1.3	Overview of PPP Session Establishment
2	Configuration and Operations Tasks
2.1	Recommendations
2.2	Requirements
2.3	Restrictions
2.4	Configuration Overview
2.5	Configuring a SmartEdge Router to Provide IPv6 and Dual-Stack Subscriber Services
2.6	Configuring IPv6 Subscriber Service Attributes
2.7	Configuring ND Attributes
2.8	IPv6 Subscriber Services Operations
3	Examples
3.1	End-to-End Solution Configurations
3.2	Detailed Configuration Examples for Individual Elements of an IPv6 BRAS Solution

1 Overview

When configured as a broadband remote access server (BRAS), the SmartEdge router supports the address assignment and management of Internet Protocol version 6 (IPv6) Point-to-Point Protocol (PPP) subscribers. This document describes the configuration of IPv6 subscriber services for single (IPv6 only) and dual-stack (IPv6 and IPv4) PPP subscribers.

Note:: To configure IPv6 subscriber services on the SmartEdge router, you must have enabled the IPv6 subscriber license with the subscriber command; dual-stack subscriber services also require a license for IPv4 subscribers. See Enabling Licensed Features for more information on enabling licenses in the SmartEdge router.

1.1 General IPv6 Protocol Concepts

Before configuring IPv6 subscriber services on the SmartEdge router, you must be familiar with the differences between IPv4 and IPv6, address types supported by IPv6, and the IPv6 address format.

1.1.1 Differences Between IPv4 and IPv6

Table 1 describes the differences between IPv4 and IPv6.

Table 1 Differences Between IPv4 and IPv6
Element	IPv4	IPv6
Address size	32 bits	128 bits You do not need to type the full 128-bit address to pass a prefix to an end device.
Number of addresses supported	2³²	2¹²⁸
Types of addresses supported	Global unicast	Global unicast, link local, multicast, anycast
PPP address assignment	/32 allocated through Internet Protocol Control Protocol version 4 (IPCPv4)	No. IPv6 supports Dynamic Host Configuration Protocol version 6 (DHCPv6) Prefix Delegation (PD) or Neighbor Discovery (ND). Address assignment is encapsulation independent.
Broadcast address	Yes	No; multicast is supported instead.
Consolidated OAM	No	Address Resolution Protocol (ARP) and Duplicate Address Detection (DAD).
Address auto-configuration through ND	No	Yes
Prefixes	No	The SmartEdge assigns a prefix to its PPP subscribers. Customer-premises equipment (CPE) can have one or more prefixes assigned to a wide-area network (WAN) link, and one or more delegated prefixes for its downstream nodes.
Fixed 40 bytes	No	Yes

1.1.2 IPv6 Address Types

IPv6 addresses are 128 bits long, and the first 64 bits are reserved for routing and network addressing. IPv6 supports the following types of addresses:

Global unicast—Associated with a single interface only. The host uses router advertisements to determine globally unique addresses (GUAs). Global unicast addresses consist of a global routing prefix, a subnet ID, and an interface ID. The global routing prefix and subnet ID are the routing and networking part of the Global unicast address, and the interface ID is derived from the MAC address. See Table 2 for details about the components of a Global unicast IPv6 address.
Link-local unicast—Used for communication among nodes on the same link (the link on which the link local address is assigned). A link local address is an IPv6 address that is unique on the link. The link is a network segment. For example, a link can be one Ethernet interface that is connected to ten different nodes. Link-local unicast addresses are automatically assigned by end-user equipment and require no external configuration. See Table 3 for details about the components of a link-local unicast IPv6 address.
Multicast—Transmits a packet to all of the interfaces in a specified multicast group; each packet sent is replicated on every endpoint.
Anycast—Transmits a packet to an address that is associated with multiple interfaces, but only one interface receives the packet.

Table 2 Components of Global IPv6 Address
Routing and Networking Part of the Address		Unique ID Derived from the Line Card MAC Address
Global routing prefix of size n bits, where n can be from 1 to 56 bits. Typically, the global routing prefix is 48 bits long.	Subnet ID of size 64 – n bits. The subnet ID can be from 8 to 16 bits, but is typically 16 bits.	64-bit interface ID

Table 3 Components of Link-local IPv6 Address
Routing and Networking Part of the Address		Unique Interface ID Derived from the Line Card MAC Address
Subnet prefix of size n bits, where n can be from 1 to 64 bits. Typically, the subnet prefix is 10 bits.		Interface ID of size 128 – n bits. Typically, the Interface ID is 118 bits.

With IPv6, an interface can have multiple IPv6 addresses of any type. For example, an interface can have three IPv6 multicast addresses, one IPv6 unicast address, and two anycast IPv6 addresses.

Some IPv6 addresses are reserved. Table 4 describes the reserved IPv6 addresses and their notation:

Table 4 Reserved IPv6 Address Notation
Address type	Binary prefix	IPv6 Notation
Unspecified	00...0 (128 bits)	::/128
Loopback	00...1 (128 bits)	::1/128
Mutlicast	11111111	FF00::/8
Link-local	1111111010	FE80::/10
Global Unicast	All addresses are GUAs except for the following: Unspecified Loopback Multicast Link-local	nnn:nnn:nnn:nnn = routing prefix mmmmmmmmm = subnet ID 128-n-m = interface ID

1.1.3 Address Format

IPv6 addresses are typically composed of two parts: a 64-bit network or subnetwork prefix, and a 64-bit interface ID (128 bits total). Typically, IPv6 addresses are written with hexadecimal digits and colon separators in the following format:

AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:GGGG:HHHH

The IPv6 hexadecimal numbering system uses decimal digits 0 to 9 and letters A, B, C, D, E, and F (which represent the numbers 10, 11, 12, 13, 14, and 15). The decimal digit 16 is represented in hexadecimal by the number 10. Each section of hexadecimal characters represents 16 bits of the address and is separated by a colon. In the previous example, AAAA represents the first section of an IPv6 address, BBBB represents the second section, and so forth.

Following is an example of an IPv6 address. In this example, all 32 hexadecimal digits are represented:

ABCD:A162:1234:1234:ABCD:1234:5432:1010

By dropping nonsignificant and leading 0s, you can shorten an IPv6 address to eight hexadecimal digits. For example, the IPv6 address 1060:0000:0000:0000:0006:0600:800C:228A can be shortened to 1060:0:0:0:6:600:800C:228A. You can shorten an IPv6 address even further by replacing consecutive 0s with double colons. For example, the IPv6 address 1060:0:0:0:6:600:800C:228A can be shortened to 1060::6:600:800C:228A.

Note:: Double colons are allowed only once in each IPv6 address.
For more information about IPv6 address formatting, see RFC 4291, IP Version 6 Addressing Architecture.

1.2 SmartEdge Implementation of IPv6

1.2.1 Hardware Support Specifications

IPv6 subscriber services are supported on the following SmartEdge routers:

SmartEdge 100
SmartEdge 400
SmartEdge 800
SmartEdge 1200

IPv6 subscriber services are supported on the following traffic cards only:

PPA2-based 10-port Gigabit Ethernet
PPA2-based 2-port 60 Fast Ethernet–Gigabit Ethernet
PPA2-based 1-port 10 Gigabit Ethernet
PPA3-based 10-port Gigabit Ethernet
PPA3-based 20-port Gigabit Ethernet

Note:: IPv6 subscriber services are not supported on PPA1-based traffic cards.

1.2.2 Subscriber Session Specifications

Subscribers can be single-stack or dual-stack. Single-stack subscribers have only one type of IP service configured (IPv4 or IPv6) and exclusively support one type of traffic (IPv4 or IPv6). Dual-stack subscribers are authorized for both IPv4 and IPv6, and can simultaneously support both IPv4 and IPv6 traffic. Although dual-stack subscribers are authorized to simultaneously support both IPv4 and IPv6 traffic, it is not necessary for both stacks to be active at the same time.

A dual-stack subscriber consists of a single circuit bound to a single interface. Table 3 shows the number of dual-stack subscribers the SmartEdge router supports for each card type:

Table 5 Number of Dual-Stack Sessions per Card
Card Type	Number of Sessions per System
XCRP3 Controller card	32,000
XCRP4 Controller card	64,000
PPA2-based 10-port Gigabit Ethernet traffic card	16,000
2-port 60 Fast Ethernet–Gigabit Ethernet traffic card	16,000
1-port 10 Gigabit Ethernet traffic card	16,000
PPA3-based 10-port Gigabit Ethernet	24,000
PPA3-based 20-port Gigabit Ethernet	24,000

Note:: This document describes the configuration and management of IPv6 subscriber services only. To configure IPv4 subscriber services on the SmartEdge router, see Configuring Subscribers.

1.2.3 Supported IPv6 Subscriber Configurations

The SmartEdge router supports IPv6 subscriber services for PPP and PPPoE subscribers. You can configure IPv6 prefixes statically or through DHCPv6 Prefix Delegation (PD), using the formatting rules defined in RFC 4291, IP Version 6 Addressing Architecture. The SmartEdge router uses ND to assign an IPv6 prefix to the WAN link between the BRAS and CPE router.

1.2.4 PPP Session Specifications

IPv6 Control Protocol (IPv6CP) negotiation is supported for authenticated IPv6 PPP subscribers authorized for IPv6. During IPv6CP negotiation, both ends of the PPP circuit exchange their interface IDs. If a subscriber cannot generate its own interface ID, the subscriber takes its interface ID from the subscriber record in the RADIUS database (if the record contains a client interface ID). In cases where the subscriber cannot generate an interface ID and no interface ID is available in the RADIUS database, PPP randomly generates an interface ID. The SmartEdge OS learns neighbor MAC addresses from PPP and installs those addresses in the RIB.

Dual-stack subscribers use IPv6CP for IPv6 subscribers and IPCP for IPv4 subscribers. IPCP and IPv6CP are independent of one another; if IPv6CP fails, IPCP still operates and vice-versa.

In configurations where the CPE is a router, the CPE initiates PPP sessions. After successfully negotiating the Link Control Protocol (LCP) between a SmartEdge BRAS and a CPE router, the CPE router runs IPCP negotiation for IPv4 subscribers and IPv6CP negotiation for IPv6 subscribers.
In configurations where the CPE is a bridge, the host initiates the PPP sessions. After successfully negotiating the Link Control Protocol (LCP) between a SmartEdge BRAS and a CPE bridge, the host runs IPCP negotiation for IPv4 subscribers and IPv6CP negotiation for IPv6 subscribers. The SmartEdge OS declines IPv6CP negotiation for subscribers who are not authorized for IPv6.

Dual-stack subscriber sessions remain active until either of the following events occur:

LCP terminates
All network control protocols (NCPs) terminate
A DAD failure, (ND brings down the IPv6 session for a subsriber.)

When IPCP and IPv6CP report that a PPP session has terminated, the SmartEdge router terminates the subscriber session.

1.2.5 Multibind Interfaces

Multibind interfaces are the only interfaces that support IPv6 subscriber services; DHCPv6 server interfaces must be configured under a multibind interface. A multibind interface allows multiple circuits to be bound to a single interface and typically is used for subscriber circuits. You can also specify a multibind interface as a last-resort interface that acts as a fallback for any incoming subscriber circuit with a subscriber record that does not include an IP address that is assigned to any other interface. If a subscriber session is established, and no valid interface exists to which it can bind, the session binds to the last-resort interface.

The following restrictions apply when you configure a multibind interface for IPv6 subscriber services:

A last-resort multibind interface must be configured as unnumbered, using the ipv6 unnumbered command (in interface configuration mode).
The interface from which the IP address is borrowed for an unnumbered interface must be in the same context as the unnumbered interface.
A standard multibind interface (one that is not a last-resort interface) must have an IP address assigned explicitly, using the ip address command (in interface configuration mode).

For more information about multibind interfaces, see Configuring Contexts and Interfaces.

1.2.6 Subscriber Attributes

You can configure subscriber attributes:

In a subscriber record, as described in Configuring Subscriber Attributes in a Subscriber Record. The subscriber record is stored locally (on the SmartEdge OS) or on a RADIUS server.
In a subscriber profile, as described in Configuring Subscriber Attributes in a Subscriber Profile.
Note:
The subscriber record takes precedence over subscriber profiles. As result, attributes in a subscriber profile are overridden when you configure identical attributes with different values in a specific subscriber record.

1.2.6.1 Configuring Subscriber Attributes in a Subscriber Record

The SmartEdge router uses subscriber records to configure a set of subscriber attributes that are applied to subscribers. Some examples of attributes that can be configured are the subscriber name, password, authentication, access control, rate limiting, and policing information. A record is specific to the context in which the subscriber is configured.

You can configure the following IPv6-specific subscriber attributes in a subscriber record:

The delegated IPv6 prefix
The neighbor discovery prefix (also called the framed IPv6 prefix)
The subscriber IPv6 route (also called the framed IPv6 route)
An ND profile used to apply ND attributes to the IPv6 subscriber
Whether source validation is enabled or disabled for IPv6

Note:: To bring up an IPv6 stack, you must configure either the delegated IPv6 prefix or the neighbor discovery prefix (the framed IPv6 prefix).

You configure subscriber records in one of two ways:

Locally, by using commands in the SmartEdge command-line interface (CLI).
Subscriber records provide local authentication and authorization information whenever a remote authentication and authorization server, such as a RADIUS server, is not available or not required.
Using attributes (authentication, accounting, or both) stored on a RADIUS server.
Note:
If the RADIUS server is configured in the local context of the SmartEdge router, the RADIUS server can be used in all contexts. If the RADIUS server is configured in a nonlocal context, it can be used in that nonlocal context only. For more information about how the RADIUS server and the SmartEdge router interact, see Configuring RADIUS.

The following RADIUS attributes are supported for IPv6 subscribers:

Framed-IPv6-Route—Provides an IPv6 route for the subscriber.
Framed-Interface-Id—Provides an interface ID for PPP clients that do not generate their own interface ID.
NAS-IPv6-Address—Identifies the IPv6 address of the Network Access Server (NAS) in RADIUS access-request and access-accounting messages. For more information about NAS and RADIUS, see Configuring RADIUS.
Delegated-IPv6-Prefix—Identifies an IPv6 prefix that can be assigned to the subscriber using DHCPv6, so the subscriber can delegate the prefix to its downstream nodes. The Delegated-IPv6-Prefix attribute does not support prefixes that are all 1s or all 0s; if the framed IPv6 prefix is configured to be all 0s or all 1s, that session fails.

Framed-IPv6-Prefix—Used for stateless address autoconfiguration (SLAAC) and ND. The Frame-IPv6-Prefix attribute does not support prefixes that are all 1s or all 0s; if the framed IPv6 prefix is configured to be all 0s or all 1s, that session fails.
RB-IPv6-DNS—Ericsson VSA used to configure the IPv6 Primary and Secondary DNS of a subscriber. See RADIUS Attributes for more information about this VSA.
RB-IPv6-Option—Ericsson VSA used to configure multiple ipv6 attributes for a single subscriber. See RADIUS Attributes for more information about this VSA.

Note:: Use RADIUS filtering to configure individual attributes to be dropped from access and access accounting request messages.

1.2.6.2 Configuring Subscriber Attributes in a Subscriber Profile

In addition to the subscriber record, you can create and assign two types of subscriber profiles:

Default subscriber profiles, which contain attributes shared by subscribers in a single configuration. By configuring a default subscriber profile, you do not need to the apply the same attributes separately to each subscriber record. Attributes in the default subscriber profile apply to all IPv6 subscribers in the same context. To use the default profile, you must explicitly configure it in default subscriber profile configuration mode.
Named subscriber profiles, which you can assign to one or more subscribers. Unlike the default subscriber profile, which is assigned automatically to every subscriber record, you must explicitly assign a named subscriber profile to a subscriber record.

Attributes in the subscriber record take precedence over identical attributes configured in the named subscriber profile, and attributes in the named subscriber profile take precedence over identical attributes configured in the default subscriber profile.

1.2.7 AAA Support for IPv6 Subscribers

An IPv6 subscriber must be authorized through AAA before PPP negotiates connectivity and ND processes packets. If a protocol (for example, the IPv6 protocol) is not authorized, PPP does not negotiate that protocol with a client, even when the PPP negotiation process is initiated by a client.

The following AAA attributes are supported for IPv6 subscribers:

IPv6 route tag
IPv6-ND-profile
IPv6 Option source-validation

For general information about how AAA works on the SmartEdge router, see Configuring Authentication, Authorization, and Accounting.

1.2.8 DHCPv6 Prefix Delegation

With IPv6, DHCPv6 can get IPv6 prefixes from the Delegated-IPv6-Prefix attribute in a subscriber record. In IPv4 subscriber services, the SmartEdge router uses IPCP to assign IPv4 addresses to subscribers.

When DHCPv6 has the IPv6 prefix, the DHCPv6 server then assigns that prefix to a subscriber. If the subscriber is a CPE router, it uses the prefix to derive a set of longer prefixes that are sent to its clients. Subscribers that are not CPE routers do not use delegated prefixes.

In addition to IPv6 prefix delegation, the DHCPv6 server provides additional information to a subscriber, such as the default domain and DNS name-server address.

When configuring DHCPv6, keep in mind that:

A static delegated IPv6 prefix can be from 1 or to 128 bits in length. In common configurations, DHCPv6 provides IPv6 prefixes that are between 48 to 64 bits.
Static delegated IPv6 prefixes are used by a CPE for a specified lifetime.
Static delegated IPv6 prefixes remain assigned to the CPE until their valid lifetimes expire, or until the CPE sends a DHCPv6 RELEASE message to the DHCPv6 server.
Only one DHCPv6 server is allowed per context.
A DHCPv6 server interface can be a last-resort or non-last-resort multibind interface.
You can configure multiple static IPv6 prefixes in a subscriber record.

Note:: Unlike Framed IPv6 prefixes, DHCPv6 PD prefixes do not use route tags.

For faster IPv6 prefix delegation, you can configure DHCPv6 to use the RAPID COMMIT option. With the RAPID COMMIT option, only two messages (SOLICIT and REPLY messages) are exchanged between the DHCPv6 server and the CPE. You typically use the RAPID COMMIT option when the CPE can connect to only one server.

Note:: For general information about how DHCP works on the SmartEdge router, see Configuring DHCP.

The SmartEdge router supports both stateful and stateless DHCPv6, which are described in the sections that follow.

1.2.8.1 Stateful DHCPv6

With stateful DHCPv6, the DHCPv6 server is used for DHCPv6 prefix delegation and maintains the dynamic state of each client. The IPv6 prefixes remain assigned to the CPE until their valid lifetimes expire, or until the CPE sends a DHCPv6 RELEASE message to the DHCPv6 server. The SmartEdge OS removes the affected routes and releases the IPv6 prefixes when:

The CPE releases the IPv6 prefix.
The time limit on the prefix expires.
The PPP session terminates.
the IPv6 stack is disabled.

The DHCPv6 server sends delegated IPv6 prefixes and the following DNS information to the CPE:

IPv6 address of a DNS name server
Domain name for DNS resolution
Number of seconds a client waits before refreshing the configuration information received from the DHCPv6 server
Preference that the client should use for this DHCPv6 server (in cases where multiple clients are requesting information from the router)

DNS information can be configured directly under a DHCPv6 server (in DHCPv6 server policy configuration mode) or inside a subnet configured under the DHCPv6 server (in DHCPv6 server policy subnet configuration mode). The subset of DHCPv6 attributes configured inside a subnet are applicable to that subnet only. When you configure a subnet:

Options that are configured for a particular subnet take precedence over options configured under the top-level DHCPv6 server (in DHCPv6 server policy configuration mode).
Only those options administratively configured for a subnet differ from the options configured in the top-level DHCPv6 server policy. For example, if you configure all options except for the domain name for DNS resolution in a subnet, clients in that subnet use the domain name configured under the top-level DHCPv6 server.
If you do not specify a particular DHCPv6 policy option for the subnet (in DHCPv6 server policy subnet configuration mode), the subnet configuration matches the top-level DHCPv6 server policy configuration (as specified in DHCPv6 server policy configuration mode).

1.2.8.2 Stateless DHCPv6

With stateless DHCPv6, the DHCPv6 server sends only the following DNS information to the CPE:

IPv6 address of a DNS name server.
Domain name for DNS resolution.
Number of seconds a client waits before refreshing the configuration information received from the DHCPv6 server.
Preference that the client should use for this DHCPv6 server (in cases where multiple clients are requesting information from the router).

In a stateless configuration, the DHCPv6 server does not maintain dynamic state of each client or delegate IPv6 prefixes to clients.

Note:: With stateless DHCPv6, only those DNS options specified in the top-level DHCPv6 server policy (in DHCPv6 server policy subnet configuration mode) are applicable; stateless DHCPv6 does not support subnets.

1.2.9 Neighbor Discovery Protocol for IPv6

The SmartEdge router uses the Neighbor Discovery (ND) protocol to assign an IPv6 prefix to the WAN link of the CPE router. The ND IPv6 prefix comes from the Framed-IPv6-Prefix attribute, which can be statically configured or come from the RADIUS attribute.

In addition, the CPE uses ND to:

Determine the link-layer addresses of nodes on a link
Find available routers
Maintain reachability information about the paths to active neighbors

ND provides Duplicate Address Detection (DAD) and media-independent address resolution of on-link nodes.

For IPv6 subscriber services, the ND attributes are assigned in one of two ways:

From the global default ND profile.
From an administratively configured ND profile referenced in the subscriber profile or record. Note that ND profiles are context-specific and cannot be applied directly to interfaces. A subscriber must be associated with the same context the profile is associated with before the profile can be used. If you do not reference an ND profile in a subscriber profile or record, the router automatically assigns a default ND profile (called the GLOBAL_DEFAULT_PROFILE) to the subscriber circuit.

Use the show nd profile command to see which profile a subscriber circuit is using for ND; use the show nd profile GLOBAL_DEFAULT_PROFILE command to see the default configuration used by the GLOBAL_DEFAULT_PROFILE.

Note:: Router ND, which is configured under an individual interface and applies ND properties to the specified interface, is not supported for IPv6 subscriber services. Router ND is applicable for router-to-router connections only.

ND supports Stateless Address Autoconfiguration (SLAAC), which enables subscribing hosts to automatically configure global IPv6 addresses on their interfaces. SLAAC uses ND to advertise an IPv6 prefix or group of prefixes on-link. The host automatically configures its interface address by appending the host interface ID to the IPv6 prefix.

Note:: SLAAC is automatic on any IPv6 prefix that is configured.

The SmartEdge OS uses its own interface ID to generate the link local-address on the WAN link.

The SLAAC process is as follows:

The host sends an ND Router SOLICIT multicast message soliciting an RA. The RA contains information about on-link prefixes and whether they are available or unavailable for SLAAC.
The router (which is listening for SOLICIT messages) responds to the host with a Router Advertisement (RA) message that contains the IPv6 prefix or group of prefixes identifying the interface. Any prefix advertised in an RA message has SLAAC enabled, and the host can use that IP prefix to auto-generate its IP address
For IPv6 sessions, both ends of the PPP circuit exchange their interface IDs through IPv6CP negotiation. If a subscriber cannot generate its own interface ID, the subscriber takes its interface ID from the subscriber record in the RADIUS database (if the record contains a client interface ID). If the subscriber does not generate its own interface ID and an interface ID is not available in the RADIUS database, PPP randomly generates an interface ID. If the session also has an IPv4 stack, the BRAS assigns an IPv4 address to the subscriber through IPCP.
Before assigning the IPv6 address to the interface, the host performs DAD on the candidate IPv6 address. If the SmartEdge OS detects a duplicate address, it logs an error message in the system log.
Note:
How the CPE responds to duplicate-address detection depends on the type of equipment.
The SmartEdge OS installs the global IPv6 address prefixes (the framed-IPv6-prefixes) in the RIB.

SLAAC is supported for all IPv6 (both subscriber and nonsubscriber) circuits.

Note:: For more information about how ND works, see Configuring ND.

1.2.10 QoS Support for IPv6 Subscribers

QoS is supported on IPv6 subscriber interfaces.

Note:: Metering, policing, and forwarding policies do not currently support policy ACLs for classification of IPv6 traffic. When IPv6 traffic is subject to a metering, policing, or forwarding policy that was configured using an IPv4 policy ACL, IPv6 packets do not match any of the classes, but are subject to the configured policy-level enforcement.

For information about how to configure QoS, see the following QoS documents:


	Caution!
Risk of IPv6 traffic being dropped. When QoS policing and metering policies are configured such that the sum of their class-level rates is less than or equal to the policy-level rate, traffic that conforms to any of the per-class rates is given precedence above other traffic when the SmartEdge OS enforces the circuit-level rate. In a dual-stack configuration where a mix of IPv4 and IPv6 traffic is subject to a metering or policing policy, if the router classifies traffic with an IPv4 policy ACL or class definition, the IPv6 traffic is considered to be non-class-conforming. The IPv4 class-conforming traffic is then given precedence. If insufficient bandwidth is reserved for the non-class-confroming traffic, the IPv6 traffic may be dropped. To prevent this, ensure that sum of the rate values configured using the rate command under each metering or policing policy class is sufficiently less than the rate command configured at the policy level to reserve adequate bandwidth for IPv6 and other unclassified traffic. Alternatively, ensure that the sum of the class rates exceeds the circuit rate so that mode of operation that gives precedence to class-conforming traffic is not enabled.

1.2.11 Using IP ACLs for Traffic Control and IPv6 Protection

You can configure IP ACLs for IPv6 administrative protection on traffic card circuits, the Ethernet management port, and administrative traffic. Policy ACLs are not supported for IPv6 traffic. For information on how to configure IP ACLs to support IPv6, see Configuring ACLs.

1.3 Overview of PPP Session Establishment

When an IPv6 host or CPE initiates a PPP session with a BRAS, the session establishment process is as follows:

A CPE initiates a PPP session with a subscriber network.
A SmartEdge BRAS receives the request and creates a PPP session (single-stack or dual-stack) between the BRAS and the subscriber.
If the session has an IPv4 stack, the BRAS assigns an IPv4 address to the subscriber through IPCP.
An ND RA advertises 0 or more IPv6 framed prefixes on the link.
The BRAS installs a route for that IPv6 prefix on the link between the BRAS and the CPE.
If the subscriber sends a DHCPv6 SOLICIT to the BRAS, the BRAS uses DHCPv6 PD to assign a delegated IPv6 prefix and DNSv6 to the subscriber.
IPv6 (and IPv4, if dual-stack) traffic is routed through the BRAS.

2 Configuration and Operations Tasks

This section describes the requirements, restrictions, configuration tasks, and operations tasks for configuring IPv6 subscriber services on the SmartEdge router.

2.1 Recommendations

If the subscriber is a router, we recommend assigning subscribers a /64, /56, or /48 PD prefix that can be further subdivided on downstream interfaces.

2.2 Requirements

The SmartEdge router and the CPE must each have at least one link local-address each.

2.3 Restrictions

The SmartEdge router supports IPv6 subscriber services for PPP subscribers only.
LAC IPv6 and LAC dual-stack (IPv4 and IPv6) traffic is supported on IPv4 L2TP tunnels only. IPv6 L2TP tunnels are not supported on the SmartEdge router.
IPv6 subscriber services are supported only for connections between the SmartEdge router and a CPE router that has a GUA configured.
With stateful DHCPv6, the DHCPv6 server is used for DHCPv6 PD only.
With stateless DHCPv6, the DHCPv6 server sends only the following DNS information to the CPE:
- IPv6 address of a DNS name server.
- Domain name for DNS resolution.
- Number of seconds a client waits before refreshing the configuration information received from the DHCPv6 server.

2.4 Configuration Overview

To configure IPv6 subscriber services on a SmartEdge router:

Configure an interface with a GUA on the link between the BRAS and the CPE.
Configure a DHCPv6 server policy on the SmartEdge router.
Configure one or more multibind interfaces to use the DHCPv6 server policy. These interfaces are called "DHCPv6 servers."
Note:
To use a DHVPv6 server policy, the DHCPv6 server interfaces must be configured within the same context as the DHCPv6 server policy.
Enable RADIUS or local subscriber authentication.
If you do not want to use the default ND profile, create and configure an ND profile.
If you are using local subscriber authentication, configure the subscriber attributes in a subscriber record. If using a non-default ND profile, reference the ND profile you created in Step 5 in the subscriber record or profile.
If you are using RADIUS authentication, skip this step. If you are using a RADIUS server for subscriber authentication, skip this step and perform Step 7.
Configure a PPP or PPPoE- encapsulated circuit on the WAN link between the BRAS and the CPE.

2.5 Configuring a SmartEdge Router to Provide IPv6 and Dual-Stack Subscriber Services

To configure IPv6 and dual-stack subscriber services:

If using RADIUS to authenticate a subscriber, you can optionally configure the NAS-IPV6-Address to match the IPv6 address of the NAS:
- Use the configure command to access global configuration mode.
- Use the context command to enter context configuration mode.
- Configure the IPv6 address of the NAS for RADIUS access-request and access-accounting messages by using the radius attribute NAS-IPV6-Address interface command.
If you are not using RADIUS to authenticate a subscriber or do not want to configure the NAS-IPV6-Address to match the IPv6 address of the NAS, skip this step and go to step 2.
Configure an interface with a GUA on the link between the BRAS and the CPE:
- Use the configure command to access global configuration mode.
- Use the context command to enter context configuration mode.
- Specify an IPv6 GUA by using the ipv6 address command.
If using a DHCPv6 server to assign IPv6 prefixes to subscribers, create and configure the DHCPv6 server policy, as described in Configure a DHCPv6 Server Policy.
Configure a multibind interface to be the DHCPv6 server:
- Use the configure command to access global configuration mode.
- Use the context command to enter context configuration mode.
- Use the interface command as follows to configure a multibind interface, and access interface configuration mode:
  interface name multibind [lastresort]
  
  This is the interface you want to configure to be DHCPv6 enabled.
- Use the dhcpv6 server {ipv6-addr | interface} command to configure an interface to be a DHCPv6 server interface. You can configure the DHCPv6 server to use the primary IPv6 address of the interface as the server IP address or specify an IPv6 address for it.
Enable AAA subscriber authentication:
- Use the configure command to access global configuration mode.
- Use the context command to enter context configuration mode.
- Use the aaa authentication subscriber command to enable AAA to authenticate subscribers through the SmartEdge router local database or RADIUS. The command syntax is:
  aaa authentication subscriber [local | radius]
If you are using the local database for subscriber authentication, configure the subscriber attributes in a subscriber record. If you are using a RADIUS server for subscriber authentication, skip this step and go to step 7.
- Use the configure command to access global configuration mode.
- Use the context command to enter context configuration mode.
- Use the subscriber name command to access subscriber record configuration mode.
- If you are configuring stateful DHCPv6 PD, use the ipv6 delegated-prefix command as follows to specify the delegated IPv6 prefix to use for DHCPv6 PD. If you are using stateless DHCPv6, skip this step:
  ipv6 delegated-prefix ipv6-prefix
- Use the ipv6 framed-prefix command as follows to specify the prefix advertised to the subscriber using ND:
  ipv6 framed-prefix ipv6-prefix
  
  Replace the ipv6-prefix argument with a unique prefix that is not a part of the interface IPv6 address or assigned to any other subscriber.
- Use the ipv6 framed-route command as follows to specify a static IPv6 route that will be installed for the subscriber:
  ipv6 framed-route ipv6-prefix next-hop metric
  
  Note:
  The ipv6 framed-route command is available in IPv6 subscriber record configuration mode only; you cannot configure the ipv6 framed-route command in a subscriber profile.
- Optional. Use the profile command to reference a subscriber profile with attributes you want to apply to subscribers using this record. This step attaches a subscriber profile to the subscriber record. You can configure a subset of these attributes in a named or default subscriber profile that is attached to the record, as described in " Configure the Subscriber Attributes."
- Configure additional attributes, as described in Configure the Subscriber Attributes.
You can also configure a subset of subscriber attributes in a default or named subscriber profile, as described in " Configure the Subscriber Attributes."
Configure PPP or PPP over Ethernet (PPPoE) encapsulation on the WAN link and then bind the circuit using CHAP or PAP. The circuit is now ready to perform subscriber services.
For more information on configuring PPP and PPPoE, see Configuring PPP and PPPoE. To see how to configure the type of circuit you are using for your WAN link, see the appropriate section in Configuring Circuits.

2.6 Configuring IPv6 Subscriber Service Attributes

The end-to-end configuration in Configuring a SmartEdge Router to Provide IPv6 and Dual-Stack Subscriber Services provides only those tasks that are required for configuring IPv6 and dual-stack services on a SmartEdge BRAS. However, many additional attributes can be modified or applied to IPv6 subscribers:

Attributes that are applicable to the subscribers themselves are configured:
- Through a subscriber record
- In a subscriber profile that is referenced by a subscriber record
- In a default subscriber profile
ND subscriber-specific attributes are configured in an ND profile referenced in a subscriber profile or record.
DHCPv6-specific characteristics are configured in the DHCPv6 server for a specific context.

2.6.1 Configure Subscriber Attributes

Subscriber attributes are applied to an IPv6 subscriber in one of the following ways:

From a subscriber record that is configured for a specific subscriber.
From the default subscriber profile applied to all IPv6 subscribers in the same context. Subscribers inherit the configuration specified in the profile. If you want to use the default profile, you must explicitly configure it in default subscriber profile configuration mode.
From a specific subscriber profile referenced in a subscriber record. You must explicitly assign a named subscriber profile to a subscriber record. When assigned to a subscriber record, the values of the attributes in a named subscriber profile override the identical attributes in the default profile.

That task that follow describes how to configure various IPv6-specific subscriber attributes in a subscriber record or profile. Perform these tasks in one of the following modes:

Table 6 Subscriber Attribute Configuration Modes
To configure attributes for:	Perform these tasks in:
A subscriber record	Subscriber configuration mode
A default subscriber profile	Default subscriber profile configuration mode
A named subscriber profile	Subscriber profile name configuration mode

Note:: Attributes in the subscriber record take precedence over identical attributes configured in the named subscriber profile, and attributes in the named subscriber profile take precedence over identical attributes configured in the default subscriber profile.

To configure various IPv6-specific subscriber attributes in a subscriber record or profile:

Use the configure command to access global configuration mode.
Use the context command to access context configuration mode.
Use the subscriber command as follows to access subscriber configuration mode for the specified IPv6 subscriber:
subscriber {name | default | profile}
Use the ipv6 delegated-prefix command as follows to specify the prefix to use for DHCP prefix delegation:
ipv6 delegated-prefix ipv6-prefix

This command is available in IPv6 subscriber record configuration mode only; you cannot configure the ipv6 delegated-prefix command in a subscriber profile.
Use the ipv6 framed-prefix command as follows to specify the prefix that will be advertised to subscribers using ND:
ipv6 framed-prefix ipv6-prefix

Replace the ipv6-prefix argument with a prefix that does overlap with any other interface prefix.

Note:
This command is available in IPv6 subscriber record configuration mode only; you cannot configure the ipv6 framed-prefix command in a subscriber profile.
Use the ipv6 framed-route command as follows to specify a static IPv6 route that will be installed for subscriber:
ipv6 framed-route ipv6-prefix next-hop metric

Note:
This command is available in IPv6 subscriber configuration mode only; you cannot configure the ipv6 framed-route command in a subscriber profile.
Use the ipv6 nd-profile command as follows to assign an ND profile to be used with the given subscriber or subscriber profile:
ipv6 nd-profile name
Use the dns6 command to specify the primary and secondary DNS IPv6 addresses:
dns6 {primary | secondary} ipv6-address
Use the ipv6 source-validation command to enable source validation for IPv6.

Table 5 describes the additional subscriber attributes you can configure that are not stack-specific. Configure the attribute commands in subscriber, default subscriber profile, or subscriber profile name configuration mode unless otherwise specified.

Note:: A subscriber record or profile may contain additional attributes that are not applicable to the stack of a subscriber. In such cases, only the applicable attributes are provisioned for the subscriber. For example, a profile that is applied to an IPv6 subscriber may contain IPv4 attributes that are not provisioned.

For more information about these attributes and the configuration of subscriber records and profiles, see Configuring Subscribers.

Table 7 Additional Subscriber Attributes In a Profile or Subscriber Record
Root Attribute Command	Description
access-line adjust	Uses information received from the DSLAM to adjust the rate.
bulkstats schema	Applies a bulkstats schema to the subscriber profile for this context.
dns	Specifies the primary and secondary DNS server IPv4 addresses This attribute is applicable to IPv4 and dual-stack subscribers only.
`flow`	Applies a flow policy.
framed-route allow-ecmp	Configures the framed-route attribute for this context.
ip	Applies IP attributes.
`mtu`	Sets the subscriber MTU. Range is from 256 through 12800.
nbns	Sets the NBNS server address.
port-limit	Limits the number of sessions a subscriber can access simultaneously.
ppp mtu	Sets the MTU used by PPP for the subscriber circuit.
pppoe client route	Configures the PPPoE client for PPPoE subscribers.
pppoe motm	Creates the message of the minute (MOTM) that the subscriber sees when first logging on.
pppoe url	Sets the subscriber’s PPPoE client to point the subscriber’s browser to a specific location after the PPP session is established
propogate qos from ip	Modifies the internal classification settings of packets sent or received from the subscriber.
qos node-reference	Sets the QoS node reference.
qos policy queuing	Applies a QoS policy.
rate	Configures inbound and outbound policy circuit rates.
rate-adjust dhcp pwfq	Sets rate adjustment.
`sbc`	Configures the SBC adjacency.
session-action	Sets the AAA session action.
session-limit	Sets a limit to the number of sessions allowed for each subscriber line identified by an agent circuit ID or agent remote ID.
shaping-profile	Assigns an ATM shaping profile.
timeout	Sets absolute or idle session timeout value.

2.6.2 Configure a DHCPv6 Server Policy

Configure DHCPv6 service policy attributes:

Use the configure command to access global configuration mode.
Use the context command to access context configuration mode.
Use the dhcpv6 server command to create a DHCPv6 server policy and access DHCPv6 server policy configuration mode. Only one DHCPv6 server policy is allowed for a context.
Use the option domain-name-server command as follows to specify the IP address of a DNS name server:
option domain-name-server server-address
Use the option domain-search command as follows to specify a domain name for DNS resolution:
option domain-search domain-name
Use the option information-refresh-time command as follows to specify the number of seconds a client waits before refreshing the configuration information received from the DHCPv6 server:
option information-refresh-time seconds

Range is from 600 through 4294967295 seconds.
Use the option preference command as follows to configure the preference value for this DHCPv6 server:
option preference integer

A DHCPv6 server with a lower value is preferred over a server with a higher value.

Range is from 0 through 255.
Use the option rapid-commit command to enable Rapid Commit for faster IPv6 prefix delegation.
With the RAPID COMMIT option, only two messages (SOLICIT and REPLY messages) are exchanged between the DHCPv6 server and the CPE. We recommend using the RAPID COMMIT option when there is only one server for a client to connect to.
Use the prefix lifetime command as follows to configure the length of time the subscriber router can use a delegated IPv6 prefix and a given DHCPv6 prefix:
prefix lifetime {preferred seconds valid seconds | infinite}

Set the prefix lifetime as follows:
- preferred seconds—Number of seconds the IPv6 addresses using the delegated IPv6 prefix are preferred. Range is from 600 through 4294967294 seconds.
- valid seconds—Number of seconds a delegated IPv6 prefix is valid and can be used by a client. Range is from 600 through 4294967294 seconds.
- infinite—Configures both the preferred and valid lifetimes to be infinite.
If required, configure a subset of DHCPv6 attributes that apply to a particular subnet only. Options configured for the subnet take precedence over options specified in the top-level DHCPv6 server policy:
- Use the subnet command as follows to access DHCPv6 server policy subnet configuration mode to configure DHCPv6 server attributes that are applicable only to subscribers in the specified subnet:
  subnet ipv6-prefix/subnet-mask [name subnet-name]
  
  Only those options administratively configured for a subnet differ from the options configured in the top-level DHCPv6 server policy (in DHCPv6 server policy configuration mode). If you do not specify a particular DHCPv6 policy option for the subnet (in DHCPv6 server policy subnet configuration mode), the subnet configuration matches the top-level DHCPv6 server policy configuration (as specified in DHCPv6 server policy configuration mode).
  
  Replace the ipv6-prefix argument with an IPv6 prefix. This IPv6 prefix cannot be the same as the prefix for any other interface.
- Use the option domain-name-server command as follows to specify the IP address of a DNS name server.
  option domain-name-server server-address
- Use the option domain-search command as follows to specify a domain name for DNS resolution:
  option domain-search domain-name
- Use the prefix lifetime command as follows to configure the length of time the subscriber router can use a delegated IPv6 prefix and a given DHCPv6 prefix:
  prefix lifetime {preferred seconds valid seconds | infinite}
  
  Set the prefix lifetime as follows:
  - preferred seconds—Number of seconds the IPv6 addresses using the delegated IPv6 prefix are preferred. Range is from 600 through 4294967294 seconds.
  - valid seconds—Number of seconds a delegated IPv6 prefix is valid and can be used by a client. Range is from 600 through 4294967294 seconds.
  - infinite—Configures both the preferred and valid lifetimes to be infinite.

2.7 Configuring ND Attributes

For IPv6 subscriber services, the SmartEdge router acquires ND attributes in one of two ways:

From the global default ND profile
From an administratively configured ND profile referenced in a subscriber profile or record

Note:: If you do not reference an ND profile in a subscriber profile or record, the router automatically assigns a default ND profile (called the GLOBAL_DEFAULT_PROFILE) to the subscriber circuit. Use the show nd profile command to see which profile a subscriber circuit is using for ND; use the show nd profile GLOBAL_DEFAULT_PROFILE command to see the default configuration used by the GLOBAL_DEFAULT_PROFILE.

To create and configure an ND profile for IPv6 subscribers:

Access context configuration mode.
Access ND profile configuration mode or ND router configuration mode.
Use the ra-interval command as follows to configure the interval between transmissions for RA messages:
ra-interval seconds
Use the ra lifetime command as follows to configure the router advertisement lifetime in seconds:
ra lifetime seconds

Replace seconds with the total number of seconds the prefix remains valid.

Note:
Setting the RA interval to 0 suppresses the sending of RAs.
Use the ra managed-config command to configure the router advertisement to contain the managed address configuration flag. This flag is included in IPv6 RAs, indicating to hosts that they should use the managed (stateful) protocol for address autoconfiguration in addition to any addresses autoconfigured using stateless address autoconfiguration.
Use the ra other-config command to configure the router advertisement to contain the other stateful configuration flag. This flag is included in IPv6 router advertisements, indicating to hosts that they should use the administered (stateful) protocol to obtain autoconfiguration information other than addresses.
Use the ns-retry-interval command as follows to specify a value for the Retrans Timer field, which is the length of time between retransmitted Neighbor Solicitation (NS) messages:
ns-retry-interval milliseconds
Use the dad-transmits num-dad-transmits command to specify the number of Neighbor Solicitation (NS) messages the SmartEdge router sends to its peers for DAD. Replace num-dad-transmits with the number of DAD NS messages to send; the range of values is 0 to 3. A value of 0 disables NS message transmission.
Use the proto-down-on-dad command to enable the SmartEdge router to send a request to bring down the IPv6 stack of the subscriber circuit in which a DAD failure is detected.
Use the reachable-time command as follows to specify a value for the Reachable Time field, which is the length of time this ND router or ND router interface assumes that a neighbor is reachable:

reachable-time milliseconds

This attribute enables the router to detect unavailable neighbors. The reachable time value is advertised by the RA messages sent by the router.
Use the preferred-lifetime command as follows to configure the lifetime of the preferred router advertisement:
preferred-lifetime seconds

Replace seconds with the length of time (in seconds) an advertised prefix remains preferred.
Use the valid-lifetime command as follows to configure the router advertisement to list a specified prefix for a valid lifetime:
valid-lifetime seconds

Replace seconds with the length of time the addresses generated from the prefix remain valid.

Note:: The SmartEdge router does not support the use of router ND (where ND is configured under a specific interface) for IPv6 subscriber services. Any router ND configuration that exists under an interface is ignored for subscribers bound to that interface.

2.8 IPv6 Subscriber Services Operations

To manage IPv6 subscriber service functions, perform the appropriate tasks described in Table 6. Enter the show commands in any mode.

Table 8 IPv6 Subscriber Services Operations Tasks
Root Command	Task
`clear dhcpv6 statistics`	Clear DHCPv6 statistics.
`debug ipv6 policy`	Enable generation of debug messages for an IPv6 policy.
`debug ipv6 prefix-library`	Enable generation of debug messages for the IPv6 prefix library.
`debug ipv6 prefix-list`	Enable generation of debug messages for the maintenance of IP Version 6 (IPv6) prefix lists and for the comparison of IPv6 prefix entries to IPv6 prefix lists.
`debug ipv6 routing`	Enable generation of IP routing debug messages.
`show dhcpv6 log`	Display the DCHPv6-PD log. You can filter the log history by circuit, server or client DUID, or IPv6 prefix.
`show dhcpv6 server duid`	Display the DUID that the DHCPv6 server onboard the SmartEdge is using to communicate with its DHCPv6 clients .
`show dhcpv6 server host`	Display all the active DHCPv6 clients. Display more information with the detail keyword.
`show dhcpv6 server host circuit`	Display the active DHCPv6 clients on a circuit.
`show dhcpv6 server host prefix`	Display the active DHCPv6 clients that use a prefix.
`show dhcpv6 server host subnet`	Display the active DHCPv6 clients on a subnet.
`show dhcpv6 statistics`	Display DHCPv6 Statistics. Include the `detail` keyword in the command string to display additional information pertaining to DHCPv6 statistics.
`show ipv6 all-host`	Display information about all IPv6 hosts stored in the local host table for the current context.
`show ipv6 dynamic-host`	Display IPv6 dynamic hostname and system ID mapping.
`show ipv6 host`	Display all static hostname-to-IPv6 address mappings stored in the local host table for the current context.
`show ipv6 interface`	Display information about IPv6 interfaces, including the interface bound to the Ethernet management port on the controller card.
`show ipv6 mroute`	Display the IPv6 Protocol Independent Multicast (PIM) routing table.
`show ipv6 policy access-list`	Display information about IPv6 subscriber policies configured in the current context.
`show ipv6 prefix-list`	Display information about configured IPv6 prefix lists.
`show ipv6 route`	Display information about all IPv6 routes.
`show nd profile`	Displays ND profile information for a context.
`show nd-circuit`	Displays ND circuit information for one or more ND circuits.
`show nd statistics`	Displays global statistics for one or more ND router interfaces.
`show subscribers active`	Display the attributes of active IPv6 subscriber sessions.
`show subscribers summary`	Displays the total number subscribers and their encapsulations in the current context.

3 Examples

The examples that follow show how to configure a SmartEdge router to provide IPv6 subscriber services to PPP subscribers.

3.1 End-to-End Solution Configurations

The examples that follow provide end-to-end configuration for a SmartEdge router in a BRAS solution. The examples presented show how to configure a BRAS to use stateful and stateless DHCPv6 to support dual-stack subscribers.

3.1.1 Configure a BRAS for Dual-stack Subscriber Support Using Stateful DHCPv6

This example results in a configuration where:

IPv6 prefixes are delegated through stateful DHCPv6
IPv4 addresses are assigned to a PPP dual-stack subscriber through IPCP
ND provides the IPv6 prefix for the WAN interface (between the BRAS and the CPE)

Figure 1 displays the network topology for this configuration example.

Figure 1 Sample Dual-Stack IPv6 Topology

In this topology:

A subscribing PC requests an IPv6 prefix from the CPE, which is a router.
The CPE initiates a PPP connection between the BRAS and the CPE, and LCP comes up.
The BRAS requests authorization of the subscriber through the RADIUS server.
On successful authorization, the CPE negotiates IPv6CP and IPCP between the BRAS and the CPE router:
- IPv6CP exchanges interface IDs for each end of the WAN link.
- The BRAS sends the IPv4 address to the CPE.
The BRAS advertises an IPv6 prefix to the CPE in an ND message.
The BRAS adds a route for the IPv6 prefix in its routing tables.
The CPE sends a DHCPv6 SOLICIT message to the BRAS to get the delegated prefixes and other information.
The BRAS returns a DHCPv6 ADVERTISE message to the CPE with a delegated IPv6 prefix and DNS information.
The CPE sends a DHCPv6 REQUEST message to the BRAS, confirming that the CPE accepts the delegated prefix.
The BRAS sends a DHCPv6 REPLY message to the CPE, confirming that the delegated prefix belongs to the CPE.
The BRAS adds the IPv6 prefix to the routing table, and the CPE uses the delegated prefix to derive a longer IPv6 prefix for the downstream interfaces.

The example that follows shows the configuration of the SmartEdge router only. For RADIUS and CPE configuration, see the documentation for those products.

Configure two interfaces between the BRAS and the CPE; each interface has its own IPv4 and IPv6 GUA address. One interface is a loopback interface, and the other is a non-loopback interface. A loopback interface is not required on the WAN link; this example shows one possible configuration:

[local]BRAS#configure

[local]BRAS(config)#context SJ1

[local]BRAS(config-ctx)#interface test-lb loopback

[local]BRAS(config-if)#ip address 155.13.1.1/24

[local]BRAS(config-if)#ipv6 address 2001:db8:b:4f::1/64

[local]BRAS(config-if)#exit

[local]BRAS(config-ctx)#interface to-cpe

[local]BRAS(config-if)#ip address 155.15.1.1/24

[local]BRAS(config-if)#ipv6 address 2001:db8:b:5f::1/64

Configure the DHCPv6 server policy:

[local]BRAS(config-ctx)#dhcpv6 server

[local]Redback(config-dhcpv6-server)#option domain-name-server 2005:db8:b:3f::2

[local]Redback(config-dhcpv6-server)#option domain-search SJ1.com

[local]Redback(config-dhcpv6-server)#option preference 5 

[local]Redback(config-dhcpv6-server)#option information-refresh-time 3000000

[local]Redback(config-dhcpv6-server)#option rapid-commit 

[local]Redback(config-dhcpv6-server)#prefix lifetime preferred 3600 valid 7200

[local]BRAS(config-dhcp-server)#subnet 2001:a:b:3f::/64

[local]Redback(config-dhcpv6-subnet)#option-domain-name-server 2008:db8:b:3f::1

[local]Redback(config-dhcpv6-subnet)#option domain-search NY1.com

[local]Redback(config-dhcpv6-subnet)#prefix lifetime preferred 900 valid 1200

Configure a multibind interface to be the DHCPv6 server that uses the DHCPv6 server policy. In this example, the DHCPv6 server is a last-resort interface called test-last. Any subscriber circuit that attempts to come up binds to this interface. The ipv6 unnumbered command enables IP processing on the test-lb interface without assigning it an explicit IP address:

[local]BRAS(context)#interface test-last multibind lastresort

[local]BRAS(config-if)#ipv6 unnumbered test-lb

[local]BRAS(config-if)#dhcpv6 server interface

Enable AAA to authenticate subscribers through the SmartEdge router local database. Subscribers are authenticated according to parameters set in the subscriber profile for the current context:

[local]BRAS(context)#aaa authentication subscriber local

Note:: To configure subscriber attributes in a subscriber profile, see Configure the Subscriber Attributes. For more information about AAA subscriber authentication, see Configuring Authentication, Authorization, and Accounting.

Create a user record for the subscriber test. The configuration specified in this profile is applied to subscribers destined for the IP address 155.13.1.10. The ipv6 framed-prefix command specifies the IPv6 prefix (2001:db8:b:4f::/64) assigned to the subscriber (using ND or a static assignment). The ipv6 delegated-prefix command specifies the IPv6 prefix (2001:db8:1::/48) to be used for DHCPv6 PD. The nd-profile command assigns the abc profile to the subscriber test.

[local]BRAS(context)#subscriber name test

[local]BRAS(config-sub)#ip address 155.13.1.10

[local]BRAS(config-sub)#ipv6 framed-prefix 2001:db8:b:4f::/64

[local]BRAS(config-sub)#ipv6 delegated-prefix 2001:db8:1::/48

[local]BRAS(config-sub)#ipv6 nd-profile abc

Configure PPPoE encapsulation on an 802.1Q PVC and then bind the PVC using CHAP:

[local]BRAS(config)#port ethernet 12/1

[local]BRAS(config-port)#encapsulation dot1q

[local]BRAS(config-port)#dot1q pvc 1 encap pppoe

[local]BRAS(config-dot1q-pvc)#bind authentication chap

Create a second PVC with multiprotocol encapsulation (creating a child circuit), and set the protocol of the child circuit to PPPoE. Bind the PVC using CHAP:

[local]BRAS(config-port)#dot1q pvc 2 encapsulation multi

[local]BRAS(config-dot1q-child-proto)#circuit protocol pppoe

[local]BRAS(config-dot1q-child-proto)#bind authentication chap

3.1.2 Configure a BRAS for Dual-stack Subscriber Support Using Stateless DHCPv6

This example results in a configuration where:

IPv6 DNS information is exchanged through stateless DHCPv6.
IPv4 addresses are assigned to a PPP dual stack subscriber through IPCP
ND provides the IPv6 prefix for the WAN interface (between the BRAS to the subscriber over the CPE bridge )

Figure 1 displays the network topology for this configuration example.

Figure 2 Sample Dual Stack IPv6 Topology

In this topology, messages are exchanged between the BRAS and the subscriber through the CPE bridge as follows:

The subscribing client sends DHCPv6 Informational Message Request to Obtain DNS Parameters.
The BRAS returns a DHCPv6 Reply message to the subscribing client with the requested DNS information (all DNS options configured under the DHCPv6 server profile).

The example that follows shows the configuration of the SmartEdge router only. For RADIUS and CPE configuration, see the documentation for those products.

Configure an interface between the BRAS and the CPE; the interface has its own IPv4 and IPv6 GUA address:

[local]BRAS#configure
[local]BRAS(config)#context SJ1
[local]BRAS(config-ctx)#interface to-cpe
[local]BRAS(config-if)#ip address 155.15.1.1/24
[local]BRAS(config-if)#ipv6 address 2001:db8:b:5f::1/64

Configure the DHCPv6 server policy:

[local]BRAS(config-ctx)#dhcpv6 server
[local]Redback(config-dhcpv6-server)#option domain-name-server 2005:db8:b:3f::2
[local]Redback(config-dhcpv6-server)#option domain-search SJ1.com
[local]Redback(config-dhcpv6-server)#option information-refresh-time 700

Configure a multibind interface to be the DHCPv6 server. In this example, the DHCPv6 server is a last-resort interface called test-last. Any DHCPv6 subscriber circuit that attempts to come up binds to this interface. The ipv6 unnumbered command configures the test-last interface to use the IPv6 address from the to-cpe interface:

[local]BRAS(context)#interface test-last multibind lastresort
[local]BRAS(config-if)#ip unnumbered to-cpe
[local]BRAS(config-if)#dhcpv6 server interface

Enable AAA to authenticate subscribers through the SmartEdge router local database. Subscribers are authenticated according to parameters set in the subscriber profile for the current context:

[local]BRAS(context)#aaa authentication subscriber local

Note:: To configure subscriber attributes in a subscriber profile, see Configure the Subscriber Attributes. For more information about AAA subscriber authentication, see Configuring Authentication, Authorization, and Accounting.

Create a user record for the subscriber test. The configuration specified in this profile is applied to subscribers destined for the IP address 155.13.1.10. The ipv6 framed-prefix command specifies the IPv6 prefix (2001:db8:b:4f::/64) assigned to the subscriber (using ND or a static assignment). The nd-profile command assigns the abc profile to the subscriber test:

[local]BRAS(context)#subscriber name test
[local]BRAS(config-sub)#ip address 155.13.1.10
[local]BRAS(config-sub)#ipv6 framed-prefix 2001:db8:b:4f::/64
[local]BRAS(config-sub)#ipv6 nd-profile abc

Configure PPPoE encapsulation on an 802.1Q PVC and then bind the PVC using CHAP:

[local]BRAS(config)#port ethernet 12/1
[local]BRAS(config)#encapsulation dot1q
[local]BRAS(config-port)#dot1q pvc 1 encap pppoe
[local]BRAS(config-dot1q-pvc)#bind authentication chap

Create a second PVC with multiprotocol encapsulation (creating a child circuit), and set the protocol of the child circuit to PPPoE. Bind the PVC using CHAP:

[local]BRAS(config-port)#dot1q pvc 2 encapsulation multi
[local]BRAS(config-dot1q-child-proto)#circuit protocol pppoe
[local]BRAS#bind authentication chap

3.2 Detailed Configuration Examples for Individual Elements of an IPv6 BRAS Solution

The sections that follow provide detailed, extended configuration examples for the individual elements of a BRAS IPv6 solution.

3.2.1 Configuring NAS IPv6 Address

The following example shows how to configure the NAS IPv6 address:

[local]BRAS#configure

[local]BRAS(config)#context SJ1

[local]BRAS(config-ctx)#radius attribute NAS-IPV6-Address interface if1

3.2.2 Configuring a Subscriber Profile

The following example creates subscriber profile sj-sub-10:

local]Redback(config-ctx)#subscriber profile sj-sub-10

[local]Redback(config-sub)#ipv6 delegated-prefix 2001:a:b:4f::1/128

[local]Redback(config-sub)#ipv6 framed-prefix 2002:a:b:5f::1/128 

[local]Redback(config-sub)#ipv6 nd-profile abc

3.2.3 Configuring a Subscriber Record

The following example configures subscriber record test:

[local]Redback(config-ctx)#subscriber name test

[local]Redback(config-sub)#ipv6 delegated-prefix 2001:db8:b:4f::1/48

[local]Redback(config-sub)#ipv6 framed-prefix 2002:a:b:5f::1/48 

[local]Redback(config-sub)#ipv6 nd-profile abc 

[local]Redback(config-sub)#ipv6 framed-route 2010:db8:b:5f::1/48 2002:db8:b:5f::1 1000

[local]Redback(config-sub)#ipv6 source-validation

[local]Redback(config-sub)#profile sj-sub-10

3.2.3.1 Configure a DHCPv6 Profile

Configure the DHCPv6 server policy. In this example, the network administrator:

Specifies a domain name server on the IPv6 address 2005:db8:b:3f::2.
Specifies the domain SJ.com for DNS resolution.
Configures the preference value for this DHCPv6 server to 5.
Configures clients to wait 3000000 seconds before refreshing the configuration information received from DHCPv6 server.
Enables RAPID COMMIT (only two messages are exchanged between the BRAS and the CPE).
Specifies a preferred lifetime of 3600 seconds.
Specifies a valid lifetime of 7200 seconds.
Specifies a subset of DHCPv6 attributes for clients in the subnet 2001:db8:b:3f::/68. For clients in this subnet, the following attributes are different from all other subscribers:
- The preferred lifetime is 2000 seconds (instead of 3600 seconds).
- The valid lifetime is 4000 seconds (instead of 7200 seconds).
Specifies a subset of DHCPv6 attributes for clients in the subnet 2001:db8:2:2::/68. For clients in this subnet, the following attributes are different from all other subscribers:
- The domain name server is located at IPv6 address 2008:db8:4000:1::2 (all other subscribers use the domain name server located on 2005:db8:b:3f::2).
- Subscribers in this subnet use the domain subnet.corp.com for DNS resolution (all other subscribers use the domain SJ1.com).
- The preferred and valid lifetimes are set to be infinite (instead of 3600 seconds).

[local]Redback(config-ctx)#dhcpv6 server

[local]Redback(config-dhcpv6-server)#option domain-name-server 2005:db8:b:3f::

[local]Redback(config-dhcpv6-server)#option domain-search SJ1.com

[local]Redback(config-dhcpv6-server)#option preference 5

[local]Redback(config-dhcpv6-server)#option information-refresh-time 3000000

[local]Redback(config-dhcpv6-server)#option rapid-commit

[local]Redback(config-dhcpv6-server)#prefix lifetime preferred 3600 valid 7200

[local]Redback(config-dhcpv6-server)#subnet 2001:db8:b:3f::/68

[local]Redback(config-dhcpv6-server)#prefix lifetime preferred 2000 valid 4000

[local]Redback(config-dhcpv6-server)#subnet 2001:db8:2:2::/68

[local]Redback(config-dhcpv6-subnet)#option-domain-name-server 2008:db8:4000:1::2

[local]Redback(config-dhcpv6-subnet)#option domain-search subnet.corp.com

[local]Redback(config-dhcpv6-subnet)#prefix lifetime infinite