SYSTEM ADMINISTRATOR GUIDE     85/1543-CRA 119 1170/1-V1 Uen A2    

Configuring IPV6 Subscriber Services

© Ericsson AB 2010. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List

SmartEdge is a registered trademark of Telefonaktiebolaget LM Ericsson.
NetOp is a trademark of Telefonaktiebolaget LM Ericsson.

Contents

1Overview
1.1General IPv6 Protocol Concepts
1.2SmartEdge Implementation of IPv6
1.3Overview of PPP Session Establishment

2

Configuration and Operations Tasks
2.1Recommendations
2.2Requirements
2.3Restrictions
2.4Configuration Overview
2.5Configuring a SmartEdge Router to Provide IPv6 and Dual-Stack Subscriber Services
2.6Configuring IPv6 Subscriber Service Attributes
2.7Configuring ND Attributes
2.8IPv6 Subscriber Services Operations

3

Examples
3.1End-to-End Solution Configurations
3.2Detailed Configuration Examples for Individual Elements of an IPv6 BRAS Solution


1   Overview

When configured as a broadband remote access server (BRAS), the SmartEdge router supports the address assignment and management of Internet Protocol version 6 (IPv6) Point-to-Point Protocol (PPP) subscribers. This document describes the configuration of IPv6 subscriber services for single (IPv6 only) and dual-stack (IPv6 and IPv4) PPP subscribers.

Note:  
To configure IPv6 subscriber services on the SmartEdge router, you must have enabled the IPv6 subscriber license with the subscriber command; dual-stack subscriber services also require a license for IPv4 subscribers. See Enabling Licensed Features for more information on enabling licenses in the SmartEdge router.

1.1   General IPv6 Protocol Concepts

Before configuring IPv6 subscriber services on the SmartEdge router, you must be familiar with the differences between IPv4 and IPv6, address types supported by IPv6, and the IPv6 address format.

1.1.1   Differences Between IPv4 and IPv6

Table 1 describes the differences between IPv4 and IPv6.

Table 1    Differences Between IPv4 and IPv6

Element

IPv4

IPv6

Address size

32 bits

128 bits


You do not need to type the full 128-bit address to pass a prefix to an end device.

Number of addresses supported

232

2128

Types of addresses supported

Global unicast

Global unicast, link local, multicast, anycast

PPP address assignment

/32 allocated through Internet Protocol Control Protocol version 4 (IPCPv4)

No.


IPv6 supports Dynamic Host Configuration Protocol version 6 (DHCPv6) Prefix Delegation (PD) or Neighbor Discovery (ND).


Address assignment is encapsulation independent.

Broadcast address

Yes

No; multicast is supported instead.

Consolidated OAM

No

Address Resolution Protocol (ARP) and Duplicate Address Detection (DAD).

Address auto-configuration through ND

No

Yes

Prefixes

No

The SmartEdge assigns a prefix to its PPP subscribers. Customer-premises equipment (CPE) can have one or more prefixes assigned to a wide-area network (WAN) link, and one or more delegated prefixes for its downstream nodes.

Fixed 40 bytes

No

Yes

1.1.2   IPv6 Address Types

IPv6 addresses are 128 bits long, and the first 64 bits are reserved for routing and network addressing. IPv6 supports the following types of addresses:

Table 2    Components of Global IPv6 Address

Routing and Networking Part of the Address

Unique ID Derived from the Line Card MAC Address

Global routing prefix of size n bits, where n can be from 1 to 56 bits. Typically, the global routing prefix is 48 bits long.

Subnet ID of size 64 – n bits. The subnet ID can be from 8 to 16 bits, but is typically 16 bits.

64-bit interface ID

Table 3    Components of Link-local IPv6 Address

Routing and Networking Part of the Address

Unique Interface ID Derived from the Line Card MAC Address

Subnet prefix of size n bits, where n can be from 1 to 64 bits. Typically, the subnet prefix is 10 bits.

Interface ID of size 128 – n bits. Typically, the Interface ID is 118 bits.


With IPv6, an interface can have multiple IPv6 addresses of any type. For example, an interface can have three IPv6 multicast addresses, one IPv6 unicast address, and two anycast IPv6 addresses.

Some IPv6 addresses are reserved. Table 4 describes the reserved IPv6 addresses and their notation:

Table 4    Reserved IPv6 Address Notation

Address type

Binary prefix

IPv6 Notation

Unspecified

00...0 (128 bits)

::/128

Loopback

00...1 (128 bits)

::1/128

Mutlicast

11111111

FF00::/8

Link-local

1111111010

FE80::/10

Global Unicast

All addresses are GUAs except for the following:


  • Unspecified

  • Loopback

  • Multicast

  • Link-local

nnn:nnn:nnn:nnn = routing prefix


mmmmmmmmm = subnet ID


128-n-m = interface ID


1.1.3   Address Format

IPv6 addresses are typically composed of two parts: a 64-bit network or subnetwork prefix, and a 64-bit interface ID (128 bits total). Typically, IPv6 addresses are written with hexadecimal digits and colon separators in the following format:

AAAA:BBBB:CCCC:DDDD:EEEE:FFFF:GGGG:HHHH

The IPv6 hexadecimal numbering system uses decimal digits 0 to 9 and letters A, B, C, D, E, and F (which represent the numbers 10, 11, 12, 13, 14, and 15). The decimal digit 16 is represented in hexadecimal by the number 10. Each section of hexadecimal characters represents 16 bits of the address and is separated by a colon. In the previous example, AAAA represents the first section of an IPv6 address, BBBB represents the second section, and so forth.

Following is an example of an IPv6 address. In this example, all 32 hexadecimal digits are represented:

ABCD:A162:1234:1234:ABCD:1234:5432:1010

By dropping nonsignificant and leading 0s, you can shorten an IPv6 address to eight hexadecimal digits. For example, the IPv6 address 1060:0000:0000:0000:0006:0600:800C:228A can be shortened to 1060:0:0:0:6:600:800C:228A. You can shorten an IPv6 address even further by replacing consecutive 0s with double colons. For example, the IPv6 address 1060:0:0:0:6:600:800C:228A can be shortened to 1060::6:600:800C:228A.

Note:  
Double colons are allowed only once in each IPv6 address.

For more information about IPv6 address formatting, see RFC 4291, IP Version 6 Addressing Architecture.


1.2   SmartEdge Implementation of IPv6

1.2.1   Hardware Support Specifications

IPv6 subscriber services are supported on the following SmartEdge routers:

IPv6 subscriber services are supported on the following traffic cards only:

Note:  
IPv6 subscriber services are not supported on PPA1-based traffic cards.

1.2.2   Subscriber Session Specifications

Subscribers can be single-stack or dual-stack. Single-stack subscribers have only one type of IP service configured (IPv4 or IPv6) and exclusively support one type of traffic (IPv4 or IPv6). Dual-stack subscribers are authorized for both IPv4 and IPv6, and can simultaneously support both IPv4 and IPv6 traffic. Although dual-stack subscribers are authorized to simultaneously support both IPv4 and IPv6 traffic, it is not necessary for both stacks to be active at the same time.

A dual-stack subscriber consists of a single circuit bound to a single interface. Table 3 shows the number of dual-stack subscribers the SmartEdge router supports for each card type:

Table 5    Number of Dual-Stack Sessions per Card

Card Type

Number of Sessions per System

XCRP3 Controller card

32,000

XCRP4 Controller card

64,000

PPA2-based 10-port Gigabit Ethernet traffic card

16,000

2-port 60 Fast Ethernet–Gigabit Ethernet traffic card

16,000

1-port 10 Gigabit Ethernet traffic card

16,000

PPA3-based 10-port Gigabit Ethernet

24,000

PPA3-based 20-port Gigabit Ethernet

24,000

Note:  
This document describes the configuration and management of IPv6 subscriber services only. To configure IPv4 subscriber services on the SmartEdge router, see Configuring Subscribers.

1.2.3   Supported IPv6 Subscriber Configurations

The SmartEdge router supports IPv6 subscriber services for PPP and PPPoE subscribers. You can configure IPv6 prefixes statically or through DHCPv6 Prefix Delegation (PD), using the formatting rules defined in RFC 4291, IP Version 6 Addressing Architecture. The SmartEdge router uses ND to assign an IPv6 prefix to the WAN link between the BRAS and CPE router.

1.2.4   PPP Session Specifications

IPv6 Control Protocol (IPv6CP) negotiation is supported for authenticated IPv6 PPP subscribers authorized for IPv6. During IPv6CP negotiation, both ends of the PPP circuit exchange their interface IDs. If a subscriber cannot generate its own interface ID, the subscriber takes its interface ID from the subscriber record in the RADIUS database (if the record contains a client interface ID). In cases where the subscriber cannot generate an interface ID and no interface ID is available in the RADIUS database, PPP randomly generates an interface ID. The SmartEdge OS learns neighbor MAC addresses from PPP and installs those addresses in the RIB.

Dual-stack subscribers use IPv6CP for IPv6 subscribers and IPCP for IPv4 subscribers. IPCP and IPv6CP are independent of one another; if IPv6CP fails, IPCP still operates and vice-versa.

Dual-stack subscriber sessions remain active until either of the following events occur:

When IPCP and IPv6CP report that a PPP session has terminated, the SmartEdge router terminates the subscriber session.

1.2.5   Multibind Interfaces

Multibind interfaces are the only interfaces that support IPv6 subscriber services; DHCPv6 server interfaces must be configured under a multibind interface. A multibind interface allows multiple circuits to be bound to a single interface and typically is used for subscriber circuits. You can also specify a multibind interface as a last-resort interface that acts as a fallback for any incoming subscriber circuit with a subscriber record that does not include an IP address that is assigned to any other interface. If a subscriber session is established, and no valid interface exists to which it can bind, the session binds to the last-resort interface.

The following restrictions apply when you configure a multibind interface for IPv6 subscriber services:

For more information about multibind interfaces, see Configuring Contexts and Interfaces.

1.2.6   Subscriber Attributes

You can configure subscriber attributes:

1.2.6.1   Configuring Subscriber Attributes in a Subscriber Record

The SmartEdge router uses subscriber records to configure a set of subscriber attributes that are applied to subscribers. Some examples of attributes that can be configured are the subscriber name, password, authentication, access control, rate limiting, and policing information. A record is specific to the context in which the subscriber is configured.

You can configure the following IPv6-specific subscriber attributes in a subscriber record:

Note:  
To bring up an IPv6 stack, you must configure either the delegated IPv6 prefix or the neighbor discovery prefix (the framed IPv6 prefix).

You configure subscriber records in one of two ways:

The following RADIUS attributes are supported for IPv6 subscribers:

Note:  
Use RADIUS filtering to configure individual attributes to be dropped from access and access accounting request messages.

1.2.6.2   Configuring Subscriber Attributes in a Subscriber Profile

In addition to the subscriber record, you can create and assign two types of subscriber profiles:

Attributes in the subscriber record take precedence over identical attributes configured in the named subscriber profile, and attributes in the named subscriber profile take precedence over identical attributes configured in the default subscriber profile.

1.2.7   AAA Support for IPv6 Subscribers

An IPv6 subscriber must be authorized through AAA before PPP negotiates connectivity and ND processes packets. If a protocol (for example, the IPv6 protocol) is not authorized, PPP does not negotiate that protocol with a client, even when the PPP negotiation process is initiated by a client.

The following AAA attributes are supported for IPv6 subscribers:

For general information about how AAA works on the SmartEdge router, see Configuring Authentication, Authorization, and Accounting.

1.2.8   DHCPv6 Prefix Delegation

With IPv6, DHCPv6 can get IPv6 prefixes from the Delegated-IPv6-Prefix attribute in a subscriber record. In IPv4 subscriber services, the SmartEdge router uses IPCP to assign IPv4 addresses to subscribers.

When DHCPv6 has the IPv6 prefix, the DHCPv6 server then assigns that prefix to a subscriber. If the subscriber is a CPE router, it uses the prefix to derive a set of longer prefixes that are sent to its clients. Subscribers that are not CPE routers do not use delegated prefixes.

In addition to IPv6 prefix delegation, the DHCPv6 server provides additional information to a subscriber, such as the default domain and DNS name-server address.

When configuring DHCPv6, keep in mind that:

Note:  
Unlike Framed IPv6 prefixes, DHCPv6 PD prefixes do not use route tags.

For faster IPv6 prefix delegation, you can configure DHCPv6 to use the RAPID COMMIT option. With the RAPID COMMIT option, only two messages (SOLICIT and REPLY messages) are exchanged between the DHCPv6 server and the CPE. You typically use the RAPID COMMIT option when the CPE can connect to only one server.

Note:  
For general information about how DHCP works on the SmartEdge router, see Configuring DHCP.

The SmartEdge router supports both stateful and stateless DHCPv6, which are described in the sections that follow.

1.2.8.1   Stateful DHCPv6

With stateful DHCPv6, the DHCPv6 server is used for DHCPv6 prefix delegation and maintains the dynamic state of each client. The IPv6 prefixes remain assigned to the CPE until their valid lifetimes expire, or until the CPE sends a DHCPv6 RELEASE message to the DHCPv6 server. The SmartEdge OS removes the affected routes and releases the IPv6 prefixes when:

The DHCPv6 server sends delegated IPv6 prefixes and the following DNS information to the CPE:

DNS information can be configured directly under a DHCPv6 server (in DHCPv6 server policy configuration mode) or inside a subnet configured under the DHCPv6 server (in DHCPv6 server policy subnet configuration mode). The subset of DHCPv6 attributes configured inside a subnet are applicable to that subnet only. When you configure a subnet:

1.2.8.2   Stateless DHCPv6

With stateless DHCPv6, the DHCPv6 server sends only the following DNS information to the CPE:

In a stateless configuration, the DHCPv6 server does not maintain dynamic state of each client or delegate IPv6 prefixes to clients.

Note:  
With stateless DHCPv6, only those DNS options specified in the top-level DHCPv6 server policy (in DHCPv6 server policy subnet configuration mode) are applicable; stateless DHCPv6 does not support subnets.

1.2.9   Neighbor Discovery Protocol for IPv6

The SmartEdge router uses the Neighbor Discovery (ND) protocol to assign an IPv6 prefix to the WAN link of the CPE router. The ND IPv6 prefix comes from the Framed-IPv6-Prefix attribute, which can be statically configured or come from the RADIUS attribute.

In addition, the CPE uses ND to:

ND provides Duplicate Address Detection (DAD) and media-independent address resolution of on-link nodes.

For IPv6 subscriber services, the ND attributes are assigned in one of two ways:

Use the show nd profile command to see which profile a subscriber circuit is using for ND; use the show nd profile GLOBAL_DEFAULT_PROFILE command to see the default configuration used by the GLOBAL_DEFAULT_PROFILE.

Note:  
Router ND, which is configured under an individual interface and applies ND properties to the specified interface, is not supported for IPv6 subscriber services. Router ND is applicable for router-to-router connections only.

ND supports Stateless Address Autoconfiguration (SLAAC), which enables subscribing hosts to automatically configure global IPv6 addresses on their interfaces. SLAAC uses ND to advertise an IPv6 prefix or group of prefixes on-link. The host automatically configures its interface address by appending the host interface ID to the IPv6 prefix.

Note:  
SLAAC is automatic on any IPv6 prefix that is configured.

The SmartEdge OS uses its own interface ID to generate the link local-address on the WAN link.

The SLAAC process is as follows:

  1. The host sends an ND Router SOLICIT multicast message soliciting an RA. The RA contains information about on-link prefixes and whether they are available or unavailable for SLAAC.
  2. The router (which is listening for SOLICIT messages) responds to the host with a Router Advertisement (RA) message that contains the IPv6 prefix or group of prefixes identifying the interface. Any prefix advertised in an RA message has SLAAC enabled, and the host can use that IP prefix to auto-generate its IP address
  3. For IPv6 sessions, both ends of the PPP circuit exchange their interface IDs through IPv6CP negotiation. If a subscriber cannot generate its own interface ID, the subscriber takes its interface ID from the subscriber record in the RADIUS database (if the record contains a client interface ID). If the subscriber does not generate its own interface ID and an interface ID is not available in the RADIUS database, PPP randomly generates an interface ID. If the session also has an IPv4 stack, the BRAS assigns an IPv4 address to the subscriber through IPCP.
  4. Before assigning the IPv6 address to the interface, the host performs DAD on the candidate IPv6 address. If the SmartEdge OS detects a duplicate address, it logs an error message in the system log.
    Note:  
    How the CPE responds to duplicate-address detection depends on the type of equipment.

  5. The SmartEdge OS installs the global IPv6 address prefixes (the framed-IPv6-prefixes) in the RIB.

SLAAC is supported for all IPv6 (both subscriber and nonsubscriber) circuits.

Note:  
For more information about how ND works, see Configuring ND.

1.2.10   QoS Support for IPv6 Subscribers

QoS is supported on IPv6 subscriber interfaces.

Note:  
Metering, policing, and forwarding policies do not currently support policy ACLs for classification of IPv6 traffic. When IPv6 traffic is subject to a metering, policing, or forwarding policy that was configured using an IPv4 policy ACL, IPv6 packets do not match any of the classes, but are subject to the configured policy-level enforcement.

For information about how to configure QoS, see the following QoS documents:


 Caution! 
Risk of IPv6 traffic being dropped. When QoS policing and metering policies are configured such that the sum of their class-level rates is less than or equal to the policy-level rate, traffic that conforms to any of the per-class rates is given precedence above other traffic when the SmartEdge OS enforces the circuit-level rate. In a dual-stack configuration where a mix of IPv4 and IPv6 traffic is subject to a metering or policing policy, if the router classifies traffic with an IPv4 policy ACL or class definition, the IPv6 traffic is considered to be non-class-conforming. The IPv4 class-conforming traffic is then given precedence. If insufficient bandwidth is reserved for the non-class-confroming traffic, the IPv6 traffic may be dropped. To prevent this, ensure that sum of the rate values configured using the rate command under each metering or policing policy class is sufficiently less than the rate command configured at the policy level to reserve adequate bandwidth for IPv6 and other unclassified traffic. Alternatively, ensure that the sum of the class rates exceeds the circuit rate so that mode of operation that gives precedence to class-conforming traffic is not enabled.

1.2.11   Using IP ACLs for Traffic Control and IPv6 Protection

You can configure IP ACLs for IPv6 administrative protection on traffic card circuits, the Ethernet management port, and administrative traffic. Policy ACLs are not supported for IPv6 traffic. For information on how to configure IP ACLs to support IPv6, see Configuring ACLs.

1.3   Overview of PPP Session Establishment

When an IPv6 host or CPE initiates a PPP session with a BRAS, the session establishment process is as follows:

  1. A CPE initiates a PPP session with a subscriber network.
  2. A SmartEdge BRAS receives the request and creates a PPP session (single-stack or dual-stack) between the BRAS and the subscriber.
  3. If the session has an IPv4 stack, the BRAS assigns an IPv4 address to the subscriber through IPCP.
  4. An ND RA advertises 0 or more IPv6 framed prefixes on the link.
  5. The BRAS installs a route for that IPv6 prefix on the link between the BRAS and the CPE.
  6. If the subscriber sends a DHCPv6 SOLICIT to the BRAS, the BRAS uses DHCPv6 PD to assign a delegated IPv6 prefix and DNSv6 to the subscriber.
  7. IPv6 (and IPv4, if dual-stack) traffic is routed through the BRAS.

2   Configuration and Operations Tasks

This section describes the requirements, restrictions, configuration tasks, and operations tasks for configuring IPv6 subscriber services on the SmartEdge router.

2.1   Recommendations

If the subscriber is a router, we recommend assigning subscribers a /64, /56, or /48 PD prefix that can be further subdivided on downstream interfaces.

2.2   Requirements

The SmartEdge router and the CPE must each have at least one link local-address each.

2.3   Restrictions

2.4   Configuration Overview

To configure IPv6 subscriber services on a SmartEdge router:

  1. Configure an interface with a GUA on the link between the BRAS and the CPE.
  2. Configure a DHCPv6 server policy on the SmartEdge router.
  3. Configure one or more multibind interfaces to use the DHCPv6 server policy. These interfaces are called "DHCPv6 servers."
    Note:  
    To use a DHVPv6 server policy, the DHCPv6 server interfaces must be configured within the same context as the DHCPv6 server policy.

  4. Enable RADIUS or local subscriber authentication.
  5. If you do not want to use the default ND profile, create and configure an ND profile.
  6. If you are using local subscriber authentication, configure the subscriber attributes in a subscriber record. If using a non-default ND profile, reference the ND profile you created in Step 5 in the subscriber record or profile.

    If you are using RADIUS authentication, skip this step. If you are using a RADIUS server for subscriber authentication, skip this step and perform Step 7.

  7. Configure a PPP or PPPoE- encapsulated circuit on the WAN link between the BRAS and the CPE.

2.5   Configuring a SmartEdge Router to Provide IPv6 and Dual-Stack Subscriber Services

To configure IPv6 and dual-stack subscriber services:

  1. If using RADIUS to authenticate a subscriber, you can optionally configure the NAS-IPV6-Address to match the IPv6 address of the NAS:

    If you are not using RADIUS to authenticate a subscriber or do not want to configure the NAS-IPV6-Address to match the IPv6 address of the NAS, skip this step and go to step 2.

  2. Configure an interface with a GUA on the link between the BRAS and the CPE:
  3. If using a DHCPv6 server to assign IPv6 prefixes to subscribers, create and configure the DHCPv6 server policy, as described in Configure a DHCPv6 Server Policy.
  4. Configure a multibind interface to be the DHCPv6 server:
  5. Enable AAA subscriber authentication:
  6. If you are using the local database for subscriber authentication, configure the subscriber attributes in a subscriber record. If you are using a RADIUS server for subscriber authentication, skip this step and go to step 7.

    You can also configure a subset of subscriber attributes in a default or named subscriber profile, as described in " Configure the Subscriber Attributes."

  7. Configure PPP or PPP over Ethernet (PPPoE) encapsulation on the WAN link and then bind the circuit using CHAP or PAP. The circuit is now ready to perform subscriber services.

    For more information on configuring PPP and PPPoE, see Configuring PPP and PPPoE. To see how to configure the type of circuit you are using for your WAN link, see the appropriate section in Configuring Circuits.

2.6   Configuring IPv6 Subscriber Service Attributes

The end-to-end configuration in Configuring a SmartEdge Router to Provide IPv6 and Dual-Stack Subscriber Services provides only those tasks that are required for configuring IPv6 and dual-stack services on a SmartEdge BRAS. However, many additional attributes can be modified or applied to IPv6 subscribers:

2.6.1   Configure Subscriber Attributes

Subscriber attributes are applied to an IPv6 subscriber in one of the following ways:

That task that follow describes how to configure various IPv6-specific subscriber attributes in a subscriber record or profile. Perform these tasks in one of the following modes:

Table 6    Subscriber Attribute Configuration Modes

To configure attributes for:

Perform these tasks in:

A subscriber record

Subscriber configuration mode

A default subscriber profile

Default subscriber profile configuration mode

A named subscriber profile

Subscriber profile name configuration mode

Note:  
Attributes in the subscriber record take precedence over identical attributes configured in the named subscriber profile, and attributes in the named subscriber profile take precedence over identical attributes configured in the default subscriber profile.

To configure various IPv6-specific subscriber attributes in a subscriber record or profile:

  1. Use the configure command to access global configuration mode.
  2. Use the context command to access context configuration mode.
  3. Use the subscriber command as follows to access subscriber configuration mode for the specified IPv6 subscriber:

    subscriber {name | default | profile}

  4. Use the ipv6 delegated-prefix command as follows to specify the prefix to use for DHCP prefix delegation:

    ipv6 delegated-prefix ipv6-prefix

    This command is available in IPv6 subscriber record configuration mode only; you cannot configure the ipv6 delegated-prefix command in a subscriber profile.

  5. Use the ipv6 framed-prefix command as follows to specify the prefix that will be advertised to subscribers using ND:

    ipv6 framed-prefix ipv6-prefix

    Replace the ipv6-prefix argument with a prefix that does overlap with any other interface prefix.

    Note:  
    This command is available in IPv6 subscriber record configuration mode only; you cannot configure the ipv6 framed-prefix command in a subscriber profile.

  6. Use the ipv6 framed-route command as follows to specify a static IPv6 route that will be installed for subscriber:

    ipv6 framed-route ipv6-prefix next-hop metric

    Note:  
    This command is available in IPv6 subscriber configuration mode only; you cannot configure the ipv6 framed-route command in a subscriber profile.

  7. Use the ipv6 nd-profile command as follows to assign an ND profile to be used with the given subscriber or subscriber profile:

    ipv6 nd-profile name

  8. Use the dns6 command to specify the primary and secondary DNS IPv6 addresses:

    dns6 {primary | secondary} ipv6-address

  9. Use the ipv6 source-validation command to enable source validation for IPv6.

Table 5 describes the additional subscriber attributes you can configure that are not stack-specific. Configure the attribute commands in subscriber, default subscriber profile, or subscriber profile name configuration mode unless otherwise specified.

Note:  
A subscriber record or profile may contain additional attributes that are not applicable to the stack of a subscriber. In such cases, only the applicable attributes are provisioned for the subscriber. For example, a profile that is applied to an IPv6 subscriber may contain IPv4 attributes that are not provisioned.

For more information about these attributes and the configuration of subscriber records and profiles, see Configuring Subscribers.

Table 7    Additional Subscriber Attributes In a Profile or Subscriber Record

Root Attribute Command

Description

access-line adjust

Uses information received from the DSLAM to adjust the rate.

bulkstats schema

Applies a bulkstats schema to the subscriber profile for this context.

dns

Specifies the primary and secondary DNS server IPv4 addresses


This attribute is applicable to IPv4 and dual-stack subscribers only.

flow

Applies a flow policy.

framed-route allow-ecmp

Configures the framed-route attribute for this context.

ip

Applies IP attributes.

mtu

Sets the subscriber MTU.


Range is from 256 through 12800.

nbns

Sets the NBNS server address.

port-limit

Limits the number of sessions a subscriber can access simultaneously.

ppp mtu

Sets the MTU used by PPP for the subscriber circuit.

pppoe client route

Configures the PPPoE client for PPPoE subscribers.

pppoe motm

Creates the message of the minute (MOTM) that the subscriber sees when first logging on.

pppoe url

Sets the subscriber’s PPPoE client to point the subscriber’s browser to a specific location after the PPP session is established

propogate qos from ip

Modifies the internal classification settings of packets sent or received from the subscriber.

qos node-reference

Sets the QoS node reference.

qos policy queuing

Applies a QoS policy.

rate

Configures inbound and outbound policy circuit rates.

rate-adjust dhcp pwfq

Sets rate adjustment.

sbc

Configures the SBC adjacency.

session-action

Sets the AAA session action.

session-limit

Sets a limit to the number of sessions allowed for each subscriber line identified by an agent circuit ID or agent remote ID.

shaping-profile

Assigns an ATM shaping profile.

timeout

Sets absolute or idle session timeout value.

2.6.2   Configure a DHCPv6 Server Policy

Configure DHCPv6 service policy attributes:

  1. Use the configure command to access global configuration mode.
  2. Use the context command to access context configuration mode.
  3. Use the dhcpv6 server command to create a DHCPv6 server policy and access DHCPv6 server policy configuration mode. Only one DHCPv6 server policy is allowed for a context.
  4. Use the option domain-name-server command as follows to specify the IP address of a DNS name server:

    option domain-name-server server-address

  5. Use the option domain-search command as follows to specify a domain name for DNS resolution:

    option domain-search domain-name

  6. Use the option information-refresh-time command as follows to specify the number of seconds a client waits before refreshing the configuration information received from the DHCPv6 server:

    option information-refresh-time seconds

    Range is from 600 through 4294967295 seconds.

  7. Use the option preference command as follows to configure the preference value for this DHCPv6 server:

    option preference integer

    A DHCPv6 server with a lower value is preferred over a server with a higher value.

    Range is from 0 through 255.

  8. Use the option rapid-commit command to enable Rapid Commit for faster IPv6 prefix delegation.

    With the RAPID COMMIT option, only two messages (SOLICIT and REPLY messages) are exchanged between the DHCPv6 server and the CPE. We recommend using the RAPID COMMIT option when there is only one server for a client to connect to.

  9. Use the prefix lifetime command as follows to configure the length of time the subscriber router can use a delegated IPv6 prefix and a given DHCPv6 prefix:

    prefix lifetime {preferred seconds valid seconds | infinite}

    Set the prefix lifetime as follows:

  10. If required, configure a subset of DHCPv6 attributes that apply to a particular subnet only. Options configured for the subnet take precedence over options specified in the top-level DHCPv6 server policy:

2.7   Configuring ND Attributes

For IPv6 subscriber services, the SmartEdge router acquires ND attributes in one of two ways:

Note:  
If you do not reference an ND profile in a subscriber profile or record, the router automatically assigns a default ND profile (called the GLOBAL_DEFAULT_PROFILE) to the subscriber circuit. Use the show nd profile command to see which profile a subscriber circuit is using for ND; use the show nd profile GLOBAL_DEFAULT_PROFILE command to see the default configuration used by the GLOBAL_DEFAULT_PROFILE.

To create and configure an ND profile for IPv6 subscribers:

  1. Access context configuration mode.
  2. Access ND profile configuration mode or ND router configuration mode.
  3. Use the ra-interval command as follows to configure the interval between transmissions for RA messages:

    ra-interval seconds

  4. Use the ra lifetime command as follows to configure the router advertisement lifetime in seconds:

    ra lifetime seconds

    Replace seconds with the total number of seconds the prefix remains valid.

    Note:  
    Setting the RA interval to 0 suppresses the sending of RAs.

  5. Use the ra managed-config command to configure the router advertisement to contain the managed address configuration flag. This flag is included in IPv6 RAs, indicating to hosts that they should use the managed (stateful) protocol for address autoconfiguration in addition to any addresses autoconfigured using stateless address autoconfiguration.
  6. Use the ra other-config command to configure the router advertisement to contain the other stateful configuration flag. This flag is included in IPv6 router advertisements, indicating to hosts that they should use the administered (stateful) protocol to obtain autoconfiguration information other than addresses.
  7. Use the ns-retry-interval command as follows to specify a value for the Retrans Timer field, which is the length of time between retransmitted Neighbor Solicitation (NS) messages:

    ns-retry-interval milliseconds

  8. Use the dad-transmits num-dad-transmits command to specify the number of Neighbor Solicitation (NS) messages the SmartEdge router sends to its peers for DAD. Replace num-dad-transmits with the number of DAD NS messages to send; the range of values is 0 to 3. A value of 0 disables NS message transmission.
  9. Use the proto-down-on-dad command to enable the SmartEdge router to send a request to bring down the IPv6 stack of the subscriber circuit in which a DAD failure is detected.
  10. Use the reachable-time command as follows to specify a value for the Reachable Time field, which is the length of time this ND router or ND router interface assumes that a neighbor is reachable:

    reachable-time milliseconds

    This attribute enables the router to detect unavailable neighbors. The reachable time value is advertised by the RA messages sent by the router.

  11. Use the preferred-lifetime command as follows to configure the lifetime of the preferred router advertisement:

    preferred-lifetime seconds

    Replace seconds with the length of time (in seconds) an advertised prefix remains preferred.

  12. Use the valid-lifetime command as follows to configure the router advertisement to list a specified prefix for a valid lifetime:

    valid-lifetime seconds

    Replace seconds with the length of time the addresses generated from the prefix remain valid.

Note:  
The SmartEdge router does not support the use of router ND (where ND is configured under a specific interface) for IPv6 subscriber services. Any router ND configuration that exists under an interface is ignored for subscribers bound to that interface.

2.8   IPv6 Subscriber Services Operations

To manage IPv6 subscriber service functions, perform the appropriate tasks described in Table 6. Enter the show commands in any mode.

Table 8    IPv6 Subscriber Services Operations Tasks

Root Command

Task

clear dhcpv6 statistics

Clear DHCPv6 statistics.

debug ipv6 policy

Enable generation of debug messages for an IPv6 policy.


debug ipv6 prefix-library

Enable generation of debug messages for the IPv6 prefix library.

debug ipv6 prefix-list

Enable generation of debug messages for the maintenance of IP Version 6 (IPv6) prefix lists and for the comparison of IPv6 prefix entries to IPv6 prefix lists.

debug ipv6 routing


Enable generation of IP routing debug messages.

show dhcpv6 log

Display the DCHPv6-PD log.


You can filter the log history by circuit, server or client DUID, or IPv6 prefix.

show dhcpv6 server duid

Display the DUID that the DHCPv6 server onboard the SmartEdge is using to communicate with its DHCPv6 clients .

show dhcpv6 server host

Display all the active DHCPv6 clients.


Display more information with the detail keyword.

show dhcpv6 server host circuit

Display the active DHCPv6 clients on a circuit.

show dhcpv6 server host prefix

Display the active DHCPv6 clients that use a prefix.

show dhcpv6 server host subnet

Display the active DHCPv6 clients on a subnet.

show dhcpv6 statistics

Display DHCPv6 Statistics.


Include the detail keyword in the command string to display additional information pertaining to DHCPv6 statistics.

show ipv6 all-host

Display information about all IPv6 hosts stored in the local host table for the current context.

show ipv6 dynamic-host

Display IPv6 dynamic hostname and system ID mapping.

show ipv6 host

Display all static hostname-to-IPv6 address mappings stored in the local host table for the current context.

show ipv6 interface

Display information about IPv6 interfaces, including the interface bound to the Ethernet management port on the controller card.

show ipv6 mroute

Display the IPv6 Protocol Independent Multicast (PIM) routing table.

show ipv6 policy access-list

Display information about IPv6 subscriber policies configured in the current context.

show ipv6 prefix-list

Display information about configured IPv6 prefix lists.

show ipv6 route

Display information about all IPv6 routes.

show nd profile

Displays ND profile information for a context.

show nd-circuit

Displays ND circuit information for one or more ND circuits.

show nd statistics

Displays global statistics for one or more ND router interfaces.

show subscribers active

Display the attributes of active IPv6 subscriber sessions.

show subscribers summary

Displays the total number subscribers and their encapsulations in the current context.

3   Examples

The examples that follow show how to configure a SmartEdge router to provide IPv6 subscriber services to PPP subscribers.

3.1   End-to-End Solution Configurations

The examples that follow provide end-to-end configuration for a SmartEdge router in a BRAS solution. The examples presented show how to configure a BRAS to use stateful and stateless DHCPv6 to support dual-stack subscribers.

3.1.1   Configure a BRAS for Dual-stack Subscriber Support Using Stateful DHCPv6

This example results in a configuration where:

Figure 1 displays the network topology for this configuration example.

Figure 1   Sample Dual-Stack IPv6 Topology

In this topology:

  1. A subscribing PC requests an IPv6 prefix from the CPE, which is a router.

  2. The CPE initiates a PPP connection between the BRAS and the CPE, and LCP comes up.
  3. The BRAS requests authorization of the subscriber through the RADIUS server.
  4. On successful authorization, the CPE negotiates IPv6CP and IPCP between the BRAS and the CPE router:
  5. The BRAS advertises an IPv6 prefix to the CPE in an ND message.
  6. The BRAS adds a route for the IPv6 prefix in its routing tables.
  7. The CPE sends a DHCPv6 SOLICIT message to the BRAS to get the delegated prefixes and other information.
  8. The BRAS returns a DHCPv6 ADVERTISE message to the CPE with a delegated IPv6 prefix and DNS information.
  9. The CPE sends a DHCPv6 REQUEST message to the BRAS, confirming that the CPE accepts the delegated prefix.
  10. The BRAS sends a DHCPv6 REPLY message to the CPE, confirming that the delegated prefix belongs to the CPE.
  11. The BRAS adds the IPv6 prefix to the routing table, and the CPE uses the delegated prefix to derive a longer IPv6 prefix for the downstream interfaces.

The example that follows shows the configuration of the SmartEdge router only. For RADIUS and CPE configuration, see the documentation for those products.

Configure two interfaces between the BRAS and the CPE; each interface has its own IPv4 and IPv6 GUA address. One interface is a loopback interface, and the other is a non-loopback interface. A loopback interface is not required on the WAN link; this example shows one possible configuration:

[local]BRAS#configure

[local]BRAS(config)#context SJ1

[local]BRAS(config-ctx)#interface test-lb loopback

[local]BRAS(config-if)#ip address 155.13.1.1/24

[local]BRAS(config-if)#ipv6 address 2001:db8:b:4f::1/64

[local]BRAS(config-if)#exit

[local]BRAS(config-ctx)#interface to-cpe

[local]BRAS(config-if)#ip address 155.15.1.1/24

[local]BRAS(config-if)#ipv6 address 2001:db8:b:5f::1/64

Configure the DHCPv6 server policy:

[local]BRAS(config-ctx)#dhcpv6 server

[local]Redback(config-dhcpv6-server)#option domain-name-server 2005:db8:b:3f::2

[local]Redback(config-dhcpv6-server)#option domain-search SJ1.com

[local]Redback(config-dhcpv6-server)#option preference 5 

[local]Redback(config-dhcpv6-server)#option information-refresh-time 3000000

[local]Redback(config-dhcpv6-server)#option rapid-commit 

[local]Redback(config-dhcpv6-server)#prefix lifetime preferred 3600 valid 7200

[local]BRAS(config-dhcp-server)#subnet 2001:a:b:3f::/64

[local]Redback(config-dhcpv6-subnet)#option-domain-name-server 2008:db8:b:3f::1

[local]Redback(config-dhcpv6-subnet)#option domain-search NY1.com

[local]Redback(config-dhcpv6-subnet)#prefix lifetime preferred 900 valid 1200

Configure a multibind interface to be the DHCPv6 server that uses the DHCPv6 server policy. In this example, the DHCPv6 server is a last-resort interface called test-last. Any subscriber circuit that attempts to come up binds to this interface. The ipv6 unnumbered command enables IP processing on the test-lb interface without assigning it an explicit IP address:

[local]BRAS(context)#interface test-last multibind lastresort

[local]BRAS(config-if)#ipv6 unnumbered test-lb

[local]BRAS(config-if)#dhcpv6 server interface

Enable AAA to authenticate subscribers through the SmartEdge router local database. Subscribers are authenticated according to parameters set in the subscriber profile for the current context:

[local]BRAS(context)#aaa authentication subscriber local

Note:  
To configure subscriber attributes in a subscriber profile, see Configure the Subscriber Attributes. For more information about AAA subscriber authentication, see Configuring Authentication, Authorization, and Accounting.

Create a user record for the subscriber test. The configuration specified in this profile is applied to subscribers destined for the IP address 155.13.1.10. The ipv6 framed-prefix command specifies the IPv6 prefix (2001:db8:b:4f::/64) assigned to the subscriber (using ND or a static assignment). The ipv6 delegated-prefix command specifies the IPv6 prefix (2001:db8:1::/48) to be used for DHCPv6 PD. The nd-profile command assigns the abc profile to the subscriber test.

[local]BRAS(context)#subscriber name test

[local]BRAS(config-sub)#ip address 155.13.1.10

[local]BRAS(config-sub)#ipv6 framed-prefix 2001:db8:b:4f::/64

[local]BRAS(config-sub)#ipv6 delegated-prefix 2001:db8:1::/48

[local]BRAS(config-sub)#ipv6 nd-profile abc

Configure PPPoE encapsulation on an 802.1Q PVC and then bind the PVC using CHAP:

[local]BRAS(config)#port ethernet 12/1

[local]BRAS(config-port)#encapsulation dot1q

[local]BRAS(config-port)#dot1q pvc 1 encap pppoe

[local]BRAS(config-dot1q-pvc)#bind authentication chap

Create a second PVC with multiprotocol encapsulation (creating a child circuit), and set the protocol of the child circuit to PPPoE. Bind the PVC using CHAP:

[local]BRAS(config-port)#dot1q pvc 2 encapsulation multi

[local]BRAS(config-dot1q-child-proto)#circuit protocol pppoe

[local]BRAS(config-dot1q-child-proto)#bind authentication chap

3.1.2   Configure a BRAS for Dual-stack Subscriber Support Using Stateless DHCPv6

This example results in a configuration where:

Figure 1 displays the network topology for this configuration example.

Figure 2   Sample Dual Stack IPv6 Topology

In this topology, messages are exchanged between the BRAS and the subscriber through the CPE bridge as follows:

  1. The subscribing client sends DHCPv6 Informational Message Request to Obtain DNS Parameters.
  2. The BRAS returns a DHCPv6 Reply message to the subscribing client with the requested DNS information (all DNS options configured under the DHCPv6 server profile).

The example that follows shows the configuration of the SmartEdge router only. For RADIUS and CPE configuration, see the documentation for those products.

Configure an interface between the BRAS and the CPE; the interface has its own IPv4 and IPv6 GUA address:

[local]BRAS#configure
[local]BRAS(config)#context SJ1
[local]BRAS(config-ctx)#interface to-cpe
[local]BRAS(config-if)#ip address 155.15.1.1/24
[local]BRAS(config-if)#ipv6 address 2001:db8:b:5f::1/64
 

Configure the DHCPv6 server policy:

[local]BRAS(config-ctx)#dhcpv6 server
[local]Redback(config-dhcpv6-server)#option domain-name-server 2005:db8:b:3f::2
[local]Redback(config-dhcpv6-server)#option domain-search SJ1.com
[local]Redback(config-dhcpv6-server)#option information-refresh-time 700  

Configure a multibind interface to be the DHCPv6 server. In this example, the DHCPv6 server is a last-resort interface called test-last. Any DHCPv6 subscriber circuit that attempts to come up binds to this interface. The ipv6 unnumbered command configures the test-last interface to use the IPv6 address from the to-cpe interface:

[local]BRAS(context)#interface test-last multibind lastresort
[local]BRAS(config-if)#ip unnumbered to-cpe
[local]BRAS(config-if)#dhcpv6 server interface

Enable AAA to authenticate subscribers through the SmartEdge router local database. Subscribers are authenticated according to parameters set in the subscriber profile for the current context:

[local]BRAS(context)#aaa authentication subscriber local

 
Note:  
To configure subscriber attributes in a subscriber profile, see Configure the Subscriber Attributes. For more information about AAA subscriber authentication, see Configuring Authentication, Authorization, and Accounting.

Create a user record for the subscriber test. The configuration specified in this profile is applied to subscribers destined for the IP address 155.13.1.10. The ipv6 framed-prefix command specifies the IPv6 prefix (2001:db8:b:4f::/64) assigned to the subscriber (using ND or a static assignment). The nd-profile command assigns the abc profile to the subscriber test:

[local]BRAS(context)#subscriber name test
[local]BRAS(config-sub)#ip address 155.13.1.10
[local]BRAS(config-sub)#ipv6 framed-prefix 2001:db8:b:4f::/64
[local]BRAS(config-sub)#ipv6 nd-profile abc

Configure PPPoE encapsulation on an 802.1Q PVC and then bind the PVC using CHAP:

[local]BRAS(config)#port ethernet 12/1
[local]BRAS(config)#encapsulation dot1q
[local]BRAS(config-port)#dot1q pvc 1 encap pppoe
[local]BRAS(config-dot1q-pvc)#bind authentication chap

Create a second PVC with multiprotocol encapsulation (creating a child circuit), and set the protocol of the child circuit to PPPoE. Bind the PVC using CHAP:

[local]BRAS(config-port)#dot1q pvc 2 encapsulation multi
[local]BRAS(config-dot1q-child-proto)#circuit protocol pppoe
[local]BRAS#bind authentication chap

3.2   Detailed Configuration Examples for Individual Elements of an IPv6 BRAS Solution

The sections that follow provide detailed, extended configuration examples for the individual elements of a BRAS IPv6 solution.

3.2.1   Configuring NAS IPv6 Address

The following example shows how to configure the NAS IPv6 address:

[local]BRAS#configure

[local]BRAS(config)#context SJ1

[local]BRAS(config-ctx)#radius attribute NAS-IPV6-Address interface if1

3.2.2   Configuring a Subscriber Profile

The following example creates subscriber profile sj-sub-10:

local]Redback(config-ctx)#subscriber profile sj-sub-10

[local]Redback(config-sub)#ipv6 delegated-prefix 2001:a:b:4f::1/128

[local]Redback(config-sub)#ipv6 framed-prefix 2002:a:b:5f::1/128 

[local]Redback(config-sub)#ipv6 nd-profile abc

3.2.3   Configuring a Subscriber Record

The following example configures subscriber record test:

[local]Redback(config-ctx)#subscriber name test

[local]Redback(config-sub)#ipv6 delegated-prefix 2001:db8:b:4f::1/48

[local]Redback(config-sub)#ipv6 framed-prefix 2002:a:b:5f::1/48 

[local]Redback(config-sub)#ipv6 nd-profile abc 

[local]Redback(config-sub)#ipv6 framed-route 2010:db8:b:5f::1/48 2002:db8:b:5f::1 1000

[local]Redback(config-sub)#ipv6 source-validation

[local]Redback(config-sub)#profile sj-sub-10

3.2.3.1   Configure a DHCPv6 Profile

Configure the DHCPv6 server policy. In this example, the network administrator:

[local]Redback(config-ctx)#dhcpv6 server

[local]Redback(config-dhcpv6-server)#option domain-name-server 2005:db8:b:3f::

[local]Redback(config-dhcpv6-server)#option domain-search SJ1.com

[local]Redback(config-dhcpv6-server)#option preference 5

[local]Redback(config-dhcpv6-server)#option information-refresh-time 3000000

[local]Redback(config-dhcpv6-server)#option rapid-commit

[local]Redback(config-dhcpv6-server)#prefix lifetime preferred 3600 valid 7200

[local]Redback(config-dhcpv6-server)#subnet 2001:db8:b:3f::/68

[local]Redback(config-dhcpv6-server)#prefix lifetime preferred 2000 valid 4000

[local]Redback(config-dhcpv6-server)#subnet 2001:db8:2:2::/68

[local]Redback(config-dhcpv6-subnet)#option-domain-name-server 2008:db8:4000:1::2

[local]Redback(config-dhcpv6-subnet)#option domain-search subnet.corp.com

[local]Redback(config-dhcpv6-subnet)#prefix lifetime infinite