×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ASR9000/XR: BNG and Dual-stack ipv4 and ipv6 sessions

Document

Fri, 04/07/2017 - 03:52
Jan 14th, 2014
User Badges:
  • Cisco Employee,

Introduction

This document provides an overview for dual stack sessions for ASR9000 BNG, running ipv4 and ipv6 address stacks next to each other for subscriber sessions.

Dual Stack

Dual stack refers to the concept of running a subsciber session with an IPv4 address as well as an IPv6 address.

Deployment models and general concept

Screen Shot 2014-01-14 at 8.46.52 AM.png

Address Assignment

To unravle the complex terminology associated with address assignment in particular to IPv6 this picture below shows the various address assignment options available.

Screen Shot 2014-01-14 at 8.47.07 AM.png

You can also use the framed-ipv6-address radius attribute to provide an address to the subscriber from radius which then will be advertised

via SLAAC (NA/ND) for both PPPoE and IPoE sessions.

The additional attribute ipv6:ipv6-default-gateway VSA can be used to provide the default router in case no dhcpv6 is used for IPoE sessions.

IPv6 Addressing

When it comes to "prefix delegation" that is having a large IPv6 like subnet that is shared between subscribers who get a subnet from that subnet sort of speak the following addressing example hopefully visualizes how it all ties together

Addressing mapping

Slide1.jpg

Configuration CPE

The following 2 secions provide the configuration for the client side and the WAN side of the CPE

PC client side of the CPE

interface GigabitEthernet0/2

description to switch fa0/15

ip address 192.168.1.1 255.255.255.0

no ip unreachables

ip nat inside

ip virtual-reassembly

duplex full

speed 100

media-type rj45

negotiation auto

ipv6 address prefix-from-provider ::1:0:0:0:1/64

ipv6 enable

 

WAN side of the CPE

interface FastEthernet2/0.50

encapsulation dot1Q 50

ipv6 address autoconfig default

ipv6 enable

ipv6 dhcp client pd prefix-from-provider

 

In these examples we are expanding the delegated prefix with a :1/64 and we perceive ourselves to be the ".1" and default gateway.

Configuration DHCPv6 Server

ipv6 unicast-routing

ipv6 dhcp pool dhcpv6

prefix-delegation pool dhcpv6-pool1 lifetime 6000 2000

ipv6 route 2001:60:45:28::/64 2005::1

ipv6 route 2001:DB8:1200::/40 2005::1

ipv6 route 200B::/64 2005::1

ipv6 route 2600:80A::9/128 4000::1

ipv6 local pool dhcpv6-pool1 2001:DB8:1200::/40 48

More info on IOS dhcpv6 server:

http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a0080b8a116.shtml

Operation and Call Flow

Because ASR9000 treats the 2 stacks as a single subscriber, and hence ONE access request and a SINGLE accounting record are generated for both stacks, differences of desired operation exist when it comes to when for isntance to generate an accounting request.

There are 2 key things to consider and of importance:

  • When the first AF comes up, an access-request is generated, the access-accept should contain BOTH ipv4 and ipv6 information for the session although there is no second request for the other AF maybe yet
  • An accounting-start can be generated as soon as the first AF comes up, we can wait for a determined period of time and generate a single accounting start record for BOTH AF's, or we can do a triggered interim accounting record when the second AF comes up.

Call Flows

Dual stack generic call flow

Screen Shot 2014-01-14 at 8.46.33 AM.png

PPPoE DS detailed call flow SLAAC based address assignment

Screen Shot 2014-01-14 at 9.07.40 AM.png

PPPoE DS detailed call flow DHCPv6 based address assignment

Screen Shot 2014-01-14 at 8.57.06 AM.png

IPoE DS detailed callflow IPv4 AF starts first

Screen Shot 2014-01-14 at 8.57.30 AM.png

IPoE DS detailed callflow IPv6 AF starts first

Screen Shot 2014-01-14 at 8.57.36 AM.png

Sample Scenario

Sample Topology for the configuration example

Screen Shot 2014-01-14 at 8.39.37 AM.png

Configuration

hostname bng

logging console   debugging

Radius server configuration.

Radius server is listening on 5.5.5.2 with auth-port on 1645 and accounting-port on 1646

radius-server   host 5.5.5.2 auth-port 1645 acct-port 1646

key 7 010107000A5955

!

COA server or policy-server with ip-address 5.5.5.2 is running

aaa server   radius dynamic-author

client 5.5.5.2 vrf default server-key 7   03165A0F575D72

!

aaa group server   radius RADIUS

server 5.5.5.2 auth-port 1645 acct-port 1646

!

aaa accounting   service default group radius

aaa accounting   subscriber default group radius

aaa   authorization subscriber default group radius

aaa   authentication subscriber default group radius

line console

stopbits 1

!

DHCPv6 address pool is defined locally within BNG box and local pool is used for ipv6 address assignment to IPv6 BNG clients

pool vrf default   ipv6 ipv6_address_pool

address-range 2001::2 2001::7dff

!

 

DHCPv4 server with ip address 20.20.20.2 is deployed externally and this ipv4 address should be reachable from BNG device. Routing protocols should take care of reachability of 20.20.20.2 from BNG device. DHCPv4 proxy is configured as follows.

dhcp ipv4

profile IPoEv4   proxy

helper-address vrf default 20.20.20.2   giaddr 10.10.10.1

!

 

DHCPv4 proxy is enabled on bundle sub-interface

interface   Bundle-Ether1.10 proxy profile IPoEv4

!

 

DHCPv6 server is configured and already configured DHCPv6 address pool is referred within DHCPv6 server configuration. DHCPv6 profile is configured as follows with address pool.

dhcp ipv6

   profile IPoEv6 server

   address-pool ipv6_address_pool

!

 

DHCPv6 address pool is referred on bundle sub-interface.

interface   Bundle-Ether1.10 server profile IPoEv6

!

interface   Bundle-Ether1

bundle   maximum-active links 1

!

Bundle sub-interface with dot1q encapsulation configured with single tag. Subscriber traffic from

CPE should come with single dot1q tag and this vlan tag should match with vlan id 10 configured under bundle sub-interface. In dual-stack IPoE configuration,   “initiator dhcp” is configured ipv4/ipv6 l2 connect mode.

Policy-map type control’s name is referred with service-policy

interface   Bundle-Ether1.10

ipv4   point-to-point

ipv4 unnumbered   Loopback1

ipv6 enable

service-policy   type control subscriber pm-src-mac

encapsulation   dot1q 10

ipsubscriber   ipv4 l2-connected

initiator dhcp

!

ipsubscriber ipv6 l2-connected

initiator dhcp

!

!

Ipv4 address 10.10.10.1 is default-gateway ip address for pool of ipv4 address allocated to dual-stack BNG clients

interface   Loopback1

ipv4 address 10.10.10.1 255.255.255.0

ipv6 enable

!

interface   MgmtEth0/RSP0/CPU0/0

ipv4 address 9.22.11.3 255.255.0.0

!

interface   MgmtEth0/RSP0/CPU0/1

shutdown

!

 

Physical interface gigabit0/0/0/0 is configured as bundle interface.

interface   GigabitEthernet0/0/0/0

bundle id 1 mode on

negotiation auto

transceiver permit pid all

!

interface   GigabitEthernet0/0/0/1

ipv4 address 20.20.20.1 255.255.255.0

transceiver permit pid all

!

interface GigabitEthernet0/0/0/5

ipv4 address 5.5.5.1 255.255.255.0

!

Dual-stack dynamic-template is configured for dual-stack initiation. “ipv6 enabled” under dual-stack template and ipv4 unnumbered

address, ipv4 urpf configured.

dynamic-template

   type ipsubscriber Dual_stack_IPoE

     accounting aaa list default type   session periodic-interval 5

     ipv4 verify unicast source   reachable-via rx

     ipv4 unnumbered Loopback1

     ipv6 enable

!

!

Class-map configured for dual-stack scenario to match DHCPv6 – SOLICIT and DHCPv4 DISCOVER as sign of life packet

class-map type   control subscriber match-any dual_stack_class_map

   match protocol dhcpv4 dhcpv6

   end-class-map
!

 

Class-map “Dual_stack_class_map “ is referred within policy-map.   Even session-start is hit based on DHCPv4/DHCPv6 FSOL, template “Dual_stack_IPoE” is activated.   Subscriber mac-address is used as subscriber identification and it is authorized with AAA server

policy-map type   control subscriber pm-src-mac

event session-start match-all

   class type control subscriber   dual_stack_class_map do-all

     1 activate dynamic-template   Dual_stack_IPoE

     2 authorize aaa list default identifier   source-address-mac password cisco

!

!

end-policy-map

!

end

 

Verification example

”show subscriber session all” command shows ipv4/ipv6 clients session active

RP/0/RSP0/CPU0:bng#show   subscriber session all

Tue Jan 29   12:49:25.237 UTC

Codes: IN -   Initialize, CN - Connecting, CD - Connected, AC - Activated,

       ID - Idle, DN - Disconnecting, ED -   End

Type         Interface               State     Subscriber IP Addr / Prefix

                                                 LNS Address (Vrf)                            

--------------------------------------------------------------------------------

IP:DHCP     BE1.10.ip22             AC       10.10.10.10 (default)

                                                 2001::2 (default)               

     

 

Command “show subscriber session all detail” should show ipv4/ipv6 clients details detailly.

RP/0/RSP0/CPU0:bng#show   subscriber session all deta

Tue Jan 29   12:49:27.752 UTC

Interface:               Bundle-Ether1.10.ip22

Circuit ID:               Unknown

Remote ID:               Unknown

Type:                     IP: DHCP-trigger

IPv4 State:               Up, Tue Jan 29 12:46:32 2013

IPv4   Address:             10.10.10.10, VRF:   default

IPv6 State:               Up, Tue Jan 29 12:46:42 2013

IPv6   Address:            2001::2, VRF: default

IPv6 Interface   ID:       ..d..... (02 00 64 ff fe 01   01 02)

Mac   Address:             0000.6401.0102

Account-Session   Id:       0000001c

Nas-Port:                 Unknown

User name:               0000.6401.0102

Outer VLAN ID:           10

Subscriber   Label:         0x00000055

Created:                 Tue Jan 29 12:46:32 2013

State:                   Activated

Authentication:           unauthenticated

Access-interface:         Bundle-Ether1.10

Policy Executed:

policy-map type   control subscriber pm-src-mac

event Session-Start match-all [at Tue Jan   29 12:46:32 2013]

   class type control subscriber   dual_stack_class_map do-all [Succeeded]

     1 activate dynamic-template   Dual_stack_IPoE [Succeeded]

     2 authorize aaa list default   [Succeeded]

Session   Accounting:      

Acct-Session-Id:         0000001c

Method-list:             default

Accounting started:       Tue Jan 29 12:46:32 2013

Interim accounting:       On, interval 1 mins

   Last successful update: Tue Jan 29   12:48:34 2013

   Next update in:         00:00:06 (dhms)

Last COA request   received: unavailable

”show dhcp ipv4 proxy binding” command is going to show ipoev4 clients created with ip-address and mac-address, interface on which it is created, vrf-name etc

RP/0/RSP0/CPU0:bng#show   dhcp ipv4 proxy binding

Tue Jan 29   12:49:42.955 UTC

 

                                             Lease                                                

 

MAC Address     IP Address     State     Remaining       Interface         VRF     Sublabel

-------------- -------------- ---------   --------- ------------------- ---------   ----------

 

0000.6401.0102 10.10.10.10     BOUND     3409       BE1.10               default   0x55      

 

 

RP/0/RSP0/CPU0:bng#show   dhcp ipv4 proxy binding de

Tue Jan 29   12:49:49.498 UTC

MAC   Address:                 0000.6401.0102

VRF:                         default

 

Server VRF:                 default

IP Address:                 10.10.10.10

Giaddr from   client:         0.0.0.0

Giaddr to   server:           10.10.10.1

Server IP   Address:           20.20.20.2

Server IP   Address to client: 10.10.10.1

ReceivedCircuit   ID:         -

InsertedCircuit   ID:         -

ReceivedRemote   ID:           -

InsertedRemote   ID:           -

ReceivedVSISO:               -

InsertedVSISO:               -

Auth. on   received relay info:FALSE

Profile:                     IPoEv4

State:                       BOUND

Proxy   lease:                 3600 secs   (01:00:00)

Proxy lease   remaining:       3403 secs (00:56:43)

Client ID:                     0x00-0x00-0x64-0x01-0x01-0x02

Access   Interface:           Bundle-Ether1.10

Access VRF:                 default

VLAN Id:                     10

Subscriber   Label:           0x55

Subscriber   Interface:       Bundle-Ether1.10.ip22

“show dhcp ipv6 server binding” is going to show ipv6 address allocated from DHCPv6 local pool

RP/0/RSP0/CPU0:bng#show   dhcp ipv6 server binding

Tue Jan 29   12:50:04.560 UTC

Summary:

Total number of   clients: 1

DUID   : 00030001000064010102

MAC Address: 0000.6401.0102

Client Link Local: fe80::200:64ff:fe01:102

Sublabel: 0x55

   IA ID: 0x0

   STATE: BOUND

   IPv6 Address: 2001::2 (Bundle-Ether1.10)

       lifetime : 600 secs (00:10:00)

       expiration: 399 secs (00:06:39)

RP/0/RSP0/CPU0:bng#

 

Related Information

Configuration example and verification provided by Narendiran Rajaram

Xander Thuijs CCIE #6775

Principal Engineer ASR9000, IOS-XR and NCS6000

Loading.
andersonlich Tue, 01/14/2014 - 22:07
User Badges:

Hi Alex,


i am deploying IPoE Dual Stack IPv4 and IPv6 and i am using version 5.1.0

i used Radius to allocated IPv6 on WAN-CPE(/64) and LAN-CPE (/64)


Framed-IPv6-Prefix, used for the WAN-CPE

Delegated-IPv6-Prefix, used for the LAN-CPE


if i use CPE, WAN-CPE doesn't get IPv6 Address from Framed-IPv6-Prefix, in this case between BNG and CPE was using link-local-address.

but it worked for Prefix-Delegation from Delegated-IPv6-Prefix. in connectivity the users behind the CPE can access internet with IPv6.


if i replace the CPE become a PC, the PC doesn't get IPv6 Address  from Framed-IPv6-Prefix.

and if i check the subscriber detail for this pc, there's a message that said Last IPv6 Down.


[Last IPv6 down]

Disconnect Reason:        Addr/prefix request from DAPS pool failed


--

I have deployed(running production) BNG based on ASR1K Platfrom using PPPoE Solution, the two attributes was working perfectly.




thank you


anderson

xthuijs Wed, 01/15/2014 - 05:35
User Badges:
  • Cisco Employee,

Hi Anderson,

if you use a dedicated address on the WAN side and a delegated prefix for the LAN side, you're effectively "wasting" an address ont eh wAN side as you could just do SLAAC towards the wan side.

Is that an option, it would simplify your access model significantly and reduce the need for additional routing towards the cPE LAN side from the BNG.


However I expected this to work just fine, we need to do some debugging and that is probably easiest to do via a TAC case so your config and addressing is not spread across. a ppp debug, from both sides would be needed and potentially a sniffer trace if possible to verify the handshake and address assignment/allocation would probably clarify also a lot.


the framed-v6-prefix would work for a single host/pc but it depends on how that host is obtaining an ip address, if via dhcpv6 it would be fine, although the framed-v6 could also be offered in an ND/NA, but here also traces and debugs are necessary to identify what is going on.


At the same time, not sure if can be asked, a verification/cross comparison to 434 might help here also.


cheers

xander

joerg.micheel Fri, 06/13/2014 - 02:22
User Badges:

Hi Xander,

 

how can i configure a fixed IPv6 Address on the LNS for the Virtual- Access Interface ?

Ihave configured the RADIUS wit the AV Pair Framed-Interface-Id and Framed-IPv6-Prefix and the WAN Interface from the CPE get´s this Prefix and also the Interface ID, but i don´t find a solution to configure a fixed IPv6 Address on the LNS WAN Interface via RADIUS . To you have a hint for me ß

 

Cheers joerg

xthuijs Fri, 06/13/2014 - 05:19
User Badges:
  • Cisco Employee,

Hi Joerg,

I assume you have an asr1k or IOS based device on the LNS side correct?

If so, then you can either use the ipv6-prefix vsa or the framed-ipv6-address attribute to assign a static address. Here a sample:


joerg.micheel Fri, 06/13/2014 - 06:16
User Badges:

Hi Xander ,

 

yes you are right. It´s a AS1K. So far with the CPE it is working.Here the Output:

Dialer3                [up/up]
    FE80::8
    2001:2:2::8 <<<<< This is configured on the Radius Server with Framed-IPv6-Prefix and Interface-Id

 

But the other side the LNS has only a link local Address on the Virtual-Access Interface:

Virtual-Access2.4          [up/up]
    FE80::F2F7:55FF:FE98:F500
 

 

So How can i configure the Router that the Virtual-Access interface gets also a Global-IP-address with the same prefix and another Interface ID as the CPE.

Thx for an answer or an example

Cheers joerg


 

 

 

xthuijs Fri, 06/13/2014 - 06:28
User Badges:
  • Cisco Employee,

joerg, I have some answers and examples for you, but this supprot forum only seems to allow an x number of replies per thread or so, so I can't reply to your note and share the detail I want to. Could you raise a new discussion on the xr os and platforms so I can provide that detail to you please?

thanks

xander

Vladimir Pysarenco Tue, 01/28/2014 - 23:16
User Badges:

Hi Xander!


It's a good doc!

I am deploying dual stack for IPoE subscribers on ASR 9001. All works fine in tests.

But we use authorization by option 82 and not all of our access devices ( i mean switches, OLTs and so one ) supports IPv6 now. So, if subsrriber's PC first tries to set up session with IPv6 its session becomes unauth. If PC set up session with IPv4, then it is authorized and IPv6 part sets up normal.

So, is any mechanism to set up IPv4 part of session first and then IPv6 part? If DHCP solisit comes and there is no IPv4 part of session - not to establish IPv6 part of session until IPv4 part will establish.


And the second question is about keepalive for IPoE sessoins. As I know now keepalives are supported only with PPP sessions. Will you make the same feature for IPoE ?


thank you

Zhichun Jiang Wed, 01/29/2014 - 00:00
User Badges:
  • Cisco Employee,

hi, Vladimir

AFAIK there is no way to make the V4 come firstly, but there is a trick can do TAL for the session using dhcpv4 options or DHCPv6 options no matter which one come first.


An example to build a unified username format for V4/V6 DS session

•DHCPv4: option82 circuit_id(circuit-id-tag) + remote_id(remote-id-tag)

•DHCPv6: option18(dhcpv6-interface-id)+option37(remote-id-tag)

•The absent option will be ignored when build the username.
•Assume the DSALM inserts same string(saying XXXX) for DHCPv4 option82

     circuit_id and DHCPv6 option18 ,AND inserts same string (saying YYYY)

     for DHCPv4 option82 remote_id and DHCPv6 option37


with following config

aaa attribute format DS_UNIFIED_USERNAME

format-string length 253 "%s@%s@%s" dhcpv6-interface-id circuit-id-tag remote-id-tag


No matter the DHCPv4 or DHCPv6 triggers the TAL for the session, the same

Username([email protected]) is built and sent RADUS server for authorization.

With this approach, you need only one user profile in radius server for DS subscriber.


Roy

xthuijs Wed, 01/29/2014 - 04:03
User Badges:
  • Cisco Employee,

yeah I was thinking to handle the event session start event to amtch on protocol dhcp (v4) only and not handle an event start for dhcp trigger:


RP/0/RSP0/CPU0:A9K-BNG(config-cmap)#match protocol ?

  dhcpv4  dhcpv4

  dhcpv6  dhcpv6

  ppp     ppp


this way if the solicit comes in, we ignore it, but if the dhcp discover comes in for v4 then we trigger the event start, do the radius stuff and all that.


While that is no guarantee that v4 completes first, it is very likely to be handled first over dhcpv6...


For PPPoE, dont think there is any control we have there, it depends on the client whether it sends the IPCP before IPv6CP and the itterations it requires to complete the NCP.

Generally, clients open IPCP first, so we should be fine here, but there is little control that we can exercise over this from the BNG side...


regards

xander

smailmilak Sun, 02/02/2014 - 12:40
User Badges:
  • Bronze, 100 points or more

Hi Xander,


I would like to ask you to give me an advice how to configure the address-pool for PPPoE with IPv6 address family.


I checked the command reference for 4.3.x and I see the network command where I can specify the IPv6 prefix and length

e.g.

RP/0/RSP0/CPU0:router# configure

RP/0/RSP0/CPU0:router(config)# pool vrf vrf1 ipv6 pool3

RP/0/RSP0/CPU0:router(config-pool-ipv6)# network 10:1:1::/50

And for prefix length:

RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# pool vrf vrf1 ipv6 pool3
RP/0/RSP0/CPU0:router(config-pool-ipv6)# prefix-length 50


Is this the right way to configure the pool or do we have to use address-range command instead of network? How long should the prefix-lenght be? I thought that we can use /128 on subscriber side for PPPoE sessions.

I am slowly making a config in notepad so I am can be ready for implementation.


A nice example would help me a lot. Customer is giving me a /40 for subscribers.


One more thing. User anderson made a comment about WAN-CPE and LAN-CPE address.

Framed-IPv6-Prefix, used for the WAN-CPE

Delegated-IPv6-Prefix, used for the LAN-CPE


Can you please explain this to me? 

My idea was to use SLAAC on BNG<->CPE and a prefix for user device.





Here is the link of the command reference I am using:

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.3/bng/command/reference/b_bng_cr43asr9k_chapter_010.html#wp2356015420

xthuijs Mon, 02/03/2014 - 04:56
User Badges:
  • Cisco Employee,

Hi Smail,

I see what you mean, so with ipv6 we generally dont hand out /32's (or better put /128's) but little subnets. As you know v6 doesnt do NAT and there is no need for it either with this large address space.


So for v6 we provide a little network to the CPE and then the pool size defines how many of those little subnets we actually have.


Considering this picture above from the "address mapping" section:

https://supportforums.cisco.com/servlet/JiveServlet/showImage/176403/Slide1.jpg

We have a pool defined by the /40.

We provide a prefix length of 48.

This means that the /40 in the pool is carved into 256 chunks (because we have 48-40=8 bits is 256 unique).

This defines the portion of the address that is "static" and the section that is variable.

Because we are providing a 64 bit address, that leaves 64 bits for individual devices that on a per "routed subnet" of 256 each.


Now to answer your question, how do you need to go about it, what do you need to assign etc; that all depends on the

future prospect in terms of v6 enabled devices, the assigned v6 space you have etc.

In access we can provide 64 bit addresses, leaving 64 bit for the hosts (which is MASSIVE!), and then from the assigned address space, you need to chunk it up into "subnets" and assign certain portions to a BNG.


the mask - prefix lenght effectively defines the number of subscribers that can be assigned this delegated prefix,

so that is your key parameter. In this example above I only had 256 unique subnets (subscribers) whih each 64 bits worth of hosts available to them.


Think that is over the top, but that is what the trend is heading towards...


regards

xander

smailmilak Mon, 02/03/2014 - 08:02
User Badges:
  • Bronze, 100 points or more

Hi,


with this explanation and the illustration it is much clearer now. I will do some testing in the next few weeks.


Thank you Xander.

Anonymous (not verified) Thu, 02/20/2014 - 05:25
User Badges:

Hi,



I am trying to set up IPoE dualstack on 4.3.4. IPv4 is working fine, but I am struggling with IPv6.

Idea is to have TR-177 model with bridged residental gateway and home device (PC, Tablet, TV) gets an IPv6 address

if it supports it.

I see that we can only use SLAAC plus stateless DHCP to get a DNS server?

I configured an /64 IPv6 on the access-interface and configued a DHCP IPv6 local server with dns servers.

Problem is that the Windows 7 PC gets an IPv6 address via autodiscovery but not the DNS server.

Another problem is that I do not see an active session with IPv6 on the BNG, there is only a IPv4 address.

I tried multiple way and once I had a session with IPv4 and IPv6 on the BNG, but the PC did not have this IPv6 address...:)





Is there a way to get an IPv6 address from DHCPv6 server on the BNG? Just like it is with IPv4.

I used this config guide but this is more for routed residental gateway model.

http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k_r4-3/bng/configuration/guide/b_bng_cg43xasr9k/b_bng_cg43asr9k_chapter_0100.html#concept_24F63FF2D5E14200967BF214E00E6248





This slide is from Cisco and I would like to know how I can get an /64 prefix on every device? Any examples?

I used your example and I have an IPv6 address on W7 but no DNS server and ping to BNGs Loopback with IPv6 address is not working. Show subscribers session does not show the IPv6 address, only IPv4.

With PPPoE I have both IPv4 and IPv6 Framed and delegated prefix.



















Here is my config:

pool vrf ipoe ipv6 IPoEv6_POOL

address-range 2a02:27b0:4060::1 2a02:27b0:4060::ffff

!

dhcp ipv6

profile IPoEv6_DHCP server

  dns-server 2a02:27b0:3:a::abcd 2a02:27b0:3:b::abcd

  address-pool IPoEv6_POOL

!

dynamic-template

type ipsubscriber IPoE_TEMPLATE

  vrf ipoe

  accounting aaa list default type session

  ipv4 unnumbered Loopback10070

  ipv6 enable

  dhcpv6 address-pool IPoEv6_POOL

!

class-map type control subscriber match-any IPoE_CLASS

match protocol dhcpv4 dhcpv6

end-class-map

!

policy-map type control subscriber BNG_IPoE

event session-start match-first

  class type control subscriber IPoE_CLASS do-until-failure

   10 activate dynamic-template IPoE_TEMPLATE

  !

interface Bundle-Ether12.995

description #IPoE#

vrf ipoe

ipv4 point-to-point

ipv4 unnumbered Loopback10070

ipv6 enable

service-policy type control subscriber BNG_IPoE

encapsulation dot1q 995

ipsubscriber ipv4 l2-connected

  initiator dhcp

  initiator unclassified-source

!

ipsubscriber ipv6 l2-connected

  initiator dhcp

  initiator unclassified-source

xthuijs Thu, 02/20/2014 - 11:10
User Badges:
  • Cisco Employee,

few things that I see Smail:

1) the v6 dhcp server needs to be tied to the access interface, otherwise DHCP will not proceed.

2) you have here static address assignment and not prefix delegation, so you want to assign  from the pool not a single address, but a prefix with a mask that will be handed out to the CPE so he can distribute/use that for the devices that are attached to the CPE

3) if applicable, if you do authentication, the access-accept needs to provide both v4 and v6 authorization, there is no separate lookup per address family.

4) you have a vrf applied ot the access interface, is that vrf also v6 capable, with that AF instantiated?

5) good call on the vrf the same on the access interface and dynamic template.

6) I think that you do the show upv6 dhcp binding that nothing will come up, or at least not what we expect. that is hy the session is not reproted as dual stack

7) if the cpe is fully bridged, then only the first device that comes online for v6 will get an address due to the way that it is setup. that single device will be a single subscriber.

you probably want to have a subscriber per CPE and have the cpe deal with the remote devices via PD.

8) the dns server for v6 missing is likely because of the address distribution because the dhcp server is not linked to the access interface so we do it via the pool allocation method.


hopefully this will help,

cheers

xander

smailmilak Thu, 02/20/2014 - 12:12
User Badges:
  • Bronze, 100 points or more

Hi Xander,


thank you for replying.

I forgot to copy/paste the whole dhcp ipv6 config, sorry. I have the access-interface under dhcp


dhcp ipv6

profile IPoEv6_DHCP server

  dns-server 2a02:27b0:3:a::abcd 2a02:27b0:3:b::abcd

  address-pool IPoEv6_POOL

!


interface Bundle-Ether12.995 server profile IPoEv6_DHCP


2. and 7. Customer is requesting the bridged RG deployment model because they want to use Broadhop and give the customer the option to add/remove etc. via a portal and to have full control of the network. This is also good for Cisco because the customer need more BNG subscriber liceneses and hardware.

3. For now no auth is used. After I have accomplished to get an IPv4 and IPv6 address I will add authorization with Option82 info as username.

4. I have IPv4 and IPv6 AF under the vrf. I just checked it to be sure, good hint


Tomorrow I will try something else. This dynamic-template will be used tomorrow:


type ipsubscriber IPoE_TEMPLATE

  vrf ipoe

  timeout idle 60

  accounting aaa list default type session

  ipv4 unnumbered Loopback10070

  ipv6 nd other-config-flag

  ipv6 nd managed-config-flag

  ipv6 enable

  dhcpv6 address-pool IPoEv6_POOL


I have to check the end devices again. I know that i chose "DHCP only" on ubuntu. This probably means that it will disable router discovery. Stupid me

I have also to check if the W7 PCs are sending RDs.


I will keep you posted after I have finally an IPoE dualstack session.


p.s.

lease proxy client-lease-time 300 for DHCP IPv4

and

lease 0 0 5 under DHCP IPv6

can be used as a sort of keepalive for IPoE?

smailmilak Thu, 02/20/2014 - 05:31
User Badges:
  • Bronze, 100 points or more

I have problems with creating comments here. Here is the missing slide


One update: I connected Ubuntu and configured DHCP only under IPv6 settings and I got a IPv6 addres

and I see this IP address under show subs session, but Ubuntu has :: as default gateway and I can not ping

between BNG and Ubuntu.

I do some more testing


ipv6 tr 177.JPG

smailmilak Fri, 02/21/2014 - 12:55
User Badges:
  • Bronze, 100 points or more

Hi,


it looks like I finally got my IPv6 subscriber session . I got a nice hint from a Cisco engineer who has put me in the right direction.

I used

ipv6 nd other-config-flag  TO GET DNS SERVERS

ipv6 nd managed-config-flag  TO GET AN IPv6 ADDRESS FROM DHCP POOL

under dynamic-template but the subscriber still did not got an IPv6 address from the pool.

After that I tried some more variations and finally got a dual-stack session on the BNG. It is mandatory to have

ipv6 nd managed-config-flag under the access-interface, too.


It looks easy now, but it was a long way to get it to work.

I also tried (was curious) with IPv6 address from the dhcp pool on the access-interface (and remove the pool from DHCP config).

My W7 got both, IPv4 and IPv6 addresses but the IPv6 session was not on the BNG. BNG behaved just like a regular router and not like a subscriber-aware router. Maybe the problem was that there was nothing to trigger the IPv6 session (missing dhcpv6 traffic) that I had in the class-map.

The test PC gets the IPv4 in a sec, but it takes time to get IPv6 address, dns server and gw...about 5 sec.


This is my final config. I will do some more testing next week, but this should be it. Not sure if I can use local DHCP server with lease time of 5 minutes in production for maybe 10K DS subscribers.


pool vrf ipoe ipv6 IPoEv6_POOL

address-range 2a02:27b0:4060::1 2a02:27b0:4060::ffff


dhcp ipv6

profile IPoEv6_DHCP server

  lease 0 0 5

  dns-server 2a02:27b0:3:a::abcd 2a02:27b0:3:b::abcd

  address-pool IPoEv6_POOL


interface Bundle-Ether12.995 server profile IPoEv6_DHCP


dynamic-template

type ipsubscriber IPoE_TEMPLATE

  vrf ipoe

  accounting aaa list default type session

  ipv4 unnumbered Loopback10070

  ipv6 nd reachable-time 10000

  ipv6 nd other-config-flag

  ipv6 nd managed-config-flag

  ipv6 enable

  dhcpv6 address-pool IPoEv6_POOL


interface Bundle-Ether12.995

description #IPoE#

vrf ipoe

ipv4 point-to-point

ipv4 unnumbered Loopback10070

ipv6 nd suppress-ra

ipv6 nd managed-config-flag

ipv6 enable

service-policy type control subscriber BNG_IPoE

encapsulation dot1q 995

ipsubscriber ipv4 l2-connected

  initiator dhcp

  initiator unclassified-source

!

ipsubscriber ipv6 l2-connected

  initiator dhcp

  initiator unclassified-source   I WILL REMOVE THIS LATER.

xthuijs Sat, 02/22/2014 - 08:22
User Badges:
  • Cisco Employee,

Thanks for providing that config example Smail!

I dont see why the nd managed config flag is necessary, but I will investigate and see/document when this may be necessary.


regards

xander

smailmilak Tue, 04/15/2014 - 13:15
User Badges:
  • Bronze, 100 points or more

Hi Xander,

 

I think after all that on 4.3.4 and in my case that M flag is necessary on the access-interface.

This is the only way to get it to work - always!

It works already for two days, and I hope that will continue to work :)

I updated TAC today and the engineer also wonders why M flag is necessary. I sent all caputures when it is working and when not.

I think you know already about this case

SR: 629372343

Dimitris Kotsilis Wed, 02/26/2014 - 08:35
User Badges:

Hi Xander,


I am trying to establish a dual-stack PPPoE session in an ASR9K (4.3.4) and I have a problem in providing the LAN prefix via DHCPv6-PD.

Since all the other comments and the examples are IPoE related, I am worried that something must be different in PPPoE.

The configuration I am testing right now is the following (ipv6 irrelevant commands are omitted):


pool vrf all ipv6 LLU-KLN-LAN-IPv6-POOL

prefix-length 56

network 2a02:x:x::/40

!

pool vrf all ipv6 LLU-KLN-WAN-IPv6-POOL

prefix-length 64

network 2a02:x:x::/48

!

dhcp ipv6

profile DHCP-SERVER-LOCAL server

  dns-server 2a02:x:x:x::x 2a02:x:x:x::x

  prefix-pool LLU-KLN-LAN-IPv6-POOL

!

interface Bundle-Ether1.33211199 server profile DHCP-SERVER-LOCAL

!

!

interface Bundle-Ether1.33211199

description ** POP-KLN - Residential Internet TEST**

service-policy type control subscriber POP-KLN-PPP-SUBSCRIBER-POLICY

pppoe enable bba-group PPPoE-GROUP-POP-KLN

encapsulation dot1q 3321 second-dot1q 1199


dynamic-template

type ppp POP-KLN-DYNAMIC-TEMPLATE

  ppp ipcp peer-address pool LLU-KLN-WAN-IPv4-POOL

  ipv6 nd other-config-flag

  ipv6 nd framed-prefix-pool LLU-KLN-WAN-IPv6-POOL

  dhcpv6 delegated-prefix-pool LLU-KLN-LAN-IPv6-POOL

!

!

class-map type control subscriber match-any POP-KLN-PPP-SUBSCRIBER-CLASS

match protocol ppp

end-class-map

!

!

class-map type control subscriber match-all POP-KLN-DHCPV6-SUBSCRIBER-CLASS

match protocol dhcpv6

end-class-map

!

policy-map type control subscriber POP-KLN-PPP-SUBSCRIBER-POLICY

event session-start match-all

  class type control subscriber POP-KLN-PPP-SUBSCRIBER-CLASS do-until-failure

   10 activate dynamic-template POP-KLN-DYNAMIC-TEMPLATE

  !

  class type control subscriber POP-KLN-DHCPV6-SUBSCRIBER-CLASS do-all

   10 activate dynamic-template POP-KLN-DYNAMIC-TEMPLATE

  !

!

event session-activate match-all

  class type control subscriber POP-KLN-PPP-SUBSCRIBER-CLASS do-until-failure

   10 activate dynamic-template POP-KLN-DYNAMIC-TEMPLATE


Although the CPE sends the DHCPv6 solicit, the DHCPv6 server is not activated.


Do I miss something? I cannot say that the CCO documentation is so helpful on this matter.


Thank you in advance,

Dimitris

smailmilak Wed, 02/26/2014 - 10:55
User Badges:
  • Bronze, 100 points or more

Hi Dimitris,



I am not Xander but I can try to help you. I went through the same in the past weeks.

I have PPPoE v6 running on BNG with the same version.

I am using prefix-range instead of network

for both pools.

I have a framed prefix range with prefix lenght of /64

and /60 for delegated prefixes. You can of course use /56 for delegated

prefixes. 16 bits is maximum for allocation.



pool vrf all ipv6 LLU-KLN-LAN-IPv6-POOL

prefix-length 60

prefix-range 2a02:x:x:: 2a02:x:xf:fff0::   

!

pool vrf all ipv6 LLU-KLN-WAN-IPv6-POOL

prefix-length 64

prefix-range 2a02:x:x:: 2a02:x:x:ffff::

DHCP server should use the subscriber-pppoe interface. Take a look on my config

dhcp ipv6

profile DS_DHCP server

  lease 0 1 0

  dns-server 2a02:27b0:3:a::abcd 2a02:27b0:3:b::abcd

  prefix-pool DS_DELEGATED_POOL


interface subscriber-pppoe profile DS_DHCP



Your dynamic-template can not work like this. This is how it should look like

"ipv6 nd framed-prefix-pool DS_FRAMED_POOL" is when you CPE is using SLAAC for

BNG<->CPE link.

Do you want to use SLAAC or DHCP for framed-prefix?


I am not sure if you really need ipv6 nd other-config-flag. For me it's working

without, only IPoE is needing this command.


Also enable ipv6 enable on template and access-interface.

dynamic-template

type ppp BNG_DUALSTACK_TEMPLATE

  ppp authentication chap pap

  keepalive 30

  ppp ipcp dns 10.100.35.10 10.100.36.10

  accounting aaa list default type session dual-stack-delay 5

  ipv4 mtu 1492

  ipv6 nd framed-prefix-pool DS_FRAMED_POOL

  ipv6 mtu 1492

  ipv6 enable

  dhcpv6 delegated-prefix-pool DS_DELEGATED_POOL


policy-map is looking a little bit different on my BNG. I have both PPP and DHCPv6

in one class-map and one event-session

class-map type control subscriber match-any MATCH_DS

match protocol ppp dhcpv6

end-class-map



policy-map type control subscriber BNG_DUALSTACK

event session-start match-all

  class type control subscriber MATCH_DS do-until-failure

   1 activate dynamic-template BNG_DUALSTACK_TEMPLATE

  !

!

event session-activate match-all

  class type control subscriber MATCH_DS do-until-failure

   1 authenticate aaa list default



Please try to use my example. I hope that it will help you


p.s. Let's also wait for Xander. He has probably some hints.

Dimitris Kotsilis Thu, 02/27/2014 - 00:24
User Badges:

Hi Smail,


Thank you for you help.

The interface subscriber-pppoe profile DS_DHCP was the key.


Regarding your other comments:

  • IPv6 was enable under the dynamic template (the command was omitted from the output I have provided)
  • We are providing framed IPv6 prefixes via SLAAC, so that's the reason we have configured the ipv6 nd framed-prefix-pool LLU-KLN-WAN-IPv6-POOL command under dynamic template.
  • The ipv6 nd other-config-flag command is used for informing the host that DNS server information is available via DHCPv6.


Thanks again.

Dimitris

smailmilak Thu, 02/27/2014 - 00:47
User Badges:
  • Bronze, 100 points or more

Great,


I am glad that it's working now.


I am not using ipv6 nd other-config-flag for PPPoE and my CPE has both DNS servers which are configured under dhcp ipv6.

Give it a try.

For IPoE it's needed, though.

Jean-Paul FANDOUX Mon, 04/14/2014 - 02:30
User Badges:

Hello All

 

I tried both Dimitris's configuration and smailmilak configuration, but i ,haven't IPv6 configuration expected. Only SLAAC seems OK, but no delegated IPv6 address on my CPE.

Someone can help me ?

Here is my configuration

!
pool vrf default ipv6 POOL_V6_WAN_PPPOE
 prefix-length 64
 network 2403:200:200::/48
!
pool vrf default ipv6 POOL_V6_LAN_PD_PPPOE
 prefix-length 56
 network 2403:200:300::/40

!

dhcp ipv6
 profile DHCPV6_LOCAL_SERVER server
  lease 2
  dns-server 2403:200:106::153 2403:200:101::153
  prefix-pool POOL_V6_LAN_PD_PPPOE
 !
 interface subscriber-pppoe profile DHCPV6_LOCAL_SERVER
!

dynamic-template
 type ppp PPPOE_TEMPLATE
  ppp authentication chap pap
  qos output minimum-bandwidth 20
  accounting aaa list default type session
  ipv4 mtu 1492
  ipv4 unnumbered Loopback0
  ipv6 nd other-config-flag
  ipv6 nd framed-prefix-pool POOL_V6_WAN_PPPOE
  ipv6 nd managed-config-flag
  ipv6 mtu 1492
  ipv6 enable
  dhcpv6 delegated-prefix-pool POOL_V6_LAN_PD_PPPOE
  multicast ipv4 passive
  igmp query-interval 60
 !

!

pppoe bba-group INTERNET_PPPOE
 mtu 1492
 service selection disable

!
interface Bundle-Ether10.456
 ipv6 enable
 service-policy type control subscriber PPPOE_PM
 pppoe enable bba-group INTERNET_PPPOE
 encapsulation dot1q 456
!

!
interface Loopback0
 ipv4 address 113.20.32.234 255.255.255.255
 ipv6 address 2403:200::8/128
 ipv6 enable
!

class-map type control subscriber match-any PPPOE_CM
 match protocol ppp dhcpv6
 end-class-map
!
class-map type control subscriber match-any DHCP_CM_V4
 match protocol dhcpv4
 end-class-map
!

policy-map type control subscriber PPPOE_PM
 event session-start match-all
  class type control subscriber PPPOE_CM do-all
   10 activate dynamic-template PPPOE_TEMPLATE
  !
  event session-activate match-all
  class type control subscriber PPPOE_CM do-all
   10 authenticate aaa list default
  !
 !
 end-policy-map
!

After PPP session up on DSL CPE, I have only WAN ipv6 address:

Type         Interface                State     Subscriber IP Addr / Prefix
                                                LNS Address (Vrf)
--------------------------------------------------------------------------------
PPPoE:PTA    BE10.456.pppoe683        AC        113.20.34.10 (default)
                                                2403:200:200:8::/64 (default)

LAN-delegate prefix are not provided by DHCP Server configured on router.

Can someone help me ?

Another problem, is that the CPE, wan interface can ping only connected IPv6address on BNG, whereas the IPv6 Wan and Lan subnet are advertised on whole network.

Any idea ?

 

Thanks

 

Jean-Paul

smailmilak Mon, 04/14/2014 - 03:37
User Badges:
  • Bronze, 100 points or more

Hi,

 

so you double checked DHCPv6 config on the modem? 

ipv6 nd managed-config-flag is not needed in my case. I use it only for IPoE v6 (which is not working because of a weird bug).

 

show us show subscriber session filter XX detail internal

Also show dhcp ipv6 server binding

Jean-Paul FANDOUX Mon, 04/14/2014 - 13:28
User Badges:

 

Hello smailmalik

On DSL CPE, once pppoe sesssion up, I have only following ipv6 routing table.

nterfaceVPI/VCIEncapProtocolIPv6 AddressGatewayDrouteStatus
pppoe10/33LLCPPPoE2403:200:200:8:2e9:8ff:feae:9071/64fe80::da67:d9ff:fe44:5473Yesup

 

here are show subs ses and sh dhcp (PS: regarding old post, virtual acces number changed, but same ipv6 provided)

RP/0/RSP0/CPU0:INC-BNG-A#sh subs session filter username [email protected] detail internal
Tue Apr 15 04:16:08.049 UTC
Interface:                Bundle-Ether10.456.pppoe713
Circuit ID:               Unknown
Remote ID:                Unknown
Type:                     PPPoE:PTA
IPv4 State:               Up, Tue Apr 15 03:38:40 2014
IPv4 Address:             113.20.34.9, VRF: default
IPv4 Up helpers:          0x00000020 {PPP}
IPv4 Up requestors:       0x00000020 {PPP}
IPv6 State:               Down, Tue Apr 15 03:38:40 2014
Mac Address:              6468.0cee.a8ef
Account-Session Id:       00000f84
Nas-Port:                 167889097
User name:                [email protected]
Outer VLAN ID:            456
Subscriber Label:         0x00000102
Created:                  Tue Apr 15 03:38:36 2014
State:                    Activated
Authentication:           authenticated
Ifhandle:                 0x000008e0
Session History ID:       111
Access-interface:         Bundle-Ether10.456
Policy Executed:

  event Session-Start match-all [at Tue Apr 15 03:38:36 2014]
    class type control subscriber PPPOE_CM do-all [Succeeded]
      10 activate dynamic-template PPPOE_TEMPLATE [cerr: No error][aaa: Success]
   event Session-Activate match-all [at Tue Apr 15 03:38:40 2014]
    class type control subscriber PPPOE_CM do-all [Succeeded]
      10 authenticate aaa list default [cerr: No error][aaa: Success]
Session Accounting:
  Acct-Session-Id:          00000f84
  Method-list:              default
  Accounting started:       Tue Apr 15 03:38:40 2014
  Interim accounting:       Off
    Last update sent:       Never
    Updates sent:           0
    Updates accepted:       0
    Updates rejected:       0
    Update send failures:   0
Last COA request received: unavailable
User Profile received from AAA:
 Attribute List: 0x500f65a0
1:  addr-pool       len= 18  value= POOL_PPPOE_V4_YES
2:  primary-dns     len=  4  value= 223.29.160.153
3:  secondary-dns   len=  4  value= 113.20.33.153
4:  netmask         len=  4  value= 255.255.255.255
5:  service-type    len=  4  value= Framed
6:  session-timeout len=  4  value= 86400(15180)
Services:
  Name        : PPPOE_TEMPLATE
  Service-ID  : 0x4000002
  Type        : Template
  Status      : Applied
-------------------------
[Last IPv6 down]
Disconnect Reason:        PPP NCP FSM finished
Disconnect Cause:         AAA_DISC_CAUSE_DEFAULT (0)
Abort Cause:              AAA_AV_ABORT_CAUSE_PPP_NO_NCP (30)
Terminate Cause:          AAA_AV_TERMINATE_CAUSE_USER_ERROR (17)
Disconnect called by:     ppp_ma
[Event History]
   Apr 15 03:38:40.512 SUBDB produce done [many]
   Apr 15 03:38:40.512 IPv6 Down
   Apr 15 03:38:40.512 IPv4 Up

Interface:                Bundle-Ether10.456.pppoe683
Circuit ID:               Unknown
Remote ID:                Unknown
Type:                     PPPoE:PTA
IPv4 State:               Up, Mon Apr 14 06:59:09 2014
IPv4 Address:             113.20.34.10, VRF: default
IPv4 Up helpers:          0x00000020 {PPP}
IPv4 Up requestors:       0x00000020 {PPP}
IPv6 State:               Up, Mon Apr 14 06:59:09 2014
Framed IPv6 Prefix:       2403:200:200:8::/64, VRF: default
IPv6 Interface ID:        .......q (02 e9 08 ff fe ae 90 71)
IPv6 Up helpers:          0x00100020 {PPP,ND}
IPv6 Up requestors:       0x00100020 {PPP,ND}
Mac Address:              00e9.08ae.9071
Account-Session Id:       00000f66
Nas-Port:                 167889067
User name:                [email protected]
Outer VLAN ID:            456
Subscriber Label:         0x000003f8
Created:                  Mon Apr 14 06:57:36 2014
State:                    Activated
Authentication:           authenticated
Ifhandle:                 0x0000eb60
Session History ID:       117
Access-interface:         Bundle-Ether10.456
Policy Executed:

  event Session-Start match-all [at Mon Apr 14 06:57:36 2014]
    class type control subscriber PPPOE_CM do-all [Succeeded]
      10 activate dynamic-template PPPOE_TEMPLATE [cerr: No error][aaa: Success]
   event Session-Activate match-all [at Mon Apr 14 06:59:09 2014]
    class type control subscriber PPPOE_CM do-all [Succeeded]
      10 authenticate aaa list default [cerr: No error][aaa: Success]
Session Accounting:
  Acct-Session-Id:          00000f66
  Method-list:              default
  Accounting started:       Mon Apr 14 06:59:09 2014
  Interim accounting:       Off
    Last update sent:       Never
    Updates sent:           0
    Updates accepted:       0
    Updates rejected:       0
    Update send failures:   0
Last COA request received: unavailable
User Profile received from AAA:
 Attribute List: 0x500f6cb4
1:  addr-pool       len= 18  value= POOL_PPPOE_V4_YES
2:  primary-dns     len=  4  value= 223.29.160.153
3:  secondary-dns   len=  4  value= 113.20.33.153
4:  netmask         len=  4  value= 255.255.255.255
5:  service-type    len=  4  value= Framed
6:  session-timeout len=  4  value= 86400(15180)
Services:
  Name        : PPPOE_TEMPLATE
  Service-ID  : 0x4000002
  Type        : Template
  Status      : Applied
-------------------------
[Event History]
   Apr 14 06:59:09.440 SUBDB produce done [many]
   Apr 14 06:59:09.440 IPv4 Up
   Apr 14 06:59:09.568 IPv6 Up [many]

RP/0/RSP0/CPU0:INC-BNG-A#sh dhcp ipv6 server binding
Tue Apr 15 04:16:37.376 UTC

Summary:
Total number of clients: 0

RP/0/RSP0/CPU0:INC-BNG-A#

 

Thanks for help

 

Jean-Paul

smailmilak Mon, 04/14/2014 - 14:00
User Badges:
  • Bronze, 100 points or more

Hi Jean-Paul,

 

thanks for the output. 

You sent us the output of two pppoe sessions? First has IPv6 down, and second IPv6 up?

Under the second session (Bundle-Ether10.456.pppoe683you have 

IPv6 Up helpers:          0x00100020 {PPP,ND}
IPv6 Up requestors:       0x00100020 {PPP,ND}

On our BNG with fully working dualstack PPPoE session I have 

this output

IPv6 Up helpers:          0x00100020 {PPP,ND}
IPv6 Up requestors:       0x00180020 {PPP,DHCPv6,ND}

I am not 100% sure, but I think that you should have this for IPv6 delegated prefix. 

Our modem is configured with SLAAC for WAN link (framed-prefix), and DHCPv6 for LAN (delegated prefix) link.

Did you remove ipv6 nd managed-config-flag from the template? 

I do not have it in our template because it's not needed in our case.

Our pool for both, framed and delegated prefix is configured with prefix-range, not network. I can not remember if I have tested it with network command. 

 

Here is full output of show subscriber session so you can take a look and compare.

I can take another look tomorrow morning.

 

show subscriber session filter access-interface bundle-ether 12.3102 det internal 
Mon Apr 14 22:36:15.720 CET
Interface:                Bundle-Ether12.3102.pppoe20000
Circuit ID:               MALTA_3 atm 1/1/07/40:8.35
Remote ID:                Unknown
Type:                     PPPoE:PTA
IPv4 State:               Up, Mon Apr 14 15:33:59 2014
IPv4 Address:             100.68.0.7, VRF: dualstack
IPv4 Up helpers:          0x00000020 {PPP}
IPv4 Up requestors:       0x00000020 {PPP}
IPv6 State:               Up, Mon Apr 14 15:34:03 2014
Framed IPv6 Prefix:       2a02:27b0:4040:5::/64, VRF: dualstack
Delegated IPv6 Prefix:    2a02:27b0:4400:1e0::/60, VRF: dualstack
IPv6 Interface ID:        ..Z...Z. (00 00 5a 92 00 00 5a 88)
IPv6 Up helpers:          0x00100020 {PPP,ND}
IPv6 Up requestors:       0x00180020 {PPP,DHCPv6,ND}
Mac Address:              a0ec.801e.ed84
Account-Session Id:       00767a95
Nas-Port:                 67128864
User name:                asrdual1
Outer VLAN ID:            3102
Subscriber Label:         0x00080325
Created:                  Mon Apr 14 15:33:56 2014
State:                    Activated
Authentication:           authenticated
Ifhandle:                 0x000caa20
Session History ID:       1168
Access-interface:         Bundle-Ether12.3102
Policy Executed: 

  event Session-Start match-all [at Mon Apr 14 15:33:56 2014]
    class type control subscriber MATCH_DS do-until-failure [Succeeded]
      1 activate dynamic-template BNG_DUALSTACK_TEMPLATE [cerr: No error][aaa: Success]
  event Session-Activate match-all [at Mon Apr 14 15:33:59 2014]
    class type control subscriber MATCH_DS do-until-failure [Succeeded]
      1 authenticate aaa list default [cerr: No error][aaa: Success]
Session Accounting:        
  Acct-Session-Id:          00767a95
  Method-list:              ISARFLOW
  Accounting started:       Mon Apr 14 15:33:59 2014
  Interim accounting:       Off
    Last successful update: Mon Apr 14 15:34:00 2014
    Last update sent:       Mon Apr 14 15:34:00 2014
    Updates sent:           1
    Updates accepted:       1
    Updates rejected:       0
    Update send failures:   0
Last COA request received: unavailable
User Profile received from AAA:
 Attribute List: 0x10011044
1:  service-type    len=  4  value= Framed
2:  addr            len=  4  value= 255.255.255.254
3:  session-timeout len=  4  value= 86400(15180)
4:  idletimeout     len=  4  value= 1800(708)
5:  ip-vrf          len=  9  value= dualstack
6:  addr-pool       len= 10  value= DS_PPPoEv4
7:  ipv4-unnumbered len= 13  value= Loopback10068
8:  sub-qos-policy-out len= 10  value=  10240_out
9:  sub-qos-policy-in len=  7  value=  512_in
Services:
  Name        : BNG_DUALSTACK_TEMPLATE
  Service-ID  : 0x4000004
  Type        : Template
  Status      : Applied
-------------------------
[Event History]
   Apr 14 15:33:26.272 SUBDB produce done [many]
   Apr 14 15:33:26.400 IPv6 Up [many]
   Apr 14 15:33:26.400 IPv4 Up

Jean-Paul FANDOUX Mon, 04/14/2014 - 19:52
User Badges:

Hello smailmalik

 

FYI, if it can help, all IPv6 addresses are provided by BNG and not by my radius.

So, I've modified as expected:

!
pool vrf default ipv6 POOL_V6_WAN_PPPOE
 prefix-length 64
 prefix-range 2403:200:200:: 2403:200:200:ffff::
!
pool vrf default ipv6 POOL_V6_LAN_PD_PPPOE
 prefix-length 56
 prefix-range 2403:200:300:: 2403:200:3ff:ff00::
!

I remove ipv6 nd managed-config-flag

!

dynamic-template
 type ppp PPPOE_TEMPLATE
  ppp authentication chap pap
  qos output minimum-bandwidth 20
  accounting aaa list default type session
  ipv4 mtu 1492
  ipv4 unnumbered Loopback0
  ipv6 nd other-config-flag
  ipv6 nd framed-prefix-pool POOL_V6_WAN_PPPOE
  ipv6 mtu 1492
  ipv6 enable
  dhcpv6 delegated-prefix-pool POOL_V6_LAN_PD_PPPOE
  multicast ipv4 passive
  igmp query-interval 60
 !

!

But results are desesperately same:

Type         Interface                State     Subscriber IP Addr / Prefix
                                                LNS Address (Vrf)
--------------------------------------------------------------------------------
PPPoE:PTA    BE10.456.pppoe805        AC        113.20.34.11 (default)
                                                2403:200:200:1::/64 (default)

RP/0/RSP0/CPU0:INC-BNG-A#sh subs ses filter interface Bundle-Ether10.456.pppoe805 detail internal
Tue Apr 15 10:48:27.136 UTC
Interface:                Bundle-Ether10.456.pppoe805
Circuit ID:               Unknown
Remote ID:                Unknown
Type:                     PPPoE:PTA
IPv4 State:               Up, Tue Apr 15 10:39:50 2014
IPv4 Address:             113.20.34.11, VRF: default
IPv4 Up helpers:          0x00000020 {PPP}
IPv4 Up requestors:       0x00000020 {PPP}
IPv6 State:               Up, Tue Apr 15 10:39:50 2014
Framed IPv6 Prefix:       2403:200:200:1::/64, VRF: default
IPv6 Interface ID:        .......q (02 e9 08 ff fe ae 90 71)
IPv6 Up helpers:          0x00100020 {PPP,ND}
IPv6 Up requestors:       0x00100020 {PPP,ND}                      <===
Mac Address:              00e9.08ae.9071
Account-Session Id:       00000fe0
Nas-Port:                 167888933
User name:                [email protected]
Outer VLAN ID:            456
Subscriber Label:         0x00000064
Created:                  Tue Apr 15 10:39:45 2014
State:                    Activated
Authentication:           authenticated
Ifhandle:                 0x00002060
Session History ID:       127
Access-interface:         Bundle-Ether10.456
Policy Executed:

  event Session-Start match-all [at Tue Apr 15 10:39:45 2014]
    class type control subscriber PPPOE_CM do-all [Succeeded]
      10 activate dynamic-template PPPOE_TEMPLATE [cerr: No error][aaa: Success]
  event Session-Activate match-all [at Tue Apr 15 10:39:50 2014]
    class type control subscriber PPPOE_CM do-all [Succeeded]
      10 authenticate aaa list default [cerr: No error][aaa: Success]
Session Accounting:
  Acct-Session-Id:          00000fe0
  Method-list:              default
  Accounting started:       Tue Apr 15 10:39:50 2014
  Interim accounting:       Off
    Last successful update: Tue Apr 15 10:39:51 2014
    Last update sent:       Tue Apr 15 10:39:51 2014
    Updates sent:           1
    Updates accepted:       1
    Updates rejected:       0
    Update send failures:   0
Last COA request received: unavailable
User Profile received from AAA:
 Attribute List: 0x500f5cf8
1:  addr-pool       len= 18  value= POOL_PPPOE_V4_YES
2:  primary-dns     len=  4  value= 223.29.160.153
3:  secondary-dns   len=  4  value= 113.20.33.153
4:  netmask         len=  4  value= 255.255.255.255
5:  service-type    len=  4  value= Framed
6:  session-timeout len=  4  value= 86400(15180)
Services:
  Name        : PPPOE_TEMPLATE
  Service-ID  : 0x4000002
  Type        : Template
  Status      : Applied
-------------------------
[Event History]
   Apr 15 10:39:50.144 SUBDB produce done [many]
   Apr 15 10:39:50.144 IPv4 Up
   Apr 15 10:39:50.528 IPv6 Up [many]

 

Any idea ?

Jean-Paul

 

 

smailmilak Tue, 04/15/2014 - 10:39
User Badges:
  • Bronze, 100 points or more

Hi Jean,

 

hmm dhcpv6 is still missing. Can you please do some dhcpv6 debuging?

"debug dhcp ipv6 server all"

If we don't see anything in the debug then the modem is not sending any dhcp solicit messages.

Please note that I am running 4.3.4 and you are probably running 5.1.x.

Not sure if configuration requirements are different between 4.3.x and 5.1.x

 

I have dhcp ipv6 server binding and if you succeed you should have something like this:

Total number of clients: 2
  DUID  : 00010001000694d8a0ec801eed84
  MAC Address: a0ec.801e.ed84
  Client Link Local: fe80::68f4:0:68ea
  Sublabel: 0xe2d60
    IA ID: 0xd5
      STATE: BOUND
      IPv6 Prefix:  2a02:27b0:4400:1e0::/60 (Bundle-Ether12.3102.pppoe20002)
        lifetime  : 3600 secs (01:00:00)
        expiration: 1915 secs (00:31:55)

 

Jean-Paul FANDOUX Tue, 04/15/2014 - 13:04
User Badges:

Hi Smailmalik

My BNG run under XR 5.1.0.

Debugging server provide following output:

RP/0/RSP0/CPU0:Apr 16 03:54:29.939 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP566: dhcpv6_subdb_apply_delprefixpool: poolname = POOL_V6_LAN_PD_PPPOE sublabel = 102
RP/0/RSP0/CPU0:Apr 16 03:54:30.106 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP606: dhcpv6d_get_server_profile: for DHCPV6_LOCAL_SERVER
RP/0/RSP0/CPU0:Apr 16 03:54:30.106 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP607: dhcpv6d_get_server_profile: Returning profile
RP/0/RSP0/CPU0:Apr 16 03:54:31.991 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP566: dhcpv6_subdb_apply_delprefixpool: poolname = POOL_V6_LAN_PD_PPPOE sublabel = 321
RP/0/RSP0/CPU0:Apr 16 03:54:32.154 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP606: dhcpv6d_get_server_profile: for DHCPV6_LOCAL_SERVER
RP/0/RSP0/CPU0:Apr 16 03:54:32.154 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP607: dhcpv6d_get_server_profile: Returning profile
RP/0/RSP0/CPU0:Apr 16 03:54:33.055 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP566: dhcpv6_subdb_apply_delprefixpool: poolname = POOL_V6_LAN_PD_PPPOE sublabel = 103
RP/0/RSP0/CPU0:Apr 16 03:54:33.222 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP606: dhcpv6d_get_server_profile: for DHCPV6_LOCAL_SERVER
RP/0/RSP0/CPU0:Apr 16 03:54:33.222 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP607: dhcpv6d_get_server_profile: Returning profile
RP/0/RSP0/CPU0:Apr 16 03:54:40.499 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP572: dhcpv6d_subdb_read_session_config: sublabel = 103
RP/0/RSP0/CPU0:Apr 16 03:54:40.500 : dhcpv6d[1081]: DHCPV6 SERVER ERROR: TP3692: dhcpv6_daps_alloc_by_pool: DAPS: daps_ipv6_alloc_by_pool: Failed rc='ip-daps' detected the 'warning' condition 'Warning: Invalid arguments passed'

The server seems to receive some solicit, but still no binding:

RP/0/RSP0/CPU0:INC-BNG-A#show   dhcp ipv6 server binding
Wed Apr 16 03:57:04.688 UTC

Summary:
Total number of clients: 0

RP/0/RSP0/CPU0:INC-BNG-A#

sad

 

Jean

smailmilak Tue, 04/15/2014 - 13:21
User Badges:
  • Bronze, 100 points or more

Hi Jean-Paul,

looks like we have an error in the debug

RP/0/RSP0/CPU0:Apr 16 03:54:40.500 : dhcpv6d[1081]: DHCPV6 SERVER ERROR: TP3692: dhcpv6_daps_alloc_by_pool: DAPS: daps_ipv6_alloc_by_pool: Failed rc='ip-daps' detected the 'warning' condition 'Warning: Invalid arguments passed'

I took a look here but there is no similar error on this link. 

http://www.cisco.com/c/en/us/td/docs/ios_xr_sw/iosxr_r4-2/error/messages...

 

Please do a "show pool ipv6" and show me the output.

Also please try with this pool instead of your "POOL_V6_LAN_PD_PPPOE"

pool vrf dualstack ipv6 DS_DELEGATED_POOL
 prefix-length 60
 prefix-range 2a02:27b0:5500:: 2a02:27b0:550f:fff0::

 

Jean-Paul FANDOUX Tue, 04/15/2014 - 14:25
User Badges:

Hello smaimalik

Here are output:

RP/0/RSP0/CPU0:INC-BNG-A#sh pool ipv6
Wed Apr 16 05:10:46.456 UTC

              Allocation Summary
---------------------------------------------------

Used: 1
Excl: 0
Free: 196607
Total: 196608
Utilization: 0%


 Pool Name    Pool ID      VRF      Used    Excl    Free   Total
-----------  ---------  ---------  ------  ------  ------ -------
DS_DELEGATED_POOL     12   dualstack           0      0  65536  65536
POOL_V6_LAN_PD_PPPOE      8     default           0      0  65536  65536
POOL_V6_WAN_PPPOE      7     default           1      0  65535  65536


RP/0/RSP0/CPU0:INC-BNG-A#

I have configutred your ipv6 pool:

!
pool vrf dualstack ipv6 DS_DELEGATED_POOL
 prefix-length 60
 prefix-range 2a02:27b0:5500:: 2a02:27b0:550f:fff0::
!

dynamic-template
 type ppp PPPOE_TEMPLATE
  ppp authentication chap pap
  qos output minimum-bandwidth 20
  accounting aaa list default type session
  ipv4 mtu 1492
  ipv4 unnumbered Loopback0
  ipv6 nd other-config-flag
  ipv6 nd framed-prefix-pool POOL_V6_WAN_PPPOE
  ipv6 mtu 1492
  ipv6 enable
  dhcpv6 delegated-prefix-pool DS_DELEGATED_POOL
  multicast ipv4 passive
  igmp query-interval 60
 !


But no evolution:

RP/0/RSP0/CPU0:Apr 16 05:12:44.785 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP566: dhcpv6_subdb_apply_delprefixpool: poolname = DS_DELEGATED_POOL sublabel = 104
RP/0/RSP0/CPU0:Apr 16 05:12:44.948 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP606: dhcpv6d_get_server_profile: for DHCPV6_LOCAL_SERVER
RP/0/RSP0/CPU0:Apr 16 05:12:44.948 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP607: dhcpv6d_get_server_profile: Returning profile
RP/0/RSP0/CPU0:Apr 16 05:12:47.825 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP566: dhcpv6_subdb_apply_delprefixpool: poolname = DS_DELEGATED_POOL sublabel = 322
RP/0/RSP0/CPU0:Apr 16 05:12:47.991 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP606: dhcpv6d_get_server_profile: for DHCPV6_LOCAL_SERVER
RP/0/RSP0/CPU0:Apr 16 05:12:47.991 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP607: dhcpv6d_get_server_profile: Returning profile
RP/0/RSP0/CPU0:Apr 16 05:12:53.843 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP572: dhcpv6d_subdb_read_session_config: sublabel = 322
RP/0/RSP0/CPU0:Apr 16 05:12:53.844 : dhcpv6d[1081]: DHCPV6 SERVER ERROR: TP3692: dhcpv6_daps_alloc_by_pool: DAPS: daps_ipv6_alloc_by_pool: Failed rc='ip-daps' detected the 'warning' condition 'Warning: Invalid arguments passed'

RP/0/RSP0/CPU0:INC-BNG-A#sh subs ses all
Wed Apr 16 05:17:50.613 UTC
Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated,
       ID - Idle, DN - Disconnecting, ED - End

Type         Interface                State     Subscriber IP Addr / Prefix
                                                LNS Address (Vrf)
--------------------------------------------------------------------------------
PPPoE:PTA    BE10.456.pppoe868        AC        113.20.34.2 (default)
                                                2403:200:200:4::/64 (default)
RP/0/RSP0/CPU0:INC-BNG-A#

Thanks for your help

 

Jean

smailmilak Tue, 04/15/2014 - 23:35
User Badges:
  • Bronze, 100 points or more

Hi Jean-Paul,

 

I see that my pool is in vrf "dualstack". You can remove this

Use just 

pool ipv6 DS_DELEGATED_POOL
 prefix-length 60
 prefix-range 2a02:27b0:5500:: 2a02:27b0:550f:fff0::

Debug pool ipv6 and show subscriber manager disconnect-history

could have more info about this issue.

 

I do not see any big difference between your and mine config. DHCPv6 dhcp server is very similar, except that I am using lease of 1 hour.

Is this BNG already in production for regular PPPoE sessions? If not you can try with 4.3.4 just to see if it's working on this version.

Jean-Paul FANDOUX Wed, 04/16/2014 - 13:26
User Badges:

Hello smailmilak

I activate debug pool ipv6 and dhcp ipv6 (same results):

RP/0/RSP0/CPU0:Apr 17 04:17:15.415 : daps[182]: DAPS INTERNAL: TP792: ipc server IPC_NOTIFY_INPUT_WAITING
RP/0/RSP0/CPU0:Apr 17 04:17:15.415 : daps[182]: DAPS INTERNAL: TP475: Processing allocation request message from client PPP; request 0
RP/0/RSP0/CPU0:Apr 17 04:17:15.415 : daps[182]: DAPS INTERNAL: TP74: GSP message SHADOW-ALLOCATION-NOTIFY with length 172 send to RP called
RP/0/RSP0/CPU0:Apr 17 04:17:15.415 : daps[182]: DAPS INTERNAL: TP538: Checkpt deleted for pool POOL_PPPOE_V4_YES, vrf default, vrf id 0x60000000 (1610612736), address 113.20.34.6, client PPP
RP/0/RSP0/CPU0:Apr 17 04:17:15.415 : daps[182]: DAPS ALLOCATION: TP333: Address 113.20.34.6 freed to proxy DB for pool POOL_PPPOE_V4_YES
RP/0/RSP0/CPU0:Apr 17 04:17:15.415 : daps[182]: DAPS INTERNAL: TP647: Central update shadow count called for vrf default, addr 113.20.34.6
RP/0/RSP0/CPU0:Apr 17 04:17:15.415 : daps[182]: DAPS INTERNAL: TP561: Shadow allocation deleted: pool POOL_PPPOE_V4_YES, vrf default, addr 113.20.34.6
RP/0/RSP0/CPU0:Apr 17 04:17:15.710 : daps[182]: DAPS INTERNAL: TP792: ipc server IPC_NOTIFY_INPUT_WAITING
RP/0/RSP0/CPU0:Apr 17 04:17:15.710 : daps[182]: DAPS INTERNAL: TP475: Processing allocation request message from client IPV6ND; request 0
RP/0/RSP0/CPU0:Apr 17 04:17:15.710 : daps[182]: DAPS INTERNAL: TP74: GSP message SHADOW-ALLOCATION-NOTIFY with length 172 send to RP called
RP/0/RSP0/CPU0:Apr 17 04:17:15.710 : daps[182]: DAPS INTERNAL: TP538: Checkpt deleted for pool POOL_V6_WAN_PPPOE, vrf default, vrf id 0x60000000 (1610612736), address 2403:200:200:a::, client IPV6ND
RP/0/RSP0/CPU0:Apr 17 04:17:15.710 : daps[182]: DAPS ALLOCATION: TP333: Address 2403:200:200:a:: freed to proxy DB for pool POOL_V6_WAN_PPPOE
RP/0/RSP0/CPU0:Apr 17 04:17:15.711 : daps[182]: DAPS INTERNAL: TP647: Central update shadow count called for vrf default, addr 2403:200:200:a::
RP/0/RSP0/CPU0:Apr 17 04:17:15.711 : daps[182]: DAPS INTERNAL: TP561: Shadow allocation deleted: pool POOL_V6_WAN_PPPOE, vrf default, addr 2403:200:200:a::
RP/0/RSP0/CPU0:Apr 17 04:17:19.738 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP566: dhcpv6_subdb_apply_delprefixpool: poolname = DS_DELEGATED_POOL sublabel = 114
RP/0/RSP0/CPU0:Apr 17 04:17:19.905 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP606: dhcpv6d_get_server_profile: for DHCPV6_LOCAL_SERVER
RP/0/RSP0/CPU0:Apr 17 04:17:19.905 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP607: dhcpv6d_get_server_profile: Returning profile
RP/0/RSP0/CPU0:Apr 17 04:17:21.790 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP566: dhcpv6_subdb_apply_delprefixpool: poolname = DS_DELEGATED_POOL sublabel = 266
RP/0/RSP0/CPU0:Apr 17 04:17:21.954 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP606: dhcpv6d_get_server_profile: for DHCPV6_LOCAL_SERVER
RP/0/RSP0/CPU0:Apr 17 04:17:21.954 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP607: dhcpv6d_get_server_profile: Returning profile
RP/0/RSP0/CPU0:Apr 17 04:17:22.778 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP566: dhcpv6_subdb_apply_delprefixpool: poolname = DS_DELEGATED_POOL sublabel = 115
RP/0/RSP0/CPU0:Apr 17 04:17:22.939 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP606: dhcpv6d_get_server_profile: for DHCPV6_LOCAL_SERVER
RP/0/RSP0/CPU0:Apr 17 04:17:22.939 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP607: dhcpv6d_get_server_profile: Returning profile
RP/0/RSP0/CPU0:Apr 17 04:17:26.356 : daps[182]: DAPS INTERNAL: TP792: ipc server IPC_NOTIFY_INPUT_WAITING
RP/0/RSP0/CPU0:Apr 17 04:17:26.356 : daps[182]: DAPS INTERNAL: TP475: Processing allocation request message from client PPP; request 501
RP/0/RSP0/CPU0:Apr 17 04:17:26.357 : daps[182]: DAPS INTERNAL: TP74: GSP message SHADOW-ALLOCATION-NOTIFY with length 172 send to RP called
RP/0/RSP0/CPU0:Apr 17 04:17:26.357 : daps[182]: DAPS INTERNAL: TP537: Checkpt created for pool POOL_PPPOE_V4_YES, vrf default, vrf id 0x60000000 (1610612736), address 113.20.34.9, client PPP
RP/0/RSP0/CPU0:Apr 17 04:17:26.357 : daps[182]: DAPS ALLOCATION: TP288: Address 113.20.34.9 allocated from server DB. Input address = INVALID_ADDRESS, flag = NONE, pool = POOL_PPPOE_V4_YES
RP/0/RSP0/CPU0:Apr 17 04:17:26.357 : daps[182]: DAPS INTERNAL: TP468: Allocation response message for request 501 sent to client PPP with address 113.20.34.9 & result No error
RP/0/RSP0/CPU0:Apr 17 04:17:26.357 : daps[182]: DAPS INTERNAL: TP647: Central update shadow count called for vrf default, addr 113.20.34.9
RP/0/RSP0/CPU0:Apr 17 04:17:26.357 : daps[182]: DAPS INTERNAL: TP559: Shadow allocation created: pool POOL_PPPOE_V4_YES, vrf default, addr 113.20.34.9
RP/0/RSP0/CPU0:Apr 17 04:17:26.357 : daps[182]: DAPS INTERNAL: TP318: Shadow entry created: pool POOL_PPPOE_V4_YES, vrf default, addr 113.20.34.9
RP/0/RSP0/CPU0:Apr 17 04:17:26.384 : daps[182]: DAPS INTERNAL: TP792: ipc server IPC_NOTIFY_INPUT_WAITING
RP/0/RSP0/CPU0:Apr 17 04:17:26.384 : daps[182]: DAPS INTERNAL: TP475: Processing allocation request message from client IPV6ND; request 132
RP/0/RSP0/CPU0:Apr 17 04:17:26.384 : daps[182]: DAPS INTERNAL: TP74: GSP message SHADOW-ALLOCATION-NOTIFY with length 172 send to RP called
RP/0/RSP0/CPU0:Apr 17 04:17:26.385 : daps[182]: DAPS INTERNAL: TP537: Checkpt created for pool POOL_V6_WAN_PPPOE, vrf default, vrf id 0x60000000 (1610612736), address 2403:200:200::, client IPV6ND
RP/0/RSP0/CPU0:Apr 17 04:17:26.385 : daps[182]: DAPS ALLOCATION: TP288: Address 2403:200:200:: allocated from server DB. Input address = INVALID_ADDRESS, flag = NONE, pool = POOL_V6_WAN_PPPOE
RP/0/RSP0/CPU0:Apr 17 04:17:26.385 : daps[182]: DAPS INTERNAL: TP468: Allocation response message for request 132 sent to client IPV6ND with address 2403:200:200:: & result No error
RP/0/RSP0/CPU0:Apr 17 04:17:26.385 : daps[182]: DAPS INTERNAL: TP647: Central update shadow count called for vrf default, addr 2403:200:200::
RP/0/RSP0/CPU0:Apr 17 04:17:26.385 : daps[182]: DAPS INTERNAL: TP559: Shadow allocation created: pool POOL_V6_WAN_PPPOE, vrf default, addr 2403:200:200::
RP/0/RSP0/CPU0:Apr 17 04:17:26.385 : daps[182]: DAPS INTERNAL: TP318: Shadow entry created: pool POOL_V6_WAN_PPPOE, vrf default, addr 2403:200:200::
RP/0/RSP0/CPU0:Apr 17 04:17:29.661 : dhcpv6d[1081]: DHCPV6 SERVER INTERNAL: TP572: dhcpv6d_subdb_read_session_config: sublabel = 115
RP/0/RSP0/CPU0:Apr 17 04:17:29.661 : dhcpv6d[1081]: DHCPV6 SERVER ERROR: TP3692: dhcpv6_daps_alloc_by_pool: DAPS: daps_ipv6_alloc_by_pool: Failed rc='ip-daps' detected the 'warning' condition 'Warning: Invalid arguments passed'

RP/0/RSP0/CPU0:INC-BNG-A#
RP/0/RSP0/CPU0:INC-BNG-A#sh subs ses all
Thu Apr 17 04:18:13.560 UTC
Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated,
       ID - Idle, DN - Disconnecting, ED - End

Type         Interface                State     Subscriber IP Addr / Prefix
                                                LNS Address (Vrf)
--------------------------------------------------------------------------------
PPPoE:PTA    BE10.456.pppoe940        AC        113.20.34.9 (default)
                                                2403:200:200::/64 (default)

 

Can you provider me on your router what should be "show subs ses all" for a dual stack customer ?

about, release 4.3.4,I'll ask my support to download it, in case.

What about 5.1.1

 

Thanks

 

Jean

smailmilak Thu, 04/17/2014 - 01:11
User Badges:
  • Bronze, 100 points or more

Hi,

 

you have it in my previous post that I made two days ago. 

I see that you have ipv6 enable under the access-inteface BE10.456. I think you can remove it. I have only policy-map and bba group. It's needed only on dynamic template.

Here is my debug dhcp ipv6 server all log when client is getting delegated prefix from DHCPv6 server.

 

RP/0/RSP0/CPU0:Apr 17 10:07:55.544 : dhcpv6d[1070]: DHCPV6 SERVER: TP549: dhcpv6_daps_return_by_pool: Success
RP/0/RSP0/CPU0:Apr 17 10:07:56.897 : dhcpv6d[1070]: DHCPV6 SERVER: TP566: dhcpv6_subdb_apply_delprefixpool: poolname = DS_DELEGATED_POOL sublabel = 474612
RP/0/RSP0/CPU0:Apr 17 10:07:56.906 : dhcpv6d[1070]: DHCPV6 SERVER: TP606: dhcpv6d_get_server_profile: for DS_DHCP
RP/0/RSP0/CPU0:Apr 17 10:07:56.906 : dhcpv6d[1070]: DHCPV6 SERVER: TP607: dhcpv6d_get_server_profile: Returning profile
RP/0/RSP0/CPU0:Apr 17 10:07:59.063 : dhcpv6d[1070]: DHCPV6 SERVER: TP572: dhcpv6d_subdb_read_session_config: sublabel = 474612
RP/0/RSP0/CPU0:Apr 17 10:07:59.063 : dhcpv6d[1070]: DHCPV6 SERVER: TP546: dhcpv6_daps_alloc_by_pool: Success
RP/0/RSP0/CPU0:Apr 17 10:07:59.063 : dhcpv6d[1070]: DHCPV6 SERVER: TP544: DAPS: Got prefix/add successfully: prefix: 2a02:27b0:4400:110::
RP/0/RSP0/CPU0:Apr 17 10:07:59.063 : dhcpv6d[1070]: DHCPV6 SERVER: TP545: DAPS: dhcpv6d_enqueue_event: Success

Jean-Paul FANDOUX Thu, 04/17/2014 - 02:41
User Badges:

Hi Smailmilak

 

I'll have a look again on my configuration, and try release 4.3.4.

Thanks for your help and investigations.

Jean-Paul

Jean-Paul FANDOUX Sat, 04/19/2014 - 02:24
User Badges:

Hello smailmilak

Good news, I though my problem seems resolved. The problem was on CPE, as both SLAAC and DHCPv6 has been activated, the CPE don't send 'SOLICIT" for delegated IPv6 subnet.

BTW, My CPE have only link-local as gateway address (bundle Ethernet), so I can only ping connected ipv6 address on BNG from CPE wan Ipv6-address.

Any idea ?

Jean

 

smailmilak Sat, 04/19/2014 - 04:20
User Badges:
  • Bronze, 100 points or more

Good news. I am glad that it is working now!

 

This is why I asked if you have double checked the config on CPE :)

You have the link-local address from the bundle interface and this is good so. There is no way to get GW via DHCPv6, only via SLAAC. You can enter a new link-local on the bundle. 

Something like ipv6 address fe80::bbbb link-local. 

If you can not ping something outside of BNG then it's a routing issue. You have to check

on the next-hop router if you have the Ipv6 prefixes in the ipv6 routing table.

 

You can distribute the Framed and Delegated prefix with redistribute static and route-policy.

For that you have to make a static route pointing to null0.

Something like this:

router static

address-family ipv6 unicast

   2403:200:200::/48 Null0
   2403:200:300::/40 Null0

prefix-set RED_PREFIX_SET
  2403:200:200::/48,

  2403:200:300::/40

route-policy RED_RPL
  if destination in RED_PREFIX_SET then
    pass
  else
    drop
  endif
end-policy

router ospfv3 PPPoEv6
  redistribute static route-policy RED_RPL

or under OSPFv3 with summary-prefix and redistribute subscriber (Double check if summary is good because you could redistribute every customer prefix individually and this is not what you want)

Dimitris Kotsilis Thu, 02/27/2014 - 01:49
User Badges:

Smail,

I am not using ipv6 nd other-config-flag for PPPoE and my CPE has both DNS servers which are configured under dhcp ipv6.

I believe it is upon to the CPE if it will use the O flag or not.

---


I have also realized that ipv6 mtu xxxx command under dynamic-template doesn't work as expected.

The RA towards the CPE always have 1280 as the MTU value, regardless of the configured value.


I have verified it by debugging ipv6 nd packet detail on the ASR9K.

I can't find a relevant bug. Is this a known behavior?

smailmilak Thu, 02/27/2014 - 02:41
User Badges:
  • Bronze, 100 points or more

Yes, that is true. I am just curious if it's working without O flag on your CPE. I have only one vendor and would like to know how others are working.

Dimitris Kotsilis Thu, 02/27/2014 - 02:47
User Badges:

In our case, although we provide CPEs from 3 vendors, it is not forbidden to our customers to use other vendor CPEs from the retail market, so we have decided to enable the O flag in order to be on the safe side.

xthuijs Fri, 02/28/2014 - 06:20
User Badges:
  • Cisco Employee,

hey dimitris,

that v6 nd mtu is CSCun42256.

trying to find a solution for it.


smail, thanks btw for sharing your expertise!!


cheers

xander

Dimitris Kotsilis Fri, 02/28/2014 - 07:30
User Badges:

Thanks Xander,


Since the DDTS is private, I have asked from our local AS engineers to provide us more info about it.

It would be helpful if you could make it public.


As you have already been informed , we are performing tests in order to migrate from ASR1K to ASR9K, so I'll probably come back with other issues/questions...


Cheers,

Dimitris

xthuijs Fri, 02/28/2014 - 07:49
User Badges:
  • Cisco Employee,

hey dimitris, yeah the bug screener hasnt picked up the rne's yet, but it is prett much the description of your issue.


good to hear you're doing 9k bng! very interesting, as you can see there is quite some experience out there already, so lets make it happen


say tassos mentioned abou referencing the template from radius, I dont think it is working,

not sure if it was meant to be supported either, but I am verifying.


xander

Dimitris Kotsilis Fri, 02/28/2014 - 08:33
User Badges:

Alexander Thuijs wrote:


                       


good to hear you're doing 9k bng! very interesting, as you can see there is quite some experience out there already, so lets make it happen



                   


As you now from the past, the real ASR9K bng stress tests will be performed by us, so beware! Hard times are coming...


Alexander Thuijs wrote:


                       


say tassos mentioned abou referencing the template from radius, I dont think it is working,

not sure if it was meant to be supported either, but I am verifying.


xander


                   

VPDN Template is not suppose to be working via radius, based on the documentation.

We have to find a way to apply it somehow, either by supporting the av-pair or by another way (?).


Hope you are having a pleasant flight

xthuijs Mon, 03/03/2014 - 02:29
User Badges:
  • Cisco Employee,

hi dimitris,

got confirmation, that this -template is supposed to be working.

If not, I would collect the relevant debugging from radius, and vpdn and open a tac case for this. We may need to file a bug with that debugging info collected.


Also, this is a list of vpdn atts that we support :


Following Un-tagged attributes supported


vpdn-template

vpn-id

vpn-vrf

tunnel-tos-reflect

tunnel-tos-setting

l2tp-clid-mask-method

ip-address-limits

tunnel-preference

ip-addresses

l2tp-tunnel-authen

l2tp-hello-interval

l2tp-cm-local-window-size

l2tp-init-retransmit-retries

l2tp-nosession-timeout



Following are tagged attributes supported.


l2tp-tunnel-password

tunnel-password

tunnel-server-endpoint (Tunnel-Server-Endpoint)

tunnel-id (Tunnel-Client-Auth-ID)

gw-name (Tunnel-Server-Auth-ID)

vpdn-group (Tunnel-Assignment-Id)

tunnel-client-endpoint (Tunnel-Client-Endpoint)

source-ip

tunnel-medium-type (Tunnel-Medium-Type)

tunnel-type (Tunnel-Type)


cheers!

xander

xthuijs Tue, 03/04/2014 - 06:41
User Badges:
  • Cisco Employee,

Dimitris: for the ipv6 mtu problem, I may need some additional information from your setup.

A local repro shows things ok, it seems, so we need to verify the programming of the subscriber context from your problematic setup.


Can I ask if you can open a TAC case, reference the DDTS

CSCun42256, capture the ipv6 nd packet from the debugs showing that issue and the

show im database detail interface bundle-ether<subscriber interface>

show ipv6 interface  Bundle-Ether100.2.ip29


yhanks!

xander

Dimitris Kotsilis Tue, 03/04/2014 - 08:08
User Badges:

Hi Xander,

Alexander Thuijs wrote:


                       


Dimitris: for the ipv6 mtu problem, I may need some additional information from your setup.

A local repro shows things ok, it seems, so we need to verify the programming of the subscriber context from your problematic setup.


Can I ask if you can open a TAC case, reference the DDTS

CSCun42256, capture the ipv6 nd packet from the debugs showing that issue and the

show im database detail interface bundle-ether<subscriber interface>

show ipv6 interface  Bundle-Ether100.2.ip29


yhanks!

xander


                   

The command outputs are showing the configured IPv6 MTU value, but the reality is different.

The ASR9K sends 1280 as the IPv6 MTU value.


I have opened SR629375569 regarding this issue. You can find the relevant outputs in the case.


Thanks,

Dimitris

xthuijs Tue, 03/04/2014 - 08:41
User Badges:
  • Cisco Employee,

thanks dimitris! I connected with the tac eng also and this info provided is useful

to continue with.

We'll keep you informed via the tac case.


thanks

xander

Actions

This Document