[j-nsp] Broken IPv6 prefix delegation on SRX (12.1X46)
Chris Woodfield
rekoil at semihuman.com
Tue Dec 24 12:30:14 EST 2013
Hi,
I just got an SRX210 at home , running 12.1X46-D10.2, that I’m trying to set up to mirror the current config I have with an Airport Extreme connected to Comcast (DHCP v4/v6, V4 NAT, v6 prefix delegation sending a /64 to my home network).
My DHCP client interface config looks like so. The “update-router-advertisement” statement instructs the SRX to assign a network from the received delegated block to the designated interface.
unit 0 {
family inet {
dhcp-client;
}
family inet6 {
dhcpv6-client {
client-type statefull;
client-ia-type ia-pd;
client-ia-type ia-na;
update-router-advertisement {
interface ge-0/0/0.0;
}
client-identifier duid-type duid-ll;
update-server;
retransmission-attempt 6;
}
}
}
Here’s the received /64 prefix delegation from Comcast, all is good there (except I don’t get a default route, I have to configure that manually):
admin at CAW-SRX210-HOME> show dhcpv6 client binding
IP/prefix Expires State ClientType Interface Client DUID
2001:558:6045:fa:5df1:a3de:e3f5:66f8/128 335428 BOUND STATEFULL fe-0/0/7.0 LL0x3-28:8a:1c:d2:ab:07
2601:9:7b80:16d::/64 335428 BOUND STATEFULL fe-0/0/7.0 LL0x3-28:8a:1c:d2:ab:07
But on ge-0/0/0, I see this:
Protocol inet6, MTU: 1500
Flags: None
Addresses, Flags: Is-Preferred Is-Primary
Destination: 2601:9:7b80:16d:1::/80, Local: 2601:9:7b80:16d:1::1
My presumption here is that the SRX is helpfully presuming that you’ll want to split the prefix received into multiple routed subnets, so it automatically assigns 16-bit-smaller prefixes to LAN interfaces. However, this results in RAs being sent with the /80 prefix length, which clients naturally drop on the floor.
Anyone know of a knob to control the size of the prefix that gets passed through to my LAN interface? If not, can I set up a ULA block here that serves to bootstrap clients so they can reach a DHCPv6 server?
Thanks,
-C
More information about the juniper-nsp
mailing list