[j-nsp] Broken IPv6 prefix delegation on SRX (12.1X46)

Chris Woodfield rekoil at semihuman.com
Tue Dec 24 12:30:14 EST 2013


I just got an SRX210 at home , running 12.1X46-D10.2, that I’m trying to set up to mirror the current config I have with an Airport Extreme connected to Comcast (DHCP v4/v6, V4 NAT, v6 prefix delegation sending a /64 to my home network).

My DHCP client interface config looks like so. The “update-router-advertisement” statement instructs the SRX to assign a network from the received delegated block to the designated interface.

unit 0 {
    family inet {
    family inet6 {
        dhcpv6-client {
            client-type statefull;
            client-ia-type ia-pd;
            client-ia-type ia-na;
            update-router-advertisement {
                interface ge-0/0/0.0;
            client-identifier duid-type duid-ll;
            retransmission-attempt 6;

Here’s the received /64 prefix delegation from Comcast, all is good there (except I don’t get a default route, I have to configure that manually):

admin at CAW-SRX210-HOME> show dhcpv6 client binding 

IP/prefix                       Expires     State      ClientType    Interface       Client DUID
2001:558:6045:fa:5df1:a3de:e3f5:66f8/128 335428 BOUND  STATEFULL     fe-0/0/7.0      LL0x3-28:8a:1c:d2:ab:07
2601:9:7b80:16d::/64            335428      BOUND      STATEFULL     fe-0/0/7.0      LL0x3-28:8a:1c:d2:ab:07

But on ge-0/0/0, I see this:

    Protocol inet6, MTU: 1500
      Flags: None
      Addresses, Flags: Is-Preferred Is-Primary
        Destination: 2601:9:7b80:16d:1::/80, Local: 2601:9:7b80:16d:1::1

My presumption here is that the SRX is helpfully presuming that you’ll want to split the prefix received into multiple routed subnets, so it automatically assigns 16-bit-smaller prefixes to LAN interfaces. However, this results in RAs being sent with the /80 prefix length, which clients naturally drop on the floor. 

Anyone know of a knob to control the size of the prefix that gets passed through to my LAN interface? If not, can I set up a ULA block here that serves to bootstrap clients so they can reach a DHCPv6 server? 



More information about the juniper-nsp mailing list