[j-nsp] DHCPv6 client on SRX210 - IPv6 forwarding breaks at lease expiration

Julien Goodwin jgoodwin at studio442.com.au
Sun Aug 2 00:34:16 EDT 2015


On 02/08/15 02:28, Chris Woodfield wrote:
> TL;DR: IPv6 forwarding breaks when my DHCPv6 client lease expires, even though CLI output claims it’s been renewed.
>
> I have an SRX210 as my home gateway, running 12.1X46-D35.1. This is running dual stack to Comcast, receiving a /56 DHCPv6 delegation and RA’ing a /64 to my home LAN.
>
> I’ve noticed that after the 4-day lease time expires, I can no longer route IPv6; my outbound trace routes break at the device, like so:
>
> admin at CAW-SRX210-HOME> traceroute 2a03:2880:2130:cf05:face:b00c::1
> traceroute6 to 2a03:2880:2130:cf05:face:b00c::1 (2a03:2880:2130:cf05:face:b00c:0:1) from 2001:558:600a:5a:38f8:139:bba0:e7bb, 64 hops max, 12 byte packets
> traceroute: sendto: No route to host
>   1 traceroute6: wrote 2a03:2880:2130:cf05:face:b00c::1 12 chars, ret=-1
> ^C
>
> This is true despite a default ::/0 route in table going to the right place (confirmed via "show route table inet6" and “show ipv6 nd” to verify route->link address->MAC association.
>
> The fix is apparently to clear and renew the DHCPv6 client binding, via "clear dhcpv6 client binding interface <int>” then
> "request system dhcvp6 client renew interface <int>”. IPv6 packets immediately start flowing again :)
>
> I’ve confirmed (via "show dhcpv6 client binding") bindings are identical before and after the clear/renew, as well as the next-hop for ::/0.
>
> This clearly seems buggy to me; has anyone else noticed this issue? Anyone know if this is a known issue (or even better, fixed in 12.1X47 or 12.3X48 releases)? Any additional diags I should run next Wednesday morning when this happens again?

I have a related bug in 12.3X48-D10.3 that I kept meaning to post about. 
Every now and again (once every few weeks) the dhcpv6 client will simply 
expire and not attempt to renew, "request ... renew ..." works fine. No 
obvious log messages go with it, although I haven't enabled tracing.


More information about the juniper-nsp mailing list