[j-nsp] Subscriber DHCPv6 lease time for IA_NA from Radius Server

Sebastian Wiesinger sebastian at karotte.org
Wed Mar 11 06:29:41 EDT 2020 

Hi,

I'm currently testing IPv6 subscriber termination (PPP/L2TP) on an
MX204 (18.4R2) and I have a bit of a problem with DHCPv6 IA_NA address
allocation.

By default the lease time for the address is one day (86400 seconds)
when the address is received by Radius.

The Cisco CPE configures this address on the Dialer interface which
does not go down when the PPP session is cleared. So the address stays
there for a day at least which is suboptimal.

We want to reduce the lease time so that it is detected sooner that
the address is invalid and can be released / reused.

The only way to change this behaviour seems to be setting the
'asymmetric-lease-time' option in the dhcpv6 group overrides. I set it
to 600 seconds which works as expected (address has a lifetime of 600
seconds) BUT the MX does not respond to rebind queries from the
client. So the address times out and the client has to solicit the
address again.

Traceoptions seem to indicate that the packet is handled in an special
way because of the asymmetric lease time:

Mar 11 10:58:56.881706 [MSTR][DEBUG] dhcpv6_packet_new: PACKET - Allocated new v6 packet 0xa176480
Mar 11 10:58:56.881749 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603] >>>>>>>>>> Decode message from == fe80::12f3:11ff:fe81:18fe/546 <<<<<<<<<<
Mar 11 10:58:56.881760 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603] --[ msgtype == DHCPV6-REBIND ]--------------------------
Mar 11 10:58:56.881769 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603] --[ len == 76 ]--
Mar 11 10:58:56.881778 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603] --[ xid == e72bcf ]--
Mar 11 10:58:56.881787 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603] --[ Internally Unsupported Option
Mar 11 10:58:56.881799 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603]       OPTION code   8, len   2, data 00 00 ]--
Mar 11 10:58:56.881808 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603] --[ OPTION_CLIENTID
Mar 11 10:58:56.881820 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603]       OPTION code   1, len  10, data 00 03 00 01 10 f3 11 81 18 fe ]--
Mar 11 10:58:56.881829 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603] --[ OPTION_OPT_REQ
Mar 11 10:58:56.881839 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603]       OPTION code   6, len   4, data 00 17 00 18 ]--
Mar 11 10:58:56.881848 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603] --[ OPTION_IA_NA
Mar 11 10:58:56.881856 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603]       OPTION code   3, len  40, iaid 1114113, T1 0, T2 0 ]--
Mar 11 10:58:56.881866 [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603] dhcpv6_option_parse:     Parsing suboptions of OPTION_IA_NA - Start
Mar 11 10:58:56.881875 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603] --[ OPTION_IAADDR
Mar 11 10:58:56.881885 [MSTR][INFO] [default:default][SVR][INET6][si-0/0/0.3221225603]         OPTION code   5, len  24, pre-ltime 600, valid-ltime 600, addr 2001:db8:8:1d::1, data NULL ]--
Mar 11 10:58:56.881895 [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603] dhcpv6_option_parse:     Parsing suboptions of OPTION_IA_NA - Done
Mar 11 10:58:56.881905 [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603] dhcpv6_packet_decode: dhcpv6 pkt parsing - End
Mar 11 10:58:56.881914 [MSTR][DEBUG] dhcpv6_packet_handle: ALQ: LQ update skipped - Not expected
Mar 11 10:58:56.881926 [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603] jdhcpd_v6_short_lease_recv_check: Checking packet safd for short lease requirement
Mar 11 10:58:56.881935 [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603] jdhcpd_v6_short_lease_recv_check: Packet safd has short lease configuration call short lease handler
Mar 11 10:58:56.881952 [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603] jdhcpd_v6_short_lease_recv_check: Packet converted returning to sender
Mar 11 10:58:56.881987 [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603] jdhcpd_v6_short_lease_recv_check: Short lease refreshed
Mar 11 10:58:56.881997 [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603] dhcpv6_packet_handle: Short lease processing has consumed this packet
Mar 11 10:58:56.882008 [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603] dhcpv6_packet_handle: leasequeryreply No, retries 0
Mar 11 10:58:56.882016 [MSTR][DEBUG] dhcpv6_packet_free: PACKET - Freeing v6 packet 0xa176480

The trace says "Short lease refreshed" but no reply is sent to the
client. Any idea how this can be solved? It seems one can only
configure lease times when using a IPv6 pool, but we use addresses
configured from Radius.

Config looks like this:

# show system services dhcp-local-server 
dhcpv6 {
    group lns-dhcpv6 {
        overrides {
            rapid-commit;
            asymmetric-lease-time 600;
            asymmetric-prefix-lease-time 600;
        }
        interface si-0/0/0.0;
        interface si-0/1/0.0;
    }
}

Radius has:

Framed-IPv6-Prefix = "2001:db8:8:1d::1/128"

And Cisco CPE uses this:

interface Dialer7
 mtu 1448
 ip address negotiated
 ip virtual-reassembly in
 encapsulation ppp
 load-interval 30
 dialer pool 7
 no cdp enable
 ipv6 address dhcp rapid-commit
 ipv6 enable
 no ipv6 redirects
 ppp authentication chap callin
 ppp chap hostname ********
 ppp chap password 0 ******
 ppp pap refuse
!

Best Regards

Sebastian

-- 
GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
            -- Terry Pratchett, The Fifth Elephant

More information about the juniper-nsp mailing list