[j-nsp] Subscriber DHCPv6 lease time for IA_NA from Radius Server

Wojciech Janiszewski wojciech.janiszewski at gmail.com
Wed Mar 11 06:42:31 EDT 2020 

Hi Sebastian,

If I remember correctly, DHCP Lease Time can be adjusted by using Radius
Session-Timeout attribute.

Regards,
Wojciech

śr., 11 mar 2020 o 11:32 Sebastian Wiesinger <sebastian at karotte.org>
napisał(a):

> Hi,
>
> I'm currently testing IPv6 subscriber termination (PPP/L2TP) on an
> MX204 (18.4R2) and I have a bit of a problem with DHCPv6 IA_NA address
> allocation.
>
> By default the lease time for the address is one day (86400 seconds)
> when the address is received by Radius.
>
> The Cisco CPE configures this address on the Dialer interface which
> does not go down when the PPP session is cleared. So the address stays
> there for a day at least which is suboptimal.
>
> We want to reduce the lease time so that it is detected sooner that
> the address is invalid and can be released / reused.
>
> The only way to change this behaviour seems to be setting the
> 'asymmetric-lease-time' option in the dhcpv6 group overrides. I set it
> to 600 seconds which works as expected (address has a lifetime of 600
> seconds) BUT the MX does not respond to rebind queries from the
> client. So the address times out and the client has to solicit the
> address again.
>
> Traceoptions seem to indicate that the packet is handled in an special
> way because of the asymmetric lease time:
>
> Mar 11 10:58:56.881706 [MSTR][DEBUG] dhcpv6_packet_new: PACKET - Allocated
> new v6 packet 0xa176480
> Mar 11 10:58:56.881749 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603] >>>>>>>>>> Decode
> message from == fe80::12f3:11ff:fe81:18fe/546 <<<<<<<<<<
> Mar 11 10:58:56.881760 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603] --[ msgtype ==
> DHCPV6-REBIND ]--------------------------
> Mar 11 10:58:56.881769 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603] --[ len == 76 ]--
> Mar 11 10:58:56.881778 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603] --[ xid == e72bcf ]--
> Mar 11 10:58:56.881787 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603] --[ Internally
> Unsupported Option
> Mar 11 10:58:56.881799 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603]       OPTION code   8,
> len   2, data 00 00 ]--
> Mar 11 10:58:56.881808 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603] --[ OPTION_CLIENTID
> Mar 11 10:58:56.881820 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603]       OPTION code   1,
> len  10, data 00 03 00 01 10 f3 11 81 18 fe ]--
> Mar 11 10:58:56.881829 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603] --[ OPTION_OPT_REQ
> Mar 11 10:58:56.881839 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603]       OPTION code   6,
> len   4, data 00 17 00 18 ]--
> Mar 11 10:58:56.881848 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603] --[ OPTION_IA_NA
> Mar 11 10:58:56.881856 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603]       OPTION code   3,
> len  40, iaid 1114113, T1 0, T2 0 ]--
> Mar 11 10:58:56.881866
> [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603]
> dhcpv6_option_parse:     Parsing suboptions of OPTION_IA_NA - Start
> Mar 11 10:58:56.881875 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603] --[ OPTION_IAADDR
> Mar 11 10:58:56.881885 [MSTR][INFO]
> [default:default][SVR][INET6][si-0/0/0.3221225603]         OPTION code   5,
> len  24, pre-ltime 600, valid-ltime 600, addr 2001:db8:8:1d::1, data NULL
> ]--
> Mar 11 10:58:56.881895
> [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603]
> dhcpv6_option_parse:     Parsing suboptions of OPTION_IA_NA - Done
> Mar 11 10:58:56.881905
> [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603]
> dhcpv6_packet_decode: dhcpv6 pkt parsing - End
> Mar 11 10:58:56.881914 [MSTR][DEBUG] dhcpv6_packet_handle: ALQ: LQ update
> skipped - Not expected
> Mar 11 10:58:56.881926
> [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603]
> jdhcpd_v6_short_lease_recv_check: Checking packet safd for short lease
> requirement
> Mar 11 10:58:56.881935
> [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603]
> jdhcpd_v6_short_lease_recv_check: Packet safd has short lease configuration
> call short lease handler
> Mar 11 10:58:56.881952
> [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603]
> jdhcpd_v6_short_lease_recv_check: Packet converted returning to sender
> Mar 11 10:58:56.881987
> [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603]
> jdhcpd_v6_short_lease_recv_check: Short lease refreshed
> Mar 11 10:58:56.881997
> [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603]
> dhcpv6_packet_handle: Short lease processing has consumed this packet
> Mar 11 10:58:56.882008
> [MSTR][DEBUG][default:default][SVR][INET6][si-0/0/0.3221225603]
> dhcpv6_packet_handle: leasequeryreply No, retries 0
> Mar 11 10:58:56.882016 [MSTR][DEBUG] dhcpv6_packet_free: PACKET - Freeing
> v6 packet 0xa176480
>
> The trace says "Short lease refreshed" but no reply is sent to the
> client. Any idea how this can be solved? It seems one can only
> configure lease times when using a IPv6 pool, but we use addresses
> configured from Radius.
>
> Config looks like this:
>
> # show system services dhcp-local-server
> dhcpv6 {
>     group lns-dhcpv6 {
>         overrides {
>             rapid-commit;
>             asymmetric-lease-time 600;
>             asymmetric-prefix-lease-time 600;
>         }
>         interface si-0/0/0.0;
>         interface si-0/1/0.0;
>     }
> }
>
> Radius has:
>
> Framed-IPv6-Prefix = "2001:db8:8:1d::1/128"
>
> And Cisco CPE uses this:
>
> interface Dialer7
>  mtu 1448
>  ip address negotiated
>  ip virtual-reassembly in
>  encapsulation ppp
>  load-interval 30
>  dialer pool 7
>  no cdp enable
>  ipv6 address dhcp rapid-commit
>  ipv6 enable
>  no ipv6 redirects
>  ppp authentication chap callin
>  ppp chap hostname ********
>  ppp chap password 0 ******
>  ppp pap refuse
> !
>
> Best Regards
>
> Sebastian
>
> --
> GPG Key: 0x58A2D94A93A0B9CE (F4F6 B1A3 866B 26E9 450A  9D82 58A2 D94A 93A0
> B9CE)
> 'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE
> SCYTHE.
>             -- Terry Pratchett, The Fifth Elephant
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list