CDRouter Support

IPv6 Stateless Addressing with Prefix Delegation

knowledge-base version 11.1

This article describes how to configure CDRouter to support a CPE device that uses DHCPv6 Prefix Delegation to derive both its LAN side subnet prefix(es) as well as its global WAN interface address.

This is a popular deployment strategy that permits the service provider to use a single aggregate route for all traffic being forwarded to the CPE device and its descendant networks.

Problem

In IPv6 deployments that use DHCPv6 Prefix Delegation, the prefix assigned to the CPE’s WAN link is not normally permitted to overlap with the IA_PD prefix delegated to it for use on its LAN interface(s). This is prohibited by Sec 12.1 of the DHCPv6 Prefix Delegation specification (RFC 3633):

12.1. - Requesting router behavior
Upon the receipt of a valid Reply message, for each IA_PD the requesting router assigns a subnet from each of the delegated prefixes to each of the links to which the associated interfaces are attached, with the following exception: the requesting router MUST NOT assign any delegated prefixes or subnets from the delegated prefix(es) to the link through which it received the DHCP message from the delegating router.

The result of this restriction is that service providers may require one routing table entry to reach the CPE device and a separate route to reach the networks behind it.

CDRouter’s config file enforces this restriction, requiring that the IPv6 addresses assigned to the DUT’s WAN link do not overlap with the delegated prefix:

testvar  ipv6WanMode                    autoconf
testvar  ipv6WanIspIp                   3001::1
testvar  ipv6WanIspAssignIp             3001::2
testvar  ipv6WanIspPrefixLen            64

testvar  dhcpv6WanEnablePD              yes
testvar  dhcpv6WanEnablePDExclude       no
testvar  dhcpv6WanAssignPrefix          3001:dddd::
testvar  dhcpv6WanAssignPrefixLen       48

In DHCPv6 configurations involving one or more intermediate routers (such as a CMTS), neither the DUT’s nor CDRouter’s WAN link addresses may overlap with the delegated prefix:

testvar  ipv6WanMode                    autoconf
testvar  ipv6WanIspIp                   3002::1
testvar  ipv6WanIspGateway              3002::2
testvar  ipv6WanIspPrefixLen            64

testvar  ipv6WanIspAssignIp             3001::2
testvar  ipv6WanAssignPrefixLen         64

testvar  dhcpv6WanEnablePD              yes
testvar  dhcpv6WanEnablePDExclude       no
testvar  dhcpv6WanAssignPrefix          3001:dddd::
testvar  dhcpv6WanAssignPrefixLen       48

CDRouter will raise a configuration error and refuse to run any test package if any of these prefixes overlap with one another.

Solution

The addition of the DHCPv6 Prefix Exclude Option in RFC 6603 makes an exception to this rule, allowing the CPE device to request the DHCPv6 server to explicitly assign a subnet from the delegated prefix for the CPE for use on its WAN link.

Support for the Prefix Exclude option is enabled in CDRouter by the dhcpv6WanEnablePDExclude testvar.

When this testvar is set to “yes”, CDRouter’s DHCPv6 server will return a Prefix Exclude option to the DUT containing the prefix formed by combining the ipv6WanIspAssignIp and ipv6WanIspPrefixLen testvars.

In this case, the IPv6 address assigned to the DUT’s WAN link must be a subnet of the delegated prefix, or CDRouter will raise a configuration error.

testvar  ipv6WanMode                    autoconf
testvar  ipv6WanIspIp                   3001:dddd:ffff::1
testvar  ipv6WanIspAssignIp             3001:dddd:ffff::2
testvar  ipv6WanIspPrefixLen            64

testvar  dhcpv6WanEnablePD              yes
testvar  dhcpv6WanEnablePDExclude       yes
testvar  dhcpv6WanAssignPrefix          3001:dddd::
testvar  dhcpv6WanAssignPrefixLen       48

In DHCPv6 configurations involving one or more intermediate routers (such as a CMTS), only the DUT’s address is allowed to be a subnet of the delegated prefix. CDRouter’s WAN link addresses must be defined in a separate prefix:

testvar  ipv6WanMode                    autoconf
testvar  ipv6WanIspIp                   3002::1
testvar  ipv6WanIspGateway              3002::2
testvar  ipv6WanIspPrefixLen            64

testvar  ipv6WanIspAssignIp             3001:dddd:ffff::2
testvar  ipv6WanAssignPrefixLen         64

testvar  dhcpv6WanEnablePD              yes
testvar  dhcpv6WanEnablePDExclude       yes
testvar  dhcpv6WanAssignPrefix          3001:dddd::
testvar  dhcpv6WanAssignPrefixLen       48

Caveats

Note that the DHCPv6 server will only send the Prefix Exclude option if the DUT explicitly requests it in a Solicit or Request message.

It is also important to understand that the Prefix Exclude option only assigns a prefix to the DUT’s WAN link. The DUT must still obtain its full IPv6 WAN address using SLAAC (Stateless Address Autoconfiguration) or by including an IA_NA address option in its DHCPv6 request.

Unfortunately, some implementations in deployed networks do not fully conform to the IETF standards and will “self-assign” a subnet prefix from the delegated prefix without requesting the Prefix Exclude option or using SLAAC/DHCPv6 to obtain an address. This makes it difficult to configure CDRouter with the correct WAN settings since the DUT is usually pre-programmed to choose an arbitrary subnet prefix and address.

Workaround

In order to properly configure CDRouter to test devices that “self-assign” without the Prefix Exclude option, you must determine ahead of time which subnet prefix and host address the DUT will select for itself.

One way to determine this information is to monitor the DUT’s behavior on the WAN after it receives the delegated prefix from the DHCPv6 server.

Before committing to an IPv6 address, the DUT should perform Duplicate Address Detection (DAD) by sending a Neighbor Solicitation for the IPv6 address it wishes to use on the WAN link. Once this address is known, CDRouter’s ipv6WanIspAssignIp testvar should be set to this address, and ipv6WanIspIp should be set to an address in the same subnet prefix.

Note that this technique will only work when CDRouter’s WAN interface is directly connected to the DUT and able to monitor the DUT’s local WAN link. In DOCSIS or other environments where passive monitoring of network traffic is not possible, you will need to find another means to determine the DUT’s selection algorithm or contact the device’s manufacturer.

Contents

×

About CDRouter

CDRouter is made by QA Cafe, a technology company based in Portsmouth, NH.

Get in touch via our Contact page or by following us on your favorite service: