subject:"RE\: IPv6 Prefix Delegation to customers."

Re: IPv6 Prefix Delegation to customers.

2020-01-17 Thread Steven Karp

Brandon,

Juniper routers also snoop on via the built-in DHCP relay for the prefix 
delegation (PD).   The PD routes are inserted into the routing table as 
"access" routes with a next-hop of the WAN DHCP lease address for the CPE.  I 
normally configure all this in a BGP signaled L3VPN that automatically 
propagates these "access" routes to the routers through my MPLS network.  To 
link the PD pool of /48 prefixes to the right PE-CE access subnet, you create a 
shared-subnet in the DHCPv6 server that includes the /48 prefixes and the WAN 
prefix.

forwarding-options {
dhcp-relay {
dhcpv6 {
overrides {
allow-snooped-clients;
}
group group1 {
active-server-group server-group1;
relay-agent-interface-id {
use-option-82;
}
interface ae0.10;
}
server-group {
server-group1 {
   /* Central DHCPv6 servers */
2603:0:0:100::5;
2603:0:0:101::5;
}
}
}
forward-only;
server-group {
server-group1 {
10.10.10.11;
10.10.11.11;
}
}
group group1 {
active-server-group server-group1;
overrides {
allow-snooped-clients;
layer2-unicast-replies;
trust-option-82;
}
   /* I only enable route-suppression of access routes for IPv4 */
route-suppression {
access-internal;
}
interface ae0.10;
}
}
}


-Steven

On 1/16/20, 11:00 AM, "NANOG on behalf of Jared Mauch" 
 wrote:

Arista/Cisco have commands like this:

ipv6 dhcp relay install routes

You place on the interface to make this happen.

- Jared


> On Jan 16, 2020, at 11:27 AM, Chris Gross  
wrote:
> 
> In my environment I’ve been running Kea dhcp6 against Ciscos of varying 
platform (7600, ASR920, etc) and just them as a relay. In this case, the Cisco 
itself is installing a route as it snoops the relay action automatically. This 
was one of the harder things to wrap my head around before just slapping it in 
to see what happened and bam, routes. Router gets a WAN IP from the loopback 
via DHCPv6 as well, then gets PD assigned after.
> 
> interface Loopback10
> vrf forwarding CGNAT
> no ip address
> ipv6 address 2001:DB8::1/64
> !
> interface Vlan
> vrf forwarding CGNAT
> ip address 100.64.Y.Z 255.255.252.0
> ip helper-address global 10.0.Y.Z
> ip helper-address global 10.0.Y.Z
> ip flow ingress
> load-interval 30
> ipv6 address FE80::1 link-local
> ipv6 enable
> ipv6 nd router-preference High
> ipv6 dhcp relay destination 2001:DB8:0:A::BEEF source-address 
2001:DB8:YZ01::1
> ipv6 dhcp relay destination 2001:DB8:0:B::BEEF source-address 
2001:DB8:YZ01::1
> 
> S   2001:DB8:YZ00:3F00::/56 [1/0]
>  via FE80::4665:7FFF:FE14:EDC2, Vlan
>  
> Chris Gross
> Network Architect
>  
> From: NANOG  On Behalf Of Brandon Price
> Sent: Wednesday, January 15, 2020 9:01 PM
> To: nanog list 
> Subject: IPv6 Prefix Delegation to customers.
>  
> CAUTION: This email originated from outside NineStar Connect. Do not 
click links or open attachments unless you recognize the sender and know that 
the content is safe. If you have any concerns, click here to open a ticket with 
the NetAdmin team.
>  
>  
> Hey Nanog,
>  
> I am in the process of building out a FTTH proof of concept, and I would 
really like to offer each of my customers a /48 of IPv6.
> I’ve been able to announce my /32 to my upstreams, dual-stack all of my 
internal infrastructure no-problem, build v6 recursive name servers, etc.
> This was fairly straight-forward.
>  
> Where I am struggling is the Prefix Delegation part. How are most folks 
getting the PD subnets into their IGPs? In my environment I don’t run the DHCP 
server process on the router that is directly connected to the clients. I have 
seen documentation that cisco and juniper DHCPv6 processes are smart enough to 
insert that prefix into the routing table when they hand it out, but how is 
this handled in an environment with a central DHCP server? I do not currently 
run any PPPOE in my environment and I don’t use RADIUS for the subscriber 
management. I would really just like to stick to DHCP ideally.
>  
> If anyone has any pointers, I would appreciate it.
>  
> Brandon Price
> Senior Network Engineer
> City of Sherwood, Sherwood Broadband
> Desk: 503.625.4258
> Cell: 971.979.2182
>  
> This email may contain confidential information or privileged material 
and is intended for use solely by the above

Re: IPv6 Prefix Delegation to customers.

2020-01-16 Thread Jared Mauch

Arista/Cisco have commands like this:

ipv6 dhcp relay install routes

You place on the interface to make this happen.

- Jared


> On Jan 16, 2020, at 11:27 AM, Chris Gross  wrote:
> 
> In my environment I’ve been running Kea dhcp6 against Ciscos of varying 
> platform (7600, ASR920, etc) and just them as a relay. In this case, the 
> Cisco itself is installing a route as it snoops the relay action 
> automatically. This was one of the harder things to wrap my head around 
> before just slapping it in to see what happened and bam, routes. Router gets 
> a WAN IP from the loopback via DHCPv6 as well, then gets PD assigned after.
> 
> interface Loopback10
> vrf forwarding CGNAT
> no ip address
> ipv6 address 2001:DB8::1/64
> !
> interface Vlan
> vrf forwarding CGNAT
> ip address 100.64.Y.Z 255.255.252.0
> ip helper-address global 10.0.Y.Z
> ip helper-address global 10.0.Y.Z
> ip flow ingress
> load-interval 30
> ipv6 address FE80::1 link-local
> ipv6 enable
> ipv6 nd router-preference High
> ipv6 dhcp relay destination 2001:DB8:0:A::BEEF source-address 2001:DB8:YZ01::1
> ipv6 dhcp relay destination 2001:DB8:0:B::BEEF source-address 2001:DB8:YZ01::1
> 
> S   2001:DB8:YZ00:3F00::/56 [1/0]
>  via FE80::4665:7FFF:FE14:EDC2, Vlan
>  
> Chris Gross
> Network Architect
>  
> From: NANOG  On Behalf Of Brandon Price
> Sent: Wednesday, January 15, 2020 9:01 PM
> To: nanog list 
> Subject: IPv6 Prefix Delegation to customers.
>  
> CAUTION: This email originated from outside NineStar Connect. Do not click 
> links or open attachments unless you recognize the sender and know that the 
> content is safe. If you have any concerns, click here to open a ticket with 
> the NetAdmin team.
>  
>  
> Hey Nanog,
>  
> I am in the process of building out a FTTH proof of concept, and I would 
> really like to offer each of my customers a /48 of IPv6.
> I’ve been able to announce my /32 to my upstreams, dual-stack all of my 
> internal infrastructure no-problem, build v6 recursive name servers, etc.
> This was fairly straight-forward.
>  
> Where I am struggling is the Prefix Delegation part. How are most folks 
> getting the PD subnets into their IGPs? In my environment I don’t run the 
> DHCP server process on the router that is directly connected to the clients. 
> I have seen documentation that cisco and juniper DHCPv6 processes are smart 
> enough to insert that prefix into the routing table when they hand it out, 
> but how is this handled in an environment with a central DHCP server? I do 
> not currently run any PPPOE in my environment and I don’t use RADIUS for the 
> subscriber management. I would really just like to stick to DHCP ideally.
>  
> If anyone has any pointers, I would appreciate it.
>  
> Brandon Price
> Senior Network Engineer
> City of Sherwood, Sherwood Broadband
> Desk: 503.625.4258
> Cell: 971.979.2182
>  
> This email may contain confidential information or privileged material and is 
> intended for use solely by the above referenced recipient. Any review, 
> copying, printing, disclosure, distribution, or other use by any other person 
> or entity is strictly prohibited and may be illegal. If you are not the named 
> recipient, or believe you have received this email in error, please 
> immediately notify the City of Sherwood at (503) 625-5522 and delete the copy 
> you received.

RE: IPv6 Prefix Delegation to customers.

2020-01-16 Thread Aaron Gould

Brandon, I vaguely recall that the dhcp relay snooping function is able to
add those routes to the local route table. and then redistribution into the
routing process occurs

 

Question similar to yours was asked here in 2017 - September.

https://mailman.nanog.org/pipermail/nanog/2017-September/092416.html


I responded with some IOS and Junos output from some of my lab gear.

https://mailman.nanog.org/pipermail/nanog/2017-September/092451.html

 

I may have to dig to find and confirm these things, or perhaps lab it up
again.  I need to anyway as I may need to get more serious about deploying
v6 too.

 

-Aaron

 

 

From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Brandon Price
Sent: Wednesday, January 15, 2020 8:01 PM
To: nanog list
Subject: IPv6 Prefix Delegation to customers.

 

Hey Nanog,

 

I am in the process of building out a FTTH proof of concept, and I would
really like to offer each of my customers a /48 of IPv6. 

I've been able to announce my /32 to my upstreams, dual-stack all of my
internal infrastructure no-problem, build v6 recursive name servers, etc.

This was fairly straight-forward.

 

Where I am struggling is the Prefix Delegation part. How are most folks
getting the PD subnets into their IGPs? In my environment I don't run the
DHCP server process on the router that is directly connected to the clients.
I have seen documentation that cisco and juniper DHCPv6 processes are smart
enough to insert that prefix into the routing table when they hand it out,
but how is this handled in an environment with a central DHCP server? I do
not currently run any PPPOE in my environment and I don't use RADIUS for the
subscriber management. I would really just like to stick to DHCP ideally.

 

If anyone has any pointers, I would appreciate it.

 

Brandon Price

Senior Network Engineer

City of Sherwood, Sherwood Broadband

Desk: 503.625.4258

Cell: 971.979.2182

 




This email may contain confidential information or privileged material and
is intended for use solely by the above referenced recipient. Any review,
copying, printing, disclosure, distribution, or other use by any other
person or entity is strictly prohibited and may be illegal. If you are not
the named recipient, or believe you have received this email in error,
please immediately notify the City of Sherwood at (503) 625-5522 and delete
the copy you received.

RE: IPv6 Prefix Delegation to customers.

2020-01-16 Thread Chris Gross

In my environment I've been running Kea dhcp6 against Ciscos of varying 
platform (7600, ASR920, etc) and just them as a relay. In this case, the Cisco 
itself is installing a route as it snoops the relay action automatically. This 
was one of the harder things to wrap my head around before just slapping it in 
to see what happened and bam, routes. Router gets a WAN IP from the loopback 
via DHCPv6 as well, then gets PD assigned after.

interface Loopback10
vrf forwarding CGNAT
no ip address
ipv6 address 2001:DB8::1/64
!
interface Vlan
vrf forwarding CGNAT
ip address 100.64.Y.Z 255.255.252.0
ip helper-address global 10.0.Y.Z
ip helper-address global 10.0.Y.Z
ip flow ingress
load-interval 30
ipv6 address FE80::1 link-local
ipv6 enable
ipv6 nd router-preference High
ipv6 dhcp relay destination 2001:DB8:0:A::BEEF source-address 2001:DB8:YZ01::1
ipv6 dhcp relay destination 2001:DB8:0:B::BEEF source-address 2001:DB8:YZ01::1

S   2001:DB8:YZ00:3F00::/56 [1/0]
 via FE80::4665:7FFF:FE14:EDC2, Vlan

Chris Gross
Network Architect

From: NANOG  On Behalf Of Brandon Price
Sent: Wednesday, January 15, 2020 9:01 PM
To: nanog list 
Subject: IPv6 Prefix Delegation to customers.

CAUTION: This email originated from outside NineStar Connect. Do not click 
links or open attachments unless you recognize the sender and know that the 
content is safe. If you have any concerns, click 
here to open a ticket with the NetAdmin team.



Hey Nanog,

I am in the process of building out a FTTH proof of concept, and I would really 
like to offer each of my customers a /48 of IPv6.
I've been able to announce my /32 to my upstreams, dual-stack all of my 
internal infrastructure no-problem, build v6 recursive name servers, etc.
This was fairly straight-forward.

Where I am struggling is the Prefix Delegation part. How are most folks getting 
the PD subnets into their IGPs? In my environment I don't run the DHCP server 
process on the router that is directly connected to the clients. I have seen 
documentation that cisco and juniper DHCPv6 processes are smart enough to 
insert that prefix into the routing table when they hand it out, but how is 
this handled in an environment with a central DHCP server? I do not currently 
run any PPPOE in my environment and I don't use RADIUS for the subscriber 
management. I would really just like to stick to DHCP ideally.

If anyone has any pointers, I would appreciate it.

Brandon Price
Senior Network Engineer
City of Sherwood, Sherwood Broadband
Desk: 503.625.4258
Cell: 971.979.2182

This email may contain confidential information or privileged material and is 
intended for use solely by the above referenced recipient. Any review, copying, 
printing, disclosure, distribution, or other use by any other person or entity 
is strictly prohibited and may be illegal. If you are not the named recipient, 
or believe you have received this email in error, please immediately notify the 
City of Sherwood at (503) 625-5522 and delete the copy you received.

Re: IPv6 Prefix Delegation to customers.

2020-01-15 Thread Henri Wahl

Hi,
>
> Where I am struggling is the Prefix Delegation part. How are most
> folks getting the PD subnets into their IGPs? In my environment I
> don’t run the DHCP server process on the router that is directly
> connected to the clients.
>
Our project dhcpy6d allows to call some command when a prefix has been
delegated. This can be used to set this route via a ssh on the router
device. Maybe this would work for you too?

Best regards

-- 
Henri Wahl

IT Department
Leibniz-Institut fuer Festkoerper- u.
Werkstoffforschung Dresden

tel: +49 (3 51) 46 59 - 797
email: h.w...@ifw-dresden.de
https://www.ifw-dresden.de

Nagios status monitor Nagstamon: https://nagstamon.ifw-dresden.de

DHCPv6 server dhcpy6d: https://dhcpy6d.ifw-dresden.de

S/MIME: https://nagstamon.ifw-dresden.de/pubkeys/smime.pem
PGP: https://nagstamon.ifw-dresden.de/pubkeys/pgp.asc



smime.p7s
Description: S/MIME Cryptographic Signature

Re: IPv6 Prefix Delegation to customers.

2020-01-15 Thread Radu-Adrian Feurdean

On Thu, Jan 16, 2020, at 06:15, Hugo Slabbert wrote:
> https://mailman.nanog.org/pipermail/nanog/2019-May/101016.html

Actually that one DOES contain some information. 
TL;DR:
 - check the "subscriber" or "broadband" functionality of your gear if it has 
something like that - check if the DHCPv6 relay functionality on your gear can 
inject the delegated prefixes into IGP or BGP
 - if you just have an L2 up to the DHCPv6 server, you're most likely out of 
lack (an not only for the DHCPv6 part)
 - you can always build something on your own if you have the ressources (take 
the delegated prefixes from your server, inject them into something like 
ExaBGP/BIRD/whatever that will re-announce them to your network).

Re: IPv6 Prefix Delegation to customers.

2020-01-15 Thread Hugo Slabbert

Unfortunately not too much help, but previous discussion on this turned up
fairly empty:
https://mailman.nanog.org/pipermail/nanog/2019-May/101016.html
https://mailman.nanog.org/pipermail/nanog/2017-September/092416.html

-- 
Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
pgp key: B178313E   | also on Signal


On Wed, Jan 15, 2020 at 6:02 PM Brandon Price 
wrote:

> Hey Nanog,
>
>
>
> I am in the process of building out a FTTH proof of concept, and I would
> really like to offer each of my customers a /48 of IPv6.
>
> I’ve been able to announce my /32 to my upstreams, dual-stack all of my
> internal infrastructure no-problem, build v6 recursive name servers, etc.
>
> This was fairly straight-forward.
>
>
>
> Where I am struggling is the Prefix Delegation part. How are most folks
> getting the PD subnets into their IGPs? In my environment I don’t run the
> DHCP server process on the router that is directly connected to the
> clients. I have seen documentation that cisco and juniper DHCPv6 processes
> are smart enough to insert that prefix into the routing table when they
> hand it out, but how is this handled in an environment with a central DHCP
> server? I do not currently run any PPPOE in my environment and I don’t use
> RADIUS for the subscriber management. I would really just like to stick to
> DHCP ideally.
>
>
>
> If anyone has any pointers, I would appreciate it.
>
>
>
> Brandon Price
>
> Senior Network Engineer
>
> City of Sherwood, Sherwood Broadband
>
> Desk: 503.625.4258
>
> Cell: 971.979.2182
>
>
>
> This email may contain confidential information or privileged material and
> is intended for use solely by the above referenced recipient. Any review,
> copying, printing, disclosure, distribution, or other use by any other
> person or entity is strictly prohibited and may be illegal. If you are not
> the named recipient, or believe you have received this email in error,
> please immediately notify the City of Sherwood at (503) 625-5522 and delete
> the copy you received.
>

Re: IPv6 Prefix Delegation to customers.

Re: IPv6 Prefix Delegation to customers.

RE: IPv6 Prefix Delegation to customers.

RE: IPv6 Prefix Delegation to customers.

Re: IPv6 Prefix Delegation to customers.

Re: IPv6 Prefix Delegation to customers.

Re: IPv6 Prefix Delegation to customers.

7 matches

Site Navigation

Mail list logo

Footer information