Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

DHCPv6 Client

SRX Series device can act as a DHCPv6 client, receiving its TCP/IP settings and the IPv6 address for any physical interface in any security zone from an external DHCPv6 server. To enable a device to operate as a DHCPv6 client, you must configure a logical interface on the device to obtain an IPv6 address from the DHCPv6 local server in the network. For more information, read this topic.

DHCPv6 Client Overview

A Juniper Networks device can act as a Dynamic Host Configuration Protocol version 6 (DHCPv6) client, receiving its TCP/IP settings and the IPv6 address for any physical interface in any security zone from an external DHCPv6 server. When the device operates as a DHCPv6 client and a DHCPv6 server simultaneously, it can transfer the TCP/IP settings learned through its DHCPv6 client module to its default DHCPv6 server module. For the device to operate as a DHCPv6 client, you configure a logical interface on the device to obtain an IPv6 address from the DHCPv6 server in the network.

DHCPv6 client support for Juniper Networks devices includes the following features:

  • Identity association for nontemporary addresses (IA_NA)

  • Identity association for prefix delegation (IA_PD)

  • Rapid commit

  • TCP/IP propagation

  • Auto-prefix delegation

  • Autoconfig mode (stateful and stateless)

To configure the DHCPv6 client on the device, include the dhcpv6-client statement at the [edit interfaces] hierarchy level.

Note:

To configure a DHCPv6 client in a routing instance, add the interface in a routing instance using the [edit routing-instances] hierarchy.

Note:

On all SRX Series Firewalls, DHCPv6 client authentication is not supported.

Note:

On SRX300, SRX320, SRX340, SRX345, and SRX550M devices, DHCPv6 client does not support:

  • Temporary addresses

  • Reconfigure messages

  • Multiple identity association for nontemporary addresses (IA_NA)

  • Multiple prefixes in a single identity association for prefix delegation (IA_PD)

  • Multiple prefixes in a single router advertisement

Understanding DHCPv6 Client and Server Identification

Each DHCPv6 client and server is identified by a DHCP unique identifier (DUID). The DUID is unique across all DHCPv6 clients and servers, and it is stable for any specific client or server. DHCPv6 clients use DUIDs to identify a server in messages where a server needs to be identified. DHCPv6 servers use DUIDs to determine the configuration parameters to be used for clients and in the association of addresses with clients.

Note:

This feature is supported on SRX300, SRX320, SRX340, SRX550M, and SRX1500 devices.

The DUID is a 2-octet type code represented in network byte order, followed by a variable number of octets that make up the actual identifier; for example, 00:02:00:01:02:03:04:05:07:a0. A DUID can be up to 128 octets in length (excluding the type code). The following types are currently defined for the DUID parameter:

  • Type 1—Link Layer address plus time (duid-llt)

  • Type 2—Vendor-assigned unique ID based on enterprise number (vendor)

  • Type 3—Link Llayer address (duid-ll)

The duid-llt DUID consists of a 2-octet type field that contains the value 1, a 2-octet hardware type code, 4 octets that signify a time value, followed by the Link Layer address of any one network interface that is connected to the DHCP device at the time that the DUID is generated.

The vendor DUID is assigned by the vendor to the device and contains the vendor's registered private enterprise number as maintained by the identity association for nontemporary addresses (IA_NA) assignment, followed by a unique identifier assigned by the vendor.

The duid-ll DUID contains a 2-octet type field that stores the value 3, and a 2-octet network hardware type code, followed by the Link Layer address of any one network interface that is permanently connected to the client or server device.

Minimum DHCPv6 Client Configuration on SRX Series Devices

This topic describes the minimum configuration you must use to configure an SRX300, SRX320, SRX340, SRX345, SRX550M, or SRX1500 device as a DHCPv6 client.

To configure the device as a DHCPv6 client:

  1. Specify the DHCPv6 client interface.

  2. Configure the DHCPv6 client type. The client type can be autoconfig or statefull.

    • To enable DHCPv6 auto configuration mode, configure the client type as autoconfig.

    • For stateful address assignment, configure the client type as statefull.

  3. Specify the identity association type.

    • To configure identity association for nontemporary address (IA_NA) assignment, specify the client-ia type as ia-na.

    • To configure identity association for prefix delegation (IA_PD), specify the client-ia-type as ia-pd.

  4. Configure the DHCPv6 client identifier by specifying the DHCP unique identifier (DUID) type. The following DUID types are supported:

    • Link Layer address (duid-ll)

    • Link Layer address plus time (duid-llt)

    • Vendor-assigned unique ID based on enterprise number (vendor)

Note:

To configure a DHCPv6 client in a routing instance, add the interface to a routing instance using the [edit routing-instances] hierarchy.

Configuring DHCP Client-Specific Attributes

You use the address-assignment pool feature to include application-specific attributes when clients obtain an address. A client application, such as DHCPv6, uses the attributes to determine how addresses are assigned and to provide optional application-specific characteristics to the client. For example, the DHCPv6 application might specify that a client that matches certain prerequisite information is dynamically assigned an address from a particular named range. Based on which named range is used, DHCPv6 specifies additional DHCPv6 attributes such as the DNS server or the maximum lease time for clients.

You use the dhcp-attributes statement to configure DHCPv6 client-specific attributes for address-assignment pools at the [edit access address-assignment pool pool-name family inet6] hierarchy.

Table 1 describes the DHCPv6 client attributes for configuring IPv6 address-assignment pools.

Table 1: DHCPv6 Attributes

Attribute

Description

DHCPv6 Option

dns-server

IPv6 address of DNS server to which clients can send DNS queries

23

grace-period

Grace period offered with the lease

maximum-lease-time

Maximum lease time allowed by the DHCPv6 server

option

User-defined options

sip-server-address

IPv6 address of SIP outbound proxy server

22

sip-server-domain-name

Domain name of the SIP outbound proxy server

21

DHCPv6 Client Configuration Options

To enable a device to operate as a DHCPv6 client, you configure a logical interface on the device to obtain an IPv6 address from the DHCPv6 local server in the network. You can then specify the retransmission attempts, client requested configuration options, interface used to delegate prefixes, rapid commit, and update server options.

To configure optional DHCPv6 client attributes:

  1. Specify one of the following DHCPv6 client requested configuration options:
    • dns-server

    • domain

    • ntp-server

    • sip-domain

    • sip-server

    For example, to specify the DHCPv6 client requested option as dns-server:

  2. Set the number of attempts allowed to retransmit a DHCPv6 client protocol packet.
  3. Configure the update-server option on the DHCPv6 client.
  4. Specify the interface used to delegate prefixes.
  5. Configure the two-message (rapid commit) exchange option for address assignment.
Note:

To configure a DHCPv6 client in a routing instance, add the interface to a routing instance using the [edit routing-instances] hierarchy.

Note:

On all SRX Series Firewalls, DHCPv6 client authentication is not supported.

Note:

On SRX300, SRX320, SRX340, and SRX345, and SRX550M devices, DHCPv6 client does not support:

  • Temporary addresses

  • Reconfigure messages

  • Multiple identity association for nontemporary addresses (IA_NA)

  • Multiple prefixes in a single identity association for prefix delegation (IA_PD)

  • Multiple prefixes in a single router advertisement

Configuring the DHCPv6 Client Rapid Commit Option

The DHCPv6 client can obtain configuration parameters from a DHCPv6 server through a rapid two-message exchange (solicit and reply). When the rapid commit option is enabled by both the DHCPv6 client and the DHCPv6 server, the two-message exchange is used, rather than the default four-method exchange (solicit, advertise, request, and reply). The two-message exchange provides faster client configuration and is beneficial in environments in which networks are under a heavy load.

To configure the DHCPv6 client to support the DHCPv6 rapid commit option on SRX300, SRX320, SRX340, SRX550M, and SRX1500 devices:

  1. Specify the DHCPv6 client interface.
  2. Configure the two-message exchange option for address assignment.

Configuring a DHCPv6 Client in Autoconfig Mode

A DHCPv6 client configured in autoconfig mode acts as a stateful client, a stateless client (DHCPv6 server is required for TCP/IP configuration), and stateless–no DHCP client, based on the managed (M) and other configuration (O) bits in the received router advertisement messages.

If the managed bit is 1 and the other configuration bit is 0, the DHCPv6 client acts as a stateful client. In stateful mode, the client receives IPv6 addresses from the DHCPv6 server, based on the identity association for nontemporary addresses (IA_NA) assignment.

If the managed bit is 0 and the other configuration bit is 1, the DHCPv6 client acts as a stateless client. In stateless mode, the addresses are automatically configured, based on the prefixes in the router advertisement messages received from the router. The stateless client receives configuration parameters from the DHCPv6 server.

If the managed bit is 0 and the other configuration bit is also 0, the DHCPv6 client acts as a stateless–no DHCP client. In the stateless–no DHCP mode, the client receives IPv6 addresses from the router advertisement messages.

To configure DHCPv6 client in autoconfig mode on SRX300, SRX320, SRX340, SRX550M, and SRX1500 devices:

  1. Configure the DHCPv6 client type as autoconfig.
  2. Specify the identity association type as ia-na for nontemporary addresses.
  3. Specify the interface on which to configure router advertisement.

Configuring TCP/IP Propagation on a DHCPv6 Client

You can enable or disable the propagation of TCP/IP settings received on the device acting as a DHCPv6 client. The settings can be propagated to the server pool running on the device. This topic describes how to configure TCP/IP settings on a DHCPv6 client, where both the DHCPv6 client and DHCPv6 server are on the same device.

Note:

This feature is supported on SRX300, SRX320, SRX340, SRX550M, and SRX1500 devices.

To configure TCP/IP setting propagation on a DHCPv6 client:

  1. Configure the update-server option on the DHCPv6 client.
  2. Configure the address pool to specify the interface (where update-server is configured) from which TCP/IP settings can be propagated.