Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Announcement: Try the Ask AI chatbot for answers to your technical questions about Juniper products and solutions.

close
header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Broadband Subscriber Sessions User Guide IPv6 for Subscriber Management IPv6 for Subscriber Management

Broadband Subscriber Sessions User Guide

keyboard_arrow_up
close
keyboard_arrow_left
Broadband Subscriber Sessions User Guide
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Subscriber LAN Addressing with DHCPv6 Prefix Delegation

date_range 05-Feb-25
arrow_backward
arrow_forward

Using DHCPv6 Prefix Delegation Overview

You can use DHCPv6 prefix delegation to automate the delegation of IPv6 prefixes to the CPE. With prefix delegation, a delegating router (the BNG) delegates IPv6 prefixes to a requesting router (the CPE). The requesting router then uses the prefixes to assign global IP addresses to the devices on the subscriber LAN. The requesting router can also assign subnet addresses to subnets on the LAN.

DHCPv6 prefix delegation is useful when the delegating router does not have information about the topology of the networks in which the requesting router is located. In such cases, the delegating router requires only the identity of the requesting router to choose a prefix for delegation.

DHCPv6 prefix delegation replaces the need for NAT in an IPv6 network.

Figure 1 shows how DHCPv6 prefix delegation is used in a dual-stack network.

Figure 1: Delegated Addressing in a Dual-Stack Network Using DHCPv6Delegated Addressing in a Dual-Stack Network Using DHCPv6

DHCPv6 prefix delegation operates as follows:

  1. A delegating router is provided with IPv6 prefixes to be delegated to requesting routers. These prefixes can come from a local address-assignment pool or an external AAA server.

    Each prefix has an associated valid and preferred lifetime, which can be extended.

  2. A requesting router requests one or more prefixes from the delegating router.

  3. The delegating router chooses prefixes for delegation, and responds with prefixes to the requesting router.

  4. The requesting router is then responsible for the delegated prefixes.

    The address allocation mechanism in the subscriber network can be performed with ICMPv6 Neighbor Discovery in router advertisements, DHCPv6, or a combination of these two methods.

See Also

Using a Delegated Prefix on the CPE Loopback Interface

For networks in which the service provider directly controls the CPE, a delegated prefix can be used to create an IPv6 address on the loopback interface between the CPE and the BNG. This address can be used to manage the CPE, and the CPE uses it as a source address when it communicates with the BNG.

See Also

DHCPv6 Prefix Delegation over PPPoE

The process of DHCPv6 prefix delegation when DHCPv6 is running over a PPPoE access network is as follows:

  1. The CPE obtains a link-local address by appending the interface ID that it receives through IPv6CP negotiation to the IPv6 link-local prefix (FE80::/10). The link-local address provides an initial path for protocol communication between the BNG and CPE

  2. The CPE sends a DHCPv6 Solicit message that includes an IA_PD option.

  3. The BNG chooses a prefix for the CPE with information from an external AAA server or from a local prefix pool.

  4. The BNG sends an Advertise message to the CPE. The message includes the delegated prefix, an IA_PD option, and an IA_PD prefix option. The prefix length in the IA_PD prefix option is 48. The message can also contain other configuration information, such as a maximum lease time.

  5. The CPE sends a Request message to the BNG. The message requests the prefix that was advertised.

  6. The BNG returns the delegated prefix to the CPE in a Reply message. This message also contains the delegated prefix, an IA_PD option, and an IA_PD prefix option. The prefix length in the IA_PD prefix option is 48. The message can also contain other configuration information, such as a maximum lease time.

  7. The CPE uses the delegated prefix to allocate global IPv6 addresses to host devices on the subscriber network. It can use router advertisements, DHCPv6, or a combination of these two methods to allocate addresses on the subscriber LAN.

See Also

Methods for Obtaining IPv6 Prefixes for DHCPv6 Prefix Delegation

You can set up the BNG to select IPv6 prefixes to be delegated to the requesting router in one the following ways:

  • An external source such as a AAA RADIUS server or a DHCP server using the DHCPv6 relay agent.

  • Dynamic assignment from a local pool of prefixes that is configured on the BNG

    You can specify the name of a delegated pool to use for prefix delegation, which means that you do not need to use AAA to obtain the pool name. In this configuration, if you have also specified a pool match order, the specified delegated pool takes precedence.

Using a AAA RADIUS Server to Obtain IPv6 Prefixes for Prefix Delegation

When the BNG needs to obtain a prefix for DHCPv6 prefix delegation, it uses the values in one of the following RADIUS attributes:

  • Delegated-IPv6-Prefix—The attribute (123) contains an IPv6 prefix that the BNG can send to the CPE.

  • Jnpr-IPv6-Delegated-Pool-Name—The attribute (VSA 26-161) contains the name of an address-assignment pool configured on the BNG from which the BNG can select a prefix to send to the CPE.

Both attributes are sent from the RADIUS server to the BNG in RADIUS Access-Accept messages.

See Also

Subscriber Delegated Prefix Preservation

Subscriber delegated prefix preservation supports preserving and restoring IPv6 prefixes assigned using DHCPv6 prefix delegation.

Configure address preservation under [edit access] hierarchy:

content_copy zoom_out_map
user@host# set access address-preservation address-types delegated-prefix
user@host# set access address-preservation aging-time address-aging-time

The subscriber's delegated prefix is preserved even when subscriber logs out. After logout the output of "show network-access address-assignment preserved" command is updated and the subscriber gets allocated the same delegated prefix after login.

content_copy zoom_out_map
user@host> show network-access address-assignment preserved

Subscriber delegated prefix preservation supports preserving and restoring a subscriber’s delegated prefix through multiple logins. Receiving the same delegated prefix from the JUNOS device prevents an IA-PD change, that triggers renegotiation for all hosts on the LAN behind the CPE. To utilise this functionality, a configuration command is executed. This functionality is disabled by default. To enable address preservation for DHCPv6 prefix delegation, use the access address-preservation configuration command.

Each participating subscriber is identified by the Agent-Circuit-Id. The Agent-Circuit-Id is available in standard upstream control traffic. (For example: Option-82 sub-option 1 for DHCP, Option 18 for DHCPv6). If the access address-preservation prefix is configured and a subscriber has an Agent-Circuit-Id, the subscribers prefix is preserved through multiple logins. The Agent-Circuit-Id is the key that is used to store the subscriber’s prefix when the subscriber logs out. When the subscriber with the same Agent-Circuit-Id, logs in again the prefix is retrieved and associated to the subscriber.

The show network-access address-assignment preserved command supports an optional routing-instance <routing-instance-name> output.

content_copy zoom_out_map
user@host> show network-access address-assignment preserved routing-instance SUBSCRIBERS
Key                                       Delegated Prefix        Reservation End
interfaceId_Port //1/1                    2001:0db8:aaaa:1::/64   May 22 12:06:19

See Also

DHCPv6 Prefix Exclusion

You can use the Dynamic Host Configuration Protocol v6 (DHCPv6) prefix delegation to automate the delegation of IPv6 prefixes to the customer premises equipment (CPE) devices. With prefix delegation, a delegating router - the broadband network gateway (BNG) router, delegates IPv6 prefixes to a requesting router such as a CPE device. The requesting router then uses the prefixes to assign global IP addresses to the devices on the subscriber LAN. The requesting router can also assign subnet addresses to subnets on the LAN. DHCPv6 prefix delegation is useful when the delegating router does not have information about the topology of the networks in which the requesting router is located. In such cases, the delegating router requires only the identity of the requesting router to choose a prefix for delegation. DHCPv6 prefix delegation replaces the need for NAT in an IPv6 network.

Figure 2 shows how DHCPv6 prefix delegation is used in a dual-stack network.

Figure 2: Delegated Addressing in a Dual-Stack Network Using DHCPv6Delegated Addressing in a Dual-Stack Network Using DHCPv6

DHCPv6 prefix delegation operates as follows:

  1. A delegating router is provided with IPv6 prefixes to be delegated to requesting routers. These prefixes can come from a local address-assignment pool or an external AAA server.

    Each prefix has an associated valid and preferred lifetime, which can be extended.

  2. A requesting router requests one or more prefixes from the delegating router.

  3. The delegating router chooses prefixes for delegation, and responds with prefixes to the requesting router.

  4. The requesting router is then responsible for the delegated prefixes.

    The address allocation mechanism in the subscriber network can be performed with ICMPv6 Neighbor Discovery Protocol (NDP) in router advertisements, DHCPv6, or a combination of these two methods.

The requesting router cannot use a sub-prefix of the delegated prefix assigned to it by the delegating router to the link between the delegating router and the requesting router. Because of this limitation, there are usually two routes to the CPE device. One is the delegated prefix, for the customer site behind the CPE device and the other for the link between the requesting router and the delegating router. To overcome this, Junos OS allows the exclusion of one specific prefix from a delegated prefix set while using DHCPv6 based prefix delegation as described in RFC 6603. This excluded prefix is used as the link between the delegating router and the requesting router. This prefix link is intended for use in networks where each requesting router is in its own Layer 2 domain.

To support prefix exclude delegation, the requesting router includes the Option Request option (ORO) with the PD_Exclude option in the solicit, request, renew, or rebind message to inform the delegating router about the support for the prefix delegation. When the Juniper Networks router acting as the DHCP server receives these message and finds the exclude prefix option (option 67) in ORO, it decides the prefix to be excluded. (The length of the prefix to be excluded is bigger than the delegated prefix length.) The excluded prefix is then added in the IA_Prefix options. The DHCP server acting as relay forwards the requested option to the server and relays the excluded prefix, assigned by the server, back to the client.

To exclude a prefix length in a DHCP server, configure the exclude-prefix-len statement at the [edit access address-assignment pool pool-name family dhcpv6 dhcp-attributes] hierarchy level. The length of the prefix can range from 1 through 128.

If the DHCP server supporting the exclude prefix wants the client to request for a prefix exclude after reconfiguration, then you can configure thesupport-option-pd-exclude statement either at the [edit system services dhcp-local-server dhcpv6] hierarchy level or at the [edit system services dhcp-local-server dhcpv6 group group-name] hierarchy level.

Configuring DHCPv6 Prefix Exclude Option

To configure DHCPv6 prefix exclude:

  1. Configure the prefix length to be excluded from a delegated prefix set pool. This prefix is used as the link between the delegating router and the requesting router. The exclude prefix length is bigger than the given prefix length.

    content_copy zoom_out_map
    [edit access address-assignement pool pool-name family inet6 dhcp-attributes]
user@host# set exclude-prefix-len prefix-length

    For example, for prefix delegated in 2001:db8::/32 , configure the exclude prefix as 2001:db8:ffff:fffc::/72 for delegated pool prefix_delegate_pool.

    content_copy zoom_out_map
    [edit access address-assignment pool prefix_delegate_pool family inet6 dhcp-attributes]
user@host# set exclude-prefix-len 72

  2. Configure PD_Exclude option support in the reconfigure message. In case the server wants the client to request for the prefix to be excluded after reconfiguration then the exclude prefix options are added in the Option Request option (ORO) in the reconfigure message.

    content_copy zoom_out_map
    [edit system services dhcp-local-server dhcpv6 reconfigure]
user@host# set support-option-pd-exclude

  3. Configure PD_Exclude option support in the reconfigure message for a given group.

    content_copy zoom_out_map
    [edit system services dhcp-local-server dhcpv6 group group-name reconfigure]
user@host# set support-option-pd-exclude

Configuring an Address-Assignment Pool for Use by DHCPv6 Prefix Delegation

This procedure shows how to configure IPv6 local address pools to allocate IPv6 prefixes for use by DHCPv6 prefix delegation.

You must configure separate pools for DHCPv6 prefix delegation, DHCPv6 IA_NA, and NDRA.

To configure the pool to be used for prefix delegation:

  1. Create a pool and assign a name to it.
    content_copy zoom_out_map
    [edit access]
user@host# edit address-assignment pool v6-prefix-pool-2001
  2. Under family inet6, add IPv6 prefixes to the pool.
    content_copy zoom_out_map
    [edit access address-assignment pool v6-prefix-pool-2001]
user@host# edit family inet6
user@host# set prefix 2001:db8:0000:0000:0000::/64
  3. Configure the name of the IPv6 prefix range, and define the range by setting a prefix length of 64.
    content_copy zoom_out_map
    [edit access address-assignment pool v6-prefix-pool-2001 family inet6]
user@host# edit range prefix-range
user@host# set prefix-length 64

Specifying the Delegated Address-Assignment Pool to Be Used for DHCPv6 Prefix Delegation

You can explicitly specify which address pool the BNG uses to assign IPv6 prefixes for use by DHCPv6 prefix delegation. This feature enables you to identify the address pool without using RADIUS or a network match.

Note:

If the Juniper Networks IPv6-Delegated-Pool-Name VSA (26–161) provides assigns a delegated address pool, the VSA-specified value takes precedence over the delegated-address statement.

Note:

You can specify the local delegated address pool at the following levels:

  • Globally for the server at the [edit system services dhcp-local-server dhcpv6 overrides] hierarchy level.

  • For a named group of interfaces at the [edit system services dhcp-local-server dhcpv6 group group-name overrides] hierarchy level.

  • For a specific interface within a named group of interface at the [edit system services dhcp-local-server dhcpv6 group group-name interface interface-name overrides] hierarchy level.

The following steps show only how to specify a local pool used globally by the local server.

To specify the pool to be used for prefix delegation:

  1. Specify that you want to configure override options for DHCPv6 local server.
    content_copy zoom_out_map
    [edit system services dhcp-local-server dhcpv6]
user@host# edit overrides
  2. Specify the name of the delegated address pool.
    content_copy zoom_out_map
    [edit system services dhcp-local-server dhcpv6 overrides]
user@host# set delegated-pool  pool-name

Related Documentation

arrow_backward PREVIOUS IPv6 WAN Link Addressing with DHCPv6 IA_NA
NEXT arrow_forward WAN and LAN Addressing Using DHCPv6 IA_NA and DHCPv6 Prefix Delegation
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top