IPv6 WAN Link Addressing with NDRA
Using NDRA to Provide IPv6 WAN Link Addressing Overview
In a dual-stack network, NDRA (Neighbor Discovery Router Advertisement) provides a lightweight address assignment method for autoconfiguration of the global IPv6 address on the CPE WAN link. The CPE device can construct its own IPv6 global address by combining the interface ID that is negotiated by IPv6CP and the prefix obtained through NDRA.
Before NDRA can provide IPv6 address information to the CPE, you need to first obtain a link-local address for the CPE WAN link. NDRA provides address assignment in two phases:
Link-local address assignment for local connectivity to the BNG
Global address assignment for global connectivity
The process is as follows:
During IPv6CP negotiation to establish the PPPoE link between the BNG and the CPE, an interface identifier is negotiated for the CPE.
The CPE creates a link-local address by appending the interface identifier with the IPv6 link-local prefix (FE80::/10).
Note:When the interface ID is 0, such as for Windows 7 clients, PPP uses the subscriber’s session ID in place of the interface ID.
The CPE now has IPv6 connectivity to the BNG, and it can use NDRA to obtain its global IPv6 address.
The CPE sends a router solicitation message to the BNG.
The BNG responds with a router advertisement message that includes an IPv6 prefix with a length of /64.
This prefix can come directly from a local NDRA address pool configured on the BNG.
If you are using AAA, a RADIUS server can specify the prefix in the Framed-Ipv6-Prefix attribute, or it can specify an NDRA pool on the BNG from which the prefix is assigned in the Framed-Ipv6-Pool attribute.
When the CPE receives the 64-bit prefix, it appends its interface ID to the supplied prefix to form a globally routable 128-bit address.
The CPE verifies that the global address is unique by sending a neighbor solicitation message destined to the new address. If there is a reply, the address is a duplicate. The process stops and requires operator intervention.
See Also
IPv6 Neighbor Discovery Protocol Overview
Neighbor Discovery is a protocol in the IPv6 protocol suite that allows nodes on the same link to advertise their existence to their neighbors and to learn about the existence of their neighbors. Neighbor Discovery is built on top of Internet Control Message Protocol version 6 (ICMPv6). It replaces the following IPv4 protocols: Router Discovery (RDISC), Address Resolution Protocol (ARP), and ICMPv4 redirect.
Neighbor Discovery uses router advertisement messages to detect neighbors, advertise IPv6 prefixes, assist in address provisioning, and share link parameters such as MTU, hop limit, advertisement intervals, and lifetime.
Neighbor Discovery Messages
Neighbor Discovery uses the following message types:
Router advertisement (RA)—Messages sent to announce the presence of the router, advertise prefixes, assist in address configuration, and share other link information such as MTU size and hop limit. The IPv6 nodes on the link can use this information to configure themselves with an IPv6 address and routing information such as the default gateway.
Router solicitation (RS)—Messages sent by IPv6 nodes when they come online to solicit immediate router advertisements from the router. Starting in Junos OS Release 18.1R1, the well-known IPv6 all-routers multicast address, FF02::2, is supported in nondefault routing instances. Without this support, IPv6 router solicitation packets are dropped in nondefault routing instances.
Neighbor solicitation (NS)—Messages used for duplicate address detection and to test reachability of neighbors.
A host can verify that its address is unique by sending a neighbor solicitation message destined to the new address. If the host receives a neighbor advertisement in reply, the address is a duplicate.
Neighbor advertisement (NA)—Messages used for duplicate address detection and to test reachability of neighbors. Neighbor advertisements are sent in response to neighbor solicitation messages.
You can specify the information that is sent in router advertisements.
Dynamic Router Advertisement Configuration Overview
In a network deployment where router interfaces are configured statically, you might need to configure the Router Advertisement Protocol on only a small number of interfaces on which it might run. However, in a subscriber access network, static configuration of the Router Advertisement Protocol becomes impractical because the number of interfaces that potentially need the Router Advertisement Protocol increases substantially. In addition, deploying services in a dynamic environment requires dynamic modifications to interfaces as they are created.
Subscriber access supports the configuration of the Router Advertisement
Protocol at the [edit dynamic-profiles profile-name protocols] hierarchy level. By specifying Router Advertisement
Protocol statements within a dynamic profile, you can dynamically
apply a Router Advertisement configuration when a subscriber connects
to an interface using a particular access technology (for example,
DHCP), enabling the subscriber to access a carrier (multicast) network.
To minimally configure the Router Advertisement Protocol requires
that you include the router-advertisement statement at
the [edit dynamic-profiles profile-name protocols] hierarchy level and the interface statement along with
the $junos-interface-name dynamic
variable. All other statements are optional.
Statements used for Router Advertisement Protocol configuration
at the [edit dynamic-profiles profile-name protocols] hierarchy level are identical in function to those
same statements used for static Router Advertisement Protocol configuration,
with the exception of the interface and prefix statements, which use dynamic variables.
See Also
Configuring an Interval Range for Unsolicited Router Advertisements to IPv6 Neighbors
RFC 4861, Neighbor Discovery for IP version 6 (IPv6), defines the Neighbor Discovery protocol, which is used by IPv6 nodes to determine link-layer addresses for neighbors, track reachability of neighbors, and discover routers that can forward packets on behalf of hosts. Routers send router advertisement messages to advertise their presence on the network and their characteristics. Hosts send router solicitation messages to discover routers by requesting that routers respond with router advertisement messages immediately. The router advertisements are sent both periodically (for the life of the interface) and in response to router solicitations received from hosts.
The router sets the interval between all router advertisements
at the value specified by the max-advertisement-interval statement for the interface that sends the advertisement messages.
The default interval is several minutes in duration, 600 seconds,
and can be configured up to 1800 seconds.
A shorter interval for the first few advertisements increases the chances that the router is discovered quickly when it first becomes available. Accordingly, for only the first three unsolicited router advertisements, RFC 4861 requires a router to use an interval no greater than 16 seconds. If the router selects a larger interval, the interval is automatically set to 16 seconds for the first three unsolicited router advertisements.
In some customer scenarios, 16 seconds is too large an interval
for the initial router advertisements and can result in an unacceptable
delay for establishing subscriber sessions. If you want the router
to advertise more aggressively for a quicker discovery, you can explicitly
configure the max-advertisement-interval statement to less
than 16 seconds for the interface that sends router advertisements.
However, this statement sets the interval between all advertisements sent on the interface, not just those for the first three unsolicited advertisements. That means that all router advertisement messages are sent at short intervals when you configure a lower range. Some users may find this undesirable, because they prefer to have the router discovered quickly, but once it is known, they want the advertisements to be sent at a slower pace, acting as keepalives for the duration of the interface without generating unnecessary amounts of traffic.
Starting in Junos OS
Release 18.2R1, you can configure global override options to set the
range from which the router randomly selects an interval for only
the initial three router advertisements for all interfaces. Random interval selection reduces the likelihood that messages from
one router are synchronized with those of another router. A new random
interval value is selected after each advertisement is sent so that
the interval varies between successive messages. The range for the
interval between subsequent router advertisement messages per dynamic
interface is still configured with the max-advertisement-interval statement in a dynamic profile.
To configure the interval in a dynamic profile that applies to router advertisement messages on the dynamic interface:
Configure the interval.
[edit dynamic-profiles protocols router-advertisement interface interface-name] user@host# set max-advertisement-interval seconds
To configure an interval range for only the initial three advertisement messages on all interfaces:
Consider the following example, where intervals are configured only for router advertisement messages on a dynamic interface. Because the configured interval value is greater than 16, the interval for the first three unsolicited advertisements is always set to 16 seconds. For all subsequent unsolicited advertisements, the router advertisements are sent at an interval of 60 seconds.
[edit dynamic-profiles protocols router-advertisement interface $junos-interface-name] user@host# set max-advertisement-interval 60
Now consider the following example, where intervals are configured globally for the first three unsolicited router advertisement messages on all interfaces. All subsequent unsolicited advertisements are configured per dynamic interface.
[edit system services subscriber-management overrides] user@host# set ra-initial-interval-min 3 user@host# set ra-initial-interval-max 9 [edit dynamic-profiles protocols router-advertisement interface $junos-interface-name] user@host# set max-advertisement-interval 300
In this case, the router generates a random interval between 3 seconds and 9 seconds, inclusive, for the first three router advertisement messages on all interfaces. The router sends all subsequent advertisements at an interval of 300 seconds.
Methods for Obtaining IPv6 Prefixes for NDRA
You can set up the BNG to select IPv6 prefixes used for NDRA through one of the following methods:
An external source such as a AAA RADIUS server.
Dynamic assignment from a local pool of NDRA prefixes that is configured on the BNG
Using AAA RADIUS Server to Obtain IPv6 Prefixes for NDRA
When the BNG needs to obtain a prefix for NDRA, it uses the values in one of the following RADIUS attributes that it receives in Access-Accept messages from the RADIUS server:
Framed-IPv6-Prefix—The attribute contains an IPv6 prefix that the BNG can send to the CPE in router advertisement messages.
Framed-IPv6-Pool—The attribute contains the name of an NDRA pool configured on the BNG from which the BNG can select a prefix to include in router advertisements.
See Also
Duplicate Prefix Protection for NDRA
If you are using AAA to supply IPv6 prefixes for NDRA, you can enable duplicate prefix protection for NDRA. If enabled, the BNG checks the following attributes received from external servers:
Framed-IPv6-Prefix
Framed-IPv6-Pool
The router then takes one of the following actions:
If a prefix overlaps with a prefix in an address pool, the prefix is taken from the pool if it is available.
If the prefix is already in use, it is rejected as unavailable.
If the prefix length requested from the external server does not match the pool’s prefix length exactly, the authentication request is denied. If configured, the Acct-Stop message includes a termination cause.
See Also
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.