| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:dpi:bras_bng:ip_pool:ipv6:start [2023/10/13 13:54] – ↷ Операцией перемещения обновлены ссылки elena.krasnobryzh | en:dpi:bras_bng:ip_pool:ipv6:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 |
|---|
| ====== IPv6 pools support ====== | |
| {{indexmenu_n>20}} | |
| |
| The IPv6 address pool name is specified by the ''Framed-IPv6-Pool'' attribute in ''Access-Accept''. | |
| |
| <note warning> Attributes that set IPv6 addresses to the subscriber (''Framed-IPv6-Address'', ''Framed-IPv6-Prefix'', ''Delegated-IPv6-Prefix'') take precedence over ''Framed -IPv6-Pool'': if there is a pool in the response and at least one of the above attributes specifying an IPv6 address or prefix, PCRF ignores ''Framed-IPv6-Pool'' </note> | |
| |
| Upon detecting the ''Framed-IPv6-Pool'' attribute in the Radius response, the PCRF shall: | |
| * contact the DHCPv6 server for the address and/or prefix of the subscriber by passing the pool name to the DHCPv6 server in one of the DHCPv6 options; | |
| * after receiving a DHCPv6 server response, generate a general authorization response by combining the DHCPv6 response options and the ''Access-Accept'' attributes | |
| |
| === Configuring fastPCRF === | |
| At least one DHCPv6 server serving the pools must be specified in ''fastpcrf.conf''. The server address is set in the ''dhcp6_server'' parameter of the following form: | |
| <code> | |
| # Each server is specified by a separate parameter dhcp6_server | |
| # Format: | |
| # dhcp6_server = [ipv6% dev] {: port} {; option} + | |
| # where: | |
| # ipv6 - DHCPv6 server address | |
| # dev is the name of the interface from which to connect | |
| # port - port, default = 547 | |
| # options: additional options: | |
| # source_ip = address - source IPv6 address, on behalf of which the request to the DHCPv6 server is made | |
| # If source_ip is not set, then: | |
| # - if the server address is link-local - the link-local address of the dev interface is taken | |
| # - if the server address is global - the global address of the dev interface is taken | |
| # relay_ip = address - IPv6 address of the relay. It is this address that the DHCPv6 server regards as the relay address. | |
| # If not set - equal to source_ip | |
| # Example: two DHCPv6 servers: one with a global address, the other with a link-local address | |
| # dhcp6_server=[2001:4860:4860::8888%eth1];source_ip=2a01:a282:3:11:92b1:1cff:fe18:d298;relay_ip=2001::1 | |
| # dhcp6_server=[fe80::92b1:1cff:fe18:d298%em2];relay_ip=2001::1 | |
| dhcp6_server=[fe80::92b1:1cff:fe18:d298%em2];relay_ip=2001::1 | |
| </code> | |
| Each DHCPv6 server is specified in ''fastpcrf.conf'' with a separate parameter. For example, two servers can be defined like this: | |
| <code> | |
| # Main server - on interface eth1 | |
| dhcp6_server=[fe80::92b1:1cff:fe18:d298%eth1];relay_ip=2001::1 | |
| # Backup server - on em2 interface | |
| dhcp6_server=[fe80::92b1:1cff:fe18:4509%em2];relay_ip=2001::1 | |
| </code> | |
| Supports up to 16 DHCPv6 servers. This parameter does not have any default value - to support ''Framed-IPv6-Pool'', it is necessary to register at least one DHCPv6 server in ''fastpcrf.conf''. | |
| |
| In addition to DHCPv6 servers, you should also specify in which DHCPv6 request option to send the pool name. | |
| This is done using the ''dhcp6_poolname_opt'' parameter. The following DHCP options are supported: | |
| - ''dhcp6_poolname_opt=1'' - [15] User-Class. If the option is already present, its value is replaced with the name of the pool | |
| - ''dhcp6_poolname_opt=2'' - [17] Vendor-Specific (vendorId=43823, subopt=1). Option is always added | |
| If ''dhcp6_poolname_opt=0'' (default) - the pool name will be passed in the Vendor-Specific option. | |
| |
| FastPCRF addresses DHCPv6 servers as a relay to make DHCPv6 traffic unique. All DHCPv6 requests are always sent to all servers specified in the ''dhcp6_server'' parameters. If multiple DHCPv6 servers are configured, PCRF takes into account the first timed response, replies from other DHCPv6 servers are ignored. | |
| |
| === Peculiarities of issuing IPv6 addresses/prefixes in Stingray Service Gateway === | |
| Note that Stingray SG currently requires the client to be given a prefix with the length specified by the [[en:dpi:dpi_components:platform:dpi_ipv6|ipv6_subnetwork]] parameter in fastdpi.conf (by default ''ipv6_subnetwork=64''). This applies to both PD prefixes and the actual IPv6 address given to the client. That is, in fact, the client is given two prefixes - a PD-prefix and a prefix, from which SSG itself forms the client's full IPv6 address. | |
| |
| Most DHCPv6 servers can issue a PD prefix of any length to a client, but they cannot - a specified length prefix as the client's IPv6 address. In other words, the DHCPv6 server cannot be instructed to "issue IPv6 addresses to clients at this step" (for example, with a / 64 step). | |
| To get around this limitation, SSG uses the following trick: only the PD-prefix is requested, and the DHCPv6-server must issue a PD-prefix of length ''ipv6_subnetwork - 1'' to the subscriber (that is, by default, ''64 - 1 = 63'' - /63 prefix). SSG itself divides such a PD-prefix into two ''/ ipv6_subnetwork''-prefixes: the lower prefix is for allocating an IPv6 address to the client, and the older one is for the client's PD prefix. | |
| |
| === Kea DHCPv6 Server Configuration Examples === | |
| The DHCPv6 server is configured differently depending on which DHCPv6 option the pool name will come in (the ''dhcp6_poolname_opt'' parameter). | |
| Below are not complete configuration files ''/etc/kea/kea-dhcp6.conf'' [[https://www.isc.org/kea/|Kea DHCP]], but only extracts related to configpool management | |
| |
| - [[en:dpi:bras_bng:ip_pool:ipv6:kea_cfg_opt17|example for option 17]] (''dhcp6_poolname_opt=2'') | |
| - [[en:dpi:bras_bng:ip_pool:ipv6:kea_cfg_opt15|example for option 15]] ''User-Class'' (''dhcp6_poolname_opt=1'') | |
| |
| === Forming a DHCPv6 request in DHCPv6 Radius Proxy mode === | |
| In the [[en:dpi:bras_bng:opt_bras_l2:bras_l2_vlan:bras_l2_vlan_dhcp:bras_l2_vlan_dhcp_proxy:start|DHCP Radius Proxy]] mode, the original DHCPv6 subscriber request is sent to the DHCPv6 server with the addition of the pool name in accordance with the ''dhcp6_poolname_opt'' parameter. But the server is requested **only** PD-prefix, see above "peculiarities of issuing IPv6 addresses/prefixes in SSG". | |
| |
| <note warning> Be careful when specifying the pool name in the opt15 ''User-Class'' option: if this option is already present in the DHCPv6 subscriber request, its value is changed to the pool name. If the original value of this option is important when configuring a DHCPv6 server, you should use option 17 for the pool name, which is always added </note> | |
| |
| === Forming a DHCPv6 request for PPPoE clients === | |
| For [[en:dpi:bras_bng:opt_bras_l2:bras_pppoe:start|PPPoE]]-PCRF subscribers form a DHCPv6 request, in which '' Client-Id '' (option 1, client DUID) is built as DUID-EN (vendorId=43823, 32 bits), then the client's VLANs (2 fields of 16 bits, if there is no VLAN, its value is 0), then 6 bytes of the client's MAC address. This Client-Id design ensures that the DUID remains unchanged, which is important for a DHCPv6 server. | |
| | |
| |
| === Forming Access-Accept === | |
| |
| After receiving a response from the DHCPv6 server, PCRF combines it with the one previously received from the "Access-Accept" Radius. Recall that in ''Access-Accept'' you can also specify DHCPv6 options in the form [[en:dpi:bras_bng:opt_bras_l2:ipv6:dhcpv6_vsa|special VSA]]. When aggregating responses, DHCPv6 options returned by the DHCPv6 server take precedence over these VSA attributes; for example, if a different list of DNS servers is specified in both the DHCPv6 response and the ''Access-Accept'', then the subscriber will be sent a list of DNS servers from the DHCPv6 server response. | |
