Technical Tip: PPPoE DHCPv6 prefix delegation with Cisco server

arydlewski · ‎08-01-2019

Description
This article describes how to delegate IPv6 prefix from delegating router (Prefix Delegation Server) to a requesting router (Prefix Delegation Client) and use those prefixes to assign global IPv6 addresses to the devices on its internal interfaces. It is based on use of DHCPv6 messages ( RFC 3633 ) and sometimes is known as DHCPv6 Prefix Delegation.

Useful links:
Fortinet Documentation
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-whats-new-54/FeatureCatalog-ipv6.htm

Solution
The PPPoE server can be set up on some router ( in this KB Cisco 1841 )

Here is the Step by Step guide:
Example setup of PPPoE server

Enable ipv6, dhcpv6 server:

#ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool dhcpv6
prefix-delegation pool dhcpv6-pool1 lifetime 1800 600
dns-server 2001:4860:4860::8888
end
ipv6 local pool dhcpv6-pool1 2A02:A440:8932::/48 48

Interfaces configuration:

#bba-group pppoe global
virtual-template 1
!
interface FastEthernet0/0
no ip address
load-interval 30
duplex auto
speed auto
ipv6 enable
pppoe enable group global
standby use-bia
standby version 2
!
interface Virtual-Template1
mtu 1492
no ip address
ipv6 unnumbered FastEthernet0/0
ipv6 enable
no ipv6 nd ra suppress
ipv6 dhcp server dhcpv6
no peer default ip address
ppp authentication pap chap
!
Example setup of PPPoE client:

#config system interface
edit "port1"
set ip 192.168.1.99 255.255.255.0set description "LAN - downstream"set role lanconfig ipv6set ip6-allowaccess ping https httpset ip6-address 2a02:a440:8932:1::1/64set ip6-send-adv enableset ip6-manage-flag enable disableset ip6-other-flag enableconfig ip6-delegated-prefix-list
edit 1
set upstream-interface "pppoe1"
set autonomous-flag enable
set onlink-flag enable
set subnet 0:0:0:1::/64
next
end
end
next
edit "port4"
set type physical
set description "WAN - upstream"
set estimated-upstream-bandwidth 102400
set estimated-downstream-bandwidth 102400
set role wan
set snmp-index 4
config ipv6
set ip6-allowaccess ping https
set ip6-retrans-time 4000
set dhcp6-prefix-delegation enable
set autoconf enable
end
set mtu-override enable
set mtu 1492
next
edit "pppoe1"
set vdom "root"
set mode pppoe
set allowaccess ping https
set type tunnel
set snmp-index 9
config ipv6
set ip6-mode delegated
set ip6-allowaccess ping ssh
set dhcp6-prefix-delegation enable
set dhcp6-prefix-hint 2a02:a440:8932::/48
set ip6-upstream-interface "port4"
end
set interface "port4"
next
end

Troubleshooting:

Check DHCPv6 bindings ( server )

#Router#show ipv6 dhcp binding
Client: FE80::724C:A5F1:FFFE:AAA3
DUID: 00010001386D4380000000000000
Username : admin
Interface : Virtual-Access1.1
IA PD: IA ID 0x0000001C, T1 300, T2 480
Prefix: 2A02:A440:8932::/48
preferred lifetime 600, valid lifetime 1800
expires at Aug 01 2019 09:25 AM (1742 seconds)

Check IPv6 assignments ( client )

# diagnose ipv6 address list
dev=9 devname=port1 flag=P scope=0 prefix=64 addr=2a02:a440:8932:1::1 preferred=4294967295 valid=4294967295
dev=9 devname=port1 flag=P scope=253 prefix=64 addr=fe80::724c:a5ff:feef:aaa0 preferred=4294967295 valid=4294967295
dev=12 devname=port4 flag=P scope=253 prefix=64 addr=fe80::724c:a5ff:feef:aaa3 preferred=4294967295 valid=4294967295
dev=24 devname=root flag=P scope=254 prefix=128 addr=::1 preferred=4294967295 valid=4294967295
dev=28 devname=pppoe1 flag=P scope=253 prefix=10 addr=fe80::724c:a5f1:fffe:aaa3 preferred=4294967295 valid=4294967295
dev=29 devname=vsys_ha flag=P scope=254 prefix=128 addr=::1 preferred=4294967295 valid=4294967295
dev=31 devname=vsys_fgfm flag=P scope=254 prefix=128 addr=::1 preferred=4294967295 valid=4294967295

Check IPv6 assignments ( internal client )