When a dhcpv6 client requests a prefix, it would be nice if dhcpd could add an ipv6 route to that prefix via the link-local address of the requesting client. And when lease expires, just remove that route.
dhcpv6-relay should also have this option.
This makes provisioning ipv6 network to subscribers much easier as one doesn't have to use a routing protocol to reach the delegated prefixes.
Mikrotik RouterOS has this feature, but I'm not sure if there is an option in dhcpd.
The router does not automatically configure the prefix route that the client received. If you use the client's link-local address for the prefix route then everything works. The client also uses the dhcpv6-server link-local address for the default route.
VyOS version: VyOS 1.4-rolling-202110150613
Example ipv6 route to prefix via the link-local address on dhcpv6 server:
set interfaces ethernet eth0 address '2001:4860:4860::1111/64' set interfaces ethernet eth1 address '2001:cafe:1111::1/48' set protocols static route6 ::/0 next-hop 2001:4860:4860::8888 set protocols static route6 2001:cafe:1111:ffff::/64 next-hop fe80::e84:acff:fe31:0 interface 'eth1' set service dhcpv6-server shared-network-name PREFIX subnet 2001:cafe:1111::/48 prefix-delegation start 2001:cafe:1111:1:: prefix-length '64' set service dhcpv6-server shared-network-name PREFIX subnet 2001:cafe:1111::/48 prefix-delegation start 2001:cafe:1111:1:: stop '2001:cafe:1111:ffff::'
vyos@vyos# run show dhcpv6 server leases
IPv6 address State Last communication Lease expiration Remaining Type Pool IAID_DUID
------------------------ ------- -------------------- ------------------ ----------- ----------------- ------ -----------------------------------------------------------------
2001:cafe:1111:ffff::/64 active 2021/10/16 08:50:15 prefix delegation PREFIX 00:00:00:00:00:04:bb:84:ac:31:95:14:48:46:80:23:83:cb:2b:20:23:56
[edit]
vyos@vyos# vyos@vyos# ru show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
S>* ::/0 [1/0] via 2001:4860:4860:1111::1, eth0, weight 1, 00:51:49
C>* 2001:4860:4860:1111::/64 is directly connected, eth0, 00:51:51
C>* 2001:cafe:1111::/48 is directly connected, eth1, 00:51:52
S>* 2001:cafe:1111:ffff::/64 [1/0] via fe80::e84:acff:fe31:0, eth1, weight 1, 00:51:49
C * fe80::/64 is directly connected, eth0, 00:51:51
C * fe80::/64 is directly connected, eth1, 00:51:52
C>* fe80::/64 is directly connected, lo, 00:51:53
[edit]
vyos@vyos#Example ipv6 default route via the link-local address on dhcpv6 client:
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 address '1' set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id '1' set interfaces ethernet eth0 dhcpv6-options pd 0 length '64' set interfaces ethernet eth1 ipv6 address autoconf set protocols static route6 ::/0 next-hop fe80::e4d:a5ff:fe8f:1 interface 'eth0' set service router-advert interface eth1 other-config-flag
vyos@vyos# run show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
S>* ::/0 [1/0] via fe80::e4d:a5ff:fe8f:1, eth0, weight 1, 01:50:38
C>* 2001:cafe:1111:ffff::/64 is directly connected, eth1, 01:50:32
C * fe80::/64 is directly connected, eth1, 01:50:40
C * fe80::/64 is directly connected, eth0, 01:50:41
C>* fe80::/64 is directly connected, lo, 01:50:44
[edit]
vyos@vyos# ping 2001:4860:4860::8888
PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=63 time=1.08 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=63 time=4.65 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=3 ttl=63 time=4.70 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=4 ttl=63 time=5.06 ms
^C
--- 2001:4860:4860::8888 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 1.078/3.870/5.056/1.619 ms
[edit]As an option it is possible this workaround:
Install tshark and use this script https://george.mibloving.net/nivex/d6rm/raw/commit/701d49cce3a308aed0c3d89d47be7601178ea4c4/d6rm.py
root@r1-roll:/home/vyos# ./route.py eth2 Running as user "root" and group "root". This could be dangerous. Adding route 2001:db8:fff:50::/60 via fe80::5054:ff:fe75:e865
Routes:
vyos@r1-roll# ip -6 route ::1 dev lo proto kernel metric 256 pref medium 2001:db8::/48 dev eth2 proto kernel metric 256 pref medium 2001:db8:fff:50::/60 via fe80::5054:ff:fe75:e865 dev eth2 metric 1024 pref medium
After the investigation, we figured out that it is possible to get the prefix and link-local address during the DHCP commit procedure.
The statement
log(info, binary-to-ascii(16, 8, ":", substring(option dhcp6.ia-pd, 24, 17)));
will give us the next info:
dhcpd[1568]: 40:20:1:ca:fe:11:11:ff:ff:0:0:0:0:0:0:0:0
So, a prefix can be extracted. Also, a link-local address may be generated from the MAC address extracted from the DHCP packet structure.
However, there are no ways on how to get the same info during release and expire events which makes the way unusable alone because we cannot remove installed routes.
But we can combine this way for adding routes and parsing logs (triggered by on release/on expiry events) for removing. Alternatively, from DHCP logs may be extracted also the information required to add routes.
But we should carefully test logs-way with high-load cases to be sure that the DHCP server will be able to provide them in time.
https://phabricator.vyos.net/T3316
If VyOS goes for Kea, it might be a better idea to invest time in Kea DHCPv6, as it has hook libraries which might resolve this task neater.
https://kea.readthedocs.io/en/latest/arm/dhcp6-srv.html
https://kea.readthedocs.io/en/latest/arm/hooks.html#hooks-libraries
Needs to check if it works for 1.5
I can confirm it's still an issue in 1.5-rolling-202401200023: the prefix is delegated and effectively blackholed.