Page MenuHomeVyOS Platform

DHCPv6 server prefix delegation - dynamically add route to delegated prefix via requesting router
Open, Requires assessmentPublicFEATURE REQUEST

Description

When a dhcpv6 client requests a prefix, it would be nice if dhcpd could add an ipv6 route to that prefix via the link-local address of the requesting client. And when lease expires, just remove that route.
dhcpv6-relay should also have this option.

This makes provisioning ipv6 network to subscribers much easier as one doesn't have to use a routing protocol to reach the delegated prefixes.

Mikrotik RouterOS has this feature, but I'm not sure if there is an option in dhcpd.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

The router does not automatically configure the prefix route that the client received. If you use the client's link-local address for the prefix route then everything works. The client also uses the dhcpv6-server link-local address for the default route.

VyOS version: VyOS 1.4-rolling-202110150613

Example ipv6 route to prefix via the link-local address on dhcpv6 server:

set interfaces ethernet eth0 address '2001:4860:4860::1111/64'
set interfaces ethernet eth1 address '2001:cafe:1111::1/48'
set protocols static route6 ::/0 next-hop 2001:4860:4860::8888
set protocols static route6 2001:cafe:1111:ffff::/64 next-hop fe80::e84:acff:fe31:0 interface 'eth1'
set service dhcpv6-server shared-network-name PREFIX subnet 2001:cafe:1111::/48 prefix-delegation start 2001:cafe:1111:1:: prefix-length '64'
set service dhcpv6-server shared-network-name PREFIX subnet 2001:cafe:1111::/48 prefix-delegation start 2001:cafe:1111:1:: stop '2001:cafe:1111:ffff::'
vyos@vyos# run show dhcpv6 server leases
IPv6 address              State    Last communication    Lease expiration    Remaining    Type               Pool    IAID_DUID
------------------------  -------  --------------------  ------------------  -----------  -----------------  ------  -----------------------------------------------------------------
2001:cafe:1111:ffff::/64  active   2021/10/16 08:50:15                                    prefix delegation  PREFIX  00:00:00:00:00:04:bb:84:ac:31:95:14:48:46:80:23:83:cb:2b:20:23:56
[edit]
vyos@vyos# vyos@vyos# ru show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

S>* ::/0 [1/0] via 2001:4860:4860:1111::1, eth0, weight 1, 00:51:49
C>* 2001:4860:4860:1111::/64 is directly connected, eth0, 00:51:51
C>* 2001:cafe:1111::/48 is directly connected, eth1, 00:51:52
S>* 2001:cafe:1111:ffff::/64 [1/0] via fe80::e84:acff:fe31:0, eth1, weight 1, 00:51:49
C * fe80::/64 is directly connected, eth0, 00:51:51
C * fe80::/64 is directly connected, eth1, 00:51:52
C>* fe80::/64 is directly connected, lo, 00:51:53
[edit]
vyos@vyos#

Example ipv6 default route via the link-local address on dhcpv6 client:

set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 address '1'
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id '1'
set interfaces ethernet eth0 dhcpv6-options pd 0 length '64'
set interfaces ethernet eth1 ipv6 address autoconf
set protocols static route6 ::/0 next-hop fe80::e4d:a5ff:fe8f:1 interface 'eth0'
set service router-advert interface eth1 other-config-flag
vyos@vyos# run show ipv6 route
Codes: K - kernel route, C - connected, S - static, R - RIPng,
       O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
       v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

S>* ::/0 [1/0] via fe80::e4d:a5ff:fe8f:1, eth0, weight 1, 01:50:38
C>* 2001:cafe:1111:ffff::/64 is directly connected, eth1, 01:50:32
C * fe80::/64 is directly connected, eth1, 01:50:40
C * fe80::/64 is directly connected, eth0, 01:50:41
C>* fe80::/64 is directly connected, lo, 01:50:44
[edit]
vyos@vyos# ping 2001:4860:4860::8888
PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=63 time=1.08 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=63 time=4.65 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=3 ttl=63 time=4.70 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=4 ttl=63 time=5.06 ms
^C
--- 2001:4860:4860::8888 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 1.078/3.870/5.056/1.619 ms
[edit]

As an option it is possible this workaround:
Install tshark and use this script https://george.mibloving.net/nivex/d6rm/raw/commit/701d49cce3a308aed0c3d89d47be7601178ea4c4/d6rm.py

root@r1-roll:/home/vyos# ./route.py eth2
Running as user "root" and group "root". This could be dangerous.
Adding route 2001:db8:fff:50::/60 via fe80::5054:ff:fe75:e865

Routes:

vyos@r1-roll# ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2001:db8::/48 dev eth2 proto kernel metric 256 pref medium
2001:db8:fff:50::/60 via fe80::5054:ff:fe75:e865 dev eth2 metric 1024 pref medium

After the investigation, we figured out that it is possible to get the prefix and link-local address during the DHCP commit procedure.
The statement

log(info, binary-to-ascii(16, 8, ":", substring(option dhcp6.ia-pd, 24, 17)));

will give us the next info:

dhcpd[1568]: 40:20:1:ca:fe:11:11:ff:ff:0:0:0:0:0:0:0:0

So, a prefix can be extracted. Also, a link-local address may be generated from the MAC address extracted from the DHCP packet structure.

However, there are no ways on how to get the same info during release and expire events which makes the way unusable alone because we cannot remove installed routes.

But we can combine this way for adding routes and parsing logs (triggered by on release/on expiry events) for removing. Alternatively, from DHCP logs may be extracted also the information required to add routes.
But we should carefully test logs-way with high-load cases to be sure that the DHCP server will be able to provide them in time.