DHCPv6-PD relay route injection - standard?

Sat May 18 08:44:23 UTC 2019

On Sat, May 18, 2019, at 09:52, Brandon Martin wrote:

> What it does is hook into the DHCPv6 lightweight relay functionality. 
> Basically, it just snoops the DHCPv6 replies for a PD assignment and 
> inserts a quasi-static route into its table for anything that it sees 
> with next-hop pointing at wherever the reply was going.  The static 
> route is time-limited and gets removed when the delegation expires (or 
> presumably if it sees a release of the corresponding resources).  It 
> stores the database of those learned delegations, including expiry, in 

Yep, that's exactly the expected behaviour (or at least a big part of it)... providedit's implemented properly. 

> persistent memory so that it can re-install them in event of a reload. 

That's an interesting point, most subscriber management implementations don't implement this, requiring low dhcp timers. 

> The key here is that it doesn't care about "who" is getting the 
> resources or why.  All it cares is that it saw a DHCPv6 reply via its 
> relay that included a delegated prefix.

Exactly, that's dhcp server's job. Or at least that's what I do at $job[$now]. 

> Juniper, at least, and presumably Cisco too, also implement a means to 
> get that information via RADIUS.  That may be more what you're thinking of?

That's "subscriber management". On Cisco (A9K and A1K) and NokiALU (SR 7750) you normally need a license, even if it's (for now) honor-based. On Cisco it'the "broadband"/BNG, on NokiALU it's "xK subscribers". 

> I'm not sure that the Cisco implementation I'm thinking of requires the 
> BNG/BRAS features to be licensed.  See [1] under heading "DHCPv6 Relay 
> Agent Notification for Prefix Delegation".  In particular, note:

That one seems to be the simpler form, depending only on an external DHCP server. It may be enough for some set-ups. Subscriber functionality provides more options, such as enforcing auth and internal dhcp server that takes data to be returned from RADIUS. It also allows dissociation between L2 and L3 (same subnet on several VLANs). 

You can almost call it SDN :) 