Solved: Re: PPP IPv6 with SLAAC not working (lab)

insideshell · ‎05-14-2020

Hello,

I'm trying to get familiar with PPP IPv6 using SLAAC (and later DHCPv6).
So I set up a very simple GNS3 lab with two C2691 IOS images (old but it should be enough):

I'm using a serial link so that I do not need the PPPoE configuration items (BBA group, virtual template, dialer — but actually the same problem occurs on a PPPoE link).

Here are my configurations:

R1#show run
!
ipv6 unicast-routing
!
interface Loopback0
no ip address
ipv6 address 2001:DB8:12FF::1/128
!
interface Serial1/0
no ip address
encapsulation ppp
ipv6 unnumbered Loopback0
ipv6 enable
no ipv6 nd ra suppress
peer default ipv6 pool IPV6-POOL
!
ipv6 local pool IPV6-POOL 2001:DB8:5AB:10::/60 64
!
R1#show ipv6 interface brief
Serial1/0 [up/up]
FE80::C201:51FF:FE6A:0

R2#show run
!
ipv6 unicast-routing
!
interface Serial1/0
no ip address
encapsulation ppp
ipv6 address autoconfig
ipv6 enable
!
From the Cisco guide: "The ipv6 address autoconfig command causes the device to perform IPv6 stateless address auto-configuration to discover prefixes on the link and then to add the EUI-64 based addresses to the interface. Addresses are configured depending on the prefixes received in Router Advertisement (RA) messages."

Problem is: my RA messages from R1 to R2 do NOT contain the prefix option (see below, full capture attached). It seems R1 does not allocate a /64 IPv6 prefix from the IPV6-POOL.

As you can see, there is only the MTU option but not the Prefix Information option used for SLAAC (RFC 4861).
I also tried this from the official guide without luck.

Any help would be appreciated!

Thanks.

Harold Ritter · ‎05-20-2020

Hi,

Can you change the following in your configuration.

1. Enable chap authentication between the client and the server.

2.. Change your pool as follow:

from ipv6 local pool pool1 2001:DB8:1200::/40 48 to ipv6 local pool pool1 2001:DB8:1200::/40 64

This should fix it.

Regards,

I tried

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

insideshell · ‎05-15-2020

Be noted it works by forcing the prefix to advertise:

R1#sho run int s1/0
!
interface Serial1/0
no ip address
encapsulation ppp
ipv6 unnumbered Loopback0
ipv6 enable
~~peer default ipv6 pool IPV6-POOL~~
ipv6 nd prefix 2001:DB8:5AB:10::/64
no ipv6 nd ra suppress
!
ipv6 local pool IPV6-POOL 2001:DB8:5AB:10::/60 64
!

Now, the RA message contains the prefix option:

And in R2:

R2#sho ipv6 int br
Serial1/0 [up/up]
FE80::C202:51FF:FE79:0
2001:DB8:5AB:10:C202:51FF:FE79:0

As expected, R2 performed the SLAAC based on the RA prefix.
But still no way to get it working using my IPV6-POOL, if someone has a clue.

Thanks.

insideshell · ‎05-18-2020

Actually I have the same issue on a real CISCO1941/K9.
So I think I'm missing some configurations items.
This time I did exactly as per Configuring PPPoE on IPv6 guide.
Here are my configurations (now using PPPoE):

R1#show run
!
ipv6 unicast-routing
!
bba-group pppoe GROUPA
virtual-template 1
!
interface Loopback1
no ip address
ipv6 address 2001:DB8:2::1/40
!
interface GigabitEthernet0/0
no ip address
pppoe enable group GROUPA
!
interface Virtual-Template1
no ip address
peer default ipv6 pool pool1
ipv6 unnumbered Loopback1
ipv6 enable
no ipv6 nd ra suppress
!
ipv6 local pool pool1 2001:DB8:1200::/40 48
!

R2#show run
!
interface FastEthernet0/0
no ip address
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer1
no ip address
encapsulation ppp
dialer pool 1
ipv6 address autoconfig default
ipv6 enable
!

But again, no Prefix in the RA messages.
Any thoughts?
Thanks!

Harold Ritter · ‎05-18-2020

It looks like you and the original poster might be hitting this bug. Could you please upgrade to a fixed version, as indicated in the following link and see if it fixes the issue.

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCtl17505

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

insideshell · ‎05-18-2020

Unfortunately, it looks like I didn't have the permission to view the bug report:

Insufficient Permissions to View Bug
This bug contains proprietary information and is not yet publicly available.
You may find useful information within theCisco Community

I am logged in with my Cisco account which is associated with my company contract.
Thanks for your answer.

Harold Ritter · ‎05-18-2020

It looks like it is not externally available. What version of IOS are you running?

Could you also provide a "show ipv6 interface Virtual-Access <interface and subinterface number>".

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

insideshell · ‎05-19-2020

I'm using C1941 C1900-UNIVERSALK9-M, Version 15.2(4)M3, RELEASE SOFTWARE (fc2)

Here is the output:

Router#show ipv6 interface virtual-access 1.1
Virtual-Access1.1 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::B2FA:EBFF:FED6:4320
No Virtual link-local address(es):
Interface is unnumbered. Using address of Loopback0
No global unicast address is configured
Joined group address(es):
FF02::1
FF02::2
FF02::1:FFD6:4320
MTU is 1492 bytes
ICMP error messages limited to one every 100 milliseconds
ICMP redirects are enabled
ICMP unreachables are sent
ND DAD is enabled, number of DAD attempts: 1
ND reachable time is 30000 milliseconds (using 30000)
ND advertised reachable time is 0 (unspecified)
ND advertised retransmit interval is 0 (unspecified)
ND router advertisements are sent every 200 seconds
ND router advertisements live for 1800 seconds
ND advertised default router preference is Medium
Hosts use stateless autoconfig for addresses.

Thanks.

Harold Ritter · ‎05-19-2020

This seems to be the bug you hit. Could you please upgrade to some more recent IOS version and see that it fixes the issue.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

insideshell · ‎05-20-2020

I cannot upgrade, it seems we don't have a newer image for this model.
But we have VIRL and I tested with an IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.7(3)M3.
I am encountering the same issue: no IPv6 allocation from the pool.
That's why I'm starting to think maybe I missed some configuration items...

Harold Ritter · ‎05-20-2020

Hi,

Can you change the following in your configuration.

1. Enable chap authentication between the client and the server.

2.. Change your pool as follow:

from ipv6 local pool pool1 2001:DB8:1200::/40 48 to ipv6 local pool pool1 2001:DB8:1200::/40 64

This should fix it.

Regards,

I tried

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

insideshell · ‎05-20-2020

It worked with the CHAP authentication enabled!
I also tried with the PAP authentication and it worked as well!
I don't really understand why authentication is mandatory for IPv6 (that's why I didn't enable it before).
For an IPv4 pool, it works without any authentication method.
Actually, it worked without changing the pool (even if I read in one of your posts that SLAAC supports only /64, but /64 was my original need).

EDIT: about the pool, it is indeed needed to allocate a /64 and not a /48, otherwise SLAAC does not work on the client side.

Many thanks Sir!