This document provides an overview for dual stack sessions for ASR9000 BNG, running ipv4 and ipv6 address stacks next to each other for subscriber sessions.
Dual stack refers to the concept of running a subsciber session with an IPv4 address as well as an IPv6 address.
Deployment models and general concept
To unravle the complex terminology associated with address assignment in particular to IPv6 this picture below shows the various address assignment options available.
You can also use the framed-ipv6-address radius attribute to provide an address to the subscriber from radius which then will be advertised
via SLAAC (NA/ND) for both PPPoE and IPoE sessions.
The additional attribute ipv6:ipv6-default-gateway VSA can be used to provide the default router in case no dhcpv6 is used for IPoE sessions.
When it comes to "prefix delegation" that is having a large IPv6 like subnet that is shared between subscribers who get a subnet from that subnet sort of speak the following addressing example hopefully visualizes how it all ties together
The following 2 secions provide the configuration for the client side and the WAN side of the CPE
PC client side of the CPE
description to switch fa0/15
ip address 192.168.1.1 255.255.255.0
no ip unreachables
ip nat inside
ipv6 address prefix-from-provider ::1:0:0:0:1/64
WAN side of the CPE
encapsulation dot1Q 50
ipv6 address autoconfig default
ipv6 dhcp client pd prefix-from-provider
In these examples we are expanding the delegated prefix with a :1/64 and we perceive ourselves to be the ".1" and default gateway.
Configuration DHCPv6 Server
ipv6 dhcp pool dhcpv6
prefix-delegation pool dhcpv6-pool1 lifetime 6000 2000
ipv6 route 2001:60:45:28::/64 2005::1
ipv6 route 2001:DB8:1200::/40 2005::1
ipv6 route 200B::/64 2005::1
ipv6 route 2600:80A::9/128 4000::1
ipv6 local pool dhcpv6-pool1 2001:DB8:1200::/40 48
Because ASR9000 treats the 2 stacks as a single subscriber, and hence ONE access request and a SINGLE accounting record are generated for both stacks, differences of desired operation exist when it comes to when for isntance to generate an accounting request.
There are 2 key things to consider and of importance:
When the first AF comes up, an access-request is generated, the access-accept should contain BOTH ipv4 and ipv6 information for the session although there is no second request for the other AF maybe yet
An accounting-start can be generated as soon as the first AF comes up, we can wait for a determined period of time and generate a single accounting start record for BOTH AF's, or we can do a triggered interim accounting record when the second AF comes up.
Dual stack generic call flow
PPPoE DS detailed call flow SLAAC based address assignment
PPPoE DS detailed call flow DHCPv6 based address assignment
IPoE DS detailed callflow IPv4 AF starts first
IPoE DS detailed callflow IPv6 AF starts first
Sample Topology for the configuration example
logging console debugging
Radius server configuration.
Radius server is listening on 188.8.131.52 with auth-port on 1645 and accounting-port on 1646
aaa authentication subscriber default group radius
DHCPv6 address pool is defined locally within BNG box and local pool is used for ipv6 address assignment to IPv6 BNG clients
pool vrf default ipv6 ipv6_address_pool
address-range 2001::2 2001::7dff
DHCPv4 server with ip address 184.108.40.206 is deployed externally and this ipv4 address should be reachable from BNG device. Routing protocols should take care of reachability of 220.127.116.11 from BNG device. DHCPv4 proxy is configured as follows.
DHCPv6 server is configured and already configured DHCPv6 address pool is referred within DHCPv6 server configuration. DHCPv6 profile is configured as follows with address pool.
profile IPoEv6 server
DHCPv6 address pool is referred on bundle sub-interface.
interface Bundle-Ether1.10 server profile IPoEv6
bundle maximum-active links 1
Bundle sub-interface with dot1q encapsulation configured with single tag. Subscriber traffic from
CPE should come with single dot1q tag and this vlan tag should match with vlan id 10 configured under bundle sub-interface. In dual-stack IPoE configuration, “initiator dhcp” is configured ipv4/ipv6 l2 connect mode.
Policy-map type control’s name is referred with service-policy
ipv4 unnumbered Loopback1
service-policy type control subscriber pm-src-mac
encapsulation dot1q 10
ipsubscriber ipv4 l2-connected
ipsubscriber ipv6 l2-connected
Ipv4 address 10.10.10.1 is default-gateway ip address for pool of ipv4 address allocated to dual-stack BNG clients
ipv4 address 10.10.10.1 255.255.255.0
ipv4 address 18.104.22.168 255.255.0.0
Physical interface gigabit0/0/0/0 is configured as bundle interface.
bundle id 1 mode on
transceiver permit pid all
ipv4 address 22.214.171.124 255.255.255.0
transceiver permit pid all
ipv4 address 126.96.36.199 255.255.255.0
Dual-stack dynamic-template is configured for dual-stack initiation. “ipv6 enabled” under dual-stack template and ipv4 unnumbered
address, ipv4 urpf configured.
type ipsubscriber Dual_stack_IPoE
accounting aaa list default type session periodic-interval 5
ipv4 verify unicast source reachable-via rx
ipv4 unnumbered Loopback1
Class-map configured for dual-stack scenario to match DHCPv6 – SOLICIT and DHCPv4 DISCOVER as sign of life packet
class-map type control subscriber match-any dual_stack_class_map
match protocol dhcpv4 dhcpv6
Class-map “Dual_stack_class_map “ is referred within policy-map. Even session-start is hit based on DHCPv4/DHCPv6 FSOL, template “Dual_stack_IPoE” is activated. Subscriber mac-address is used as subscriber identification and it is authorized with AAA server
policy-map type control subscriber pm-src-mac
event session-start match-all
class type control subscriber dual_stack_class_map do-all
1 activate dynamic-template Dual_stack_IPoE
2 authorize aaa list default identifier source-address-mac password cisco
”show subscriber session all” command shows ipv4/ipv6 clients session active
RP/0/RSP0/CPU0:bng#show subscriber session all
Tue Jan 29 12:49:25.237 UTC
Codes: IN - Initialize, CN - Connecting, CD - Connected, AC - Activated,
Hello,I'm experiencing behavior on the NCS540 whereby interfaces which physically exist are being moved to preconfigured interfaces once configuration is added. Interfaces now "missing are ten0/0/0/2, ten0/0/0/3, ten0/0/0/17Example RP/0/RP0/CPU...
Hello group,I'm struggling to make the PBR working on Nexus7010 (with SUP2,N7K-M132XP-12L and NX-OS 7.3.3 D1) The setup is the following small MPLS topology: <Customer CE router> --- <Nexus7K MPLS PE> --- <MPLS P router> --- &l...