Showing results for 
Search instead for 
Did you mean: 

ASR9000/XR: BNG and Dual-stack ipv4 and ipv6 sessions



This document provides an overview for dual stack sessions for ASR9000 BNG, running ipv4 and ipv6 address stacks next to each other for subscriber sessions.

Dual Stack

Dual stack refers to the concept of running a subsciber session with an IPv4 address as well as an IPv6 address.

Deployment models and general concept

Screen Shot 2014-01-14 at 8.46.52 AM.png

Address Assignment

To unravle the complex terminology associated with address assignment in particular to IPv6 this picture below shows the various address assignment options available.

Screen Shot 2014-01-14 at 8.47.07 AM.png

You can also use the framed-ipv6-address radius attribute to provide an address to the subscriber from radius which then will be advertised

via SLAAC (NA/ND) for both PPPoE and IPoE sessions.

The additional attribute ipv6:ipv6-default-gateway VSA can be used to provide the default router in case no dhcpv6 is used for IPoE sessions.

IPv6 Addressing

When it comes to "prefix delegation" that is having a large IPv6 like subnet that is shared between subscribers who get a subnet from that subnet sort of speak the following addressing example hopefully visualizes how it all ties together

Addressing mapping


Configuration CPE

The following 2 secions provide the configuration for the client side and the WAN side of the CPE

PC client side of the CPE

interface GigabitEthernet0/2

description to switch fa0/15

ip address

no ip unreachables

ip nat inside

ip virtual-reassembly

duplex full

speed 100

media-type rj45

negotiation auto

ipv6 address prefix-from-provider ::1:0:0:0:1/64

ipv6 enable


WAN side of the CPE

interface FastEthernet2/0.50

encapsulation dot1Q 50

ipv6 address autoconfig default

ipv6 enable

ipv6 dhcp client pd prefix-from-provider


In these examples we are expanding the delegated prefix with a :1/64 and we perceive ourselves to be the ".1" and default gateway.

Configuration DHCPv6 Server

ipv6 unicast-routing

ipv6 dhcp pool dhcpv6

prefix-delegation pool dhcpv6-pool1 lifetime 6000 2000

ipv6 route 2001:60:45:28::/64 2005::1

ipv6 route 2001:DB8:1200::/40 2005::1

ipv6 route 200B::/64 2005::1

ipv6 route 2600:80A::9/128 4000::1

ipv6 local pool dhcpv6-pool1 2001:DB8:1200::/40 48

More info on IOS dhcpv6 server:

Operation and Call Flow

Because ASR9000 treats the 2 stacks as a single subscriber, and hence ONE access request and a SINGLE accounting record are generated for both stacks, differences of desired operation exist when it comes to when for isntance to generate an accounting request.

There are 2 key things to consider and of importance:

  • When the first AF comes up, an access-request is generated, the access-accept should contain BOTH ipv4 and ipv6 information for the session although there is no second request for the other AF maybe yet
  • An accounting-start can be generated as soon as the first AF comes up, we can wait for a determined period of time and generate a single accounting start record for BOTH AF's, or we can do a triggered interim accounting record when the second AF comes up.

Call Flows

Dual stack generic call flow

Screen Shot 2014-01-14 at 8.46.33 AM.png

PPPoE DS detailed call flow SLAAC based address assignment

Screen Shot 2014-01-14 at 9.07.40 AM.png

PPPoE DS detailed call flow DHCPv6 based address assignment

Screen Shot 2014-01-14 at 8.57.06 AM.png

IPoE DS detailed callflow IPv4 AF starts first

Screen Shot 2014-01-14 at 8.57.30 AM.png

IPoE DS detailed callflow IPv6 AF starts first

Screen Shot 2014-01-14 at 8.57.36 AM.png

Sample Scenario

Sample Topology for the configuration example

Screen Shot 2014-01-14 at 8.39.37 AM.png


hostname bng

logging console   debugging

Radius server configuration.

Radius server is listening on with auth-port on 1645 and accounting-port on 1646

radius-server   host auth-port 1645 acct-port 1646

key 7 010107000A5955


COA server or policy-server with ip-address is running

aaa server   radius dynamic-author

client vrf default server-key 7   03165A0F575D72


aaa group server   radius RADIUS

server auth-port 1645 acct-port 1646


aaa accounting   service default group radius

aaa accounting   subscriber default group radius

aaa   authorization subscriber default group radius

aaa   authentication subscriber default group radius

line console

stopbits 1


DHCPv6 address pool is defined locally within BNG box and local pool is used for ipv6 address assignment to IPv6 BNG clients

pool vrf default   ipv6 ipv6_address_pool

address-range 2001::2 2001::7dff



DHCPv4 server with ip address is deployed externally and this ipv4 address should be reachable from BNG device. Routing protocols should take care of reachability of from BNG device. DHCPv4 proxy is configured as follows.

dhcp ipv4

profile IPoEv4   proxy

helper-address vrf default   giaddr



DHCPv4 proxy is enabled on bundle sub-interface

interface   Bundle-Ether1.10 proxy profile IPoEv4



DHCPv6 server is configured and already configured DHCPv6 address pool is referred within DHCPv6 server configuration. DHCPv6 profile is configured as follows with address pool.

dhcp ipv6

   profile IPoEv6 server

   address-pool ipv6_address_pool



DHCPv6 address pool is referred on bundle sub-interface.

interface   Bundle-Ether1.10 server profile IPoEv6


interface   Bundle-Ether1

bundle   maximum-active links 1


Bundle sub-interface with dot1q encapsulation configured with single tag. Subscriber traffic from

CPE should come with single dot1q tag and this vlan tag should match with vlan id 10 configured under bundle sub-interface. In dual-stack IPoE configuration,   “initiator dhcp” is configured ipv4/ipv6 l2 connect mode.

Policy-map type control’s name is referred with service-policy

interface   Bundle-Ether1.10

ipv4   point-to-point

ipv4 unnumbered   Loopback1

ipv6 enable

service-policy   type control subscriber pm-src-mac

encapsulation   dot1q 10

ipsubscriber   ipv4 l2-connected

initiator dhcp


ipsubscriber ipv6 l2-connected

initiator dhcp



Ipv4 address is default-gateway ip address for pool of ipv4 address allocated to dual-stack BNG clients

interface   Loopback1

ipv4 address

ipv6 enable


interface   MgmtEth0/RSP0/CPU0/0

ipv4 address


interface   MgmtEth0/RSP0/CPU0/1




Physical interface gigabit0/0/0/0 is configured as bundle interface.

interface   GigabitEthernet0/0/0/0

bundle id 1 mode on

negotiation auto

transceiver permit pid all


interface   GigabitEthernet0/0/0/1

ipv4 address

transceiver permit pid all


interface GigabitEthernet0/0/0/5

ipv4 address


Dual-stack dynamic-template is configured for dual-stack initiation. “ipv6 enabled” under dual-stack template and ipv4 unnumbered

address, ipv4 urpf configured.


   type ipsubscriber Dual_stack_IPoE

     accounting aaa list default type   session periodic-interval 5

     ipv4 verify unicast source   reachable-via rx

     ipv4 unnumbered Loopback1

     ipv6 enable



Class-map configured for dual-stack scenario to match DHCPv6 – SOLICIT and DHCPv4 DISCOVER as sign of life packet

class-map type   control subscriber match-any dual_stack_class_map

   match protocol dhcpv4 dhcpv6



Class-map “Dual_stack_class_map “ is referred within policy-map.   Even session-start is hit based on DHCPv4/DHCPv6 FSOL, template “Dual_stack_IPoE” is activated.   Subscriber mac-address is used as subscriber identification and it is authorized with AAA server

policy-map type   control subscriber pm-src-mac

event session-start match-all

   class type control subscriber   dual_stack_class_map do-all

     1 activate dynamic-template   Dual_stack_IPoE

     2 authorize aaa list default identifier   source-address-mac password cisco







Verification example

”show subscriber session all” command shows ipv4/ipv6 clients session active

RP/0/RSP0/CPU0:bng#show   subscriber session all

Tue Jan 29   12:49:25.237 UTC

Codes: IN -   Initialize, CN - Connecting, CD - Connected, AC - Activated,

       ID - Idle, DN - Disconnecting, ED -   End

Type         Interface               State     Subscriber IP Addr / Prefix

                                                 LNS Address (Vrf)                            


IP:DHCP     BE1.10.ip22             AC (default)

                                                 2001::2 (default)               



Command “show subscriber session all detail” should show ipv4/ipv6 clients details detailly.

RP/0/RSP0/CPU0:bng#show   subscriber session all deta

Tue Jan 29   12:49:27.752 UTC

Interface:               Bundle-Ether1.10.ip22

Circuit ID:               Unknown

Remote ID:               Unknown

Type:                     IP: DHCP-trigger

IPv4 State:               Up, Tue Jan 29 12:46:32 2013

IPv4   Address:   , VRF:   default

IPv6 State:               Up, Tue Jan 29 12:46:42 2013

IPv6   Address:            2001::2, VRF: default

IPv6 Interface   ID:       ..d..... (02 00 64 ff fe 01   01 02)

Mac   Address:             0000.6401.0102

Account-Session   Id:       0000001c

Nas-Port:                 Unknown

User name:               0000.6401.0102

Outer VLAN ID:           10

Subscriber   Label:         0x00000055

Created:                 Tue Jan 29 12:46:32 2013

State:                   Activated

Authentication:           unauthenticated

Access-interface:         Bundle-Ether1.10

Policy Executed:

policy-map type   control subscriber pm-src-mac

event Session-Start match-all [at Tue Jan   29 12:46:32 2013]

   class type control subscriber   dual_stack_class_map do-all [Succeeded]

     1 activate dynamic-template   Dual_stack_IPoE [Succeeded]

     2 authorize aaa list default   [Succeeded]

Session   Accounting:      

Acct-Session-Id:         0000001c

Method-list:             default

Accounting started:       Tue Jan 29 12:46:32 2013

Interim accounting:       On, interval 1 mins

   Last successful update: Tue Jan 29   12:48:34 2013

   Next update in:         00:00:06 (dhms)

Last COA request   received: unavailable

”show dhcp ipv4 proxy binding” command is going to show ipoev4 clients created with ip-address and mac-address, interface on which it is created, vrf-name etc

RP/0/RSP0/CPU0:bng#show   dhcp ipv4 proxy binding

Tue Jan 29   12:49:42.955 UTC




MAC Address     IP Address     State     Remaining       Interface         VRF     Sublabel

-------------- -------------- ---------   --------- ------------------- ---------   ----------


0000.6401.0102     BOUND     3409       BE1.10               default   0x55      



RP/0/RSP0/CPU0:bng#show   dhcp ipv4 proxy binding de

Tue Jan 29   12:49:49.498 UTC

MAC   Address:                 0000.6401.0102

VRF:                         default


Server VRF:                 default

IP Address:       

Giaddr from   client:

Giaddr to   server: 

Server IP   Address: 

Server IP   Address to client:

ReceivedCircuit   ID:         -

InsertedCircuit   ID:         -

ReceivedRemote   ID:           -

InsertedRemote   ID:           -

ReceivedVSISO:               -

InsertedVSISO:               -

Auth. on   received relay info:FALSE

Profile:                     IPoEv4

State:                       BOUND

Proxy   lease:                 3600 secs   (01:00:00)

Proxy lease   remaining:       3403 secs (00:56:43)

Client ID:                     0x00-0x00-0x64-0x01-0x01-0x02

Access   Interface:           Bundle-Ether1.10

Access VRF:                 default

VLAN Id:                     10

Subscriber   Label:           0x55

Subscriber   Interface:       Bundle-Ether1.10.ip22

“show dhcp ipv6 server binding” is going to show ipv6 address allocated from DHCPv6 local pool

RP/0/RSP0/CPU0:bng#show   dhcp ipv6 server binding

Tue Jan 29   12:50:04.560 UTC


Total number of   clients: 1

DUID   : 00030001000064010102

MAC Address: 0000.6401.0102

Client Link Local: fe80::200:64ff:fe01:102

Sublabel: 0x55

   IA ID: 0x0


   IPv6 Address: 2001::2 (Bundle-Ether1.10)

       lifetime : 600 secs (00:10:00)

       expiration: 399 secs (00:06:39)



Related Information

Configuration example and verification provided by Narendiran Rajaram

Xander Thuijs CCIE #6775

Principal Engineer ASR9000, IOS-XR and NCS6000


Well, the configured link-local address in reachable if I do ping on the BNG itself.

But not 2001::1/128 which is also on the same interface. This is just crazy!

On another BNG running 5.3.4 it's ok, why shouldn't it be, right :)

This one is running 6.1.3 32Bit

show route vrf ipoe ipv6 2001::1/128

% Network not in table

sh run inter loopback 10075

interface Loopback10075
description # IPoE GW #
vrf ipoe
ipv4 address
ipv6 address fe80::cafe link-local
ipv6 address 2001::1/128

show route vrf ipoe ipv6 2001::1/128

% Network not in table

sh run vrf ipoe

vrf ipoe
address-family ipv4 unicast
import route-target
export route-target
address-family ipv6 unicast
import route-target
export route-target

ping vrf ipoe 2001::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001::1, timeout is 2 seconds:
Success rate is 0 percent (0/3)

My colleague has filed two TAC SR for two BNG that are running 6.1.3

SR 682071148 : No traffic on PPPoE subscriber session --- this one is a disaster because PPPoE is not working at all, but it was working for two weeks!

SR 682071387 : BNG ipv6 problem - not a big issue because IPoE sessions can reach all networks behind the BNG, but not the BNG.

Cisco Employee

hmm the fact that the route is not in the vrf show route is worrisome and likely part of the issue there already. this is not a bng issue per-se but merely an ipv6 routing situation.

I dont know why the address is not inserted into the vrf, but have you tried a reconfiguration of the loopback?

I will also take a look at the cases.



Cisco Employee

hi smail, as for 682071148 the issue is related to a bundle vs phy mac. this is caused by an ifmgr restart during normal operation. of course it should not change the mac and use the bundle only. this was first seen in 434 I recall but disappeared in 51x after the increased mac capability for hsrp/vrrp (same issue with vmac and phy mac). the workaround would be to restart the vic on the location where the bundle member(s) is/are. let me see if there is a new ddts for this.

682071387 seems to be the one that we are discusisng here with the missing v6 addr of the loopback in the vrf.



Removing and adding back the Loopback intf did the trick :)

I will tell my colleague to test IPv6 connectivity this Monday. I remember that it was not possible to ping the IPv6 neighbor (BNG's address) from the CPE.  


I see that my colleague has exchanged some e-mails today with the TAC engineer.

They did restart process vic and ping to CPE is now working fine. I hope that they will find the root cause because the four BNG's will go into production in few weeks.

Thank you very much for providing useful information here. 

I am currently working on another project thus not fully involved in the BNG project. I remember that I had some weird issue before, but hey it's a multi service box :)

Cisco Employee

ah great to hear smail! yeah this is not bng specific, not sure how that happened, if you have a solid repro for this, would be reasonable to file a tac case/ddts for that.




I have asked my colleague to do a second test and he told me that the BNG is now pingable. I can take a look into that in the next few days. Maybe it a one-time only issue. 


Dear Xander

if i want to authenticate with:

* group1_user to "default" method list using radius1,

* group2_user to "specific" method list using radius2,

how should be "aaa authentication", "aaa authorization" and "aaa accounting" configuration then ?

say following radius configuation:


aaa group server radius RAD1
vrf admin
server-private auth-port 1645 acct-port 1646
key group1
source-interface MgmtEth0/RSP0/CPU0/1
aaa group server radius RAD2
vrf admin
server-private auth-port 1645 acct-port 1646
key group2
source-interface MgmtEth0/RSP0/CPU0/1


Thanks for help


Cisco Employee


have you tried something along these lines:

aaa authentication subscriber Specific group RAD2
aaa attribute format AAA-AF
 format-string length 253 "%s@%s" client-mac-address dhcp-vendor-class ! policy-map type control subscriber IPoE_Auth event session-start match-first class type control subscriber IPoE do-until-failure 10 activate dynamic-template IPoE 20 authorize aaa list Specific format AAA-AF password cisco




 this issue did not appear again on any device.

All good!

Hi all,


Great post and comments on DS BNG. I've been trying to set it up on an ASR9001 with local pool for SLAAC and DHCPv6 for PD assignments but ran into some issues.


The setup is PPPoE sessions in a VRF.


On XR 5.3.4 DHCPv6 PD was working fine and the CPE (Cisco 1800) got a prefix assigned, but did not receive any prefix via SLAAC. Debugging showed that the ASR9K received the RS but didn't respond with a RA msg.


Now I've upgraded to 6.1.4 and SLAAC works fine, but now the CPE doesn't get a PD prefix. From DHCP debugging on both sides I can see that the ASR9K receives the request, allocates and installs a prefix in the routing table, and from the DHCP debug output the ASR9K claims to send the response but the CPE doesn't receive it. 


Tried both XR versions with bundle and physical interfaces without any changes to the issues.


Any recommendations on software versions or other valuable input?



-- Config output --


 type ppp PPP_TPL
  ppp authentication pap
  ppp ipcp dns
  ppp ipcp peer-address pool PPPOEPOOLv4
  vrf internet
  timeout idle 4200
  accounting aaa list BNG_ACCT type session periodic-interval 10
  ipv4 verify unicast source reachable-via rx
  ipv4 unnumbered Loopback666
  ipv6 nd framed-prefix-pool PPPOEPOOLv6
  ipv6 enable
  dhcpv6 delegated-prefix-pool PD_POOL
pool vrf internet ipv4 PPPOEPOOLv4
pool vrf internet ipv6 PD_POOL
 prefix-length 60
 network 2001:beef::/48
pool vrf internet ipv6 PPPOEPOOLv6
 prefix-length 64
 network 2001:f00d::/48

dhcp ipv6
 profile DHCPv6_PD server
  lease 8
  prefix-pool PD_POOL
 interface subscriber-pppoe profile DHCPv6_PD

Cisco Employee
about IPv6 assignment usecase support that introduced in this page, i have questions below. Question1. In the case 2, it looks like a “link local SLAAC + DHCPv6-PD” scenario, does it mean IPoEv6 CPE get a IA_NA address for its WAN interface from RA message sent by BNG virtual-interface, and then issue DHCPv6-PD message to get PD prefix for its LAN hosts address binding? If so, how CPE get DNS server address assignment? via SLAAC or DHCPv6 server (RA message with O bit =1) ? Question2. Or upon my described behavior belong to case 4 and it does not supported so far? If this is case, please let me know what is actual behavior of case 2 (or let me know which call flow in this page is mapped to case2, I assumed call flow of case 2 does not be introduced in the supportforum page. Question3. The Case 3 is pure for PPPoE session, right? Thanks Andrew
Cisco Employee

Hi Xander,

This is a very basic question. I have spent much time to get a solid conclusion so I hope you can just give a quick answer. I'm not quite understand the "IPv6 client address assignment. models".


As to the first 2 models, they are about DHCPv6 PD for LAN, DHHCPv6 NA or Link Local SLAAC for the WAN. Does the "Link local" here has any special meaning or it's just normal SLAAC? 


As to the bottom 2 models, I'm not sure what exactly is supported and not support? I'm not sure about the scope of the "stop" sign. The whole model 4 is not supported or just "SLAAC"? Could you help me with this? Could you also help if there is any enhancement later.


DHCPv6 NA <<< I think this is for both IPoE and PPPoE?

SLAAC + Stateless DHCPv6(PPPoE) <<< Does this only supported for PPPoE?



SLAAC <<< Does it mean "SLAAC only" is not supported for either PPPoE or IPoE?

SLAAC + Stateless DHCPv6(IPoE) <<< This is not supported for IPoE?


Thanks, William




I Would like to share my problem, regarding DS PPPoE and IPoE.
to setup session, everything work well even for PPPoE or IPoE.


First, to explain my architecture, ASR9001 act as DHCP IPv4 and IPV6 server, so I can better manager dhcp-class.
PPPoE : pppoe/dhcpv6 on policy-map
IPoE : dhcpv4/dhcpv6 on policy-map





After session UP
both PPPoE/IPoE work DS:
PPPoE IPv4 authenticated by RADIUS (AAA)
PPPoE IPv6 authorization/accoutning by RADIUS

IPoE IPv4 authorization/accoutning by RADIUS
IPoE IPv6 authorization/accoutning by RADIUS


When come the time for disconnection and reconnection on time out, or console command (clear subs ses id...):

* it seems work well, ie disconnect and reconnect with new IPv4/IPv6 address
* once connected, I have following IP address state:


IP:DHCP BE10.3613.ip23 AC (default)

                                              2001:db8:600:500::/56 (default) >>> fictive IPv6 address subnet


At this state, I have 3 differents situations:


1) if the CPE dual stack reboot, it take new public IPv4 address, but keep ipv6 subnet provided before reboot.


==> the laptop will take new ipv6 address and it works


2) if there is a release from BNG, the session renew with same ipv4 address but NOT ipv6 address (ie. the session become ipv4 session only, even no protocol change eon CPE dual-stack)

IP:DHCP BE10.3613.ip23 AC (default)


==> as the laptop is behinf the CPE, it keep private ipv4 address ( for ex) and also original public ipv6 address (2001:db8:600:500:x:x:x:x).


At this state, there is a problem because, all OS priorize now ipv6 traffic first, and then ipv4 traffic if no answer. So I can see a delay du to this request v6/v4. the only way is to release laptop dhcp service.

3) if there is a release from BNG, the session renew with same ipv4 address but with NEW ipv6 address


IP:DHCP BE10.3613.ip23 AC (default)
                                              2001:db8:600:300::/56 (default) >>> fictive IPv6 address subnet


==> the CPE net new dual-stack ip addresses side WAN.

==> as the laptop is behinf the CPE, it keep normally private ipv4 address ( for ex) and  also previous public ipv6 address (2001:db8:600:500:x:x:x:x), and not the new one received in PD.

==> at this state , there is also a problem because, all OS priorize now ipv6 traffic first, and then ipv4 traffic if no answer.
==> so I can see a delay du to this request v6/v4.

==> the only way is to disconnect laptop interface and reconnect to retreive now ipv6 address


The situations 2 and 3 cause delay for customers, and waste time for customer support.


Is there anyway to properly disconnect the session in timeout, or on BNG console, in order:
* to send correctely release to CPE (over OLT), so the CPE can take note of disconnection, and do necessay to resend new subnet to LAN behind CPE?


Thanks for sharing possible solution.



Hi, Xander:


Quick question: how can a BNG handling IPoEv6 sessions detect than, say, an ONT is not there anymore and proactively delete a session to recover those resources?


Does that only happen when the DHCPv6 lease times out and the session has to renew itself? Or is there another way this happens. I'm asking because I have a testbed and the session is still up, while the ONT has been powered off for a day.


I assume that this is one reason for the "timeout idle 60" command, right?


Hope you find the time to answer this question.



CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey