Jernej Horvat sent me the following question:
I know DHCPv6-based prefix delegation should be as stable as possible, so I plan to include the delegated prefix in my RADIUS database. However, for legacy reasons each username can have up to four concurrent PPPoE sessions. How will that work with DHCPv6 IA_PD?
Short answer: worst case, DHCPv6 prefix delegation will be royally broken.
In spite of this, things are not as gloomy as they seem. The reason this ISP allows up to four concurrent sessions for each username is simple: years ago DSL modems were annoyingly stupid, so their users terminated PPPoE sessions on the hosts, and it was quite likely that someone would have two or more hosts at home (today, some of the more creative users use this functionality for roaming within the ISP network).
Obviously the users starting PPPoE sessions on their hosts consumed more IPv4 addresses and BRAS resources than users with properly-configured CPEs, but let’s not chase that particular squirrel.
Also, remember that the CPE device has to trigger the DHCPv6 prefix delegation process with a DHCPv6 REQUEST packet. At that time, access server (BRAS) using old Cisco IOS software might send another RADIUS request; more recent software would already have the value of the delegated-IPv6-prefix RADIUS attribute and use that. However, the prefix is not delegated, and the corresponding static route not installed, until the CPE asks for it.
Summary: If you allow concurrent sessions for a single username, but only one of them is a CPE using DHCPv6, you won’t experience prefix delegation problems.
Regardless of the “it just might work” conclusion above, keep the following in mind:
- If you’re using framed-IPv6-prefix RADIUS attribute (or equivalent Cisco AV-pair), you MUST limit the number of concurrent sessions to one.
- If you’re using delegated-IPv6-prefix RADIUS attribute, you SHOULD limit the number of concurrent sessions to one.
- If you allow concurrent sessions for a single username, you SHOULD use BRAS local pools for directly connected (/64) PPPoE prefixes and either BRAS local pools or central DHCPv6 (not RADIUS) server for delegated prefixes.
- If you use BRAS local pools, you SHOULD use short lifetimes for delegated prefixes to ensure the CPE doesn’t get totally stuck if the BRAS reloads and forgets the prefixes it delegated
You’ll find detailed description of DHCPv6, prefix delegation mechanisms, RADIUS integration, and corresponding design, deployment and configuration guidelines in the Building Large IPv6 Service Provider Networks webinar. You can buy its recording or get it as part of the IPv6 trilogy or yearly subscription.