User Guide for Cisco Network Registrar, 7.0
Managing IPv6 Addresses
Downloads: This chapterpdf (PDF - 481.0KB) The complete bookPDF (PDF - 18.25MB) | Feedback

Managing DHCPv6 Addresses

Table Of Contents

Managing DHCPv6 Addresses

DHCPv6 Concepts

IPv6 Addressing

Links and Prefixes

Determining Links and Prefixes

Generating Addresses

Generating Delegated Prefixes

DHCPv6 Clients and Leases

DHCPv6 Bindings

Lease Affinity

Lease Life Cycle

DHCPv6 Reservations

Searching for Leases

Querying Leases for DHCPv6

DHCPv6 Policy Hierarchy

DHCPv6 Options

DHCPv6 Configuration

Viewing IPv6 Address Space

Configuring Links

Creating and Editing Link Templates

Creating and Editing Links

Configuring Prefixes

Creating and Editing Prefix Templates

Creating and Editing Prefixes

Viewing Address Utilization for Prefixes

Viewing DHCPv6 Networks

Editing DHCPv6 Server Attributes

Configuring DHCPv6 Policies

Configuring DHCPv6 Client-Classes

Configuring DHCPv6 Clients

Setting DHCPv6 Options

Reconfigure Support

DNS Update for DHCPv6


Managing DHCPv6 Addresses


Network Registrar supports the following IPv6 addressing for DHCP (DHCPv6):

Stateless autoconfiguration (RFC 3736)—The DHCPv6 server does not assign addresses, but instead provides configuration parameters, such as DNS server data, to clients.

Stateful autoconfiguration (RFC 3315)—The DHCPv6 server assigns nontemporary or temporary addresses and provides configuration parameters to clients.

Prefix Delegation (RFC 3633)—The DHCPv6 server delegates prefixes to clients (routers).

The DHCPv6 service provides these capabilities:

Links and prefixes—Similar to DHCPv4 networks and scopes that define the network topology. Each link can have one or more prefixes.

Policies and options—You can assign attributes and options to links, prefixes, and clients.

VPN support—Provides multiple address spaces (virtual private networks).

Client-classing—You can classify clients and select prefixes based on known clients or packet-based expressions.

Static reservations—Clients can receive predetermined addresses.

Extensions—Extend the DHCP server processing by using C/C++ and Tcl extensions.

DNS Updates—DNS server updates of DHCP activity (over IPv4).

SNMP traps—Generate traps for events, such as if the number of leases in a prefix exceeds a certain limit (or drops below a certain limit) or if the server detects duplicate addresses.

Statistics collection and logging—Provides server activity monitoring.

The DHCPv6 service requires that the server operating system support IPv6 and that you configure at least one interface on the system for IPv6.

See Also

DHCPv6 Concepts
DHCPv6 Configuration
DNS Update for DHCPv6

DHCPv6 Concepts

The following subsections describe the concepts related to DHCPv6 operation:

IPv6 Addressing

Links and Prefixes

DHCPv6 Clients and Leases

DHCPv6 Policy Hierarchy

DHCPv6 Options

IPv6 Addressing

IPv6 addresses are 128 bits long and are represented as a series of 16-bit hexadecimal fields separated by colons (:). The A, B, C, D, E, and F in hexadecimal are case insensitive. For example:

2001:db8:0000:0000:0000:0000:0000:0000 

A few shortcuts to this addressing are:

Leading zeros in a field are optional, so that you can write 09c0 as 9c0, and 0000 as 0.

You can represent successive fields of zeros (any number of them) by a double colon (::), but only once in an address (because, if used more than once, the address parser has no way of identifying the size of each block of zeros). This reduces the length of addresses; for example, 2001:db8:0000:0000:0000:0000:0000:0000 can be written:

2001:db8:: 

Link-local addresses have a scope limited to the link, and use the prefix fe80::/10. Loopback addresses have the address ::1. Multicast addresses have the prefix ff00::/8 (there are no broadcast addresses in IPv6).

The IPv4-compatible addresses in IPv6 are the IPv4 decimal quad addresses prefixed by ::. For example, you can write the IPv4 address interpreted as ::c0a8:1e01 in the form ::192.168.30.1.

Links and Prefixes

The explicit DHCPv6 configuration objects are links and prefixes:

Link—Network segment that can have one or more prefixes, and adds an additional layer at which policies can be applied for DHCPv6 clients.

Prefix—Equates to a scope in IPv4. The link associated with a prefix is similar to a primary scope, except that it names a link and not another prefix.

Just as with scopes, you can create multiple prefix objects for the same IPv6 prefix. However, rather than supporting multiple ranges with explicit start and end addresses, prefixes support only a single range that must be an IPv6 prefix with a length the same as, or longer than, the prefix object. For example, if you define a 2001::/64 prefix with a 2001::/96 range, the server can assign addresses from 2001:0:0:0:0:0:0:0 through 2001:0:0:0:0:0:ffff:ffff only. The range:

Is limited to powers of 2.

Must be unique (cannot be duplicated by any other range, except in a different VPN).

Cannot be contained in, or contain, another range.

If you omit a range, the server uses the full prefix as the range.

You create a link only if more than one prefix object with a different IPv6 prefix exists on a link. When the server loads the configuration, if a prefix has no explicit link, the server searches for or creates an implicit link with the name Link-[vpn.name/]prefix. All prefix objects with the same IPv6 prefix must either not specify a link or explicitly specify the same link.

The DHCPv6-enabled server supports VPNs (namespaces) for DHCPv6. However there is presently no means to make use of anything other than the default global VPN (there is no VPN option). Both the link and prefix objects have a vpn-id attribute, because prefixes do not require links, but all prefixes on a link must use the same VPN ID.

See Also

Determining Links and Prefixes
Generating Addresses
Generating Delegated Prefixes

Determining Links and Prefixes

When the DHCPv6 server receives a DHCPv6 message, it determines the links and prefixes it uses to service the request. The server:

1. Finds the source address:

a. If the client message was relayed, the server sets the source address to the first nonzero link-address field starting with the Relay-Forward message closest to the client (working outwards). If the server finds a source address, it proceeds to step 2.

b. Otherwise, if the message source address is a link-local address, the server sets the source address to the first address for the interface on which it received the message for which a prefix exists (or 0 if it finds no prefix for any address). It then proceeds to step 2.

c. Otherwise, the server sets the source address to the message source address.

2. Locates the prefix for the source address. If the server cannot find a prefix for the source address, it cannot service the client and drops the request.

3. Locates the link for the prefix. This always exists and is either an explicitly configured link or the implicitly created link based on the prefix address.

Now that the server can determine the client link, it can process the client request. Depending on whether the client request is stateful or prefix-delegated, and on the selection criteria and other factors, the server might use one or more prefixes for the link to service the client request.

This is one area of difference between DHCPv4 and DHCPv6. In DHCPv4, the server selects only one of the scopes from the network to service the client request. In DHCPv6, the server can use all the prefixes for the link. Thus, the server might assign a client an address, or delegate a prefix, from multiple prefixes for the link (subject to selection criteria and other conditions).

Generating Addresses

IPv6 addresses are 128-bit addresses (as compared to 32-bit addresses for IPv4). In most cases, DHCPv6 servers assign 64 of those bits, the interface-identifier (EUI-64) portion (see RFC 4291). You can generate addresses by using the client 64-bit interface-identifier or a random number generator. The interface-identifier emulates how stateless autoconfiguration assigns addresses to clients. Unfortunately, there are privacy concerns regarding its use, and it is limited to one address per prefix for the client.

By default, Network Registrar generates an address using an algorithm similar to that described in RFC 4941 to generate a random interface identifier. These random interface identifiers have a zero value for the universal/local bit to distinguish them from EUI-64-based identifiers. The server also skips randomly generated interface identifiers from ::0 to ::ff so that you can use identifiers for infrastructure devices (such as routers). You can configure whether to assign the interface-identifier (if available) first for each prefix (through the interface-identifier flag of the prefix allocation-algorithms attribute). (See the "Creating and Editing Prefixes" section.) If you specify use of the interface-identifier, the server might still use randomly generated addresses if the address is not available to the client, or the client requests multiple addresses on a prefix.

The server generates addresses based on the prefix-configured range (or the prefix address if there is no range). If the range prefix length is shorter than 64, the server supplies only 64 bits and places them in the address interface-identifier field. If the prefix length is longer than 64, the server supplies only the remaining bits of the address. Thus, a /96 range uses 96 bits from the specified range followed by 32 bits of either the client interface-identifier or a randomly generated value. If the resulting address is not available (such as if it is already leased to another client, or to the same client, but on a different binding), the server tries to generate another address. It repeats this process up to at most 500 times.


Note The DHCP server tests only the randomly generated interface identifier for values from ::0 to ::ff, not the resulting address. Thus, a randomly generated address may end up using an xxxx:xxxx:xxxx:xxxx::0 through xxxx:xxxx:xxxx:xxxx::ff address if the length of the prefix is longer than /64 and the prefix bits that extend beyond the /64 boundary are all zero.



Tip You can also choose from additional address generation algorithms for a prefix and prefix template; see the "Creating and Editing Prefix Templates" section.


Generating Delegated Prefixes

The DHCPv6 server uses a first-fit algorithm when generating delegated prefixes. The server allocates the first available prefix of the length configured or requested.

DHCPv6 Clients and Leases

The DCHPv6 server supports clients and leases that are similar to those for DHCPv4. The key differences are:

The server identifies DHCPv6 clients by their DHCP Unique Identifier (DUID), which is the DHCPv4 concept of hardware addresses and client IDs consolidated into one unique client identifier.

DHCPv6 clients can have multiple leases. This means that if multiple prefixes are on a single link, the server assigns the client an address from each prefix that it is allowed to use, not just from one scope, as in DHCPv4.

The server first creates a DHCPv6 client when it associates the first lease with it, and deletes the client when it no longer has any leases associated with it. This is identical to DHCPv4 behavior, except that a DHCPv4 client can only have a single lease.

DHCPv6 leases are dynamically created. The server does not create all leases that it can potentially use at configuration time, because there potentially could be billions of these leases.

Leases can be for:

Nontemporary addresses—Standard IPv6 unicast addresses with likely long (and renewable) lifetimes.

Temporary addresses—Standard IPv6 unicast addresses, but with very limited (and nonrenewable) lifetimes. Temporary addresses solve a privacy issue with IPv6 (see RFC 3041).

Delegated prefixes—Used for prefix delegation (see RFC 3633).

Leases have both a preferred and valid lifetime:

Preferred lifetime—Primarily for the use of the client, the length of time that a valid address is preferred. When the preferred lifetime expires, the address becomes deprecated.

Valid lifetime—Used by both client and server, it is the length of time an address remains in the valid state. The valid lifetime must be greater then or equal to the preferred lifetime. When the valid lifetime expires, the address becomes invalid. A lease is eligible to be deleted once the valid lifetime expires. This is essentially the same as the DHCPv4 lease time.

See Also

DHCPv6 Bindings
Lease Affinity
Lease Life Cycle
DHCPv6 Reservations
Searching for Leases
Querying Leases for DHCPv6

DHCPv6 Bindings

Bindings are new to DHCPv6 and allow multiple groups of addresses to be allocated to a client. A client binding consists of one of three types:

Nontemporary (IA_NA)

Temporary (IA_TA)

Prefix delegation (IA_PD)

A binding also consists of a unique Identity Association Identifier (IAID). Leases always exist under a binding. Clients, therefore, have one or more bindings, and bindings have one or more leases. The server creates bindings when it first adds the lease, and removes the binding when it has no more leases. The server creates clients when adding the first binding, and removes them when it has no more bindings.

Lease Affinity

For DHCPv4, when a lease expires or the server releases it, the server remembers the client for an address as long as it is not assigned to another client. For DHCPv6, because of the large IPv6 address space and depending on the address generation technique, eons could pass before an address needs reassignment to another client. Therefore, Network Registrar provides an affinity-period attribute so that the client can get the same address even if not requesting a renewal before expiration.

The affinity period is desirable in some environments, but not in others where the affinity time would be zero or very small. During the affinity period, the lease is in the AVAILABLE state and still associated with the client that last leased it. If the client requests a lease during this period, the server grants it the same lease (or, if renewals are inhibited, the client explicitly does not get that lease).

Lease Life Cycle

Leases have a life cycle controlled by states. A lease only exists while it is associated with a client and the server deletes it once it is no longer associated with that client. The life cycle and state transitions are:

1. A lease is born and associated with an address when the server:

a. Creates a reservation for a lease, which puts the lease in the AVAILABLE state and marks it as RESERVED. No timer is associated with this state and the server does not delete the lease as long as it is RESERVED.

b. Sends an ADVERTISE message to a client, which puts the lease in OFFERED state. The lease transitions to DELETED state after the offer timeout.

c. Sends a REPLY message to a client (for a REQUEST, RENEW, or REBIND), which puts the lease in LEASED state. The lease transitions to EXPIRED state after the valid lifetime for the lease elapses.

2. An OFFERED lease transitions to:

a. LEASED state when the server receives a REQUEST message, and then transitions to EXPIRED state after the valid lifetime for the lease elapses.

b. DELETED state if the offered-time expires.

3. A LEASED lease:

a. Is renewed when the server receives a REQUEST, RENEW, or REBIND message. The lease transitions to EXPIRED state after the new valid lifetime for the lease elapses (note that the new valid lifetime could be 0).

b. Transitions to RELEASED state when the server receives a RELEASE message. The lease transitions to AVAILABLE state after the release-grace-period elapses.

c. Transitions to UNAVAILABLE state when the server receives a DECLINE message. The server deletes the lease after the unavailable timeout period elapses.

4. An EXPIRED lease transitions to AVAILABLE state after the grace-period. The server deletes the lease after the affinity-period elapses.

5. An AVAILABLE lease:

a. Transitions to DELETED state and the server deletes it from memory and the lease database after the affinity-period elapses.

b. Cannot be deleted if it is RESERVED, and it remains AVAILABLE.

6. The server can reoffer a LEASED, EXPIRED, RELEASED, or AVAILABLE lease to a client, but it remains in its current state, although the server extends the timeout to at least the offer-timeout.

7. A LEASED lease can also transition to REVOKED state if the server needs to revoke the lease. A revoked lease was previously valid but became invalid because of configuration or selection tag changes. The server can revoke a lease when the client attempts to renew, if the lease is reserved for a different client or the prefix is no longer usable. The lease transitions to AVAILABLE again only after its valid lifetime expires or the client sends a SOLICIT for a new lease.

DHCPv6 Reservations

Reservations apply to nontemporary addresses and delegated prefixes only. They are stored under the prefix in the configuration and must always be for an address (or prefix) under the prefix. The reservation can be outside the prefix object range, provided that it is not in another prefix object range. This restriction has implications when adding new prefix objects, because existing reservations could violate this rule.

Searching for Leases

Network Registrar 7.0 introduces a new mechanism to search for leases in the configured DHCPv6 network. For details, see the "Searching Server-Wide for Leases" section on page 22-9.

Querying Leases for DHCPv6

For details on the DHCPLEASEQUERY implementation for DHCPv6, see the "Leasequery for DHCPv6" section on page 22-31.

DHCPv6 Policy Hierarchy

DHCPv6 uses the existing policy objects, with additional DHCPv6 specific attributes (that are mostly analogous to those in DHCPv4). For DHCPv6, the hierarchy is:

1. Client embedded policy

2. Client named policy

3. Client-class embedded policy

4. Client-class named policy

5. Prefix embedded policy

6. Prefix named policy

7. Link embedded policy

8. Link named policy

9. system_default_policy

For attributes, the default value for the most local policy applies. This hierarchy is the same as for DHCPv4, except for the additional link policies and the fact that the prefix policies replace the scope policies. (For a comparison with the DHCPv4 policy hierarchy, see the "Policy Hierarchy" section on page 21-3.)

The hierarchy applies to most policy attributes, which the server processes in the context of a single prefix. However, the server processes a few attributes (specifically allow-rapid-commit, reconfigure, v6-reply-option, v6-options, and v6-vendor-options) in the context of multiple prefixes. In these cases, the processing at the prefix levels (steps 5 and 6) is a bit different:

For the reconfigure attribute that controls whether the server requires, allows, or disallows client reconfiguration, the server checks the embedded and named policies of all prefixes on the link that the client is allowed to use (based on selection tags). If any of the prefix policies have the reconfigure attribute set to disallow or require, the server uses that setting. Otherwise, if at least one policy has it set to allow, Reconfigure is allowed. Otherwise, the server checks the remaining policies in the hierarchy. (See the "Reconfigure Support" section for details.)

If the client requests Rapid Commit (see the "Editing DHCPv6 Server Attributes" section), the server checks the embedded and named policies of all prefixes on the link that the client is allowed to use (based on selection tags). If one of these policies has allow-rapid-commit disabled, the server processes the client request as if Rapid Commit were not part of the request. If at least one policy has allow-rapid-commit enabled, the client can use Rapid Commit. If no prefix policy has the attribute configured, processing continues at step 7.

For the options-related attributes (see the "Setting DHCPv6 Options" section), the server also does special handling at steps 5 and 6. The server checks the embedded and then named policy of each prefix on the link. It then uses the first one with the configured v6-reply-option attribute, or the first one with the configured value for the v6-options or v6-vendor-options.

The server checks the prefixes in case-insensitive alphabetical order.


Tip In configurations with multiple prefixes on a link, avoid setting the Rapid Commit and option properties for the prefix policy, but rather set them on the link policy or other policy instead.


DHCPv6 Options

DHCPv6 options do not use DHCPv4 options; they are unique and separate. There are currently about 46 DHCPv6 options (see Table B-8 on page B-11). Most of these options are the DHCPv6 protocol infrastructure options and are not user-definable. They use a 16-bit option code and 16-bit length (DHCPv4 uses only 8 bits for both of these). Configuring options and the behavior of configured options in policies are similar to those for DHCPv4. See the "Setting DHCPv6 Options" section for details about client processing as it relates to the policy hierarchy.

DHCPv6 Configuration

The following sections describe how to configure DHCPv6 in Network Registrar:

Viewing IPv6 Address Space

Configuring Links

Configuring Prefixes

Viewing DHCPv6 Networks

Editing DHCPv6 Server Attributes

Configuring DHCPv6 Policies

Configuring DHCPv6 Client-Classes

Configuring DHCPv6 Clients

Setting DHCPv6 Options

Reconfigure Support

Viewing IPv6 Address Space

When you click Address Space v6, then Address Space in the local advanced or regional web UI, you open the View Unified v6 Address Space page. This page is like the View Unified Address Space page for IPv4 (see the "Viewing Address Space" section on page 9-2). On the View Unified v6 Address Space page you can:

Set a VPN for the address space.

Add a prefix by adding its name and address and choosing a DHCP type and possible template. Click Add Prefix to open the Add Prefix page (see the "Creating and Editing Prefixes" section).

Edit a prefix by clicking its name. This opens the Edit Prefix page (see the "Creating and Editing Prefixes" section).

View the current usage of the prefix space (see the "Viewing Address Utilization for Prefixes" section).

Configuring Links

You can configure DHCPv6 links directly, or you can create link templates for them first. See the following subsections:

Creating and Editing Link Templates

Creating and Editing Links

Creating and Editing Link Templates

You can create links from predefined templates. The attributes you can set for a link template are as follows (for the expression syntax, see the "Using Expressions in Link Templates" section):

name—User-assigned name for the link template.

description—Description of the link template itself.

policy—Shared policy used when replying to clients, as applied to the link.

link-name-expr—Expression to define the name of the link once the template is applied.

link-description-expr—Expression to define the description on the link once applied.

prefix-expr—Expression to create the list of associated prefixes once the template is applied. For example, you can specify creating prefixes based on defining prefix-expr as @link-prefix-expr.txt to point to the file that contains this expression (and assuming that the cm-prefix, cpe-address-prefix, and cpe-pd-prefix templates exist):

(list 
(create-prefix "cm-prefix" (create-prefix-range 32 0x1)) 
(create-prefix "cpe-address-prefix" (create-prefix-range 32 0x2)) 
(create-prefix "cpe-pd-prefix" (create-prefix-range 16 0x1))
) 

options-expr—Expression to define the list of embedded policy options to create with the link.

Local Advanced and Regional Web UI


Step 1 Click DHCP v6, then Link Templates. The List DHCPv6 Link Templates page shows the existing templates.

Step 2 Click Add Link Template to open the Add DHCPv6 Link Template page (see Figure 26-1 for the local version of the page).

Figure 26-1 Add DHCPv6 Link Template Page (Local Advanced)

Step 3 Enter a link template name, optional description, and optionally choose a preconfigured policy from the drop-down list.

Step 4 Add expressions for the link-name-expr, link-description-expr, prefix-expr, or options-expr field attributes (see the "Using Expressions in Link Templates" section).

Step 5 Click Add Link Template.

Step 6 In the regional web UI, you can pull replica link templates or push templates to local clusters:

Click Pull Replica Link Template to open the Select DHCPv6 Link Template Data to Pull page. Choose a pull mode for the cluster (ensure, replace, or exact), then click Pull All Link Templates. On the Report Pull DHCPv6 Link Template page, click OK.

Click Push Link Template for a specific template (or Push All Link Templates) to open the Push DHCPv6 Link Template Data to Local Cluster page. Choose a data synchronization mode (ensure, replace, or exact), move the desired cluster or clusters to the Selected table, then click Push Data to Clusters.


CLI Commands

To create the link template, use link-template name create. For example:

nrcmd> link-template example-link-template create [attribute=value]

You can set and enable the aforementioned expression setting attributes in the usual way, and you can show and list link templates. For example, to set a prefix expression for the link template, use the following file definition and pointer to the file (and assuming that the cm-prefix, cpe-address-prefix, and cpe-pd-prefix templates exist):

> type link-prefix-expr.txt 
(list (create-prefix "cm-prefix" (create-prefix-range 32 0x1)) 
(create-prefix "cpe-address-prefix" (create-prefix-range 32 0x2)) 
(create-prefix "cpe-pd-prefix" (create-prefix-range 16 0x1)) ) 

nrcmd> link-template example-link-template set prefix-expr=@link-prefix-expr.txt 

In addition:

To clone a link template, use link-template name create clone=name.

To apply a template to one or more links, use link-template name apply-to {all | link[,link,...]}. You can create prefixes by using link-template name apply-to link [prefix], but only with one link specified.

Using Expressions in Link Templates

You can specify expressions in a link template to dynamically create prefix names, IP address ranges, and embedded options when creating a link. Expressions can include context variables and operations.


Note Expressions are not the same as DHCP extensions. Expressions are commonly used to create client identities or look up clients. Extensions (see Chapter 29, "Using Extension Points") are used to modify request or response packets.


Table 26-1 lists the link template predefined variables and Table 26-2 lists the operators. Note that these variables and operators are not case-sensitive.

Table 26-1 Link Template Expression Predefined Variables 

Predefined Variable
Description

mask-length

Number of prefix mask bits (with a template-root-prefix defined).

prefix

Network number and length (with a template-root-prefix defined).

prefix-addr

Address portion of the prefix (with a template-root-prefix defined).

prefix-length

Number of prefix address bits (with a template-root-prefix defined).

template.attribute

Attribute of the link template.

vpn

VPN of the link.


Table 26-2 Link Template Expression Operators 

Expression Operator
Description

Arithmetic Operators (unsigned integer arguments only)

(+ arg1 arg2)

Adds the two argument values, such as (+ 2 3).

(- arg1 arg2)

Subtracts the second argument value from the first one.

(* arg1 arg2)

Multiplies the values of two arguments.

(/ arg1 arg2)

Divides the value of the first argument by that of the second one (which cannot be zero).

(% arg1 arg2)

Modulo arithmetic operator to determine the remainder of the result of the first argument divided by the second one.

Concatenation Operator

(concat arg1 ... argn)

Concatenates the arguments into a string.

List Operator

(list oper1 ... opern)

Creates an options list or list of prefixes. Required if needing more than one option for a link or prefix or more than one prefix for a link. Arguments must all be create-v6-option operation. Nesting is not supported.

Create Prefix Operator

(create-prefix template prefix)

Creates a prefix based on a predefined prefix template name and the prefix, including the link VPN (assuming that a template-root-prefix is defined). The prefix argument can be the create-prefix-addr and create-prefix-range functions.

Create IP Operator

(create-prefix-addr prefix interface-id)

Creates an IPv6 address string (assuming that a template-root-prefix is defined) based on the prefix name and interface ID (an IPv6 address that you can specify as a string), which is the lower 64-bit address in the prefix (which need not be contained in the parent prefix). Used in the prefix-expr and options-expr attributes.

Create Range Operator

(create-prefix-range size n)

Creates an address range for the prefix, used in the prefix-expr attribute (assuming that a template-root-prefix is defined). The size is the number of bits to increase the prefix length. The n is the nth occurrence of the child prefix. The size and n must be greater than zero, the n must be less than or equal to the size, and the size must by less than the parent prefix length.

Create Option Operator

(create-v6-option opt val)

Creates a DHCPv6 option, used in the options-expr attribute. The opt can be the literal string or integer identifying the option. The val is the string representation of the option value, as defined by the option TLV value. For example:

(list (create-v6-option "dns-servers" 
(create-prefix-addr prefix "::2")) 
(create-v6-option "domain-list" "sales.example.com,example.com"))


Creating and Editing Links

You can create links directly. The attributes you can set for the link are:

name—User-assigned name for the link.

vpn-id—VPN that contains the link.

description—Descriptive text for the link.

policy—Shared policy used when replying to clients.

free-address-config—Identifies which trap captures unexpected free address events on this prefix. If not configured, the server looks at its v6-default-free-address-config attribute.

Local Advanced and Regional Web UI


Step 1 Click DHCP v6, then Links. The List DHCPv6 Links page shows the existing links.

Step 2 To add a link, click Add Link.

Step 3 On the Add DHCPv6 Link page (see Figure 26-2 for the local version), enter at least the name you want to give the link. You can also set the aforementioned attributes.

Figure 26-2 Add DHCPv6 Link Page (Local Advanced)

Step 4 Choose the predefined prefixes for the link by moving them to the Selected field.

Step 5 To add new prefixes for the link, enter each prefix name and its address at the bottom of the page, indicate a range, choose the DHCP type and template (if needed), then click Add Prefix for each one.

Step 6 Click Add Link.

Step 7 In the regional web UI, you can push links and their associated prefixes to local clusters. Click Push Link for a specific link (or Push All Links) to open the Push DHCPv6 Link Data to Local Cluster page. Choose a data synchronization mode (ensure, replace, or exact), move the desired cluster or clusters to the Selected table, then click Push Data to Clusters.


CLI Commands

Use link name create. (The link command is a synonym for the dhcp-link command from previous releases.) For example:

nrcmd> link example-link create [attribute=value]

To apply a link template during link creation, use link name create template=name [template-root-prefix=address], with the template-root-prefix specified if the template could create more than one prefix. To apply a template to an existing link definition, use link name applyTemplate template-name [template-root-prefix].

You can set and enable the aforementioned attributes in the usual way, and you can show and list links. To list prefixes or prefix names associated with a link, use link name listPrefixes or link name listPrefixNames.

Configuring Prefixes

You can configure DHCPv6 prefixes directly, or you can create prefix templates for them first. See the following subsections:

Creating and Editing Prefix Templates

Creating and Editing Prefixes

Creating and Editing Prefix Templates

You can create prefixes from predefined templates. The attributes you can set for a prefix template are the following (for the expression syntax, see the "Using Expressions in Prefix Templates" section):

name—User-assigned name for the prefix template.

description—Descriptive text for the prefix template.

dhcp-type—Defines how DHCP manages address assignment for a prefix:

dhcp (preset value)—Uses the prefix for stateful address assignment.

stateless—Uses the prefix for stateless option configuration.

prefix-delegation—Uses the prefix for prefix delegation.

infrastructure—Uses the prefix to map a client address to a link, when the prefix does not have an address pool.

parent—Do not have DHCP use the prefix, but use it as a container object to group child prefixes.

policy—Shared policy to use when replying to clients.

prefix-name-expr—Expression that evaluates to an AT_STRING value to use for the name of the prefix created. For example, you can have the prefix name prepended by CM- if you define prefix-name-expr as (concat "CM-" prefix). In the CLI, you would include the expression in a file and point to that file:

> type prefix-name.txt 
(concat "CM-" prefix) 

nrcmd> prefix-template ex-template create prefix-name-expr=@prefix-name.txt 

prefix-description-expr—Expression that evaluates to an AT_STRING value to apply to the description on the prefix created when using the template.

range-expr—Expression that evaluates to an AT_PREFIX value to create an address range. In the CLI, you must use a file reference. For example:

> type subprefix-expr.txt 
(create-prefix-range 1 0x1) 

nrcmd> prefix-template ex-template set range-expr=@subprefix-expr.txt 

options-expr—Expression that evaluates to embedded policy options to create. (Use the list function to create multiple options.)

allocation-algorithms—One or more algorithms the server uses to select a new address or prefix to lease to a client. The available algorithms are:

client-request (preset to off)—Controls whether the server uses a client-requested lease.

reservation (preset to on)—Controls whether the server uses an available reservation for the client.

extension (preset to on)—Controls whether the server calls extensions attached at the generate-lease extension point to generate an address or prefix for the client. For details on extensions, see Chapter 29, "Using Extension Points."

interface-identifier (preset to off)—Controls whether the server uses the interface-identifier from the client (link-local) address to generate an address; ignored for temporary addresses and prefix delegation.

random (preset to on)—Controls whether the server generates an address using an RFC 3041 algorithm; ignored for prefix delegation.

best-fit (preset to on)—Controls whether the server delegates the first, best-fit available prefix; ignored for addresses.

When the server needs an address to assign to a client, it processes the flags in the following order until it finds a usable address: client-request, reservation, extension, interface-identifier, and random. When the server needs to delegate a prefix to a client, it processes the flags in the following order until it finds a usable prefix: client-request, reservation, extension, and best-fit.

max-leases—Maximum number of nonreserved leases allowed on the prefix. When a new lease needs to be created, the server does so only if the limit is not exceeded. When the limit is exceeded, the server cannot create or offer new leases to clients. If you also enable SNMP traps, the max-leases value also calculates the percentage of used and available addresses.


Note Be sure to set the max-leases value to the expected maximum so that the SNMP address traps can return meaningful results.


ignore-declines—Controls whether the server responds to a DHCPv6 DECLINE message that refers to an IPv6 address or a delegated prefix from this prefix. If enabled, the server ignores all declines for leases in this prefix. If disabled (the preset value) or unset, the server sets to UNAVAILABLE every address or delegated prefix requested in a DECLINE message if it is leased to the client.

deactivated—Controls whether a prefix extends leases to clients. A deactivated prefix does not extend leases to any clients and treats all addresses in its ranges as if they were individually deactivated. The preset value is false (activated).

expiration-time—Time and date at which a prefix expires. After this date and time, the server neither grants new leases nor renews existing leases from this prefix. Once the expiration-time passes, the prefix is no longer used (although old leases and leases with grace or affinity periods continue to exist until those periods elapse). Enter a value in the format "[weekday] month day hh:mm[:ss] year"; for example, "Dec 31 23:59 2006".

reverse-zone-prefix-length—Prefix length of the reverse zone for ip6.arpa updates. (See the "Determining Reverse Zones for DNS Updates" section on page 28-4 for details.)

selection-tags—List of selection tags associated with the prefix.

Local Advanced and Regional Web UI


Step 1 Click DHCP v6, then Prefix Templates. The List DHCP Prefix Templates page shows the existing templates.

Step 2 Click Add Prefix Template to open the Add DHCPv6 Prefix Template page (see Figure 26-3 for a partial view of the local version).

Figure 26-3 Add Prefix Template Page (Local Advanced)

Step 3 Set the attributes and add expressions for those requiring expressions (see the "Using Expressions in Prefix Templates" section).

Step 4 Click Add Prefix Template.

Step 5 To edit a prefix template, click its name on the List DHCPv6 Prefix Template page. On the Edit DHCPv6 Prefix Template page, edit the template attributes, such as adding a selection tag, then click Modify Prefix Template.

Step 6 In the regional web UI, you can pull replica prefix templates or push templates to local clusters:

Click Pull Replica Prefix Template to open the Select DHCPv6 Prefix Template Data to Pull page. Choose a pull mode for the cluster (ensure, replace, or exact), then click Pull All Prefix Templates. On the Report Pull DHCPv6 Prefix Template page, click OK.

Click Push Prefix Template for a specific template (or Push All Prefix Templates) to open the Push DHCPv6 Prefix Template Data to Local Cluster page. Choose a data synchronization mode (ensure, replace, or exact), move the desired cluster or clusters to the Selected table, then click Push Data to Clusters.


CLI Commands

To create the prefix template, use prefix-template name create. For example:

nrcmd> prefix-template example-prefix-template create [attribute=value]

You can set and enable the aforementioned attributes in the usual way, and you can show and list prefix templates. In addition:

To clone a prefix template, use prefix-template name create clone=name.

To apply a template to one or more prefixes, use prefix-template name apply-to {all prefix[,prefix,...]}.

Using Expressions in Prefix Templates

You can specify expressions in a prefix template to dynamically create prefix names, IP address ranges, and embedded options when creating a prefix. Expressions can include context variables and operations.


Note Expressions are not the same as DHCP extensions. Expressions are commonly used to create client identities or look up clients. Extensions (see Chapter 29, "Using Extension Points") are used to modify request or response packets.


Table 26-3 lists the prefix template predefined variables and Table 26-4 lists the operators. Note that these variables and operators are not case-sensitive.

Table 26-3 Prefix Template Expression Predefined Variables 

Predefined Variable
Description

prefix

Network number and length, based on the template root prefix if applying a link template to a link, or the prefix address if applying a prefix template to a prefix.

vpn

VPN of the prefix.

prefix-addr

Address portion of the prefix.

prefix-length

Number of prefix address bits.

mask-length

Number of prefix mask bits.

template.attribute

Attribute of the prefix template.


Table 26-4 Prefix Template Expression Operators 

Expression Operator
Description

Arithmetic Operators (unsigned integer arguments only)

(+ arg1 arg2)

Adds the two argument values, such as (+ 2 3).

(- arg1 arg2)

Subtracts the second argument value from the first one, such as with ping-timeout defined as 100, (- template.ping-timeout 10) yields 90.

(* arg1 arg2)

Multiplies the values of two arguments.

(/ arg1 arg2)

Divides the value of the first argument by that of the second one (which cannot be zero).

(% arg1 arg2)

Modulo arithmetic operator to determine the remainder of the result of the first argument divided by the second one.

Concatenation Operator

(concat arg1 ... argn)

Concatenates the arguments into a string.

List Operator

(list oper1 ... opern)

Creates an options list or list of prefixes. Required if needing more than one option for a prefix. Arguments must all be create-v6-option or create-prefix-range operations. Nesting is not supported.

Create IP Operator

(create-prefix-addr prefix-name interface-id)

Creates an IPv6 address string based on the prefix name and interface ID (an IPv6 address that you can specify as a string), which is the lower 64-bit address in the prefix (which need not be contained in the parent prefix). Used in the range-expr and options-expr attributes.

Create Range Operator

(create-prefix-range size n)

Creates an address range for the prefix, used in the prefix-expr attribute (assuming that a template-root-prefix is defined). The size is the number of bits to increase the prefix length. The n is the nth occurrence of the child prefix. The size and n must be greater than zero, the n must be less than or equal to the size, and the size must by less than the parent prefix length.

Create Option Operator

(create-v6-option opt val)

Creates a DHCPv6 option, used in the options-expr attribute. The opt can be the literal string or integer identifying the option. The val is the string representation of the option value, as defined by the option TLV value. For example:

(list (create-v6-option "dns-servers" 
(create-prefix-addr prefix "::2")) 
(create-v6-option "domain-list" "sales.example.com,example.com"))


Creating and Editing Prefixes

You can create prefixes directly (and optionally apply an existing template to it; see the "Creating and Editing Prefix Templates" section). These are the prefix attributes that you can set:

name—Assigns a name to this prefix.

vpn-id—VPN that contains the prefix.

description—Describes the prefix.

dhcp-type—Defines how DHCP manages address assignment for a prefix:

dhcp (preset value)—Uses the prefix for stateful address assignment.

stateless—Uses the prefix for stateless option configuration.

prefix-delegation—Uses the prefix for prefix delegation.

infrastructure—Uses the prefix to map a client address to a link, when the prefix does not have an address pool.

parent—Do not have DHCP use the prefix, but use it as a container object to group child prefixes.

address—Prefix (subnet) that an interface belongs to using the high-order bits of an IPv6 address.

reverse-zone-prefix-length—Prefix length of the reverse zone for ip6.arpa updates. (See the "Determining Reverse Zones for DNS Updates" section on page 28-4 for details.)

range—Subrange the server can use to configure prefixes for address assignment. The prefix used depends on the value set for the dhcp-type attribute. If unset, the prefix address applies. This value can specify a longer prefix than the prefix address to limit the range of addresses or prefixes available for assignment.

link—Link associated with the prefix (subnet), used to group prefixes that are on a single link.

policy—Shared policy to use when replying to clients.

selection-tags—List of selection tags associated with the prefix.

allocation-algorithms—One or more algorithms the server uses to select a new address or prefix to lease to a client. The available algorithms are:

client-request (preset to off)—Controls whether the server uses a client requested lease.

reservation (preset to on)—Controls whether the server uses an available reservation for the client.

extension (preset to on)—Controls whether the server calls extensions attached at the generate-lease extension point to generate an address or prefix for the client. For details on extensions, see Chapter 29, "Using Extension Points."

interface-identifier (preset to off)—Controls whether the server uses the interface-identifier from the client (link-local) address to generate an address; ignored for temporary addresses and prefix delegation.

random (preset to on)—Controls whether the server generates an address using an RFC 3041 algorithm; ignored for prefix delegation.

best-fit (preset to on)—Controls whether the server delegates the first, best-fit available prefix; ignored for addresses.

When the server needs an address to assign to a client, it processes the flags in the following order until it finds a usable address: client-request, reservation, extension, interface-identifier, and random. When the server needs to delegate a prefix to a client, it processes the flags in the following order until it finds a usable prefix: client-request, reservation, extension, and best-fit.

max-leases—Maximum number of nonreserved leases allowed on the prefix. When a new lease needs to be created, the server does so only if the limit is not exceeded. When the limit is exceeded, the server cannot create or offer new leases to clients. If you also enable SNMP traps, the max-leases value also calculates the percentage of used and available addresses.


Note Be sure to set the max-leases value to the expected maximum so that the SNMP address traps can return meaningful results.


ignore-declines—Controls whether the server responds to a DHCPv6 DECLINE message that refers to an IPv6 address or a delegated prefix from this prefix. If enabled, the server ignores all declines for leases in this prefix. If disabled (the preset value) or unset, the server sets to UNAVAILABLE every address or delegated prefix requested in a DECLINE message if it is leased to the client.

expiration-time—Time and date at which a prefix expires. After this date and time, the server neither grants new leases nor renews existing leases from this prefix. Once the expiration-time passes, the prefix is no longer used (although old leases and leases with grace or affinity periods continue to exist until those periods elapse). Enter a value in the format "[weekday] month day hh:mm[:ss] year"; for example, "Dec 31 23:59 2006".

deactivated—Controls whether a prefix extends leases to clients. A deactivated prefix does not extend leases to any clients and treats all addresses in its ranges as if they were individually deactivated. The preset value is false (activated).

free-address-config—Identifies which trap captures unexpected free address events on this prefix. If not configured, the server looks for the free-address-config attribute value for the parent link. If that attribute is not configured, the server looks at its v6-default-free-address-config attribute.

embedded-policy—Policy embedded in the prefix.

Local Advanced and Regional Web UI


Step 1 Click DHCP v6, then Prefixes. The List DHCPv6 Prefixes page (see Figure 26-4 for the local version) shows the existing prefixes.

Figure 26-4 List/Add Prefixes Page (Local Advanced)

Step 2 Create the prefix:

a. If creating it in other than the current VPN, choose a VPN from the drop-down list.

b. Enter a prefix name and address, and choose a prefix length from the drop-down list.

c. If you want a range of addresses for the prefix, enter the subnet address and choose a prefix length.

d. Choose a DHCP type (see the attribute descriptions at the top of this section). The default is DHCP.

e. If you want to apply a preconfigured prefix template, choose it from the drop-down list. (Note that the attribute values of an applied template overwrite the ones set for the prefix.)

f. Click Add Prefix, which should add the prefix to the list.

g. Reload the DHCP server. When you return to the List DHCPv6 Prefixes page, a message indicates how many prefixes are synchronized.

Step 3 To create a reverse zone from the prefix, click the Create icon () in the Reverse Zone column to open the Create Reverse Zone(s) for Prefix page. On this page, you can select a zone template, click Report, then Run. Click Return to return to the List DHCPv6 Prefixes page. The icon in the Reverse Zone column changes to the View icon (), which you can click to open the List/Add Reverse Zones page.

Step 4 Once you create a prefix, you can list and manage the leases for the prefix by clicking the View icon () in the Leases column of the List DHCPv6 Prefixes page. This opens the List DHCP Leases for Prefix page. From here, you can list the leases for the client lookup key and manage each lease separately by clicking its name. Click Return to return to the List DHCPv6 Prefixes page.

Step 5 You can list and manage the reservations for the prefix by clicking the View icon () in the Reservations column of the List DHCPv6 Prefixes page. This opens the List/Add DHCP Reservations for Prefix page. Add each reservation IP address and lookup key and whether the lookup key is a string or binary, then click Add Reservation. Click Modify Prefix to return to the List DHCPv6 Prefixes page.

Step 6 To edit a prefix, click its name on the List/Add DHCPv6 Prefix page. On the Edit DHCPv6 Prefix page, edit the prefix attributes, or create a new or edit an existing embedded policy. To manage an embedded policy:

a. Click Create New Embedded Policy or Edit Existing Embedded Policy to open the Edit DHCP Embedded Policy for Prefix page.

b. Modify the embedded policy properties (see the "DHCPv6 Policy Hierarchy" section).

c. Click Modify Embedded Policy. The next time the Edit DHCPv6 Prefix page appears, you can edit the embedded policy for the prefix.

d. Click Modify Prefix.

Step 7 In the regional web UI, you can push prefixes to local clusters and reclaim prefixes on the List DHCPv6 Prefixes page:

To push the prefix, click Push Prefix to open the DHCPv6 Push Prefix page. Choose the cluster or prefix template to which you want to push the prefix, then click Push Prefix.

To reclaim the prefix, click Reclaim Prefix to open the DHCPv6 Reclaim Prefix page. Choose the cluster or prefix template to which you want to reclaim the prefix, then click Reclaim Prefix.


CLI Commands

Use prefix name create ipv6address/length. (The prefix command is a synonym for the dhcp-prefix command from previous releases.) Reload the DHCP server. For example:

nrcmd> prefix example-prefix create 2001:0db8::/32 [attribute=value]
nrcmd> dhcp reload 

To apply a prefix template during prefix creation, use prefix name create ipv6address/length template=name. To apply a template to an existing prefix definition, use prefix name applyTemplate template-name. For example:

nrcmd> prefix example-prefix create 2001:0db8::/64 template=preftemp-1 
nrcmd> prefix example-prefix applyTemplate template=preftemp-1 
nrcmd> dhcp reload 

You can set and enable the aforementioned attributes in the usual way. Add reservations by using prefix name addReservation ipv6address/length lookup-key [-blob | -string]. List leases by using prefix name listLeases. Manage DHCPv6 leases by using these commands:

nrcmd> lease6 {vpn-id/ | vpn-name/}ip6address[/prefix-length] activate 
nrcmd> lease6 {vpn-id/ | vpn-name/}ip6address[/prefix-length] deactivate 
nrcmd> lease6 {vpn-id/ | vpn-name/}ip6address[/prefix-length] force-available 
nrcmd> lease6 {vpn-id/ | vpn-name/}ip6address[/prefix-length] get attribute 
nrcmd> lease6 {vpn-id/ | vpn-name/}ip6address[/prefix-length] show 
nrcmd> lease6 list 


Tip See the "Reconfigure Support" section for additional syntax.


You can get an exact count of the total prefixes and links for the DHCP server by using dhcp getPrefixCount [vpn name | all]. You can specify a VPN or all VPNs. Omitting the vpn name returns a count for the current VPN.

Viewing Address Utilization for Prefixes

You can view the current address utilization for prefixes.

Local Advanced and Regional Web UI

The function is available on the View Unified v6 Address Space page (see the "Viewing Address Space" section on page 9-2).


Tip You can use the View Unified v6 Address Space page to push and reclaim prefixes. Click the Push or Reclaim link for the desired prefix. (See in the "Creating and Editing Prefixes" section for details.)


When you click the View icon () in the Current Usage column, or the Show Current Utilization for All Prefixes button, the View Current Prefix Utilization Report page appears (see Figure 26-5).

Figure 26-5 View Current Prefix Utilization Report Page (Local Advanced)


Note To ensure the proper subnet-to-server mapping on this page, you must update the regional address space view so that it is consistent with the relevant local cluster. Do this by pulling the replica address space, or reclaiming the subnet to push to the DHCP server. Also ensure that the particular DHCP server is running.


The other columns on the View Current Utilization Report page identify:

Range—Address range of the prefix.

Type—Whether the address space is a prefix or link.

Active Dynamic—Addresses that are part of a dynamic range managed by DHCP and that are currently leased, but not reserved.

The Utilization Detail column items are expandable on the View Current Utilization Report page so that you can view the prefix or parent prefix data. Clicking the prefix or parent prefix name in this column opens the View Prefix Utilization Detail page (see Figure 26-6 for a partial view for a prefix).

Figure 26-6 View Prefix Utilization Detail Page (Local Advanced)

The View Utilization Detail page is a read-only page that shows detailed address utilization attributes for the prefix or the parent prefix (identified as Totals). The address utilization attributes are described in Table 26-5.

Table 26-5 Address Utilization Attributes 

Utilization Attribute
Description

aggregation-level

Granularity of the utilization data. Prefix-level indicates the data is for the specific prefix; totals indicates the data is for the parent prefix, which is the sum of its prefix-level counters.

dhcp-type

DHCP address assignment type, which can be dhcp (stateful), stateless (option configuration), prefix-delegation, or infrastructure (maps a client address to a link without an address pool).

Total Addresses

 

active-dynamic

Total number of dynamic leases in active use (leased, offered, released, expired, or revoked. The Active Dynamic category shows the states of these leases.

total-reserved

Total number of reserved leases.

Active Dynamic

 

offered

Number of dynamic (unreserved) leases that are currently offered to clients, but not yet acknowledged as being leased.

leased

Number of dynamic leases that are currently acknowledged as leased to clients.

expired

Number of dynamic leases that are past the lease expiration period, but will not be available for other clients (except after the policy grace-period expires).

revoked

Number of dynamic leases that the client can no longer use, but that some other client could be using.

Reserved

 

reserved-active

Number of reserved leases that clients are actively using.

reserved-inactive

Number of reserved leases that clients are not actively using.

Unavailable

 

unavail

Number of unreserved dynamic leases that a client declines or the server marks with an address conflict (usually indicating configurations that need correcting).

reserved-unavail

Number of reserved leases that a client declines or the server marks with an address conflict (usually indicating configurations that need correcting).

Deactivated

 

deactivated

Number of dynamic and reserved leases that clients are actively leasing (that are not offered, expired, or released), but that an administrator deactivated.

leased-deactivated

Number of dynamic leases that an administrator deactivated.

reserved-leased-
deactivated

Number of reserved leases that an administrator deactivated.


Viewing DHCPv6 Networks

To view the networks in the DHCPv6 address space, click DHCP v6, then Networks to open the View DHCPv6 Networks page. On this page you can add DHCPv6 links using a template and a template root prefix, as you would on the List DHCPv6 Links page. Adding a link opens the Add DHCPv6 Link page. After creating the link, you can select it on the View DHCPv6 Networks page for editing.

Editing DHCPv6 Server Attributes

You can edit DHCP server attributes related to DHCPv6. These attributes are:

v6-client-class-lookup-id—Expression that determines a client-class based on the DHCPv6 client request and returns a string or <none>. The expression must return a string that is the name of a configured client-class. The attribute has no preset value.

max-client-leases—Maximum number of leases a DHCPv6 client can have on a link. (Do not use this attribute to limit clients to one lease only.) The preset value is 200.

Local Basic or Advanced Web UI

Click DHCP v6, then DHCP Server to open the Manage DHCP Server page. Click the Local DHCP Server link to open the Edit DHCP Server page, modify the aforementioned DHCPv6 attribute values, then click Modify Server.

CLI Commands

Use dhcp to show the aforementioned DHCPv6 server attributes, then modify them by using dhcp set.

Configuring DHCPv6 Policies

You can edit DHCPv6 policy attributes, which are:

affinity-period—See the "Lease Affinity" section (no preset value).

allow-non-temporary-addresses—Enable or disable DHCPv6 clients requesting nontemporary (IA_NA) addresses (preset value enable).

allow-rapid-commit—With Rapid Commit enabled, clients receive information (when solicited) on committed addresses, which are then more quickly committed with a client request (preset value disable). Use Rapid Commit only if one DHCP server is servicing clients, otherwise it might seem like the client is receiving multiple addresses. (See the "DHCPv6 Policy Hierarchy" section for special handling of this attribute, and Reconfigure support, when used in an embedded or named policy for a prefix.)

allow-temporary-addresses—Enable or disable DHCPv6 clients requesting temporary (IA_IA) addresses (preset value enable).

default-prefix-length—For prefix delegation, default prefix length of the delegated prefix if the client or router does not explicitly request it (or allow-client-hints is disabled); must always be less than or equal to the prefix range prefix length (preset value 64 bytes).

preferred-lifetime—Default and maximum preferred lifetime for leases (preset value 1 week).

v6-reply-options—DHCPv6 options returned in replies to clients (no preset value). (See the "DHCPv6 Policy Hierarchy" section for special handling of this attribute when used in an embedded or named policy for a prefix.)

valid-lifetime—Default and maximum valid lifetime for leases (preset value 2 weeks).


Tip For details on the Reconfigure attributes, see the "Reconfigure Support" section.


Local Advanced Web UI

Click DHCP v6, then Policies to open the List DHCP Policies page. Click Add Policy to add a new policy on the Add DHCP Policy page or click an existing policy to open the Edit DHCP Policy page. Both pages have DHCPv4 and DHCPv6 options sections. Add (or delete) options and set attributes as desired, then click Add Policy or Modify Policy.

CLI Commands

Use policy list or policy name show to show the aforementioned policy attributes, then modify them by using policy name set or enable.

Configuring DHCPv6 Client-Classes

You can configure DHCPv6 client-class attributes, which are:

v6-client-lookup-id—Key value to use to look up the DHCPv6 client in the client database (locally or through LDAP), specified as an expression that evaluates to a string (or a blob as a valid string).

v6-override-client-id—Value that replaces any client-identity value in an incoming packet, specified as an expression that evaluates to a blob.

Local Advanced Web UI


Step 1 Click DHCP v6, then Client-Classes to open the List DHCP Client-Classes page.

Step 2 Click an existing client-class to open the Edit DHCP Client-Class page, or click Add Client-Class to add a new client-class on the Add DHCP Client-Class page. Both pages include the aforementioned attributes.

Step 3 Click Modify Client-Class.

Step 4 To generate clients, be sure that validate-client-name-as-mac is disabled for the DHCP server. This attribute appears on the Edit DHCP Server page under the Client-Class attributes.

Step 5 Reload the DHCP server.


CLI Commands

Use client-class list or client-class name show to show the aforementioned client-class attributes, then modify them using client-class name set. To generate clients, be sure that validate-client-name-as-mac is disabled for the DHCP server.

Configuring DHCPv6 Clients

You can configure DHCPv6 clients.

Local Advanced Web UI

Click DHCP v6, then Clients to open the List/Add DHCP Clients page. Click an existing client to open the Edit DHCP Client page or click Add Client to add a new client-class on the List/Add DHCP Client page, choose the client-class that includes the DHCPv6 attributes that were set (see the "Configuring DHCPv6 Client-Classes" section), then click Modify Client.


Tip Disable the validate-client-name-as-mac attribute for the DHCP server.


CLI Commands

Use client list or client name show to show the existing clients. To set the client-class name for the client, use client name set client-class-name=value. Also ensure that the validate-client-name-as-mac attribute is disabled for the DHCP server.

Setting DHCPv6 Options

Set DHCPv6 options and vendor options when you create or edit policies (embedded or named) for prefixes. (See the "DHCPv6 Policy Hierarchy" section for special handling of the v6-options and v6-vendor-options policy attributes when used in an embedded or named policy on a prefix.)

Local Advanced Web UI

The DHCPv6 options coexist along with the DHCPv4 options on the Add DHCP Policy or Edit DHCP Policy page. Note that the vendor options appear only if you create these options (see the "Creating DHCP Option Definition Sets and Option Definitions" section on page 21-9).

You can select the options from the drop-down lists. If option descriptions exist, they appear under the Name and Number headings, which you can click to sort the entries.

CLI Commands

Use policy name setV6Option or policy name setV6VendorOption. The option settings require an option name (or ID) and a value. For example:

nrcmd> policy dhcpv6-policy setV6Option dns-servers 2222::1,2222::2 
nrcmd> policy dhcpv6-policy setV6VendorOption 1234 2222::3,2222::4 

Reconfigure Support

For DHCPv6, a server can send a DHCPRECONFIGURE message to a client to inform the client that the server has new or updated configuration parameters. If so authorized and through proper authentication, the client then immediately initiates a Renew, Rebind, or Information-request reply transaction with the server so that the client can retrieve the new data. Without this support, a client must wait until it renews its lease to get configuration updates.

You can have the server unicast the Reconfigure packet or deliver it through a relay agent. If you do not specify either way, the client's client-class policy, requested lease's prefix or link policies, or system_default_policy (but not the client policy) determines the preferred method. If the unicast method is not available (the client has no valid address lease), the server uses the relay agent; with no relay agent, the server tries to unicast; failing both results in an error. With the unicast method, if the specified lease is not usable, the server selects the lease with the longest valid lifetime.

The server and client negotiate Reconfigure support through the added security of a reconfigure key. The internal process is basically:

1. The client sends the server a REQUEST, SOLICIT, or ADVERTISE packet that includes the reconfigure-accept option (20) to indicate that the client wants to accept Reconfigure messages. (Conversely, the DHCP server can send a reconfigure-accept option to the client about whether the client should accept Reconfigure messages.) This option is required for Reconfigure support.

2. If the Network Registrar policy for the client has the reconfigure attribute set to allow or require (rather than disallow), the DHCP server accepts the packet and generates a reconfigure key for the client. (The server records the key value and its generation time in the client-reconfigure-key and client-reconfigure-key-generation-time attributes for the DHCPv6 lease.)

3. The server sends a Reply packet to the client with the reconfigure key in the auth option (11) along with the reconfigure-accept option.

4. The client records the reconfigure key to authenticate Reconfigure messages from the server.

5. When the server wants to reconfigure the client, it sends a Reconfigure packet with the reconfigure-message option (19) and an auth option containing a hash generated from the packet and the reconfigure key. The reconfigure-message option indicates in the msg-type field whether the client should respond with a Renew or an Information-request packet.

6. Upon receiving the packet, the client validates that the auth option contains the valid hash, then returns a Renew, Rebind, or Information-request packet. This packet includes an Option Request (oro) option (6) to indicate specific option updates. (If the server does not receive a reply from the client in a preconfigured timeout value of 2 seconds, the server retransmits the Reconfigure message at most 8 times, then aborts the reconfigure process for the client.)

7. The server sends the client a Reply packet that includes options for configuration parameters. The packet might also include options containing addresses and new values for other configuration parameters, even if the client did not request them. The client records these changes.


Note For details on how Reconfigure support affects particular DHCP extension points, see the "Extension Dictionaries" section on page 29-22.


Local Advanced Web UI

The List DHCP Leases for Prefix page includes a Reconfigure button in the Reconfigure column for each lease so that you can initiate a reconfiguration request for that particular lease.

CLI Commands

To support Reconfigure, Network Registrar 7.0 includes the following syntax for the lease6 command:

lease6 ipaddr reconfigure [renew | rebind | information-request] [-unicast | -via-relay]

The options determine whether to have the client respond to the Reconfigure message with a Renew, Rebind, or Information-request packet, and whether the server should unicast or go through a relay agent. The lease6 list and show commands also display values for these related attributes:

client-reconfigure-key—128-bit key that the server generates for Reconfigure messages to the client.

client-reconfigure-key-generation-time—Time at which the server generated the client-reconfigure-key.

The policy command includes two related attribute settings:

reconfigure—Whether to allow (1), disallow (2), or require (3) Reconfigure support; the preset value is allow (1).

reconfigure-via-relay—Whether to allow reconfiguration over a relay agent; the preset value is false, whereby reconfiguration notification is by unicasting from the server.

DNS Update for DHCPv6

For details on enabling and configuring DNS update for DHCPv6 clients, see the "DNS Update for DHCPv6" section on page 28-2.