This document describes troubleshooting ASR9k acting as Dynamic Host Configuration Protocol (DHCP) Relay by reviewing output of the debug dhcp ipv6 packets command. This is quite common when setting up the ASR9k as a DHCPv6 Relay Agent and using external DHCPv6 Server. It is useful to run debug to troubleshoot why customer is not getting IPv6 address.
Cisco recommends that you have knowledge of these topics:
Basic knowledge of the DHCPv6 Server and Client communication.
Basic IPv6 knowledge
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Summary of DHCPv6 Relay-Agent , Server and Client communication
Here is the summary of the DHCPv6 Server and Client communication:
When an IPv6 Client boots for the first time, it'll assign itself a Link-local address, which is automatically generated from this range: FE80::/10.
Client sends a Solicit message to all DHCPv6 Relay Agents and Servers to locate the Server. Client uses a link-scoped multicast address FF02::1:2 to communicate with neighbor Relay Agents and Servers.
Relay Agent uses a site-scoped multicast address FF05::1:3 to communicate with Servers, either because the Relay Agent wants to send messages to all Servers or because it does not know the unicast addresses of the Servers.
DHCPv6 Servers respond with Advertise messages to indicate that it is available for DHCP service, in response to a Solicit message received from a Client.Client chooses a Server and sends a Request message to request configuration parameters, including IP addresses, from a specific Server.
DHCPv6 Server responds with a Reply message containing assigned addresses and configuration parameters in response to a Solicit, Request message received from a Client.
Note: Clients listen for DHCP messages on UDP port 546. Servers and Relay Agents listen for DHCP messages on UDP port 547.
There are many reasons why a Client can't get IPv6 address from DHCPv6 Server. It can be Client configuration, DHCPv6 Relay or DHCPv6 Server. The following discussion describes a scenario which includes ASR9k acting as a DHCPv6 Relay Agent.
In such a network, when Client is not receiving IP address, one of the troubleshooting steps is to analyze the communicated message, which is handled by DHCPv6 Relay Agent.
You can run "debug dhcp IPv6 packet" on DHCPv6 Relay Agent which shows you the content and sequence of the communicated messages in normal situation. It can assist you to find where the issue occurs by comparing a successful vs. unsuccessful transaction between Client/Server and find out the root cause and the next step for troubleshooting.
This is image shows the topology of the case study including Client, DHCPv6 Relay Agent (ASR9k) and DHCPv6 Server.
This is the basic terminology:
The Dynamic Host Configuration Protocol version 6 (DHCPv6) is a network protocol for configuring Internet Protocol version 6 (IPv6) hosts with IP addresses, IP prefixes and other configuration data required to operate in an IPv6 network. It is the IPv6 equivalent of the Dynamic Host Configuration Protocol for IPv4.
IPv6 hosts can automatically generate IP addresses internally using stateless address auto configuration, or they can be assigned configuration data with DHCPv6.
DHCPv6 Server (or Server) is a node that responds to requests from Clients, and may or may not be on the same link as the Client(s).
DHCPv6 Client (or Client) is a node that initiates requests on a link to obtain configuration parameters from one or more DHCPv6 servers.
DHCP Relay Agent
DHCP Relay Agent (or Relay Agent) is a node that acts as an intermediary to deliver DHCP messages between Clients and Servers, and is on the same link as the Client.
Users configure DHCPv6 Relay Agents [RFC3315] to forward DHCPv6 messages between Clients and Servers when they are not on the same IPv6 link. They implement DHCPv6 alongside a routing function in a common node.
Message is a unit of data carried as the payload of a UDP datagram, exchanged among DHCPv6 Servers, Relay Agents and Clients.
DUID is a DHCP Unique Identifier for a DHCPv6 participant; each DHCPv6 Client and Server has exactly one DUID.
Identity association (IA) is a collection of addresses assigned to a Client. Each IA has an associated IAID.
A Client can have more than one IA assigned to it; for example, one for each of its interfaces.
Each IA holds one type of address; for example, an identity association for temporary addresses (IA_TA) holds temporary addresses.
Identity association identifier (IAID) is an identifier for an IA, chosen by the Client. Each IA has an IAID, which is unique among all IAIDs for IAs belonging to that Client.
Identity association for non-temporary addresses (IA_NA) is an IA that carries assigned addresses that are not temporary addresses (see "identity association for temporary addresses")
DHCPv6 uses status codes to communicate the success or failure of operations requested in messages from Clients and Servers, and to provide additional information about the specific cause of the failure of a message.
Verifying “debug dhcp IPv6 packet” output
Considering the DHCPv6 Relay-Agent/Server and Client communication, you can analyze each type of message, shown in the debug output separately:
Client sends Solicit message to multicast All_DHCP_Relay_Agents_and_Servers
Client sends the "Solicit" message from link local to multicast address FF02::1:2 in order to find DHCP Server.
Source address: Link local IP address of the Client
Destination address: Multicast address to All_DHCP_Relay_Agents_and_Servers
Message Type: Solicit
DUID : DHCP Unique Identifier around all DHCPv6 servers and clients; carries as DHCPv6 option; cannot be longer than 128 octets (Can be verified with running ipconfig/all command at Client)
You can find DUID of the Client by running ipconfig/all command, then look for DUID information in the debug to see if the Client is sending message or not.
IAID : Identity association for binding. It is a 32-bit value assigned by the Client. (Can be verified with running ipconfig/all command at Client)