IPv6 Prefix Delegation from the RADIUS Server and the Local Pool

This chapter describes the IPv6 Delegation feature.

Feature Description

This feature adds support to obtain the DHCPv6 Prefix Delegation from the RADIUS server or a local pool configured on the GGSN/P-GW/SAEGW. Interface-ID allocation from RADIUS Server is also supported along with this feature.

A User Equipment (UE) or a Customer Premises Equipment (CPE) requests Prefix-Delegation. The P-GW or the GGSN then obtains this prefix from the RADIUS server or the local pool. P-GW and GGSN then advertise the prefix obtained by either RADIUS server or the local pool toward the UE client or the CPE.

This feature is divided into the following three features:
  • IPv6 Prefix Delegation from the RADIUS Server

  • IPv6 Prefix Delegation from the Local Pool

  • IPv6 Interface ID from the RADIUS Server

IPv6 Prefix Delegation from the RADIUS Server


Important

This is a license-controlled feature. Contact your Cisco account or support representative for detailed licensing information.


This feature allows the User Equipment (UE) or a Customer Premises Equipment (CPE) to request delegated prefix, configured in the destination context, from the P-GW. P-GW then sends the delegated prefix from the RADIUS server to the UE or the CPE.

To enable the prefix delegation from the RADIUS server, first configure the APN on the P-GW. See Configuring APN to Enable Prefix Delegation From RADIUS Server

How It Works

This section describes functionality of the prefix delegation from the RADIUS server.

During initial authentication process, RADIUS AAA can authorize Framed-IPv6-Address and Delegated-IPv6-Prefix AVP. Prior to the introduction of this feature Cisco P-GW was able to process only Framed-IPv6-Address AVP. This AVP was treated as Default-Prefix for the attaching UE. P-GW used to allocate 64-bit Interface-ID and the combined 128-bit address. The 64-bit default-prefix, derived from Framed-IPv6-Address AVP, and locally generated 64-bit Interface-ID was sent to the UE during this initial attachment. This 64-bit default-prefix was then associated with the default bearer/PDN for the UE and is considered as the UE's IPv6 address.

With the introduction of this feature, P-GW is able to process Delegated-IPv6-Prefix AVP along with Framed-IPv6-Address. Delegated-IPv6-Prefix AVP is used to designate the Delegated Prefix of prefix length 48/52/56 bits. This AVP is treated differently than Framed-IPv6-Address. P-GW communicates this delegated prefix to the UE only using DHCPv6 message handshake SOLICIT/ADVERTIZE/REQUEST/RESPONSE. Delegated-IPv6-Prefix is not associated with the default bearer and it is not considered as the UE IPv6 address.

  1. Configure the APN on the P-GW, to enable the prefix delegation from the RADIUS server. For the configuration steps, see Configuring APN to Enable Prefix Delegation From RADIUS Server.

  2. Configure APN on the P-GW for the prefix delegation. RADIUS server may send delegated prefix in the Access-Accept message independent of the APN configuration on the P-GW. Based on the APN configuration and presence of delegate prefix in the Access-Accept message, the following combinations are possible. The PDN setup is rejected if:
    • The RADIUS server has not sent Delegated Prefix in the Access-Accept message
    • The pd-alloc-method in the APN configuration is no-dynamic
    The following table lists all possible combination of the APN configuration and presence of delegated prefix in the Access-Accept message:
    Table 1. Mapping of APN Configuration and RADIUS Message

    pd-alloc-method in APN Configuration

    Delegated-IPv6-Prefix in Access-Accept RADIUS Message

    PDN State

    no-dynamic

    Yes

    PDN is set up if:
    • The delegated prefix is successfully allocated after level1 and level2 validations are done

    • Validation with the static pool, as mentioned in step 3, is successful

    If validation fails, PDN is not set up.

    no-dynamic

    No

    PDN is not set up.

    local/dhcpv6-proxy

    Yes

    Delegated-IPv6-Prefix in Access-Accept RADIUS message is discarded.

    PDN is set up.

    Delegate prefix is allocated to the UE, on receiving SOLICIT message, based on the configured pd-alloc-method in the APN.

    local/dhcpv6-proxy

    No

    PDN is set up.

    Delegated prefix is allocated to the UE, on receiving SOLICIT message, based on the configured pd-alloc-method in the APN.

  3. The P-GW then performs the following two level validation for the prefix length received in Access-Accept RADIUS message:

    Level 1: Prefix length must be only one of the supported values, such as, 48 / 52 / 56. For any other length, delegate prefix is rejected and PDN is not set up.

    Level 2: If level 1 validation is passed, the prefix length is compared with the prefix-delegation-len configured in the APN using the CLI command, ipv6 address prefix-delegation-len.

    If there is a mismatch, delegate prefix is rejected and PDN is not set up.


    Important

    Level2 validation is not done if prefix-delegation-len is not configured in the APN.
  4. Only if the above two level validation is successful, the received delegate prefix is validated against the static ipv6 prefix pool configured in the destination context. If validation with the static pool is successful, then the delegate prefix is stored on the P-GW. If validation with the static pool fails, the delegate prefix is rejected and PDN is not set up.

  5. After the PDN is set up, the UE or the CPE sends a delegated prefix request by sending DHCPv6 SOLICIT message to the P-GW. P-GW sends the delegated prefix, which it had stored earlier, in the DHCPv6 ADVERTISE message to the UE.

  6. Next, the UE sends the DHCPv6 REQUEST message to the P-GW and the P-GW sends the DHCPv6 REPLY message to the UE, which completes the DHCPv6 handshake.
    1. When the DHCPv6 RELEASE message is received from the UE, P-GW blocks data from any sources IP address from the delegated prefix pool. The delegated prefix is not released to the static ipv6 prefix pool from which it was allocated. If the DHCPv6 SOLICIT message is received again from the UE, the same delegate prefix is sent to the UE. The P-GW starts passing the data from the source address part of the said delegated prefix pool.

      DHCPv6 RELEASE REPLY message is sent to the UE, only when the UE requests delegated prefix release by sending DHCPv6 RELEASE REQUEST message to the P-GW.

      The DHCPv6 RELEASE REPLY message is not sent to the UE and no message is sent to the RADIUS server if:
      • The delegated prefix is released when validity time configured in the DHCPv6 service expires

      • When the PDN is cleared

      Release triggered reason can be checked from the DHCPv6 statistics(output of the CLI command show dhcpv6 statistics, which are as follows:
      
       Session Release Reasons:(dhcp-prefix-delegation) 
      PDNs Released: 3              Lease Exp Policy: 0 
       UE Initiated Release: 1      Other Reasons: 0 
  7. When the PDN is cleared, the delegate prefix is released to the static ipv6 prefix pool from which it was allocated.

Configuring APN to Enable Prefix Delegation From RADIUS Server

Use the following syntax to configure the APN profile on the GGSN/P-GW/SAEGW for enabling Prefix Delegation from the RADIUS Server.


config  
   context  context_name 
      apn  apn_name 
								 ipv6 address alloc-method [dhcpv6-proxy | local | no-dynamic ] allow-prefix-delegation pd-alloc-method no-dynamic  
									ipv6 address prefix-delegation-len [48 | 52 | 56]   
     				end  

Notes:

  • dhcpv6-proxy: Configures the IPv6 address from DHCP server for the APN.

  • dhcpv6-proxy: Configures the IPv6 address from DHCP server for the APN.
  • local: Configures the IPv6 address from the local pool configured.

  • no-dynamic: Configures the IPv6 address as indicated by the authentication server.

  • allow-prefix-delegation: Configures the APN to allow DHCPv6 prefix-delegation.

  • ipv6 address prefix-delegation-len: Configures the length of prefix (48/52/56) to allow with DHCPv6 prefix delegation.

Verifying Prefix Delegation from the RADIUS Server

To verify the Prefix Delegation from the RADIUS Server, use the following show commands.

show dhcpv6 statistics

When APN is configured to receive Delegated Prefix from Radius Server, the sessions statistics is visible under CLI command output of show dhcpv6 statistics and displays the following output:

 DHCPv6 Session Stats: 
					Total Current:                 0 
     DHCP Proxy:                    0 
     DHCP Server:                   0 
     DHCP PD:                       0 
     Radius PD:        													0 
     Local PD:        														0 
  Total Setup:                      5 
     DHCP Proxy:                    0 
     DHCP Server:                   0 
     DHCP PD:                       0 
     Radius PD:                     1 
     Local PD:                      4 

  Total Released:                   5 
     DHCP Proxy:                    0 
     DHCP Server:                   0 
     DHCP PD:                       0 
     Radius PD:                     1 
     Local PD:                      4 
Notes:
  • The total current counter is incremented while sending request reply message to the UE.

  • The total current counter is decremented while sending release reply message to the UE (in case of UE initiated release) in the following two cases:
    • on valid life timer expiry

    • when PDN is cleared

  • The total current counter may be incremented/decremented multiple times during a PDN connection.

  • The total setup counter is incremented multiple times during the PDN connection lifetime. For example, every-time when the SOLICIT message is processed, the PD is successfully allocated to the UE.

  • The total release counter is incremented multiple times during a PDN connection lifetime. For example, everytime when the PD is released when DHCPv6 RELEASE message is processed from the UE and/or PD is released due to VALID lifetime timer expiry event. Along with this Session Release Reasons: (dhcp-prefix-delegation) counters are also incremented to the corresponding release reasons.

  • Hence in case of delegate prefix allocation from the RADIUS server, Total Setup is equal to Total Current + Total Released.

show sub ggsn-only full all

This command displays the following output:


		IPv6 allocation type: AAA 
  IP address: 4001::1122:aa33:bb44:cc55, 10.0.0.1 
  IPv6 delegated prefix : dddd:0:0:b000::/56 Sent to UE: No  
  IPv6 prefix delegation alloc type: AAA  
show sub pgw-only full all

This command displays the following output:


		IPv6 allocation type: AAA 
  IP address: 4001::1122:aa33:bb44:cc55, 10.0.0.1 
  IPv6 delegated prefix : dddd:0:0:b000::/56 Sent to UE: No  
  IPv6 prefix delegation alloc type: AAA  
show sub saegw-only full all

This command displays the following output:


		IPv6 allocation type: AAA 
  IP address: 4001::1122:aa33:bb44:cc55, 10.0.0.1 
  IPv6 delegated prefix : dddd:0:0:b000::/56 Sent to UE: No  
  IPv6 prefix delegation alloc type: AAA  

IPv6 Prefix Delegation from the Local Pool


Important

This is a license-controlled feature. Contact your Cisco account or support representative for detailed licensing information.


This feature allows the User Equipment (UE) or a Customer Premises Equipment (CPE) to request the delegated prefix, configured in the destination context, from the P-GW. P-GW then sends the prefix delegation from the local pool to the UE or the CPE.

To enable the prefix delegation from the local pool, first configure the APN on the P-GW. See Configuring APN for Private Pool Name and Configuring Prefix Delegation on Destination Context

How It Works

This section describes the functionality of the prefix delegation from the local pool.

  1. Configure APN on the GGSN/P-GW/SAE-GW to enable the prefix delegation from the local pool. For configuration steps, see Configuring APN for Private Pool Name

  2. Once the APN is configured, configure the pool on destination context. See Configuring Prefix Delegation on Destination Context.

  3. The PDN is first set up with default ipv6 prefix of length 64.

  4. Once the PDN is set up, User Equipment (UE) or a Customer Premises Equipment (CPE) can request delegated prefix by sending DHCPv6 SOLICIT message to P-GW.

  5. The P-GW then performs the following two level validation for the prefix length:

    Level 1: The prefix length requested in DHCPv6 SOLICIT message must be only one of the supported values, 48 / 52 / 56. For any other length, the SOLICIT is silently dropped at P-GW.

    Level 2: If level 1 validation is successful, then the following validation is done. If prefix-delegation-len is configured in the APN, then delegate prefix allocation of this length is attempted from the local private pool. If prefix-delegation-len is not configured in the APN, then delegate prefix allocation of length requested in SOLICIT message is attempted from the local private pool.

    Important

    The requested length for the delegate prefix must match with the prefix-length configured for the private pool. The requested prefix length is as configured in the APN as ipv6 address prefix-delegation-len 52. If it is not configured in the APN, it may also be from the SOLICIT message. Configure the prefix length for the private pool by using the CLI command, ipv6 pool ipv6-private prefix 5001::1/48 prefix-length 52 private 0. Only when these lengths match, delegated prefix allocation from the local pool is successful.


  6. The UE or a CPE can request the delegated prefix by sending DHCPv6 SOLICIT message to the P-GW. P-GW sends the delegated prefix allocated from the local pool, in the DHCPv6 ADVERTISE message to the UE.

  7. Next, the UE sends the DHCPv6 REQUEST message to the P-GW. The P-GW sends the DHCPv6 REPLY message to the UE, which completed the DHCPv6 handshake.

    If the delegated prefix allocation from the local pool fails, the DHCPv6 SOLICIT message is silently dropped at the P-GW.

  8. When the UE sends the DHCPv6 RELEASE message, the delegated prefix is released to the ipv6 prefix pool.

    DHCPv6 RELEASE REPLY message is sent to the UE, only when the UE requests prefix delegation released by sending DHCPv6 RELEASE REQUEST message to the P-GW.

    DHCPv6 RELEASE REPLY message is not sent to UE if:
    • The prefix delegation is released when validity time configured in the DHCPv6 service expires

    • The PDN is cleared

    If DHCPv6 SOLICIT message is received again from the UE, a new delegated prefix is allocated from the local pool and sent to the UE.

Configuring APN to Enable Prefix Delegation From Local Pool

Configuration Overview

To enable prefix delegation from a local pool, perform the following steps:

Procedure

Step 1

Configure the private pool name in the APN configuration mode, to be used for delegate prefix allocation.

Step 2

Configure the APN to enable or disable IPv6 prefix delegation or default prefix delegation from the local pool.


Configuring APN for Private Pool Name

Use the following steps to configure the APN profile on the GGSN/P-GW/SAEGW for enabling Prefix Delegation from the local pool:


config  
   context  context_name 
      apn  apn_name 
								 ipv6 address delegate-prefix-pool  pool_name 
									no ipv6 address delegate-prefix-pool   
     				end  

config  
   context  context_name 
      apn  apn_name 
								 ipv6 address alloc-method [dhcpv6-proxy | local | no-dynamic ] allow-prefix-delegation pd-alloc-method local  
									ipv6 address delegate-prefix-pool  pool_name 
									ipv6 address prefix-delegation-len [48 | 52 | 56]  
     				end  

Notes:

  • delegate-prefix-pool: Configures a pool of IPv6 address delegated prefix.

    pool_name: Name of the pool with IPv6 address delegated prefix.

  • no: Disables the pool of IPv6 address delegated prefix.

  • dhcpv6-proxy: Configures the IPv6 address from the DHCP server for the APN.
  • local: Configures the IPv6 address from the local pool configured.

  • allow-prefix-delegation: Configures the APN to allow DHCPv6 prefix-delegation.

  • ipv6 address prefix-delegation-len: Configures the length of prefix (48/52/56) to allow with DHCPv6 prefix delegation.

Configuring Prefix Delegation on Destination Context

Use the following configuration to configure the APN profile on the GGSN/P-GW/SAEGW for enabling Prefix Delegation from the Local Pool:


config  
   context  context_name 
								 ipv6 pool ipv6-private prefix 5001::1/48 prefix-length [48 | 52 | 56] private 0  
     				end  

Notes:

  • ipv6 pool: Modifies the current context's IP address pools by adding, updating, or deleting a pool. This command also resizes an existing IP pool.


Important

The ipv6 prefix pool must be of the type private.

Verifying Prefix Delegation from the Local Pool

To verify the Prefix Delegation from the local pool, use the following show commands.

show dhcpv6 statistics

When APN is configured to receive Delegated Prefix from the local pool, the sessions statistics is visible under CLI command output of show dhcpv6 statistics and displays the following output:

 DHCPv6 Session Stats: 
					Total Current:                 0 
     DHCP Proxy:                    0 
     DHCP Server:                   0 
     DHCP PD:                       0 
     Radius PD:        													0 
     Local PD:        														0 
  Total Setup:                      5 
     DHCP Proxy:                    0 
     DHCP Server:                   0 
     DHCP PD:                       0 
     Radius PD:                     1 
     Local PD:                      4 

  Total Released:                   5 
     DHCP Proxy:                    0 
     DHCP Server:                   0 
     DHCP PD:                       0 
     Radius PD:                     1 
     Local PD:                      4 

Notes: In case of delegate prefix allocation from local pool, Total Setup is equal to Total Current + Total Released.

show sub ggsn-only full all

The output of this command has been modified to display the following:


		IPv6 allocation type: local 
  IP address: 4001::1122:aa33:bb44:cc55, 10.0.0.1 
  IPv6 delegated prefix : dddd:0:0:b000::/56 
  IPv6 prefix delegation alloc type: local  
show sub pgw-only full all

The output of this command has been modified to display the following:


		IPv6 allocation type: local 
  IP address: 4001::1122:aa33:bb44:cc55, 10.0.0.1 
  IPv6 delegated prefix : dddd:0:0:b000::/56  
  IPv6 prefix delegation alloc type: local  
show sub saegw-only full all

The output of this command has been modified to display the following:


		IPv6 allocation type: local 
  IP address: 4001::1122:aa33:bb44:cc55, 10.0.0.1 
  IPv6 delegated prefix : dddd:0:0:b000::/56  
  IPv6 prefix delegation alloc type: local  

IPv6 Interface ID from the RADIUS Server

This feature allows the RADIUS/AAA Server to send an Interface-ID to the GGSN/P-GW/SAEGW service, in the Access-Accept message. This interface-id is used by these services and is communicated to the UE or the CPE. In this case, the GGSN/P-GW/SAEGW do not allocate a local interface-id. If the RADIUS/AAA server do not send an interface-id, then GGSN/P-GW/SAEGW allocate an interface-id locally and send it to the UE.

show apn statistics

Following CLI command can be used to see the total current active counter for Interface-ID allocation.


IP address allocation statistics: 
Total IPv6 Interface IDs allocated: 
    AAA provided:        1 
    Locally Generated:   2 

Limitations

Following are the limitations of the IPv6 Prefix Delegation feature:
  • RADIUS ACCOUNTING messages do not support delegated prefix.

  • Zero PL in SOLICIT is not supported and the message is dropped silently. This is applicable for all methods of allocation of delegated prefix, including dhcpv6-proxy, local pool, and AAA.

  • NULL PD prefix in SOLICIT is not supported and the message is dropped silently. This is applicable for all methods of allocation of delegated prefix, including dhcpv6-proxy, local pool, and AAA.

  • For PDN type v4v6, the dhcpv6-proxy method of allocation for the default prefix is not supported.

  • The UE-requested Delegated Prefix in SOLICIT message is not supported. If the UE sends SOLICIT message requesting Delegated Prefix, it is rejected.

  • One PD prefix per PDN is supported; multiple PD-prefixes per PDN are not supported.

  • P-GW and GGSN do not support local-based and RADIUS-based allocation of both DHCPv6 prefix delegation and framed prefix delegation from the same pool. Hence the allocation is done from separate pools. Framed prefix received in the access-accept message is not part of the delegated prefix range.