DHCPv6 Client on the SRX

So what is DHCPv6 client mode and why can this help me? A while back Ivan Pepelnjak commented on the blog asking if the SRX had DHCPv6 client features such as IA_PD and IA_NA. Now as of version 12.1×45-D10 these features are supported on SRX100,110,210,220,240,550,650, and the J Series. It is also supported in any security zone so you can now receive DHCPv6 on an outside interface! Think HE brokered tunnel or pure IPv6 ISP!

In IPv6 each DHCPv6 server and client is marked with a DHCP unique identifier known as the DUID. It is unique across DHCPv6 clients and servers. Clients use these DUIDs to identify the correct server in the DHCP messages. Servers use DUIDs to figure out the configuration parameters used on the clients and when associated addresses. DUID is a type code in the network byte that is 2 octets. It followed by a variable number of octets which put together makes the identifier.

DHCPv6 addresses can be delivered in two methods. Stateful and Identity association nontemporary addresses (IA_NA) and Identity association prefix delegation (IA_PD). In a stateful address mode a client requests a global address from a server. Based upon the response the client assigns the interface and lease time for responses. Upon expiration, the client releases the existing address and renews the lease. IA_NA and IA_PD

DHCPv6 Client – Stateful

set interfaces ge-0/0/5 unit0 family inet6 dhcpv6-client
set interfaces ge-0/0/5 unit0 family inet6 dhcpv6-client set client-type statefull
set interfaces ge-0/0/5 unit0 family inet6 dhcpv6-client client-ia-type ia-na

DHCPv6 Client – Stateful with IA_NA and IA_PD

set interfaces ge-0/0/5 unit0 family inet6 dhcpv6-client
set interfaces ge-0/0/5 unit 0 family inet6 dhcpv6-client client-type statefull
set interfaces ge-0/0/5 unit 0 family inet6 dhcpv6-client client-ia-type ia-na
set interfaces ge-0/0/5 unit 0 family inet6 dhcpv6-client client-ia-type ia-pd

Time to check my interface and test my setup. I have set up a little Microsoft 2012 server to apply this IP address.

[email protected]> show dhcpv6 client binding
IP prefix                    Expires  ClientType State Interface   Client

2000::caca:bebe:2233:8d5e/128  96     STATEFULL   BOUND ge-0/0/5.0

A bit more detail can be found

[email protected]> show dhcpv6 client binding detail
Client Interface: ge-0/0/5.0
 Lease Expires: 2013-05-30 20:50:19 UTC
 Lease Expires in: 18000 seconds
 Lease Start: 2013-05-30 15:50:19 UTC
 Server Ip Address: fe80::230:abab:1fde:abab
 Client IP Address: 2000::caca:bebe:2233:1a3/128

If you need to release your binding and request it again issue the following commands.

clear dhcpv6 client binding 
request dhcpv6 client renew

Good work Juniper addressing what many have asked for. High five in that department! IPv6 is here and now and it is time to get your hands dirty! Further reading can be found here.


10 thoughts on “DHCPv6 Client on the SRX”

  1. Excellent news, I’ll have to grab one out of my lab and see if I can finally replace the Cisco 1801 currently running as my home dsl router.

  2. I’ve been trying to configure PD but can not even get past commit check… Did you manage to test it?

  3. I get the following error message while commiting:

    Incompatible with the dhcp server configured under ‘system services dhcp’
    error: configuration check-out failed: (statements constraint check failed)

    1. Yes getting the same problem here. Might need to log a support request with Juniper, seems very odd.

      1. You need to change your DHCP configuration to use dhcp-local-server for DHCPv4, as well as DHCPv6.

        I’m still working on my config though – haven’t got it working yet. I do get something showing up on “show dhcpv6 client binding”, but it’s not yet being applied to the interface. Not sure why. Will post up something if I can get it all working.

  4. I tried it on the DSL interface of my SRX110H-VA, and the dhcp service died. Obviously still some bugs to be worked out.

Leave a Reply

Your email address will not be published. Required fields are marked *