DHCPv6-PD: VyOS announces /56 prefix on LAN interface

I’ve just started experimenting with VyOS using the vyos-1.4-rolling-202105152115 release.

I cannot get DHCPv6 prefix delegation to work correctly; I am not sure if this is a configuration issue (I have followed the DHCPv6-PD - PPPoE example) or if there is an issue with this release of VyOS.

My ISP only delegates dynamic /56 prefixes. My problem is that VyOS is announcing, per radvdump, the entire /56 over the LAN-side interface. This is a problem because the Linux clients I have on my test network won’t accept a /56 for SLAAC and don’t generate IPv6 addresses. Linux SLAAC implementations seem only to react to router advertisements for /64 prefixes.

The documentation implies that VyOS should automatically subdivide large prefixes into /64s when issuing router announcements, but this does not happen in practice. Older documentation mentions an sla-len parameter to manually subdivide large prefixes but this option does not appear to be available in 1.3.

I cannot use the prefix delegation length option because my ISP will only delegate /56 prefixes even if I request a different size.

Looking at the VyOS internals, /run/radvd/radvd.conf contains "prefix ::/64 ". but radvd announces the /56 that has been delegated to the LAN-side interface instead of just a /64.

Am I missing something my config or is this a bug?

This is my configuration:

firewall {
    all-ping enable
    broadcast-ping disable
    config-trap disable
    ipv6-name WAN_IN {
        default-action drop
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action accept
            protocol icmpv6
        }
    }
    ipv6-name WAN_LOCAL {
        default-action drop
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action accept
            protocol icmpv6
        }
        rule 30 {
            action accept
            destination {
                port 546
            }
            protocol udp
            source {
                port 547
            }
        }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name OUTSIDE-IN {
        default-action drop
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
    }
    name OUTSIDE-LOCAL {
        default-action drop
        rule 10 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action accept
            icmp {
                type-name echo-request
            }
            protocol icmp
            state {
                new enable
            }
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
    twa-hazards-protection disable
}
interfaces {
    ethernet eth0 {
        description WAN
        hw-id 52:54:00:84:b2:49
    }
    ethernet eth1 {
        address xxx.xxx.0.4/24
        description Management
        hw-id 52:54:00:5e:31:7f
    }
    ethernet eth2 {
        address xxx.xxx.0.3/24
        description LAN
        hw-id 52:54:00:93:a0:80
    }
    loopback lo {
    }
    pppoe pppoe0 {
        authentication {
            password xxxxxx
            user xxxxxx
        }
        dhcpv6-options {
            pd 0 {
                interface eth2 {
                    address 1
                    sla-id 1
                }
            }
        }
        firewall {
            in {
                ipv6-name WAN_IN
                name OUTSIDE-IN
            }
            local {
                ipv6-name WAN_LOCAL
                name OUTSIDE-LOCAL
            }
        }
        ipv6 {
            address {
                autoconf
            }
        }
        no-peer-dns
        source-interface eth0
    }
}
nat {
    source {
        rule 100 {
            outbound-interface pppoe0
            source {
                address xxx.xxx.0.0/24
            }
            translation {
                address masquerade
            }
        }
    }
}
service {
    dhcp-server {
        shared-network-name LAN {
            subnet xxx.xxx.0.0/24 {
                default-router xxx.xxx.0.3
                dns-server xxx.xxx.0.3
                domain-name local
                lease 86400
                range 0 {
                    start xxx.xxx.0.20
                    stop xxx.xxx.0.200
                }
            }
        }
    }
    dns {
        forwarding {
            allow-from xxx.xxx.0.0/24
            dnssec validate
            listen-address xxx.xxx.0.3
            name-server xxx.xxx.9.9
        }
    }
    router-advert {
        interface eth2 {
            link-mtu 1452
            prefix ::/64 {
                valid-lifetime 172800
            }
        }
    }
    ssh {
        listen-address xxx.xxx.0.4
        port 22
    }
}
system {
    config-management {
        commit-revisions 100
    }
    console {
        device ttyS0 {
            speed 115200
        }
    }
    host-name vyos
    login {
        user vyos {
            authentication {
                encrypted-password xxxxxx
                plaintext-password xxxxxx
            }
        }
    }
    name-server xxx.xxx.0.3
    ntp {
        server 0.pool.ntp.org {
        }
        server 1.pool.ntp.org {
        }
        server 2.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level info
            }
            facility protocols {
                level debug
            }
        }
    }
}

I have an idea what you can try (I don’t say it’s wrongly configured or a bug of whatever… it’s just a setting to try… sort of “set SCE to AUX”) …

In the pppoe0 → dhcpv6-options → pd 0 → try to set “length” to 56 (or whatever length you get from your isp)

1 Like

Setting length to 56 does indeed work.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.