4

My question is somewhat related to this question: What ISP needs to provide in order to route native IPv6 /56 range to several VLANs Where that question focused on the private side of a router, my question focuses on the public side and is related to how an ISP performs its job.

Let's assume that my ISP has given me an IPv6 network prefix of 2001:db8:beef:a700::/56. Let's assume I don't subnet it - I simply place my router's LAN interface in that subnet. Let's assume the WAN interface of my router has address 2001:db8:face:2000::2/64 (assigned via DHCP), with an upstream gateway of 2001:db8:face:2000::1. When the upstream gateway gets a packet with a destination address of 2001:db8:beef:a700::abcd from the public Internet, it must route that packet to my router at 2001:db8:face:2000::2. How does the upstream gateway learn that this is what it must do?

This question is being asked with these assumptions:

  • The customer equipment is not running any dynamic routing protocols. I haven't seen customer equipment running routing protocols, so I must assume that the upstream gateway has learned of the 2001:db8:beef:a700::/56 network through some other means. What means might that be?
  • The DHCPv6 server that is handing out prefixes is not running on the upstream gateway. Instead, the upstream gateway is performing DHCP relay. This allows a single DHCP server to serve many networks that may be associated with neighborhoods or towns.

I attempted to test this with some Linux hosts and pfSense routers, but I was unable to replicate the functionality that ISPs provide. I more than welcome corrections to misconceptions I may have developed while learning IPv6.

ADS103
  • 116
  • 1
  • 7

3 Answers3

5

IPv6 to consumer networks/customers is usually provided by using DHCPv6-PD between the ISP router and the home router (CPE). The PD stands for Prefix Delegation and is an addition to the normal DHCPv6 options. It not only provides on-link addresses to the CPE, but also gives it a whole prefix that it can then use to further distribute within its own network.

To be able to route the prefix to the right CPE the ISP router has to remember which prefixes got delegated to which CPE. To do that it remembers the DHCPv6 client ID (DUID), its link-local (fe80:) address, the delegated prefixes and the lease time. It then automatically creates a static route for each prefix with the link-local address of the CPE as next-hop, and it will remove that route again when the lease expires.

If the ISP router is not itself the DHCPv6 server (which it usually isn't) then instead it performs the role of DHCPv6 relay. It will relay DHCPv6 requests from the CPEs to a central DHCPv6 server which will provide each CPE with prefixes. When relaying those messages the ISP router will snoop inside them to see if prefixes are being delegated, and it will update its routes based on that.

As an example, here is some Cisco documentation of this feature.

There are also switches that snoop DHCPv6 traffic. This is done for security instead of for routing. By looking at which ethernet port was given which IPv6 addresses and prefixes the switch can make sure that devices on other ports can't spoof packets using someone else IPv6 address. This is called a Lightweight DHCPv6 Relay Agent and specified in RFC 6221.

Community
  • 1
Sander Steffann
  • 7,712
  • 19
  • 29
  • _ISP router has to remember which prefixes got delegated to which CPE. To do that it remembers the DHCPv6 client ID (DUID), its link-local (fe80:) address, the delegated prefixes and the lease time._ Is that somewhere documented in an RFC or other official document? As far as i know describes RFC 8415 DHCPv6 only the the requesting part, at least i couldn't find any section in which it is described that an ISP router "routes" packages based on prefixes, although the explenation seems logical. – goulashsoup Apr 24 '20 at 23:38
2

It works the same way as routing for IPv4.

Routers learn routes in three different ways:

  1. Directly connected networks
  2. Statically configured routes
  3. Dynamically through routing protocols

If you are not running a routing protocol between the CE and PE, then the PE is configured to route any traffic destined to the /56 network to the CE router. The ISP uses an IGP or iBGP to advertise the /56 prefix within its own network, and it advertises it (probably within a larger aggregated prefix) to the public Internet.

Ron Maupin
  • 3,243
  • 1
  • 12
  • 20
  • Hm. That makes sense, but it doesn't seem feasible for an ISP to configure static routes for each CE that gets connected to its network. That seems to defeat the purpose of DHCP entirely. – ADS103 Oct 26 '17 at 14:34
  • 1
    DHCP is for _LAN_ connectivity, and it really has nothing to do with routing. – Ron Maupin Oct 26 '17 at 14:44
  • 1
    I must disagree with the first portion of that comment. My ISP, at least, uses DHCP for WAN connectivity, and DHCPv6 _is_ how prefix delegation works. Its the exact fact that DHCP has nothing to do with routing that was making me ask this question. I felt certain that there was an automatic process that ran alongside DHCP for establishing routes, even without the CE running a routing protocol. But if static is the way its done, I'm grateful for your answer. – ADS103 Oct 26 '17 at 14:54
  • 1
    You were asking how the routing works, and I explained that. DHCP has nothing to do with routing. It _may_ be used to assign a host, the CE in this case, but it doesn't install routes. The same holds true for IPv4, which in many, many cases, e.g. DSL, uses PPP rather than DHCP to assign the CE address. – Ron Maupin Oct 26 '17 at 14:57
  • 1
    Not entirely correct. The ISP router will be a DHCPv6 relay, and when relaying an IA_PD option (delegating a prefix to the client) it will automatically add a static route for that prefix. So in the case of DHCPv6-PD there is actually a link to the routing system. – Sander Steffann Oct 27 '17 at 11:13
  • Here is a reference to cisco documentation about the static route: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6/configuration/12-4t/ipv6-12-4t-book/ip6-dhcp.html#GUID-D1067955-1D1A-4D0E-82FC-61BB4BE371D6 – Sander Steffann Oct 27 '17 at 11:19
  • 1
    @SanderSteffann Maybe you could expand those comments into a full answer. – kasperd Oct 30 '17 at 20:04
0

In this particular scenario, the upstream gateway must "snoop" the DHCP packets that it relays. Because these DHCP packets contain both the WAN address of the customer router and the prefix address being delegated to that customer, all of the information the upstream router needs is there and must simply be extracted. Once extracted, the upstream gateway adds the information to its routing table. This is called "DHCP Snooping." In a sense, DHCP is being used as a poor-man's routing protocol.

Cisco provided documentation that helped me arrive at this answer. It can be found here.

ADS103
  • 116
  • 1
  • 7
  • DHCP snooping is a LAN protection that may configured on some switches. DHCP has nothing to do with routing. You are confusing host configuration and routing. The PE router must be configured to route traffic to the prefix, either by static configuration, or by a routing protocol. You are confusing different things. – Ron Maupin Oct 26 '17 at 17:00