Configuring NPTv6 and More on H3C Routers

Post at — Aug 15, 2023

Intro

IPv6 is the successor to IPv4, but many necessities of IPv6 are still in development, which include a wide range of infrastructures (hardware / software), specifications (IETF RFCs), good practices followed by ISPs, and awareness of developers.

In home scenarios, many ISPs do allocate IPv6 prefixes for end-users via DHCPv6 PD (probably over PPPoE).

Even if the prefix is dynamic (changing on each dial or a daily basis), this is still quite good for most home users as long as they are using EXACTLY one router with decent support for dual-stack. As shown below, home users setup a wireless router behind ONU.

Simplified Topology

For a dual-stack router, steps for internet access will include:

  • The router establishes a PPPoE session to ISP, and gets the allocated endpoint address for IPv4 access.

  • The router configures its IPv6 SLAAC address from ICMPv6 RAs sent by ISP PPPoE peer. (RA contains prefix 240E:38F:8765:4321::/64)

  • The router starts stateful DHCPv6 client with the IA_PD option, and some prefix 240E:388:1234:1200::/56 is delegated to it.

Then the router will send ICMPv6 RAs to all the clients, telling that they own an IPv6 subnet 240E:388:1234:1200::/56, and all clients will have a publicly reachable IPv6 address by SLAAC.

(All the SLAAC steps above can be equivalently replaced with stateful DHCPv6.)

If any user is going to divide the network into different VLANs, then a dynamic prefix is challenging the whole network. Since many devices do not support dynamic prefixes natively, or they cannot handle the cases when a prefix is invalidated, we will have to stabilize the address allocation.

This article introduces “private network” address space in IPv6 and the steps to configure NPTv6 on H3C routers.

Sample Network

This article will configure devices under the following network setup.

Sample Topology

NPTv6

NPTv6 is a stateless NAT technology, and they are quite popular in multihoming IPv6 networks. It is defined in RFC 6296, but still at experimental stage.

NPTv6 only translates the layer 3 information, thus still retains the end-to-end reachability.

Unique Local Unicast Address

ULA refers to the block FC00::/7 of IPv6 address space, defined in RFC 4193. ULA prefixes are conceptually equivalent to IPv4 private network addresses defined in RFC 1918.

The predecessor to ULA is site-local unicast address (defined as FEC0::/10 in RFC 3513, but then deprecated in RFC 3879). They still appear on many outdated documents (example at page 111).

This sample configuration takes FD00:DEAD:C0DE::/56 as the internal network block, which has the same length as the delegated prefix 240E:388:1234:1200::/56.

ULA Prefix

Divide the ULA prefix into different VLANs as shown below:

  • VLAN 10: FD00:DEAD:C0DE:A::/64

  • VLAN 20: FD00:DEAD:C0DE:14::/64

  • VLAN 30: FD00:DEAD:C0DE:1E::/64

Configuration

With NPTv6 and a ULA prefix, we can configure our networks now.

Configuration Topology

The configuration will involve:

  • PPPoE dialer
  • IPv4 outbound NAT
  • IPv4 outbound NAT loopback
  • IPv6 outbound SLAAC
  • DHCPv6 PD on PPPoE dialer
  • NPTv6
  • Full IPv4 reachability via OSPFv2
  • Full IPv6 reachability via OSPFv3
  • Dual-stack VLAN interfaces

Interfaces

  • VLAN 1 on H3C MSR2600-10-X1

    • IPv4: 192.168.1.1

    • IPv6: append 1::1 to the delegated IPv6 prefix

  • VLAN 1 on H3C S5500-34C-HI

    • IPv4: 192.168.1.254

    • IPv6: FD00:DEAD:C0DE:A::/64 + EUI64

  • VLAN 10 on H3C S5500-34C-HI

    • IPv4: 192.168.10.1

    • IPv6: FD00:DEAD:C0DE:A::/64 + EUI64

  • VLAN 20 on H3C S5500-34C-HI

    • IPv4: 192.168.20.1

    • IPv6: FD00:DEAD:C0DE:14::/64 + EUI64

  • VLAN 30 on H3C S5500-34C-HI

    • IPv4: 192.168.30.1

    • IPv6: FD00:DEAD:C0DE:1E::/64 + EUI64

H3C MSR2600-10-X1

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

# OSPFv2 / OSPFv3 configuration
ospf 1 router-id 192.168.1.1
  area 0.0.0.0
    network 192.168.0.0 0.0.255.255

ospfv3 1
  router-id 192.168.1.1
  area 0.0.0.0

# dialer group policy
dialer-group 1 rule ip permit

interface GigabitEthernet0/0
  # bind the interface to Dialer0
  pppoe-client dial-bundle-number 0
  # ONU Management Network (Optional)
  # port link-mode route
  # ip address 192.168.0.1 255.255.255.0

interface Dialer0
  mtu 1492
  # enable Dial-on-Demand Routing (DDR)
  dialer bundle enable
  # PPPoE credentials
  ppp chap password cipher **REDACTED**
  ppp chap user **REDACTED**
  ppp pap local-user **REDACTED** password cipher **REDACTED**
  # dialer configuration
  dialer-group 1
  dialer timer idle 0
  dialer timer autodial 5
  # IPv4 access
  ip address ppp-negotiate
  # IPv4 NAT
  nat outbound
  # IPv6 SLAAC from ISP ICMPv6 RA
  ipv6 address auto
  # IPv6 link-local address
  ipv6 address auto link-local
  # assign the prefix from DHCPv6 PD as #1
  ipv6 dhcp client pd 1 rapid-commit option-group 1
  # bidirectional NPTv6
  nat66 prefix source FD00:DEAD:C0DE:: 56 240E:388:1234:1200:: 56
  nat66 prefix destination 240E:388:1234:1200:: 56 FD00:DEAD:C0DE:: 56

interface Vlan-interface1
  # enable NAT loopback
  nat hairpin enable
  # adjust TCP MSS
  tcp mss 1280
  # IPv4 static address
  ip address 192.168.1.1 255.255.255.0
  # IPv6 static address
  ipv6 address 1 ::1:0:0:0:1/64
  ipv6 address FD00:DEAD:C0DE:1::/64 eui-64
  ipv6 address auto link-local
  # ICMPv6 RA
  undo ipv6 nd ra halt
  ipv6 nd ra interval 60 10
  ipv6 nd ra router-lifetime 600
  ipv6 router-renumber enable
  # OSPFv3 area
  ospfv3 1 area 0.0.0.0

H3C S5500-34C-HI

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

ospf 1 router-id 192.168.1.254
  area 0.0.0.0
    network 192.168.0.0 0.0.255.255

ospfv3 1
  router-id 192.168.1.254
  area 0.0.0.0

interface Vlan-interface1
  # IPv4 static address
  ip address 192.168.1.254 255.255.255.0
  # IPv6 SLAAC from router
  ipv6 address auto
  ipv6 address auto link-local
  # OSPFv3 area
  ospfv3 1 area 0.0.0.0

interface Vlan-interface10
  # IPv4 static address
  ip address 192.168.10.1 255.255.255.0
  # IPv6 static address
  ipv6 address FD00:DEAD:C0DE:A::/64 eui-64
  ipv6 address auto link-local
  # ICMPv6 RA
  undo ipv6 nd ra halt
  ipv6 nd router-preference high
  # OSPFv3 area
  ospfv3 1 area 0.0.0.0

interface Vlan-interface20
  # IPv4 static address
  ip address 192.168.20.1 255.255.255.0
  # IPv6 static address
  ipv6 address FD00:DEAD:C0DE:14::/64 eui-64
  ipv6 address auto link-local
  # ICMPv6 RA
  undo ipv6 nd ra halt
  ipv6 nd router-preference high
  # OSPFv3 area
  ospfv3 1 area 0.0.0.0

interface Vlan-interface30
  # IPv4 static address
  ip address 192.168.30.1 255.255.255.0
  # IPv6 static address
  ipv6 address FD00:DEAD:C0DE:1E::/64 eui-64
  ipv6 address auto link-local
  # ICMPv6 RA
  undo ipv6 nd ra halt
  ipv6 nd router-preference high
  # OSPFv3 area
  ospfv3 1 area 0.0.0.0

Validation

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

<H3C>show ipv6 prefix
Number  Prefix                                      Type
1       240E:388:1234:1200::/56                     Dynamic
<H3C>show ipv6 dhcp client interface Dialer0
Dialer0:
  Type: Stateless client
    State: IDLE
    Client DUID: 000300015c9781540200
  Type: Stateful client requesting prefix
    State: OPEN
    Client DUID: 000300015c9781540200
    Preferred server:
      Reachable via address: FE80::5C98:CE58:400:84
      Server DUID: 000300015c98ce580400
    IA_PD: IAID 0x00000001, T1 302400 sec, T2 483840 sec
      Prefix: 240E:388:1234:1200::/56
        Preferred lifetime 604800 sec, valid lifetime 2592000 sec
        Will expire on Sep 15 2023 at 12:36:39 (2587370 seconds left)
<H3C>show ipv6 routing-table

Destinations : 14       Routes : 14

Destination: ::/0                                        Protocol  : Direct
NextHop    : FE80::5C98:CE58:400:84                      Preference: 80
Interface  : Dia0                                        Cost      : 0

Destination: ::1/128                                     Protocol  : Direct
NextHop    : ::1                                         Preference: 0
Interface  : InLoop0                                     Cost      : 0

Destination: 240E:388:1234:1200::/56                     Protocol  : Static
NextHop    : ::                                          Preference: 1
Interface  : NULL0                                       Cost      : 0

Destination: 240E:388:1234:1201::/64                     Protocol  : Direct
NextHop    : ::                                          Preference: 0
Interface  : Vlan1                                       Cost      : 0

Destination: 240E:388:1234:1201::1/128                   Protocol  : Direct
NextHop    : ::1                                         Preference: 0
Interface  : InLoop0                                     Cost      : 0

Destination: 240E:38F:8765:4321::/64                     Protocol  : Direct
NextHop    : ::                                          Preference: 0
Interface  : Dia0                                        Cost      : 0

Destination: 240E:38F:8765:4321:5C97:8154:200:84/128     Protocol  : Direct
NextHop    : ::1                                         Preference: 0
Interface  : InLoop0                                     Cost      : 0

Destination: FD00:DEAD:C0DE:1::/64                       Protocol  : Direct
NextHop    : ::                                          Preference: 0
Interface  : Vlan1                                       Cost      : 0

Destination: FD00:DEAD:C0DE:1:5E97:81FF:FE54:202/128     Protocol  : Direct
NextHop    : ::1                                         Preference: 0
Interface  : InLoop0                                     Cost      : 0

Destination: FD00:DEAD:C0DE:A::/64                       Protocol  : O_INTRA
NextHop    : FE80::5E97:5BFF:FE0A:102                    Preference: 10
Interface  : Vlan1                                       Cost      : 2

Destination: FD00:DEAD:C0DE:14::/64                      Protocol  : O_INTRA
NextHop    : FE80::5E97:5BFF:FE0A:102                    Preference: 10
Interface  : Vlan1                                       Cost      : 2

Destination: FD00:DEAD:C0DE:1E::/64                      Protocol  : O_INTRA
NextHop    : FE80::5E97:5BFF:FE0A:102                    Preference: 10
Interface  : Vlan1                                       Cost      : 2

Destination: FE80::/10                                   Protocol  : Direct
NextHop    : ::                                          Preference: 0
Interface  : InLoop0                                     Cost      : 0

Destination: FF00::/8                                    Protocol  : Direct
NextHop    : ::                                          Preference: 0
Interface  : NULL0                                       Cost      : 0