I tried to setup a DHCPv6 relay agent on a Juniper EX3400 switch. (SLAAC is unfortunately not enough for this use case.)
While the setup of the (non-v6) DHCP relay agent worked flawlessly and was well-documented [1][2], the DHCPv6-part of manual [3] is rather brief in my opinion.
It more or less just mentions the dhcpv6-keyword and a few things that are specific to v6. So, I just took the non-v6 config and reused it under the dhcpv6-keyword. Since the auto-completion in JunOS knew all those keywords, I guess that is how it is intended anyhow.
The relevant part of the config thus now looks like this:
[edit forwarding-options dhcp-relay dhcpv6]
relay-agent-option-79;
group default {
interface irb.100;
}
server-group {
dhcpv6-servers {
2001:db8::1;
2001:db8::2;
}
}
active-server-group dhcpv6-servers;
However, that does not seem to be enough. Apparently, the switch now drops all DHCPv6 packets:
user@junos> show dhcpv6 relay statistics
Dhcpv6 Packets dropped:
Total 133
No SAFD 133
Messages received:
DHCPV6_DECLINE 0
DHCPV6_SOLICIT 0
DHCPV6_INFORMATION_REQUEST 0
DHCPV6_RELEASE 0
DHCPV6_REQUEST 0
DHCPV6_CONFIRM 0
DHCPV6_RENEW 0
DHCPV6_REBIND 0
DHCPV6_RELAY_FORW 0
DHCPV6_LEASEQUERY_REPLY 0
DHCPV6_LEASEQUERY_DATA 0
DHCPV6_LEASEQUERY_DONE 0
Messages sent:
DHCPV6_ADVERTISE 0
DHCPV6_REPLY 0
DHCPV6_RECONFIGURE 0
DHCPV6_RELAY_REPL 0
DHCPV6_LEASEQUERY 0
According to the docs [4], "No SAFD" means the ports on which the DHCPv6 request came in are not configured:
- No SAFD — Number of packets discarded because they arrived on an unconfigured interface.
But the packets come in via access ports that are a member of the VLAN assigned to irb.100 and for non-v6, mentioning interface irb.100 under the group-keyword is all that is necessary to trust these interfaces.
What am I missing here? How can I get the switch to accept the DHCPV6_REQUEST packets?
