DHCPv6-PD

[felbinger]

I tried around with dhcpv6-pd some time ago, but never even got a non pd setup working:

Just some garbage, copied from multiple notes (incorrect)

{ lib, pkgs, ... }:
{
  name = "dhcpv6";

  globalTimeout = 60;

  defaults = {
    networking.interfaces = {
      # prevent creation of default route from management network
      eth0.useDHCP = false;
      eth1 = {
        ipv4.addresses = lib.mkForce [ ];
        ipv6.addresses = lib.mkForce [ ];
        useDHCP = true;
      };
    };
  };

  nodes = {
    machine1 = {
      networking.interfaces.eth1.ipv6.addresses = lib.mkForce [
        {
          address = "2001:db8:bad:c0de::1";
          prefixLength = 64;
        }
      ];

      #boot.kernel.sysctl = {
      #  "net.ipv6.conf.all.forwarding" = "1";
      #  "net.ipv6.conf.eth1.accept_ra" = "2"; # allow RA while forwarding
      #};

      services.kea.dhcp6 = {
        enable = true;
        settings = {
          interfaces-config.interfaces = [ "eth1" ];
          subnet6 = [
            {
              id = 1;
              subnet = "2001:db8:bad:c0de::/64";
              interface = "eth1";
              pools = [
                {
                  pool = "2001:db8:bad:c0de::100-2001:db8:bad:c0de::200";
                }
              ];
            }
          ];
        };
      };

      services.radvd = {
        enable = true;
        config = ''
          interface eth1 {
            AdvSendAdvert on;
            # Tell clients to use DHCPv6
            AdvManagedFlag on;
            AdvOtherConfigFlag on;

            prefix 2001:db8:bad:c0de::/64 {
              AdvOnLink on;
              # Disable SLAAC, force DHCPv6
              AdvAutonomous off;
            };
          };
        '';
      };
    };
    machine2 = {
      networking.dhcpcd = {
        enable = true;
        extraConfig = ''
          interface eth1
            ipv6only
            ipv6rs
            ia_na  # Request a DHCPv6 Normal Address
            ia_ta  # Request a DHCPv6 Temporary Address
        '';
      };
      environment.systemPackages = [ pkgs.dhcpcd ];
    };
  };

  testScript = ''
    start_all()

    machine1.wait_for_unit("network-online.target")
    machine2.wait_for_unit("network-online.target")

    machine1.wait_for_unit("radvd.service")
    machine1.wait_for_unit("kea-dhcp6-server.service")

    machine2.sleep(2)

    print(machine2.succeed("ip -br -6 a sh eth1"))
    print(machine2.succeed("ip -6 route"))

    machine2.wait_until_succeeds("ip -6 a sh eth1 | grep 2001:db8:bad:c0de:")

    # wait for ipv6 dad to finish (initial ! causes the exit status to be negated)
    machine2.wait_until_succeeds("! ip -6 a sh eth1 | grep tentative")

    print(machine2.succeed("ip -6 address show eth1"))
    print(machine2.succeed("ip -6 route"))
  '';
}

{ ... }:
{
  name = "dhcpv6-pd";

  globalTimeout = 120;

  nodes = {
    machine1 = {
      virtualisation.interfaces.eth1 = {
        vlan = 1;
        assignIP = false;
      };
      networking.interfaces.eth1.ipv6.addresses = [
        {
          address = "2001:db8:bad:c0de::1";
          prefixLength = 64;
        }
      ];

      boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;

      services.kea.dhcp6 = {
        enable = true;
        settings = {
          interfaces-config.interfaces = [ "eth1" ];
          #renew-timer = 600;
          #rebind-timer = 900;
          #preferred-lifetime = 1800;
          #valid-lifetime = 3600;
          subnet6 = [
            {
              id = 1;
              subnet = "2001:db8:bad:c0de::/64";
              pools = [
                {
                  pool = "2001:db8:bad:c0de::/64";
                }
              ];
              pd-pools = [
                {
                  prefix = "2001:db8:dead::";
                  prefix-len = 48;
                  delegated-len = 56;
                }
              ];
            }
          ];
        };
      };

      services.radvd = {
        enable = true;
        config = ''
          interface eth1 {
            AdvSendAdvert on;
            # Tell clients to use DHCPv6
            AdvManagedFlag on;
            prefix 2001:db8:bad:c0de::/64 {
              AdvOnLink on;
              AdvAutonomous on;
            };
          };
        '';
      };
    };
    machine2 = {
      virtualisation.interfaces.eth1 = {
        vlan = 1;
        assignIP = false;
      };

      boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;

      #virtualisation.interfaces.eth2 = {
      #  vlan = 2;
      #  assignIP = false;
      #};

      #networking.useNetworkd = true;
      #systemd.network.networks = {
      #  "10-eth1" = {
      #    matchConfig.Name = "eth1";
      #    networkConfig.DHCP = "ipv6";
      #    # request delegation of /56 prefix
      #    #networkConfig.DHCPPrefixDelegation = true;
      #    #dhcpV6Config.PrefixDelegationHint = 56;
      #  };
      #  #"20-eth2" = {
      #  #  matchConfig.Name = "eth2";
      #  #  # use one of the delegated prefixes
      #  #  networkConfig.DHCPv6PrefixDelegation = true;
      #  #  # announce using slaac
      #  #  networkConfig.IPv6SendRA = true;
      #  #};
      # dhcpcd extra conf:
      # interface wlan1
      #  option rapid_commit
      #  ipv6rs
      #  ia_na 0
      #  ia_pd 1 wlan0/0 see https://man.archlinux.org/man/dhcpcd.conf.5#ia_pd
      #};
    };
    #machine3 = {
    #  virtualisation.interfaces.eth1 = {
    #    vlan = 2;
    #    assignIP = false;
    #  };
    #  networking.interfaces.eth1 = {
    #    ipv4.addresses = lib.mkForce [];
    #    ipv6.addresses = lib.mkForce [];
    #  };
    #};
  };

  interactive.nodes = {
    machine1 = import ../debug-host-module.nix;
    machine2 = import ../debug-host-module.nix;
    #machine3 = import ../debug-host-module.nix;
  };

  testScript = ''
    machine1.start()
    machine1.wait_for_unit("network-online.target")
    machine1.wait_for_unit("radvd.service")
    #machine1.wait_for_unit("kea-dhcp6-server.service")

    machine2.start()
    machine2.wait_for_unit("network-online.target")

    machine2.sleep(1)

    # wait for dhcp lease
    print("m1-----------------------------------------")
    print(machine1.succeed("ip -br a"))
    print(machine1.succeed("ip -6 r"))
    print("m2-----------------------------------------")
    print(machine2.succeed("ip -br a"))
    print(machine2.succeed("ip -6 r"))

    #machine3.start()
    # check if we got the prefix

    #print(machine3.succeed("ip -br a"))

    #print(machine1.succeed("ping 2001:db8:dead:dead::2"))
  '';
}

[felbinger]

I found the root cause and the solution. In the KEA configuration file (e.g. '/etc/kea/kea-dhcp6.conf'), you need to mention the interface in the subnet as well.

:|

[felbinger]

I got it working in the interactive test, but the test seams to be flaky 🤔 I had one successful run with this config.

[felbinger]

Successful again, didn't find out why this is flaky yet:

vm-test-run-dhcpv6> Jan 25 14:41:02 dhcpcd systemd[1]: Starting DHCP Client...
vm-test-run-dhcpv6> Jan 25 14:41:04 dhcpcd dhcpcd[549]: dhcpcd-10.2.4 starting
vm-test-run-dhcpv6> Jan 25 14:41:04 dhcpcd dhcpcd[560]: dev: loaded udev
vm-test-run-dhcpv6> Jan 25 14:41:05 dhcpcd dhcpcd[560]: DUID 00:01:00:01:31:08:e8:01:52:54:00:12:01:01
vm-test-run-dhcpv6> Jan 25 14:41:05 dhcpcd dhcpcd[560]: eth1: IAID 00:12:01:01
vm-test-run-dhcpv6> Jan 25 14:41:05 dhcpcd dhcpcd[560]: libudev: received NULL device
vm-test-run-dhcpv6> Jan 25 14:41:05 dhcpcd dhcpcd[560]: libudev: received NULL device
vm-test-run-dhcpv6> Jan 25 14:41:06 dhcpcd dhcpcd[560]: eth1: soliciting an IPv6 router
vm-test-run-dhcpv6> Jan 25 14:41:06 dhcpcd dhcpcd[560]: eth1: Router Advertisement from fe80::5054:ff:fe12:104
vm-test-run-dhcpv6> Jan 25 14:41:06 dhcpcd dhcpcd[560]: eth1: no global addresses for default route
vm-test-run-dhcpv6> Jan 25 14:41:06 dhcpcd dhcpcd[560]: eth1: adding route to 2001:db8::/64
vm-test-run-dhcpv6> Jan 25 14:41:06 dhcpcd dhcpcd[560]: eth1: soliciting a DHCPv6 lease
vm-test-run-dhcpv6> Jan 25 14:41:07 dhcpcd dhcpcd[560]: eth1: ADV 2001:db8::100/128 from fe80::5054:ff:fe12:104 (0)
vm-test-run-dhcpv6> Jan 25 14:41:08 dhcpcd dhcpcd[560]: eth1: REPLY6 received from fe80::5054:ff:fe12:104
vm-test-run-dhcpv6> Jan 25 14:41:08 dhcpcd dhcpcd[560]: eth1: adding address 2001:db8::100/128
vm-test-run-dhcpv6> Jan 25 14:41:08 dhcpcd dhcpcd[560]: eth1: renew in 2250, rebind in 3600, expire in 7200 seconds
vm-test-run-dhcpv6> Jan 25 14:41:08 dhcpcd dhcpcd[560]: eth1: adding default route via fe80::5054:ff:fe12:104
vm-test-run-dhcpv6> Jan 25 14:41:10 dhcpcd systemd[1]: Started DHCP Client.

vm-test-run-dhcpv6> Jan 25 14:41:07 server kea-dhcp6[581]: 2026-01-25 14:41:07.875 WARN  [kea-dhcp6.alloc-engine/581.140479499589312] ALLOC_ENGINE_V6_ALLOC_FAIL_SUBNET duid=[00:02:00:00:ab:11:ed:70:92:ba:cb:7c:f5:db], [no hwaddr info], tid=0xaae837: failed to allocate an IPv6 lease in the subnet 2001:db8::/64, subnet-id 1, shared network (none)
vm-test-run-dhcpv6> Jan 25 14:41:07 server kea-dhcp6[581]: 2026-01-25 14:41:07.875 WARN  [kea-dhcp6.alloc-engine/581.140479499589312] ALLOC_ENGINE_V6_ALLOC_FAIL_NO_POOLS duid=[00:02:00:00:ab:11:ed:70:92:ba:cb:7c:f5:db], [no hwaddr info], tid=0xaae837: no pools were available for the lease allocation
vm-test-run-dhcpv6> Jan 25 14:41:07 server kea-dhcp6[581]: 2026-01-25 14:41:07.875 WARN  [kea-dhcp6.alloc-engine/581.140479499589312] ALLOC_ENGINE_V6_ALLOC_FAIL_CLASSES duid=[00:02:00:00:ab:11:ed:70:92:ba:cb:7c:f5:db], [no hwaddr info], tid=0xaae837: Failed to allocate an IPv6 address for client with classes: ALL, UNKNOWN
vm-test-run-dhcpv6> Jan 25 14:41:07 server kea-dhcp6[581]: 2026-01-25 14:41:07.972 INFO  [kea-dhcp6.packets/581.140479499589312] DHCP6_PACKET_SEND duid=[00:02:00:00:ab:11:ed:70:92:ba:cb:7c:f5:db], [no hwaddr info], tid=0xaae837: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::5054:ff:fe12:102]:546 on interface eth1
vm-test-run-dhcpv6> Jan 25 14:41:08 server kea-dhcp6[581]: 2026-01-25 14:41:08.247 INFO  [kea-dhcp6.dhcp6/581.140479499589312] DHCP6_QUERY_LABEL received query: duid=[00:01:00:01:31:08:e8:01:52:54:00:12:01:01], [no hwaddr info], tid=0x9352a
vm-test-run-dhcpv6> Jan 25 14:41:08 server kea-dhcp6[581]: 2026-01-25 14:41:08.247 INFO  [kea-dhcp6.packets/581.140479499589312] DHCP6_PACKET_RECEIVED duid=[00:01:00:01:31:08:e8:01:52:54:00:12:01:01], [no hwaddr info], tid=0x9352a: REQUEST (type 3) received from fe80::5054:ff:fe12:101 to ff02::1:2 on interface eth1
vm-test-run-dhcpv6> Jan 25 14:41:08 server kea-dhcp6[581]: 2026-01-25 14:41:08.271 INFO  [kea-dhcp6.leases/581.140479499589312] DHCP6_LEASE_ALLOC duid=[00:01:00:01:31:08:e8:01:52:54:00:12:01:01], [no hwaddr info], tid=0x9352a: lease for address 2001:db8::100 and iaid=1179905 has been allocated for 7200 seconds
vm-test-run-dhcpv6> Jan 25 14:41:08 server kea-dhcp6[581]: 2026-01-25 14:41:08.271 INFO  [kea-dhcp6.packets/581.140479499589312] DHCP6_PACKET_SEND duid=[00:01:00:01:31:08:e8:01:52:54:00:12:01:01], [no hwaddr info], tid=0x9352a: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::5054:ff:fe12:101]:546 on interface eth1
vm-test-run-dhcpv6> Jan 25 14:41:08 server kea-dhcp6[581]: 2026-01-25 14:41:08.940 INFO  [kea-dhcp6.dhcp6/581.140479499589312] DHCP6_QUERY_LABEL received query: duid=[00:02:00:00:ab:11:ed:70:92:ba:cb:7c:f5:db], [no hwaddr info], tid=0x4ffab3
vm-test-run-dhcpv6> Jan 25 14:41:08 server kea-dhcp6[581]: 2026-01-25 14:41:08.940 INFO  [kea-dhcp6.packets/581.140479499589312] DHCP6_PACKET_RECEIVED duid=[00:02:00:00:ab:11:ed:70:92:ba:cb:7c:f5:db], [no hwaddr info], tid=0x4ffab3: REQUEST (type 3) received from fe80::5054:ff:fe12:102 to ff02::1:2 on interface eth1
vm-test-run-dhcpv6> Jan 25 14:41:08 server kea-dhcp6[581]: 2026-01-25 14:41:08.940 INFO  [kea-dhcp6.leases/581.140479499589312] DHCP6_LEASE_ALLOC duid=[00:02:00:00:ab:11:ed:70:92:ba:cb:7c:f5:db], [no hwaddr info], tid=0x4ffab3: lease for address 2001:db8::101 and iaid=3081803143 has been allocated for 7200 seconds
vm-test-run-dhcpv6> Jan 25 14:41:08 server kea-dhcp6[581]: 2026-01-25 14:41:08.940 INFO  [kea-dhcp6.packets/581.140479499589312] DHCP6_PACKET_SEND duid=[00:02:00:00:ab:11:ed:70:92:ba:cb:7c:f5:db], [no hwaddr info], tid=0x4ffab3: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::5054:ff:fe12:102]:546 on interface eth1
vm-test-run-dhcpv6> Jan 25 14:41:10 server kea-dhcp6[581]: 2026-01-25 14:41:10.383 INFO  [kea-dhcp6.dhcp6/581.140479499589312] DHCP6_QUERY_LABEL received query: duid=[00:04:96:65:04:6f:e0:fb:50:62:a3:2a:b5:5e:5f:4a:87:1b], [no hwaddr info], tid=0xf926a0
vm-test-run-dhcpv6> Jan 25 14:41:10 server kea-dhcp6[581]: 2026-01-25 14:41:10.383 INFO  [kea-dhcp6.packets/581.140479499589312] DHCP6_PACKET_RECEIVED duid=[00:04:96:65:04:6f:e0:fb:50:62:a3:2a:b5:5e:5f:4a:87:1b], [no hwaddr info], tid=0xf926a0: SOLICIT (type 1) received from fe80::5054:ff:fe12:103 to ff02::1:2 on interface eth1
vm-test-run-dhcpv6> Jan 25 14:41:10 server kea-dhcp6[581]: 2026-01-25 14:41:10.397 INFO  [kea-dhcp6.leases/581.140479499589312] DHCP6_LEASE_ADVERT duid=[00:04:96:65:04:6f:e0:fb:50:62:a3:2a:b5:5e:5f:4a:87:1b], [no hwaddr info], tid=0xf926a0: lease for address 2001:db8::102 and iaid=713252315 will be advertised
vm-test-run-dhcpv6> Jan 25 14:41:10 server kea-dhcp6[581]: 2026-01-25 14:41:10.397 INFO  [kea-dhcp6.packets/581.140479499589312] DHCP6_PACKET_SEND duid=[00:04:96:65:04:6f:e0:fb:50:62:a3:2a:b5:5e:5f:4a:87:1b], [no hwaddr info], tid=0xf926a0: trying to send packet ADVERTISE (type 2) from [ff02::1:2]:547 to [fe80::5054:ff:fe12:103]:546 on interface eth1
vm-test-run-dhcpv6> Jan 25 14:41:11 server kea-dhcp6[581]: 2026-01-25 14:41:11.399 INFO  [kea-dhcp6.dhcp6/581.140479499589312] DHCP6_QUERY_LABEL received query: duid=[00:04:96:65:04:6f:e0:fb:50:62:a3:2a:b5:5e:5f:4a:87:1b], [no hwaddr info], tid=0xe5b774
vm-test-run-dhcpv6> Jan 25 14:41:11 server kea-dhcp6[581]: 2026-01-25 14:41:11.399 INFO  [kea-dhcp6.packets/581.140479499589312] DHCP6_PACKET_RECEIVED duid=[00:04:96:65:04:6f:e0:fb:50:62:a3:2a:b5:5e:5f:4a:87:1b], [no hwaddr info], tid=0xe5b774: REQUEST (type 3) received from fe80::5054:ff:fe12:103 to ff02::1:2 on interface eth1
vm-test-run-dhcpv6> Jan 25 14:41:11 server kea-dhcp6[581]: 2026-01-25 14:41:11.399 INFO  [kea-dhcp6.leases/581.140479499589312] DHCP6_LEASE_ALLOC duid=[00:04:96:65:04:6f:e0:fb:50:62:a3:2a:b5:5e:5f:4a:87:1b], [no hwaddr info], tid=0xe5b774: lease for address 2001:db8::102 and iaid=713252315 has been allocated for 7200 seconds
vm-test-run-dhcpv6> Jan 25 14:41:11 server kea-dhcp6[581]: 2026-01-25 14:41:11.399 INFO  [kea-dhcp6.packets/581.140479499589312] DHCP6_PACKET_SEND duid=[00:04:96:65:04:6f:e0:fb:50:62:a3:2a:b5:5e:5f:4a:87:1b], [no hwaddr info], tid=0xe5b774: trying to send packet REPLY (type 7) from [ff02::1:2]:547 to [fe80::5054:ff:fe12:103]:546 on interface eth1

[felbinger]

The issue should be related to

DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Failed to open multicast socket on interface eth1, reason: Failed to open link-local socket on interface eth1: Failed to bind socket 12 to fe80::5054:ff:fe12:104/port=547: Cannot assign requested address

I tried to address this by waiting for dad to finish, but this didn't seam to fix the issue, because kea doesn't retry to claim the address. Maybe a service restart after dad is complete fixes this

[felbinger]

For prefix delegation a hook can be used to add routes for the delegated prefixes on the server, see blog entry https://glindhart.dk/2022/10/15/ipv6-prefixdelegation-routing.html (ipv6 only site) for more information.

I'd like to implement this in the test, but the rest is working now.