From c35d1b7a1d958327f67c806740428929ff86b151 Mon Sep 17 00:00:00 2001 From: hagbard Date: Tue, 2 Jul 2019 13:09:11 -0700 Subject: [IPoE] T1495 - IA-PD via IPoE implemented --- interface-definitions/ipoe-server.xml | 52 ++++++++++++++++++++++++++++++++++- src/conf_mode/ipoe_server.py | 52 +++++++++++++++++++++++++++++++++-- 2 files changed, 101 insertions(+), 3 deletions(-) diff --git a/interface-definitions/ipoe-server.xml b/interface-definitions/ipoe-server.xml index 4884b5915..46ac2357a 100644 --- a/interface-definitions/ipoe-server.xml +++ b/interface-definitions/ipoe-server.xml @@ -107,7 +107,7 @@ - IP address of the primary DNS server + IP address of the secondary DNS server @@ -115,6 +115,56 @@ + + + DNSv6 servers offered via internal DHCPv6 + + + + + IP address of the primary DNS server + + + + + + + + IP address of the secondary DNS server + + + + + + + + IP address of the tertiary DNS server + + + + + + + + + + Pool of client IPv6 addresses + + + + + Format: ipv6prefix/mask,prefix_len (e.g.: fc00:0:1::/48,64 - divides prefix into /64 subnets for clients) + + + + + + Format: ipv6prefix/mask,prefix_len (delegates prefix to clients via DHCPv6 prefix delegation + + + + + Client authentication methods diff --git a/src/conf_mode/ipoe_server.py b/src/conf_mode/ipoe_server.py index 478fc139e..45c64c617 100755 --- a/src/conf_mode/ipoe_server.py +++ b/src/conf_mode/ipoe_server.py @@ -44,6 +44,9 @@ log_syslog ippool ipoe shaper +ipv6pool +ipv6_nd +ipv6_dhcp {% if auth['mech'] == 'radius' %} radius {% endif -%} @@ -67,7 +70,8 @@ shared={{interfaces[intfc]['shared']}},\ mode={{interfaces[intfc]['mode']}},\ ifcfg={{interfaces[intfc]['ifcfg']}},\ range={{interfaces[intfc]['range']}},\ -start={{interfaces[intfc]['sess_start']}} +start={{interfaces[intfc]['sess_start']}},\ +ipv6=1 {% endfor %} {% if auth['mech'] == 'noauth' %} noauth=1 @@ -87,6 +91,29 @@ dns2={{dns['server2']}} {% endif -%} {% endif -%} +{% if (dnsv6['server1']) or (dnsv6['server2']) or (dnsv6['server3']) %} +[dnsv6] +dns={{dnsv6['server1']}} +dns={{dnsv6['server2']}} +dns={{dnsv6['server3']}} +{% endif %} + +[ipv6-nd] +verbose=1 + +[ipv6-dhcp] +verbose=1 + +{% if ipv6['prfx'] %} +[ipv6-pool] +{% for prfx in ipv6['prfx'] %} +{{prfx}} +{% endfor %} +{% for pd in ipv6['pd'] %} +delegate={{pd}} +{% endfor %} +{% endif %} + {% if auth['mech'] == 'local' %} [chap-secrets] chap-secrets=/etc/accel-ppp/ipoe/chap-secrets @@ -209,6 +236,15 @@ def get_config(): 'server1' : None, 'server2' : None } + config_data['dnsv6'] = { + 'server1' : None, + 'server2' : None, + 'server3' : None + } + config_data['ipv6'] = { + 'prfx' : [], + 'pd' : [], + } config_data['auth'] = { 'auth_if' : {}, 'mech' : 'noauth', @@ -228,6 +264,12 @@ def get_config(): config_data['dns']['server1'] = c.return_value('dns-server server-1') if c.exists('dns-server server-2'): config_data['dns']['server2'] = c.return_value('dns-server server-2') + if c.exists('dnsv6-server server-1'): + config_data['dnsv6']['server1'] = c.return_value('dnsv6-server server-1') + if c.exists('dnsv6-server server-2'): + config_data['dnsv6']['server2'] = c.return_value('dnsv6-server server-2') + if c.exists('dnsv6-server server-3'): + config_data['dnsv6']['server3'] = c.return_value('dnsv6-server server-3') if not c.exists('authentication mode noauth'): config_data['auth']['mech'] = c.return_value('authentication mode') if c.exists('authentication mode local'): @@ -274,6 +316,11 @@ def get_config(): config_data['auth']['radsettings']['dae-server']['port'] = c.return_value('authentication radius-settings dae-server port') if c.exists('authentication radius-settings dae-server secret'): config_data['auth']['radsettings']['dae-server']['secret'] = c.return_value('authentication radius-settings dae-server secret') + + if c.exists('client-ipv6-pool prefix'): + config_data['ipv6']['prfx'] = c.return_values('client-ipv6-pool prefix') + if c.exists('client-ipv6-pool delegate-prefix'): + config_data['ipv6']['pd'] = c.return_values('client-ipv6-pool delegate-prefix') return config_data @@ -288,7 +335,6 @@ def generate(c): tmpl = jinja2.Template(ipoe_config, trim_blocks=True) config_text = tmpl.render(c) - open(ipoe_cnf,'w').write(config_text) return c @@ -325,6 +371,8 @@ def verify(c): except: raise ConfigError("service ipoe-server authentication radius-settings dae-server port value required") + if len(c['ipv6']['pd']) != 0 and len(c['ipv6']['prfx']) == 0: + raise ConfigError("service ipoe-server client-ipv6-pool prefix needs a value") return c -- cgit v1.2.3