PPPoE ipv6 6wind BNG using Radius Auth with SNAT64 Translation.
In this case we will use this topology:
PPPoE Server
First setup uplink for the internet side and link pppoe-client side, in this case we use dhcp on interface eth0 and just enable interface eth1 for pppoe-client.
/ vrf main interface physical eth0 enabled true
/ vrf main interface physical eth0 port pci-b0s3
/ vrf main interface physical eth0 ipv4 dhcp enabled true
/ vrf main interface physical eth1 ipv6 enabled true
/ vrf main interface physical eth1 port pci-b0s4Next, setup pppoe-tunnel instance inside ppp-server menu with link-interface eth1.
/ vrf main ppp-server instance pppv6 enabled true
/ vrf main ppp-server instance pppv6 ppp ipv6cp allow
/ vrf main ppp-server instance pppv6 pppoe enabled true
/ vrf main ppp-server instance pppv6 pppoe interface eth1After setup pppoe-tunnel, it mandatory to setup authentication for the tunnel, in this case radius-server use ip is 10.77.7.164 and source ip that can reach radius server is 10.77.7.167.
/ vrf main ppp-server instance pppv6 auth radius server address 10.77.7.164 auth-port 1812 acct-port 1813 secret n4s-s3cret
/ vrf main ppp-server instance pppv6 auth radius nas ip-address 10.77.7.167
/ vrf main ppp-server instance pppv6 auth radius nas identifier 10.77.7.167
/ vrf main ppp-server instance pppv6 auth radius accounting interim-interval 2
/ vrf main ppp-server instance pppv6 auth radius accounting session-id-in-authentication trueAlso setup ip-pool for distribute to pppoe-clients, in this case the ip-pool is 2001:db8:22::/48 with 64 prefix length. 200.10.2.127. And add dns64 proxy for translate ipv4 to ipv6 format ping with ip 64:ff9b::x.x.x.x. (eg: 64:ff9b::8.8.8.8)
/ vrf main ppp-server instance pppv6 ipv6-pool pool poolv6
/ vrf main ppp-server instance pppv6 ipv6-pool pool poolv6 prefix 2001:db8:22::/48
/ vrf main ppp-server instance pppv6 ipv6-pool pool poolv6 prefix-len 64
/ vrf main ppp-server instance pppv6 ipv6-neighbor-discovery
/ vrf main dns proxy dns64 64:ff9b::/96
/ vrf main dns proxy dns64 64:ff9b::/96 client 2001:db8:22::/64
/ vrf main dns proxy dns64 64:ff9b::/96 exclude 64:ff9b::/96And setup Translation IP with cg-nat SNAT64 for translating local ipv6 on the client side to outbound-interface on the public side for reach internet purpose, in this case outbound-interface on the internet side is eth0. The cg-nat feature mandatory define ipv4 pool to be reacheable from the outside, in this case the pool using 200.10.2.2-200.10.2.127. Need to add format ip 64:ff9b:: on the cg-nat destination and ipv6 static route to the outbound interface.
/ vrf main cg-nat pool test
/ vrf main cg-nat pool test address 200.10.2.2-200.10.2.127
/ vrf main cg-nat pool test block-size 512
/ vrf main cg-nat rule 1
/ vrf main cg-nat rule 1 dynamic-snat64
/ vrf main cg-nat rule 1 dynamic-snat64 match
/ vrf main cg-nat rule 1 dynamic-snat64 match source
/ vrf main cg-nat rule 1 dynamic-snat64 match source ipv6-address 2001:db8::/32
/ vrf main cg-nat rule 1 dynamic-snat64 match outbound-interface eth0
/ vrf main cg-nat rule 1 dynamic-snat64 translate-to
/ vrf main cg-nat rule 1 dynamic-snat64 translate-to pool-name test
/ vrf main cg-nat rule 1 dynamic-snat64 translate-to max-blocks-per-user 4
/ vrf main cg-nat rule 1 dynamic-snat64 translate-to destination-prefix 64:ff9b::/96
/ vrf main routing static ipv6-route 64:ff9b::/96 next-hop eth0PPPoE Client
In the Client side need to enable interface pppoe to activate tunnel on the client side, in this case inteface that linked with PPPoe-server is eth1. And it mandatory to input authentication user and secret on the radius-server, in this case the user is psi and the secret psip4. optionally, ipv6-pool that reach to pppoe server can be add in the loopback interface and add ipv6 default route, to be ping occasionally from the pppoe server. Also add the attribute Framed-IPv6-Route equal to ipv6 prefix-pool that defined on the pppoe server before, in this case ipv6 prefix-pool is 2001:db8:a:1::/64.
/ vrf main interface loopback lo0 ipv6 address 2001:db8:a:1::1/64
/ vrf main interface pppoe client1 link-interface eth1
/ vrf main interface pppoe client1 auth user psi
/ vrf main interface pppoe client1 auth secret psip4
/ vrf main interface pppoe client1 request domain-name-servers
/ vrf main interface pppoe client1 lcp echo-interval 2
/ vrf main interface pppoe client1 lcp echo-failure 3
/ vrf main routing static ipv6-route ::/0 next-hop client1