DHCPv6 snooping enables users to identify client and network-facing service objects, in accordance with RFC 6221. Use the following commands to specify if the service object is client-facing, network-facing, or both:
To support ring deployments, which employs a ring protection mechanism and the forwarding state of the ring port can change dynamically, a configured service object (for example, a SAP or SDP binding) on a ring port can be client-facing or network-facing depending on the forwarding state of the ring port. To support this scenario, the both option is provided. When the both option is configured, the processing rules that apply to both client-facing and network-facing service objects are applied.
On the 7210 SAS, SAPs in a VPLS service are configured as client-facing (customer-facing ports) by default. In other words, all SAPs with DHCPv6 snooping enabled are client facing. The option to configure the SAP as network-facing or both is supported; for example, access ports facing the core as a Layer 2 switch with a high SAP scale mode may need to be configured as network-facing or both.
SDP bindings that are explicitly configured for DHCPv6 snooping are network-facing ports by default.
In accordance with RFC 6221, the 7210 SAS does not forward a DHCPv6 relay-forward message out of client-facing service objects. The message is only forwarded out of network-facing service objects or objects configured as both.
DHCPv6 snooping inspects the DHCP message type and only forwards the relay-reply message. The other DHCP message types are silently discarded.
The 7210 SAS processes the DHCPv6 client messages received on client-facing interfaces when DHCPv6 snooping is enabled on the SAP or SDP binding and the client-facing option is configured.
When snooping is enabled, all DHCPv6 messages that match the preceding criteria are trapped to the CPU. Only the DHCPv6 client messages are processed further; other messages are silently dropped.