Community Forum

Re: Juniper SRX config for DHCPv6 ?

Regular Visitor

Re: Juniper SRX config for DHCPv6 ?

Hi 

If anyone had many this work, please spread the knowledge

can you share some more details please, if you can't can you PM me your case number so that JTAC does not spend 3 months not finding a solution?

 

Thanks!

Regular Contributor

Re: Juniper SRX config for DHCPv6 ?

I know with Junipers there's some quirks in comparison with other vendors i.e. Cisco.  When I was working on SRX boxes there were some things that I learned about them that weren't really common knowledge coming from other platforms and the lack of documentation didn't help either.  

 

I know when I was setting some up and/or making changes to them there were some steps that had to be done to enable an IF to actually link up.  Doing a sh int ip br would show an up status but, until I went into the configuration and did a "no int fe/x/x/x admin down" or whatever the command was it wouldn't link up/up.  Depending on how the logic of JunOS is picking up the chain of commands will determine if you have to do extraneous steps to enable v6 on this particular device.  Once you get them up and running though there's very little upkeep to be done with them.

 

I can't speak exactly to v6 though since we weren't running it in our network at the time that I was working on these devices.

 

Or go here https://forums.xfinity.com/t5/Your-Home-Network/IPv6-and-Juniper-SRX/td-p/1992785

Authorized Vendor

Re: Juniper SRX config for DHCPv6 ?


mmoriniaux wrote:

Hi 

If anyone had many this work, please spread the knowledge

can you share some more details please, if you can't can you PM me your case number so that JTAC does not spend 3 months not finding a solution?

 

Thanks!


Look at the URL the other user posted... also http://www.rickmayberry.com/srx-prefix-delegation-for-ipv6-in-home-lan/

 

I will ping you via PM as well..

-------------------------------------
Network Engineer, IP Engineer, Docsis..; the views expressed on this post are mine and do not necessarily reflect the views of my employer..

Gamer.. Living the dream one catastrophe at a time Smiley Happy ..
New Poster

Re: Juniper SRX config for DHCPv6 ?

I've got a fully functional setup now on Comcast with both IPv4/v6:

Router: SRX300 running 17.4R1.16

Modem: Arris SB8200. Tried with a CM1000 and it would not get DHCP.

My WAN port is ge-0/0/0.0

LAN is configured under irb.0

 

Pertinent settings for IPv6 with Comcast:

 

system {
    internet-options {
        no-ipv6-reject-zero-hop-limit;
    }
}
security {
    forwarding-options {
        family {
            inet6 {
                mode flow-based;
            }
        }
    }
}
security {
    zones {
        security-zone untrust {
            screen untrust-screen;
            interfaces {
                ge-0/0/0.0 {
                    host-inbound-traffic {
                        system-services {
                            dhcpv6;
                        }
                        protocols {
                            router-discovery;
                        }
                    }
                }
            }
        }
   }
}
interfaces {
    ge-0/0/0 {
        unit 0 {
            arp-resp unrestricted;
            family inet6 {
                dhcpv6-client {
                    client-type stateful;
                    client-ia-type ia-pd;
                    client-ia-type ia-na;
                    prefix-delegating {
                        preferred-prefix-length 60;
                    }
                    client-identifier duid-type duid-ll;
                    retransmission-attempt 6;
                    update-router-advertisement {
                        interface irb.0 {
                            other-stateful-configuration;
                        }
                    }
                    update-server;
                }
                dad-disable;
            }
        }
    }
}
protocols {
    router-advertisement {
        interface ge-0/0/0.0 {
            managed-configuration;
            other-stateful-configuration;
        }
    }
}

The big settings here are the preferred-prefix-length where I request a /60 from Comcast, which they are happy to deliver. The Juniper then happily (using the update-router-advertisement) delivers a /64 network to the trust side of my network.

 

If you want to go all out you can configure a untrust to trust policy to match application junos-icmp6-all which will allow ICMPv6 through, which gives me a score of 19/20 on ipv6-test.com.

 

 

Cheers,

Aaron