August 25, 2015

Juniper SRX IPv6 (VDSL or FFTC)

Recently ZEN announced an open IPv6 trial in the UK and first impressions are very good (just like the rest of their service :D )

DHCPv6 using prefix delegation (RFC 3633) is being used to issue each subscriber with a /48 range. Its maybe a small step but a nice one for them to make and nice to have native v6 at home etc finally. Zen specifically point out RFC 7084 compliance as a guarantee that things will go smoothly.

I've been using it for about a week or so and no issues yet, just works :D
Config below should work for any SRX and any ISP issuing v6 addresses via DHCPv6 and prefix delegation

This was done on a Juniper SRX 110 connecting with FTTC (VDSL). Important to note that DHCPv6 requires a fairly recent version/track running on your SRX. According to the documentation this feature was added on 12.1X45-D10, these notes where made running 12.1X46-D30.2 . In the example pp0 is the PPP interface and vlan.8 is the layer 3 LAN facing interface with the hosts connecting where the hosts will auto configure using the RAs from our SRX

Config

  set interface pp0.0 family inet6 dhcpv6-client client-type statefull
  set interface pp0.0 family inet6 dhcpv6-client client-ia-type ia-pd
  set interface pp0.0 family inet6 dhcpv6-client update-router-advertisement interface vlan.8
  set interface pp0.0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
  set routing-options rib inet6.0 static route ::/0 next-hop pp0.0
  set security forwarding-options family inet6 mode flow-based
  set security zones security-zone untrust interfaces pp0.0 host-inbound-traffic system-services dhcpv6

If you didnt already have the forwarding option configuration there then you'll need to reboot.

Verify

After that verify DHCPv6 has been delegated a prefix and that its being advertised to the LAN. First off confirm delegation is working as expected.

m00n@SRX110.test> show dhcpv6 client binding
IP/prefix                       Expires     State      ClientType    Interface       Client DUID
2a02:8000:b012::/48             53647       BOUND      STATEFUL      pp0.0           LL0x29-b0:a8:6e:11:af:a0


m00n@SRX110.test> show dhcpv6 client binding detail
Client Interface: pp0.0
     Hardware Address:             b0:a8:6e:11:af:a0
     State:                        BOUND(DHCPV6_CLIENT_STATE_BOUND)
     ClientType:                   STATEFUL
     Lease Expires:                2015-08-26 08:56:04 UTC
     Lease Expires in:             53644 seconds
     Lease Start:                  2015-08-25 08:56:04 UTC
     Bind Type:                    IA_PD
     Client DUID:                  LL0x29-b0:a8:6e:11:af:a0
     Rapid Commit:                 Off
     Server Ip Address:            fe80::230:88ff:fe16:ffff
     Client IP Prefix:             2a02:8000:b012::/48

DHCP options:
    Name: server-identifier, Value: LL_TIME0x1-0x1d3a1b40-00:30:88:11:fe:4f
    Name: dns-recursive-server, Value: 2a03:8010:1:1:213:23:3:101

Confirm our RA is working as expected:

m00n@SRX110.test> show ipv6 router-advertisement
Interface: vlan.8
  Advertisements sent: 1103, last sent 00:03:23 ago
  Solicits received: 88, last received 12:12:04 ago
  Advertisements received: 0

Confirm your host is configured to use the RAs and hopefully configured itself a routable global IP then we're done.

Enjoy native v6 (Thanks Zen!) :)

m00nie