www.m00nie.com

Juniper SRX IPv6 (VDSL or FFTC)

moonie -

Recently ZEN announced an open IPv6 trial in the UK and first impressions are very good (just like the rest of their service :D )

DHCPv6 using prefix delegation (RFC 3633) is being used to issue each subscriber with a /48 range. Its maybe a small step but a nice one for them to make and nice to have native v6 at home etc finally. Zen specifically point out RFC 7084 compliance as a guarantee that things will go smoothly.

I've been using it for about a week or so and no issues yet, just works :D
Config below should work for any SRX and any ISP issuing v6 addresses via DHCPv6 and prefix delegation

This was done on a Juniper SRX 110 connecting with FTTC (VDSL). Important to note that DHCPv6 requires a fairly recent version/track running on your SRX. According to the documentation this feature was added on 12.1X45-D10, these notes where made running 12.1X46-D30.2 . In the example pp0 is the PPP interface and vlan.8 is the layer 3 LAN facing interface with the hosts connecting where the hosts will auto configure using the RAs from our SRX

Config

  set interface pp0.0 family inet6 dhcpv6-client client-type statefull
  set interface pp0.0 family inet6 dhcpv6-client client-ia-type ia-pd
  set interface pp0.0 family inet6 dhcpv6-client update-router-advertisement interface vlan.8
  set interface pp0.0 family inet6 dhcpv6-client client-identifier duid-type duid-ll
  set routing-options rib inet6.0 static route ::/0 next-hop pp0.0
  set security forwarding-options family inet6 mode flow-based
  set security zones security-zone untrust interfaces pp0.0 host-inbound-traffic system-services dhcpv6

If you didnt already have the forwarding option configuration there then you'll need to reboot.

Verify

After that verify DHCPv6 has been delegated a prefix and that its being advertised to the LAN. First off confirm delegation is working as expected.

m00n@SRX110.test> show dhcpv6 client binding
IP/prefix                       Expires     State      ClientType    Interface       Client DUID
2a02:8000:b012::/48             53647       BOUND      STATEFUL      pp0.0           LL0x29-b0:a8:6e:11:af:a0


m00n@SRX110.test> show dhcpv6 client binding detail
Client Interface: pp0.0
     Hardware Address:             b0:a8:6e:11:af:a0
     State:                        BOUND(DHCPV6_CLIENT_STATE_BOUND)
     ClientType:                   STATEFUL
     Lease Expires:                2015-08-26 08:56:04 UTC
     Lease Expires in:             53644 seconds
     Lease Start:                  2015-08-25 08:56:04 UTC
     Bind Type:                    IA_PD
     Client DUID:                  LL0x29-b0:a8:6e:11:af:a0
     Rapid Commit:                 Off
     Server Ip Address:            fe80::230:88ff:fe16:ffff
     Client IP Prefix:             2a02:8000:b012::/48

DHCP options:
    Name: server-identifier, Value: LL_TIME0x1-0x1d3a1b40-00:30:88:11:fe:4f
    Name: dns-recursive-server, Value: 2a03:8010:1:1:213:23:3:101

Confirm our RA is working as expected:

m00n@SRX110.test> show ipv6 router-advertisement
Interface: vlan.8
  Advertisements sent: 1103, last sent 00:03:23 ago
  Solicits received: 88, last received 12:12:04 ago
  Advertisements received: 0

Confirm your host is configured to use the RAs and hopefully configured itself a routable global IP then we're done.

Enjoy native v6 (Thanks Zen!) :)

m00nie