Thanks for the kudos, we appreciate it, and we look forward to hearing your opinions as you get more experience with this initial IPv6 feature set. 

We do have plans for continued feature delivery for IPv6, we don't consider it done by a long shot. The next major release where you will see IPv6 features is 10.4R1.

I've just tryed this out and applied this fix as you describe.. rebooted, but it made no difference.. Still cant' configure IPv6 on a VLAN..   

Not even given the option to configure it..

The release notes say IPv6, ISIS CLass of service, Encapsulations, CLNS and PIM are not supported on a VLAN interface.

[edit interfaces vlan]
root# set unit 0 family ?        
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
> inet                 IPv4 parameters
> mpls                 MPLS protocol parameters
> tcc                  Translational cross-connect parameters
> vpls                 Virtual private LAN service parameters
[edit interfaces vlan]
root# set unit 0 family    

So, seems that the SRX aint quite so action packed and ready to enter bravely into the IPV6 world

i have it working and configured on a vlan interface. I will attach my config and information. Well I know they said the support was not complete, and they are right, no ds-lite, no nat64 etc. But after all this time I am just happy to have basic and solid ipv6 support running without issues, ipv6->ipv4 nat and other features would be nice. But in a standard duel stack configuration at least this works without any issues.

# RANCID-CONTENT-TYPE: juniper

#

# Sokar> show chassis environment 

# Class Item                           Status

# Temp  Routing Engine                 OK        

#       Routing Engine CPU             Absent    

# Fans  SRX210 Chassis fan             OK

# Power Power Supply 0                 OK        

# 

# Sokar> show chassis firmware 

# Part                     Type       Version

# FPC 0                    O/S        Version 10.2R2.11 by builder on 2010-08-06 

# FWDD                     O/S        Version 10.2R2.11 by builder on 2010-08-06 

# Sokar> show chassis routing-engine 

# Routing Engine status:

#     Model                          RE-SRX210H

#     Serial ID                     

interfaces {

 ip-0/0/0 {

        unit 0 {

            tunnel {

                source 173.12.12x.xx;

                destination 216.66.22.2;

            }

            family inet6 {

                address 2001:470:7:3ed::2/64;

            }

        }

    }

 vlan {

        unit 0 {

            family inet {

                address 10.12.0.254/24;

            }

        }

        unit 2 {

            family inet {

                filter {

                    input to-dsl;

                }

                address 10.0.0.254/24;

            }

            family inet6 {

                address 2001:470:8:3ed::1/64;

            }

        }

        unit 3 {

            family inet {

                address 192.168.10.253/24;

            }

        }

    }

}

routing-options {

    interface-routes {

        rib-group inet import-phy;

    }

    rib inet6.0 {

        static {

            route ::/0 next-hop 2001:470:7:3ed::1;

        }

    }

protocols {

    router-advertisement {

        interface vlan.2 {

            max-advertisement-interval 5;

            min-advertisement-interval 3;

            prefix 2001:470:8:3ed::/64 {

                on-link;

                autonomous;

            }

    }

}

security {

forwarding-options {

        family {

            inet6 {

                mode flow-based;

            }

        }

    }

Ok, so heres where it gets weird and i suspect we are both correct!

If you try to set the ipv6 address via the CLI on the VLAN, it does'nt work.. The CLI simply doe'snt present the option.

If you set the ipv6 address via the WEB ui, its accepted and guess what it even works! 

Ok Juniper this is bizzare, but i guess you did say its not supported.

Regards

Andrew.

I am experiencing some odd issues related to flow based ipv6. I am trying to enable it on a half-production system, two srx-240hm in chassis cluster, that's already working stable with ipv4.

when I issue 'set security forwarding-options family inet6 mode flow-based', and reboot, one of my reth interfaces (which doesn't look any different from the others that are unaffected) is not forwarding *any* traffic, not even ipv4. If I revert to packet-based ipv6, and reboot, it is still not forwarding forward anything. Nothing else is changing, ipv4 or ipv6 related.

The only way I have found to restore it to a proper working state is to remove the said reth from the interface configuration (and all the references), commit that (or a minimal configuration for speed), then reload the production config from file and commit.

Same applies if I stay with flow ipv6, loading a blank configuration (with flow ipv6), then the production one (again with flow ipv6) works until the cluster is rebooted, when I do, the reth stops forwarding until I repeat the cycle. 

Looks like, when mode flow-based is enabled, some interface is initialized differently at boot compared to when configured from scratch.

I did have one weird problem since upgrading to 10.2. This may be what has affected your system. After I turned on ipv6 flow mode. I had an interface stop forwarding traffic. I issued the request chassis fpc restart command. After the fpc restarted everything returned to normal and I have not experienced the issue since.

I think it is related to enabling flow mode on ipv6 the first time, as the issue happened after the required reboot. However restarting the fpc fixed the issue. Be aware that restarting the fpc can take up to 10 minutes and will stop all traffic flowing through the box. Just somethign to be aware of.

hi bufo, 

Could you confirm how you configured the VLAN interface? Did you use the CLI or the WEB GUI?

CLI, I have my web interface disabled, too slow.