08-13-2010 03:44 AM
So, heres some bizzareness;
You can set a Ipv6 address for a VLAN from the Web UI under 10.2R2.11 and it works just fine, however you can't set it from the CLI..
How bizzare is that!
10-19-2010 09:27 PM
After reading http://www.juniper.net/techpubs/en_US/junos10.2/in
To configure an IPv6 address for a logical interface, use the inet6 statement at the [edit interfaces interface-name unit logical-unit family] hierarchy level. [Junos OS Interfaces Configuration Guide for Security Devices]
I was pretty hopeful that 10.2R3.10 would enable this functionality, but alas, no such luck.
JUNOS Software Release [10.2R3.10]
firstname.lastname@example.org# set interfaces st0 unit 0 family ?
+ apply-groups Groups from which to inherit configuration data
+ apply-groups-except Don't inherit configuration data from these groups
> inet IPv4 parameters
> mpls MPLS protocol parameters
> vpls Virtual private LAN service parameters
Does anyone from Juniper know when this functionality will be enabled?
01-28-2011 02:19 PM
Has anyone just tried typing set interface vlan unit 1 family inet6 instead of just using the ? to check to see if it is a valid command? You can't necesarrily rely on the question mark all the time because sometimes commands are hidden for future support or during times of trouble with the feature in the OS.
02-22-2011 08:00 AM
When will IPv6 supported in transparent mode (tested on Junos 10.4r1.9)?
> admin@srx3600# set security forwarding-options family inet6 mode flow-based
> admin@srx3600# commit
> error: Cannot configure security forwarding-options inet6 flow-based in transparent mode
> error: configuration check-out failed
It's strange because I can configure IPv6 on irb interface (at least from 10.2):
> admin@srx3600# set interfaces irb unit 10 family inet6 address address fdfd:aa8f:5209:0aee::1/64
> admin@srx3600# commit
02-24-2011 08:46 AM
I was just told by a jtac engineer that in junos 10.4 they have removed support for 6in4 tunnels to services like Hurricane Electric. They don't plan on adding it back until 11.4. My tunnel work on 10.3R2 and broke when I moved to 10.4R2. That is why I opened the case.
I thought juniper was supposed to be a IPv6 leader. hmmmm.
02-25-2011 05:52 AM
6in4 tunnels are not likely to be used for enterprise connectivity,
How about this for a limitation: I have a client who uses SRX5800 and is getting ready to turn on IPv6 for their web server segment (and that segment only). The SRX cannot offer IDP on the IPv6 traffic. So now it's time to bake off other vendors to see what their IDP/IPS devices can offer for IPv6.
02-25-2011 08:03 AM
The 6in4 support in branch SRX was originally inherited from core Junos and was supported in packet-mode. We discovered that there was a possibility that it could be used to circumvent the security policies on the device (no I won't disclose any more details) so we had to address that.
We are flow-enabling all existing IPv6 features along with adding new ones, but it takes time.
02-25-2011 09:08 AM
Interesting, thank you. I'm mulling this over with our channel SEs right now.
We found this document:
which shows IPv6 IDP to be supported today on SRX100/210/240, and unsupported on every other platform at present.
02-28-2011 09:22 AM
Without revealing the *dirty* details, I was wondering if the security bypass for 6IN4 tunnels was attributed to whether the ip-0/0/0 and underlying IPv4 interface were in the same zone? I'm currently running mine in separate zones (on 10.3R1.9) and therefore just curious if this configruation is also susceptible to the same security bypass?
03-02-2011 01:14 PM
I haven't had a close look at the tunnel setup yet, but wouldn't it be possible to get a working setup by terminating the tunnel in a packet-vr and then sending it to a second vr for flow based processing? There is an appnote describing how to do this for MPLS traffic, but tunneled v6 is probably similar. Just a thought
06-22-2011 01:15 PM
Thanks for posting this. It explains why my SixxS tunnel stoped working when JTAC advised me to move off 11.x (due to it causing spontaneous reboots on my SRX210) , moving back to 10.4R4.
So now I get to play the game of "which is more important to me, stability or IPv6?"
01-25-2012 09:23 PM - edited 01-25-2012 11:32 PM
Does SRX650 requires license for IPv6?
No needed, right?