SRX Services Gateway
Highlighted
SRX Services Gateway

SRX-220 IPv6 configuration problems

‎08-27-2015 09:24 AM

Finally got my IPv6 assignment and instantly have a very odd problem.  I have two interfaces configured with IPv6 ips. ge-0/0/0.0-2600:5000:8000:a::2/64. And ge-0/0/1.0-2600:5000:8100::1/48.

 

 I use the builtin ping and can ping ge-0/0/1.0 but can't ping ge-0/0/0.0.  I've added a rule to allow all internet to internal traffic as a test- no change. Config below:

 

ge-0/0/0 {
description Internet;
gigether-options {
auto-negotiation;
}
unit 0 {
family inet {
address 199.72.95.170/29;
}
family inet6 {
address 2600:5000:8000:a::2/64;
}
}
}
ge-0/0/1 {
description Internal;
gigether-options {
auto-negotiation;
}
unit 0 {
family inet {
address 40.136.177.1/24;
}
family inet6 {
address 2600:5000:8100::1/48;

 

routing-options {
rib inet6.0 {
static {
route 0::0/0 next-hop 2600:5000:8000:a::2;
route 2600:5000:8100::/48 next-hop 2600:5000:8100::1;

 

forwarding-options {
family {
inet6 {
mode flow-based;
}
}

 

Ping Host
 
 
Ping 2600:5000:8000:a::2
 
 
 

ping: sendmsg: Can't assign requested address
ping: sendmsg: Can't assign requested address
ping: sendmsg: Can't assign requested address
ping: sendmsg: Can't assign requested address
ping: sendmsg: Can't assign requested address

 

Ping Host
 
 
Ping 2600:5000:8100::1

 

 
 
 

PING6(104=40+8+56 bytes) 2600:5000:8100::1 --> 2600:5000:8100::1
64 bytes from 2600:5000:8100::1, icmp_seq=0 hlim=64 time=0.614 ms
64 bytes from 2600:5000:8100::1, icmp_seq=1 hlim=64 time=0.431 ms
64 bytes from 2600:5000:8100::1, icmp_seq=2 hlim=64 time=0.420 ms
64 bytes from 2600:5000:8100::1, icmp_seq=3 hlim=64 time=0.469 ms
64 bytes from 2600:5000:8100::1, icmp_seq=4 hlim=64 time=0.416 ms
64 bytes from 2600:5000:8100::1, icmp_seq=5 hlim=64 time=0.426 ms

 

I'm at a loss.  Any suggestions?

4 REPLIES 4
Highlighted
SRX Services Gateway

Re: SRX-220 IPv6 configuration problems

‎08-27-2015 01:24 PM

Hi,

 

Can you show the output of

 

show interfaces ge-0/0/0 extensive
show route table inet6.0

Do you have any luck if you specify the source address?

 

Ping 2600:5000:8000:a::2 source 2600:5000:8000:a::2

Whatever address the SRX is trying to use as it source currently it is unable to use.

 

Tim

Highlighted
SRX Services Gateway

Re: SRX-220 IPv6 configuration problems

‎08-27-2015 05:38 PM

Here is the extensive:

fredreitberger@Router> show interfaces ge-0/0/0 extensive 

Physical interface: ge-0/0/0, Enabled, Physical link is Up

  Interface index: 134, SNMP ifIndex: 508, Generation: 137

  Description: Internet

  Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps,

  BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled,

  Flow control: Enabled, Auto-negotiation: Enabled, Remote fault: Online

  Device flags   : Present Running

  Interface flags: SNMP-Traps Internal: 0x0

  Link flags     : None

  CoS queues     : 8 supported, 8 maximum usable queues

  Hold-times     : Up 0 ms, Down 0 ms

  Current address: 28:8a:1c:3d:ea:80, Hardware address: 28:8a:1c:3d:ea:80

  Last flapped   : 2015-08-27 10:26:41 EDT (10:08:03 ago)

  Statistics last cleared: Never

  Traffic statistics:

   Input  bytes  :            621399046                14896 bps

   Output bytes  :            695476239                28896 bps

   Input  packets:              1701892                   19 pps

   Output packets:              1821283                   23 pps

  Input errors:

    Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Policed discards: 0,

    L3 incompletes: 0, L2 channel errors: 0, L2 mismatch timeouts: 0, FIFO errors: 0,

    Resource errors: 0

  Output errors:

    Carrier transitions: 1, Errors: 0, Drops: 0, Collisions: 0, Aged packets: 0,

    FIFO errors: 0, HS link CRC errors: 0, MTU errors: 0, Resource errors: 0

  Egress queues: 8 supported, 4 in use

  Queue counters:       Queued packets  Transmitted packets      Dropped packets

    0 best-effort              1820907              1820907                    0

    1 expedited-fo                   0                    0                    0

    2 assured-forw                   0                    0                    0

    3 network-cont                 400                  400                    0

  Queue number:         Mapped forwarding classes

    0                   best-effort 

    1                   expedited-forwarding

    2                   assured-forwarding

    3                   network-control

  Active alarms  : None

  Active defects : None

  MAC statistics:                      Receive         Transmit

    Total octets                     654430657        727170909

    Total packets                      1715199          1821288

    Unicast packets                    1581068          1821092

    Broadcast packets                    90723              188

    Multicast packets                    43408                8

    CRC/Align errors                         0                0

    FIFO errors                              0                0

    MAC control frames                       0                0

    MAC pause frames                         0                0

    Oversized frames                         0

    Jabber frames                            0

    Fragment frames                          0

    VLAN tagged frames                       0

    Code violations                          0

  Filter statistics:

    Input packet count                       0

    Input packet rejects                     0

    Input DA rejects                         0

    Input SA rejects                         0

    Output packet count                                       0

    Output packet pad count                                   0

    Output packet error count                                 0

    CAM destination filters: 6, CAM source filters: 0

  Autonegotiation information:

    Negotiation status: Complete

    Link partner:

        Link mode: Full-duplex, Flow control: None, Remote fault: OK,

        Link partner Speed: 1000 Mbps

    Local resolution:

        Flow control: None, Remote fault: Link OK

  Packet Forwarding Engine configuration:

    Destination slot: 0

  CoS information:

    Direction : Output 

    CoS transmit queue               Bandwidth               Buffer Priority   Limit

                              %            bps     %           usec

    0 best-effort            95      950000000    95              0      low    none

    3 network-control         5       50000000     5              0      low    none

  Interface transmit statistics: Disabled

 

  Logical interface ge-0/0/0.0 (Index 69) (SNMP ifIndex 512) (Generation 134)

    Flags: SNMP-Traps 0x0 Encapsulation: ENET2

    Traffic statistics:

     Input  bytes  :            621398086

     Output bytes  :            694319199

     Input  packets:              1701882

     Output packets:              1821283

    Local statistics:

     Input  bytes  :             10752904

     Output bytes  :              6439127

     Input  packets:               135824

     Output packets:                29503

    Transit statistics:

     Input  bytes  :            610645182                13080 bps

     Output bytes  :            687880072                26536 bps

     Input  packets:              1566058                   16 pps

     Output packets:              1791780                   22 pps

    Security: Zone: Internet

    Allowed host-inbound traffic : bootp bfd bgp dns dvmrp igmp ldp msdp nhrp ospf ospf3

    pgm pim rip ripng router-discovery rsvp sap vrrp dhcp finger ftp tftp ident-reset http

    https ike netconf ping reverse-telnet reverse-ssh rlogin rpm rsh snmp snmp-trap ssh

    telnet traceroute xnm-clear-text xnm-ssl lsping ntp sip dhcpv6 r2cp

    Flow Statistics :  

    Flow Input statistics :

      Self packets :                     34813

      ICMP packets :                     8327

      VPN packets :                      0

      Multicast packets :                12240

      Bytes permitted by policy :        603179714

      Connections established :          104105 

    Flow Output statistics: 

      Multicast packets :                0

      Bytes permitted by policy :        693475874 

    Flow error statistics (Packets dropped due to): 

      Address spoofing:                  9670

      Authentication failed:             0

      Incoming NAT errors:               0

      Invalid zone received packet:      0

      Multiple user authentications:     0 

      Multiple incoming NAT:             0

      No parent for a gate:              0

      No one interested in self packets: 0       

      No minor session:                  0 

      No more sessions:                  0

      No NAT gate:                       0 

      No route present:                  0 

      No SA for incoming SPI:            0 

      No tunnel found:                   0

      No session for a gate:             0 

      No zone or NULL zone binding       0

      Policy denied:                     45848

      Security association not active:   0 

      TCP sequence number out of window: 36

      Syn-attack protection:             0

      User authentication errors:        0

    Protocol inet, MTU: 1500, Generation: 148, Route table: 0

      Flags: Sendbcast-pkt-to-re, Is-Primary

      Addresses, Flags: Is-Default Is-Preferred Is-Primary

        Destination: 199.72.95.168/29, Local: 199.72.95.170, Broadcast: 199.72.95.175,

        Generation: 142

    Protocol inet6, MTU: 1500, Generation: 149, Route table: 0

      Flags: Is-Primary

      Addresses, Flags: Is-Default Is-Preferred Is-Primary Duplicate

        Destination: 2600:5000:8000:a::/64, Local: 2600:5000:8000:a::2

        INET6 Address Flags: Duplicate

    Generation: 144

      Addresses, Flags: Is-Preferred

        Destination: fe80::/64, Local: fe80::2a8a:1cff:fe3d:ea80

    Generation: 146

 

fredreitberger@Router> ping 2600:5000:8000:a::2 source 2600:5000:8000:a::2 

PING6(56=40+8+8 bytes) 2600:5000:8000:a::2 --> 2600:5000:8000:a::2

ping: sendmsg: Can't assign requested address

ping6: wrote 2600:5000:8000:a::2 16 chars, ret=-1

 

Highlighted
SRX Services Gateway

Re: SRX-220 IPv6 configuration problems

‎08-27-2015 05:43 PM

Hi,

 

The duplicate flag is set under the interface for inet6. Can you check this link.

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB25842&actp=search&viewlocale=en_US&searchid...

 

Basically the kernel can't select the address as it believes it is a duplicate. Do you have inet6 configured on any other interfaces? lo0 maybe?

 

Tim

 

 

Highlighted
SRX Services Gateway

Re: SRX-220 IPv6 configuration problems

[ Edited ]
‎08-27-2015 06:00 PM

Just updated to Junos 12.1.X46-D35 and it now works.  Had to be a bug in the release.

 

Thanks for the assist.

 

 

Feedback