Table of Contents
Advertisement
Note that both inet and inet6 families are configured on the ingress media interface and S-PIC. Also, service is applied
only on inet family on the ingress media interface.
7.6.2 Service Set Configuration
service-set v6rd-dom1-service-set {
softwire-rules v6rd-dom1-r1;
stateful-firewall-rules r1;
interface-service {
}
}
7.6.3 Softwire Concentrator Configuration
[edit services]
user@router# show softwire
softwire-concentrator {
v6rd v6rd-dom1 {
}
}
rule v6rd-dom1-r1 {
match-direction input;
term t1 {
}
}
Here, softwire-address 30.30.30.1 is the softwire concentrator (Br) IPv4 address, 10.10.10.0/24 is the IPv4 prefix of the
CE WAN side, and 3040::0/16 is the 6rd domain D1's v6 prefix.
7.6.4 Stateful Firewall Configuration
[edit services]
user@router# show stateful-firewall
rule r1 {
match-direction input-output;
term t1 {
}
}
It is mandatory to configure a stateful firewall rule that accepts all traffic in both input and output direction for 6rd to
work. However, this is not enforced through the CLI. This is because in IPv6, gratuitous v6 packets are expected (due to
anycast) to be detected and should not be dropped. So, S-PIC can detect reverse traffic without discovering forward
traffic at all. This can also happen when S-PIC switchover occurs in the middle of a session. By default, the stateful
firewall on the S-PIC drops all the traffic unless a rule is configured explicitly to allow it. Adding a stateful firewall rule
prevents traffic drops in the event of a service PIC/MS-DPC switchover.
This example shows how to configure 6rd so that a client in the 6rd domain (D1) can communicate with a server in
another 6rd domain (D2) (or vice versa).
Copyright © 2011, Juniper Networks, Inc.
service-interface sp-3/0/0;
softwire-address 30.30.30.1;
ipv4-prefix 10.10.10.0/24;
v6rd-prefix 3040::0/16;
mtu-v4 9192;
then {
v6rd v6rd-dom1;
}
then {
accept;
}
IMPLEMENTATION GUIDE - 6rd Configuration Guide
13
Advertisement
Table of Contents
