[AusNOG] IPv6 Internode with Juniper SRX110H-VA

Michael Dale mdale at dalegroup.net
Mon Jul 22 00:32:27 EST 2013


Hi Grant,

Full config here:
http://forums.juniper.net/t5/SRX-Services-Gateway/Branch-SRX-as-a-DHCPv6-prefix-delegation-client/m-p/200175/highlight/true#M25189

I've found a few major bugs; best to read the next page or so. Not sure it is going to be 100% stable.

Please do let me know!

I've CCed the list as it might be useful.

Thanks,
Michael.





Direct: +61 2 9043 5780
Mobile: +61 422 770 473
Web site: www.dalegroup.net
Support Portal: support.dalegroup.net
CodeCanyon Support Portal: portal.dalegroup.net

On 21/07/2013, at 10:07 PM, Grant Phillips <grant.phillips at gwtp.id.au> wrote:

> Hi Michael,
> 
> Are you able to update the list with your full config? I'm running Billion router in bridge mode with SRX100 performing the PPPoE. I'm not getting any progress, i cant seem to get any output on the 'show dhcpv6 client binding'. Hoping there is something in your configuration I'm missing. 
> 
> Cheers,
> Grant Phillips
> 
> 
> On Sat, Jul 20, 2013 at 10:42 PM, Michael Dale <mdale at dalegroup.net> wrote:
> Hey Ben,
> 
> Awesome! I have something. Thanks!!
> 
> Looks like removing IA-NA fixed it, but in my config I get:
> ##
> ## Warning: IA-NA identity association is required for ia-pd
> ##
> 
> Commits fine though.
> 
> Just going to do some testing and then I will post the full config.
> 
> root at jbox# run show dhcpv6 client binding 
> 
> IP/prefix                       Expires     State      ClientType    Interface       Client DUID
> 2001:44b8:31f4:d800::/56        7043        BOUND      STATEFULL     at-1/0/0.0      LL0x1-00:24:dc:d4:e6:20
> 
> 
> On 20/07/2013, at 10:25 PM, Ben Dale <bdale at comlinx.com.au> wrote:
> 
>> Hi Guys,
>> 
>> I don't have a 'node connection handy, but I just configured up an 878 with the config from Internode's page[1] and had a look at the results in wireshark to see what fields were being set in the DHCPv6 solicit.  
>> 
>> In your config, try removing the "client-ia-type ia-na" and changing the "duid-type" to "duid-ll" eg:
>> 
>>             family inet6 {
>>                 dhcpv6-client {
>>                     client-type statefull;
>>                     client-ia-type ia-pd;
>>                     rapid-commit;
>>                     client-identifier duid-type duid-ll;
>>                 }
>>             }
>> 
>> and see if that makes any difference.  Also, based on their configuration, you should have:
>> 
>> set routing-options rib inet6.0 static route ::/0 next-hop at-1/0/0.0
>> 
>> There's a bit of a quirk with the "new" JDHCP server too - if you have any Macs or other devices that either aren't getting a DHCP address, or seem to take a long time (eg >30s) add the following command in:
>> 
>> set system services dhcp-local group YOUR-GROUP overrides no-unicast-replies
>> 
>> and that'll fix up any issues.
>> 
>> Cheers,
>> 
>> Ben
>> 
>> [1] http://www.internode.on.net/support/guides/internet_access/ipv6/cisco_routers/
>> 
>> On 20/07/2013, at 5:46 PM, Michael Dale <mdale at dalegroup.net> wrote:
>> 
>>> Thanks Ben! Very helpful.
>>> 
>>> Here is what I have so far (not working just yet but getting close I hope):
>>> 
>>> version 12.1X45;
>>> interfaces {
>>>     at-1/0/0 {
>>>         encapsulation atm-pvc;
>>>         atm-options {
>>>             vpi 8;
>>>         }
>>>         dsl-options {
>>>             operating-mode annexm-adsl2plus;
>>>         }
>>>         unit 0 {
>>>             description "Internode ADSL";
>>>             encapsulation atm-ppp-vc-mux;
>>>             vci 8.35;
>>>             ppp-options {
>>>                 pap {
>>>                     local-name "username at internode.on.net";
>>>                     local-password "xxx"; ## SECRET-DATA
>>>                     passive;
>>>                 }
>>>             }
>>>             family inet {
>>>                 negotiate-address;
>>>             }
>>>             family inet6 {
>>>                 dhcpv6-client {
>>>                     client-type statefull;
>>>                     client-ia-type ia-pd;
>>>                     client-ia-type ia-na;
>>>                     rapid-commit;
>>>                     client-identifier duid-type duid-llt;
>>>                 }
>>>             }
>>>         }
>>>     }
>>> }
>>> 
>>> 
>>> access {
>>>     address-assignment {
>>>         pool trust {
>>>             family inet {
>>>                 network 10.0.0.0/22;
>>>                 range pool {
>>>                     low 10.0.1.1;
>>>                     high 10.0.2.254;
>>>                 }
>>>                 dhcp-attributes {
>>>                     maximum-lease-time 691200;
>>>                     domain-name dalegroup.net;
>>>                     name-server {
>>>                         10.0.0.254;
>>>                     }
>>>                     router {
>>>                         10.0.0.254;
>>>                     }
>>>                 }
>>>                 host static-ip-1 {
>>>                     hardware-address 00:0c:29:xx:xx:xx;
>>>                     ip-address 10.0.2.7;
>>>                 }
>>> 
>>>             }
>>>         }
>>>     }
>>> }
>>> 
>>> 
>>> 
>>> 
>>> On 20/07/2013, at 5:37 PM, Shane Short <shane at short.id.au> wrote:
>>> 
>>>> Any chance you could give us an example of how to configure that? I've spent a good 20 minutes looking and I'm stuck at the same spot Michael is :)
>>>> 
>>>> -Shane
>>>> 
>>>> Ben Dale wrote:
>>>>> 
>>>>> This is because there are actually two DHCP clients/server daemons you can use on the SRX.  
>>>>> 
>>>>> The original one (set system services dhcp / family inet dhcp) and the "new" one that is back-ported from the MX (set system services dhcp-local-server /  family inet dhcp-client).
>>>>> 
>>>>> This was done to get DHCP in a routing-instance on the SRX without duplicating effort
>>>>> 
>>>>> When you configure DHCP client make sure you only have the statements from one OR the other (eg if you're using the original DHCP server, then you need "family inet dhcp" on your client interfaces or else if you want "family inet6 dhcp-client you'll need to switch your server to the new format), otherwise you'll get that commit error.
>>>>> 
>>>>> Anyone from iinet/Westnet out there that knows about your v6 plans for DSL?
>>>>> 
>>>>> Cheers,
>>>>> 
>>>>> Ben
>>>>> 
>>>>> 
>>>>> On 20/07/2013, at 3:12 PM, Michael Dale <mdale at dalegroup.net> wrote:
>>>>> 
>>>>>> I have tried and failed thus far.
>>>>>> 
>>>>>> SRX210 + ADSL mPim + Internode + 12.1XD45
>>>>>> 
>>>>>> There is some information here that I followed:
>>>>>> http://blog.ciscoinferno.net/dhcpv6-client-on-the-srx
>>>>>> 
>>>>>> Unfortunately I get the error:
>>>>>> Incompatible with the dhcp server configured under 'system services dhcp'
>>>>>> 
>>>>>> Not sure why that has anything todo with DHCPv6 client for ppp connections.
>>>>>> 
>>>>>> I did remove the dhcp server to test with but I never received an IP from internode, I suspect this is a JunOS issue as my SSG5 ( http://michaeldale.com.au/archive/2010/01/17/native-ipv6-over-pppoe-with-internode-and-a-juniper-ssg5/ ) could do IPv6 with Internode fine.
>>>>>> 
>>>>>> Michael.
>>>>>> 
>>>>>> On 20/07/2013, at 1:49 PM, Brad Peczka <brad at bradpeczka.com> wrote:
>>>>>> 
>>>>>>> It's worth mentioning that, this far, the 12.1X train has been less than satisfactory - memory leaks galore cause it to reload on a bi-weekly basis. It almost reminds me of some of the early Cisco 12.4T trains!
>>>>>>> 
>>>>>>> Hopefully the latest one is getting better, but I wouldn't hold your breath.
>>>>>>> 
>>>>>>> Cheers,
>>>>>>> -Brad.
>>>>>>> ________________________________________
>>>>>>> From: AusNOG [ausnog-bounces at lists.ausnog.net] On Behalf Of Reuben Farrelly [reuben-ausnog at reub.net]
>>>>>>> Sent: Saturday, 20 July 2013 11:18 AM
>>>>>>> To: Jonathan Thorpe
>>>>>>> Cc: <ausnog at lists.ausnog.net>
>>>>>>> Subject: Re: [AusNOG] IPv6 Internode with Juniper SRX110H-VA
>>>>>>> 
>>>>>>> The latest release (12.1X45-D10) of JunOS for the SRX which came out on
>>>>>>> Monday now officially supports, amongst other things:
>>>>>>> 
>>>>>>> - IPv6 Support on ADSL, G.SHDSL and VDSL2 Interfaces
>>>>>>> - DHCPv6 client
>>>>>>> - Dynamic DNS
>>>>>>> 
>>>>>>> Release notes at:
>>>>>>> 
>>>>>>> http://www.juniper.net/techpubs/en_US/junos12.1x45/information-products/topic-collections/release-notes/12.1x45/junos-release-notes-12.1X45.pdf
>>>>>>> 
>>>>>>> Haven't tried running it up yet, but this is a very good start.
>>>>>>> 
>>>>>>> Reuben
>>>>>>> 
>>>>>>> On 1/07/2013 1:37 PM, Jonathan Thorpe wrote:
>>>>>>>> You may find this useful (or perhaps not):
>>>>>>>> 
>>>>>>>> http://forums.juniper.net/t5/SRX-Services-Gateway/Branch-SRX-as-a-DHCPv6-prefix-delegation-client/td-p/99340/page/3
>>>>>>>> 
>>>>>>>> *From:*Jonathan Thorpe
>>>>>>>> *Sent:* Monday, 1 July 2013 1:35 PM
>>>>>>>> *To:* 'Skeeve Stevens'; <ausnog at lists.ausnog.net>
>>>>>>>> *Subject:* RE: [AusNOG] IPv6 Internode with Juniper SRX110H-VA
>>>>>>>> 
>>>>>>>> Hi Skeeve,
>>>>>>>> 
>>>>>>>> Isn’t there an issue with prefix delegation on JunOS that prevents this
>>>>>>>> from working?
>>>>>>>> 
>>>>>>>> Kind Regards,
>>>>>>>> 
>>>>>>>> Jonathan
>>>>>>> 
>>>>>>> _______________________________________________
>>>>>>> AusNOG mailing list
>>>>>>> AusNOG at lists.ausnog.net
>>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>> _______________________________________________
>>>>>>> AusNOG mailing list
>>>>>>> AusNOG at lists.ausnog.net
>>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>> 
>>>>>> _______________________________________________
>>>>>> AusNOG mailing list
>>>>>> AusNOG at lists.ausnog.net
>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>> 
>>>>> _______________________________________________
>>>>> AusNOG mailing list
>>>>> AusNOG at lists.ausnog.net
>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>> 
>> 
> 
> 
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130722/ac6307ce/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Dalegroup-Logo-Colour-RGB.png
Type: image/png
Size: 13773 bytes
Desc: not available
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20130722/ac6307ce/attachment.png>


More information about the AusNOG mailing list