SRX

 View Only
last person joined: 21 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Ipv6 session limit

    Posted 07-09-2019 21:53
    I have an srx240b2 with junos 11.4xxx . I have set session limits with the statement for persistency. It is required to have persistent connections so that session limits can be established.

    In my version of junos I can not set peristency to ipv6. Nor can I set a session limit.

    Do I need a newer version of junos ?

    Nat -> source -> rule -> rulename
    -> then -> source-nat -> interface
    -> persistent-nat -> session-number
    value here

    Is there another way to limit the ipv6 session maximum value?

    Comments for any junos version is welcome.


  • 2.  RE: Ipv6 session limit
    Best Answer

     
    Posted 07-10-2019 00:59

    Hi,

     

    Table 1: Persistent NAT Support

    Source NAT Address

    Translated Address

    Destination NAT

    Address

    Persistent NAT

    IPv4

    IPv6

    IPv4

    No

    IPv4

    IPv6

    IPv6

    No

    IPv6

    IPv4

    IPv4

    Yes

    IPv6

    IPv6

    IPv6

    No

     

    When the IP that has to be translated is an IPv6 address, Persistent NAT is not supported.

     

    Also to explain the usage of max. session number with persistent NAT, maximum number of sessions which can be allowed through any single persistent NAT binding. So here, with this configuration, you can limit the number of sessions used by a single persistent NAT binding but not the total number of NAT sessions even for IPv4.

     

    Previously, the maximum number of sessions allowed for a persistent NAT binding was 100. This limit is now 65,536. One can now configure the maximum number of sessions ranging from 8 through 65,536.

     

    Hope this helps.

     

    Thanks,
    Pradeep
    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!



  • 3.  RE: Ipv6 session limit

    Posted 07-11-2019 18:39
    It's hard for me to understand why I can limit ipv6 sessions from my own box. Well,,,, from the source nat I mean. Wouldn't it improve performance? There must be someone using persistency for ipv6. Other manufacturers etc... Hmmm.