Very simple, really.
6PE tunneling:
set protocols mpls ipv6-tunneling
We also use these following lines for various reasons: have working VRFs, traceroutes, having internal pathes using IGP metrics even for MPLS/LDP, use explicit null everywhere (but not mandatory at all):
set protocols mpls traffic-engineering mpls-forwarding
set protocols mpls icmp-tunneling
set protocols ldp track-igp-metric
set protocols ldp explicit-null
For 6PE, while it seems strange, you must add family inet6 on internal MPLS interfaces (without any specific IP address), probably with setting a jumbo MTU - like you would do in IPv4 internally:
set interfaces <All-internal-MPLS-interfaces> unit <blah> family inet6 dad-disable
(adds IPv6 family, and disable at the same time DAD – really useless feature here)
set interfaces <All-internal-MPLS-interfaces> mtu 9192
(actually, a supported max jumbo MTU compatible with all your gears, but you should already use something like that with MPLS, not specific to IPv6)
You will add 6PE and 6VPE address families in your I-MP-BGP group(s) – which make your IBGP sessions flap at commit (and notice that here, «explicit null» is mandatory for 6PE):
set protocols bgp group My_IBGP_Group family inet6 labeled-unicast explicit-null
set protocols bgp group My_IBGP_Group family inet6-vpn unicast
With ISIS you would have to make sure to disable ipv6-unicast for each internal interface (as you're using 6PE), but with OSPF (v2) there's no IPv6 so nothing to do.
Then add an IPv6 on your lo0, don't forget to configure an inbound firewall family inet6 filter on this lo0 to protect your router, same thing within the VRFs if they have a loopback interface configured.
------------------------------
Olivier Benghozi
------------------------------
Original Message:
Sent: 03-23-2023 09:31
From: MOHAMAMD AYASH
Subject: Dual Stack implementation on Juniper Network Devices
Hi Olivier thank you for your reply.
That does not sound like a lot of work, does it? We have our own public IPv6 ranges that we want to advertise to our clients. When it comes to implementing 6PE/6VPE, which security concerns do I need to think of? Do you have any tips that I can use?
Much appreciated.
------------------------------
MOHAMAMD AYASH
Original Message:
Sent: 03-23-2023 06:35
From: Olivier Benghozi
Subject: Dual Stack implementation on Juniper Network Devices
DS-Lite is not a Juniper stuff or dual stack solution: it is a IPv4 to IPv6 tunneling migration solution to deal with end user customers/subscribers (and with CGNAT). This is probably not what your are looking for at all.
On our MPLS-IPv4 (ISIS, LDP, VRF) MX backbone, we use 6PE (in the master/global table) and 6VPE (in the VRFs). All the IPv6 routes (and their labels) are in the MP-BGP. No IPv6 for IGP or internal MPLS intercos. Worked well for years.
------------------------------
Olivier Benghozi
Original Message:
Sent: 03-22-2023 07:11
From: MOHAMAMD AYASH
Subject: Dual Stack implementation on Juniper Network Devices
Hi, I'm experimenting with dual-stack on Juniper devices and would like some suggestions and tips from the Juniper Community. I'm running a test lab with MX104, SRX340 and SRX650. The backbone is MPLS-IPv4. The network is running OSFPv2, LDP, MPLS, BGP and VRF. We would like to implement IPv6 alongside IPv4. I've been researching the different techniques of dual stacking and found a few solutions. I would like a verification from you guys just to know if I understand it correctly:
- Dual stack on Junos OS is called Dual-stack Lite (DS-Lite). So If a device does not support this (on Pathfinder is says that SRX340 does not support DS-Lite), I cannot implement this technique.
- Dual stack can have impact on resources since every devices will run two stacks at the same time.
Which technique do you guys recommend to implement, dual-stack or tunneling (such as 6PE)? The goal is to keep running these routing protocols alongside IPv6. Which technique has the least impact on resources as well as on network configuration.
I appreciate every reply of you guys.
------------------------------
MOHAMAMD AYASH
------------------------------