Sby Juniper

IPV6 on JUNOS Platform
Mochammad Irzan, irzan@juniper.net Presented at IPV6 Workshop, Surabaya 28 April 2010
Copyright 2009 Juniper Networks, Inc.
www.juniper.net
Agenda
Introduction Juniper Network Products JUNOS Command Line Interface IPv6 Configuration Addressing Routing Protocol (OSPF, ISIS, BGP) IPv6 Tunneling via IPv4 using GRE tunnel IPv6 via MPLS NAT between IPV6 and IPV4
2
Copyright 2009 Juniper Networks, Inc. www.juniper.net
Introduction
JUNIPER Networks www.juniper.net
www.juniper.net
LEarning material
http://www.juniper.net/en/us/training/ http://www.juniper.net/us/en/training/certification/books.html http://www.juniper.net/us/en/training/technical_education/ http://www.juniper.net/techpubs
www.juniper.net
Juniper Networks product portfolio

Security Switches Routers
E Series
T Series SRX Series
J Series
SRC Series SA Series & UAC
SBR Series
EX Series M Series MX Series
www.juniper.net
PRoduct
Routing
T-Series, JCS1200, M-Series, MX-Series, E-Series, J-Series, BX-Series, CTP-Series
Switching
EX-Series
Security
IDP Series, ISG Series, Netscreen Series, SA Series, SRX Series, SSG Series, Unified Access Control
Identity and Policy Management

C-Series/SRC, SBR-Series (AAA Server), Odyssey, Access Client
Application Acceleration
WX-series, WXC-Series, ISM200
Network Management
6
NSM, STRM, Junoscope, J-Web, CTPView, WX Central Management system, Junos SPACE
Network operating system

JUNOS JUNOSe ScreenOS WXOS CTOS
www.juniper.net
Junos the power of one

One OS
T Series
EX8200 Line
MX Series
NSM NSM Express EX8200 Line
One Release
SRX5800
SRX5600 9.2
3Q08
9.3
4Q08
9.4
1Q09
SRX3000 Line
M Series EX4200 Line J Series EX3200 Line
One Architecture
SECURIT Y
ROUTERS
SWITCHE S
API
Module X
www.juniper.net
JUNOS Platform
Platform Routing High T-Series (T1600, T640), MX960 EX8216, EX8208 SRX5800, SRX5600 Medium Low
T320, M320, M120, M10i, M7i, J6350, M40e, MX480, J4350, J2320, MX240 J2350, MX80 EX4200 EX3200, EX2200 SRX3600, SRX240, SRX210, SRX3400, SRX650 SRX100 ISM200 (integrated with J-Series)
Switching Security
WAN Accelerator
www.juniper.net
Hardware architecture
Service Plane
p Ap
Control Plane
rfo r Re Sc ma lia ale nc e bi lit y
Pe
s on i at lic
rfo r Re Sc ma al nc lia e e bi lit y
Modular applications; dedicated engines
rfo r Re Sc ma lia ale nc e bi lit y
Pe
Carrier-class operating system
Forwardin g Plane
10
High-performance custom silicon
Pe
www.juniper.net
hardware architecture (...)
Routing Engine
RE : Routing Engine PFE : Packet Forwarding Engine SC : Service Card IOC : Input/Output Card
PFE
IOC
IOC
SC
11
www.juniper.net
JUNOS configuration
CLI (Command Line Interface) Console (Serial port) Remote Access (Telnet/SSH) WEB Interface JWeb NETCONF JUNOScript
12
www.juniper.net
JUNOS CLI
13
www.juniper.net
JUNOS CLI (...)

JUNOS CLI Operational Mode Configuration Mode
14
www.juniper.net
JUNOS CLI (...)
15
www.juniper.net
Changing junos configuration

Configuration mode displaying configuration use set command JUNOS configuration Candidate configuration running configuration Commit and Rollback
16
www.juniper.net
JUNOS configuration
17
www.juniper.net
JUNOS Configuration
18
www.juniper.net
JUNOS Configuration
19
www.juniper.net
JUNOS configuration
By default up to 50 configuration is stored on the system use rollback command to reverse the configuration to previous version
20
www.juniper.net
IPV6 deployment
Dual stack IPv6 Tunneling GRE Tunneling IP-IP Tunneling MPLS NAT (Network Address Translation) IPv6 IPv4
21
www.juniper.net
configuring JUNOS for ip/ipv6 routing

Interface configuration physical configuration logical configuration
IPv4/IPv6 address configuration
Routing configuration routing protocol configuration
Static Route Dynamic route

ISIS OSPF/OSPFv3 BGP
22
www.juniper.net
Routing table on junos

inet.0
Default IP version 4 (IPv4) unicast routing table inet6.0 Default IP version 6 (IPv6) unicast routing table instance-name.inet.0 Unicast routing table for a particular routing instance instance-name.inet.6 Unicast routing table for a particular routing instance inet.1 Multicast forwarding cache
23
www.juniper.net
Routing table on junos

inet.2
Unicast routes used for multicast reverse path forwarding (RPF) lookup inet.3 MPLS routing table for path information mpls.0 MPLS routing table for label-switched path (LSP) next hops
24
www.juniper.net
network topology
Loopback : 2001:aaaa:0:FFFF::2/128 192.168.255.2 LAN : 2001:aaaa:0:102::1/64 192.168.2.1/24
PC1 2001:aaaa:0:1::/6 4 192.168.100.0/30 R1 R2 Web 192.168.2.5 2001:aaaa:0:102::5
Loopback : 2001:aaaa:0:FFFF::1/128 192.168.255.1 LAN : 2001:aaaa:0:101::1/64 192.168.1.1/24
25
www.juniper.net
Interface configuration
26
www.juniper.net
Router advertisement
27
www.juniper.net
STatic routing
28
www.juniper.net
OSPF configuration
IPv6 requires OSPFv3 OSPFv3 support multi area OSPF support authentication
29
www.juniper.net
OSPF Configuration
30
www.juniper.net
OSPF Configuration
31
www.juniper.net
Verifying OSPF configuration

show ospf3 overview show ospf3 neigbour show ospf3 database show ospf3 route show ospf3 interface show route table inet6.0 show route table inet6.0 protocol ospf3
32
www.juniper.net
ISIS configuration
Requires ISO protocol enabled on the interface Requires ISO NET address one address per Intermediate System (IS) Support IPv4 and IPv6 Support multi area
33
www.juniper.net
ISO NET address

up to 20 bytes consist of Area number
1 byte : AFI (Authority and Format identifier) 0 12 bytes : domain (area) ID
System identifier
6 bytes
n-selecter
1 bytes
49.0001.0001.dead.beef.00
34
www.juniper.net
Interface configuration
35
www.juniper.net
ISIS protocol configuration
36
www.juniper.net
Network topology
AS1000 Loopback : 2001:aaaa:0:FFFF::2/128 192.168.101.2 2001:aaaa:0:1::/6 4 192.168.11.0/30 R1 Loopback : 2001:aaaa:0:FFFF::1/128 192.168.101.1 LAN : 2001:aaaa:0:101::1/64 192.168.102.1/30 PREFIX : 2001:aaaa::/32 2001:aaaa:1000:/48 192.168.101.0/24 192.168.102.0/24 R2
2001:aabb:0:1::/6 4 192.168.12.0/30 AS2000
EX T Loopback : 2001:BBBB:0:FFFF::1/128 192.168.201.1 LAN : 2001:BBBB:0:101::1/64 192.168.202.1/30 PREFIX : 2001:BBBB::/32 2001:BBBB:1000:/48 192.168.201.0/24 192.168.202.0/24
www.juniper.net
37
BGP Configuration
BGP PEER External BGP Internal BGP Routing Policy Advertising prefixes Receiving prefixes modifying BGP attribute
38
www.juniper.net
BGP Configuration (...)
39
www.juniper.net
BGP configuration ()
40
www.juniper.net
BGP configuration (...)
41
www.juniper.net
Connecting IPV6 via IPV4 using Tunnel

IPv6 network is connected using GRE tunnel/IPIP tunnel via IPv4 network Routing protocol is enabled on the Tunnel Interface Tunnel is established via IPv4 network Tunnel Interface requires Tunnel PIC on Juniper platform
42
www.juniper.net
Network topology
Loopback : 2001:aaaa:0:FFFF::2/128 R2 C1 192.168.1.0/24
Tunnel : 2001:aabb:0:1::/64
2001:aaaa:0:1::/6 4 R1 Loopback : 2001:aaaa:0:FFFF::1/128 LAN : 2001:aaaa:0:101::1/64
R3 Loopback : 2001:BBBB:0:FFFF::3/128 2001:bbbb:0:1::/ 64 R4
Loopback : 2001:BBBB:0:FFFF::4/128 LAN : 2001:BBBB:0:101::1/64
43
www.juniper.net
Tunnel configuration
44
www.juniper.net
isis configuration that include tunnel interface
45
www.juniper.net
Connectiong IPv6 islands via MPLS

MPLS network allow L3 or L2 networks connected via MPLS using L3VPN or L2VPN/VPLS IPv6 networks can be connected via MPLS using : 6PE (RFC4798, Connecting IPv6 Islands over IPv4 MPLS Using IPv6 Provider Edge Routers) 6VPE (RFC4659, BGP-MPLS IP Virtual Private Network (VPN) Extension for IPv6 VPN ) PE routers must support dual stack (IPv4 and IPv6)
46
www.juniper.net
Network topology
IPV6 CE1 B
PE 1
MPLS
PE 2
CE2 B IPV6
47
www.juniper.net
IPv6 PE
IPV6 CE1 B
PE 1
P1
R R MPLS
PE 2
CE-PE Routing Protocol BGP with IPv6 with label MPLS forwarding IPv6 forwarding
CE2 B IPV6
48
www.juniper.net
IPV6 PE ()
49
www.juniper.net
IPV6 PE ()
50
www.juniper.net
IPv6 via L3VPN
IPV6 CE1 B
PE 1
P1
R R MPLS
PE 2
CE-PE Routing Protocol BGP with IPv6 VPN with label MPLS forwarding IPv6 forwarding
CE2 B IPV6
51
www.juniper.net
IPv6 via L3VPN ()
52
www.juniper.net
IPv6 via L3VPN ()
53
www.juniper.net
NAT between IPV4 and IPV6

Breaks globally unique address model Breaks address stability Breaks always-on model Breaks peer-to-peer model Breaks some applications Breaks some security protocols Breaks some QoS functions Introduces a false sense of security Introduces hidden costs (applications and operations) NAT inhibits development of new applications
54
NAT between IPV6 and IPV4
NAT gateway
IPv6 Network
IPv4 Network
IPv6 to IPv4 address translation, Basic NAT IPv6 to IPv4 address translation + Protocol Translation, NAT-PT May include application layer translation, such DNS
55
www.juniper.net
NAT between IPV6 and IPV4 ()
NAT gateway 2001:1:1:1::/64 IPv6 Network Host A
DNS Server
IPv4 Network www.xyz.com
Translation Table : 2001:1:1:1::/64 202.100.1.0/24 (for host connected to IPv6) Other IPv4 network 2001:1:10:10::/64
56
www.juniper.net
2001:1:1:1::/64
NAT gateway
AAAA Query
DNS Server
A Query
Host A
www.xyz.com 202.105.105.10
IPv6 Network
IPv4 Network
57
www.juniper.net
1.
2.
3. 4.
5.
58
6.
Host A send DNS query for www.xyz.com, DNS AAAA Query NAT gateway translate AAAA query to A query DNS Server reply with 202.105.105.10 NAT gateway translate DNS reply, host information 202.105.105.10 to 2001:1:10:10::105 Host A send packet to ip address 2001:1:10:10::105 NAT gateway translate DA 2001:1:10:10::105 to DA 202.105.105.10, and SA 2001:1:1::15
59
www.juniper.net

Sby Juniper

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Sby Juniper

Загружено:

Авторское право:

Доступные форматы

IPV6 on JUNOS Platform

Mochammad Irzan, irzan@juniper.net Presented at IPV6 Workshop, Surabaya 28 April 2010

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Juniper Networks product portfolio

T Series SRX Series

SRC Series SA Series & UAC

EX Series M Series MX Series

Copyright 2009 Juniper Networks, Inc.

Identity and Policy Management

Network operating system

Copyright 2009 Juniper Networks, Inc.

Junos the power of one

NSM NSM Express EX8200 Line

M Series EX4200 Line J Series EX3200 Line

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

rfo r Re Sc ma lia ale nc e bi lit y

rfo r Re Sc ma al nc lia e e bi lit y

Modular applications; dedicated engines

rfo r Re Sc ma lia ale nc e bi lit y

Carrier-class operating system

High-performance custom silicon

hardware architecture (...)

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

JUNOS CLI (...)

Copyright 2009 Juniper Networks, Inc.

JUNOS CLI (...)

Copyright 2009 Juniper Networks, Inc.

Changing junos configuration

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

configuring JUNOS for ip/ipv6 routing

IPv4/IPv6 address configuration

Routing configuration routing protocol configuration

Static Route Dynamic route

ISIS OSPF/OSPFv3 BGP

Copyright 2009 Juniper Networks, Inc.

Routing table on junos

Copyright 2009 Juniper Networks, Inc.

Routing table on junos

Copyright 2009 Juniper Networks, Inc.

PC1 2001:aaaa:0:1::/6 4 192.168.100.0/30 R1 R2 Web 192.168.2.5 2001:aaaa:0:102::5

Loopback : 2001:aaaa:0:FFFF::1/128 192.168.255.1 LAN : 2001:aaaa:0:101::1/64 192.168.1.1/24

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

Verifying OSPF configuration

Copyright 2009 Juniper Networks, Inc.

Copyright 2009 Juniper Networks, Inc.

ISO NET address

1 byte : AFI (Authority and Format identifier) 0 12 bytes : domain (area) ID

Copyright 2009 Juniper Networks, Inc.