[j-nsp] IPv6

[Kevin Oberman]

> Date: Sat, 23 Jan 2010 11:31:22 -0600
> From: Richard A Steenbergen <ras at e-gerbil.net>
> Sender: juniper-nsp-bounces at puck.nether.net
> 
> On Sat, Jan 23, 2010 at 07:22:21PM +0500, Muhammad Aamir wrote:
> > Hi Experts,
> > 
> > We are planning to go with IPv6; currently we have all Junipers in the
> > Core. I just want to know does juniper supports all features related
> > to IPv6. Anybody faced any problem while configuring IPv6 on their
> > Juniper routers. Does JUNOS (version 9.4) have any bug related to
> > IPv6?  All comments are really appreciated.
> 
> Well, that's a pretty non-specific question, but off the top of my head 
> I'd say that IPv6 works extremely well on Juniper with the following 
> caveats:
> 
> * I've heard reports of issues load balancing IPv6 traffic over ae's on
> older platforms (M20s and the like). I don't know exactly what platforms
> are affected, but it seems likely that everything pre M320/T-series
> would have the same issue. The older PFEs don't seem to be able to hash
> on inet6 addresses, so all the v6 traffic from a single mac lands on a
> single ae member.
> 
> * Juniper does something weird with next-hop self, which causes a lot of
> grief when you want to do ipv4/ipv6 dual stack. Basically the problems
> is there isn't an "update-source <interface>" option like Cisco has, so
> the next-hop self value is taken from the local address of the BGP
> session rather than from any particular interface. So when you carry 
> ipv4+piv6 AFIs over a single IBGP session (using for example an IPv4 
> address as transport), and you do a next-hop self, it sets the v6 
> nexthop to ::i.p.v.4 rather than a proper v6 address. You can avoid 
> setting next-hop self in most cases, but it's pretty hard to avoid when 
> you're doing prefix origination. IMHO the easiest way to work around 
> this is just to make an ::i.p.v.4 alias on your lo0 and carry both 
> values in your IGP, but it's something to keep in mind.
> 
> * IPv6 support is currently nonexistant on the EX8200-series platforms, 
> with varying dates mentioned for when it will finally be added (some of 
> the worst ones being 2011 :P). Why they even bothered shipping this box 
> without IPv6 support I can't imagine, but for whatever reason they did.

We just define our own policy to fake nexthop self:
policy-statement set-nexthop-self {
    term IPv4 {
        from family inet;
        then {
            next-hop self;
        }
    }
    term IPv6 {
        from family inet6;
        then {
            next-hop (IPv6 loopback address);
        }
    }
}

We've had no problems with doing this in our iBGP mesh which is
dual-stack over IPv4.
-- 
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net			Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4  EADA 927D EBB3 987B 3751