[j-nsp] SRX650 Clustering - IPv6
Paul Stewart
paul at paulstewart.org
Tue Nov 2 16:44:53 EDT 2010
Found it .. sorry folks - there was a document on their site that explained limitations on 10.2 and IPv6 clustered WAS listed there as not implemented. Now I find new information at
http://www.juniper.net/us/en/community/junos/releases/10-2/#security
IPv6
Release 10.2 adds several new IPv6 capabilities to SRX and J Series devices, including support for:
* Address books and address set entries that contain any combination of IPv4 addresses, IPv6 addresses, and Domain Name System (DNS) names
* Chassis clusters in active-passive (failover) deployments
* Using IPv6 DiffServ code points in class of service (CoS) classifier rules and re-write rules
* Flow-based processing, which enables SRX and J Series security features to process IPv6 traffic
* The ability to configure a logical interface with an IPv4 address, and IPv6 address or both
Any feedback on those folks who have deployed it and have it working is appreciated.... customer is a bit concerned about cost - I'm just concerned about it actually working properly ;)
Cheers,
Paul
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Paul Stewart
Sent: Tuesday, November 02, 2010 4:39 PM
To: 'Crist Clark'; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] SRX650 Clustering - IPv6
Hmmm.. interesting - I thought I had reviewed 10.2 for this support... will dig deeper. So then comes the question - anyone actually *using* IPv6 on clustered SRX? Any real-world feedback?
I have an SRX210H at home and recently discovered an annoying "bug" that IPv6 isn't supported on VLAN interfaces... that was kind of a shock to be blunt..
Thanks,
Paul
-----Original Message-----
From: Crist Clark [mailto:Crist.Clark at globalstar.com]
Sent: Tuesday, November 02, 2010 3:22 PM
To: Paul Stewart; juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] SRX650 Clustering - IPv6
I just happened to be looking at the 10.2 release notes after
seeing your email.
"IPv6 Support
[snip]
* Chassis cluster—In JUNOS Release 10.2, we support chassis
cluster in an active-passive (failover) deployment. [Junos OS Security
Configuration Guide]"
You may want to have a closer look at the 10.2 documentation
(the current recommended release for SRXs). I am not using
this feature so I have no personal experience whether it actually
works.
On 11/2/2010 at 10:43 AM, "Paul Stewart" <paul at paulstewart.org> wrote:
> Hi there.
>
>
>
> We are looking to bring on an additional SRX650 at a site by
clustering.
> One of the requirements though is IPv6 traffic and it appears it's
not
> supported?
>
>
>
> From
>
http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-c
> ollections/release-notes/10/topic-39007.html :
>
>
>
> Chassis Cluster
>
> On SRX Series and J Series devices, the following features are not
supported
> when chassis clustering is enabled on the device:
>
> * All packet-based protocols, such as MPLS, Connectionless
Network
> Service (CLNS), and IP version 6 (IPv6)
>
>
>
>
>
>
>
> Do any of the SRX boxes support clustering with IPv6? Is there any
timeline
> on this being fixed that anyone knows of?
>
>
>
> Our goal is redundant routing engines should something happen - makes
more
> $$$ sense to add an additional SRX650 when there is one existing..
>
>
>
> Thanks in advance,
>
>
>
> Paul
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Crist Clark
Network Security Specialist, Information Systems
Globalstar
408 933 4387
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list