Configuring Service Sets for Next Gen Services Softwires
You must include previously defined NAT or stateful firewall softwire rules or a softwire rule set in a service set to enable softwire processing.
Starting in Junos OS release 20.2R1, DS-Lite, MAP-E and 6rd softwires are supported in MX240, MX480, and MX960 routers. MAP-E and 6rd softwires are supported inline on an MPC by specifying the si-1/0/0 interface naming convention. DS-Lite is softwires run on the MX-SPC3 security services card.
To configure service sets for softwires:
- Specify a name for the service set. [edit services]user@host# edit service-set service-set-name
For example:[edit services]user@host# edit service-set vms-sw-ss
- Specify the IPv6 prefix length for the subscriber addresses.[edit services service-set vms-sw-ss]user@host# set softwire-options dslite-ipv6-prefix-length dslite-ipv6-prefix-length
We support four prefix lengths: 56, 64,96 and 128, which is the default.
- For NAT, you can include a NAT rule for flows originated
by DS-Lite softwires.
Currently a NAT rule configuration is required with a DS-Lite softwire configuration when you use interface service set configurations; NAT is not required when using next-hop service set configurations. NAT processing from IPv4 to IPv6 address pools and vice versa is not currently supported. FTP, HTTP, and RSTP are supported.
With a DS-Lite softwire, if you configure stateful firewall rules without configuring NAT rules, using an interface service set causes the ICMP echo reply messages to not be sent correctly to DS-Lite. This behavior occurs if you apply a service set to both inet and inet6 families. In such a scenario, the traffic that is not destined to the DS-Lite softwire concentrator is also processed by the service set and the packets might be dropped, although the service set must not process such packets.
To prevent the problem to incorrect processing of traffic applicable for DS-Lite, you must configure a next-hop style service set and not an interface style service set. This problem does not occur when you configure NAT rules with interface service sets for DS-Lite.
Specify the name of the NAT rule set.[edit services service-set vms-sw-ss]user@host# edit nat-rule-sets nat-rule-set-name
- Specify the service interface to be used.
- Specify the name of the previously defined softwires rule
set that you want to apply to this service set. [edit services service-set vms-sw-ss]user@host# set softwires-rule-set rule-set-name