Enabling Flow-Based Processing for IPv6 Traffic

You have the following options for handling IPv6 traffic:

Note: Packet-based forwarding is not supported for SRX3400, SRX3600, SRX5600, or SRX5800 devices; and the option is unavailable in the CLI.

To enable flow-based processing for IPv6 traffic, modify the mode statement at the [edit security forwarding-options family inet6] hierarchy level:

security {forwarding-options {family {inet6 {mode flow-based;}}}}

The following example shows the CLI commands you use to configure forwarding for IPv6 traffic:


[edit]
user@host# set security forwarding-options family inet6 mode ? 
Possible completions:
  drop                 Disable forwarding
  flow-based           Enable flow-based forwarding
  packet-based         Enable packet-based forwarding

[edit]
user@host# set security forwarding-options family inet6 mode flow-based


user@host# show security forwarding-options 
family {
    inet6 {
        mode flow-based;
    }
}

If you change the forwarding option mode for IPv6, you might need to perform a reboot to initialize the configuration change. Table 8 summarizes device status upon configuration change.

Table 8: Device Status Upon Configuration Change

Configuration Change

Commit Warning

Reboot Required

Impact on Existing Traffic Before Reboot

Impact on New Traffic Before Reboot

Drop to flow-based

Yes

Yes

Dropped

Dropped

Drop to packet-based

No

No

Packet-based

Packet-based

Flow-based to packet-based

Yes

Yes

None

Flow sessions created

Flow-based to drop

Yes

Yes

None

Flow sessions created

Packet-based to flow-based

Yes

Yes

Packet-based

Packet-based

Packet-based to drop

No

No

Dropped

Dropped

For details on packet-based and flow-based processing, see the Junos OS Security Configuration Guide.

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.