Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Limitations of IPv6
On an SRX Series or a J Series device, when defining IPv6, be aware of the following limitations:
- ALG—Application Layer Gateway (ALG) features for IPv6 sessions are not supported in Junos OS Release 10.3.
- Chassis cluster—The following features are not supported
for IPv6 traffic in Junos OS Release 10.3:
- Active-active deployments for IPv6 sessions
- IP address monitoring for IPv6 destinations
- Class of service—Policers or simple filters for IPv6 traffic are not supported in Junos OS Release 10.3.
- Flow-based processing—If you change the forwarding
option mode for IPv6, you must perform a reboot to initialize the
configuration change. The following table summarizes device status
upon configuration change:
Configuration Change Commit Warning Reboot Required Impact on Existing Traffic Before Reboot Impact on New Traffic Before Reboot Drop to flow-based
Yes
Yes
Dropped
Dropped
Drop to packet-based
No
No
Packet-based
Packet-based
Flow-based to packet-based
Yes
Yes
None
Flow sessions created
Flow-based to drop
Yes
Yes
None
Flow sessions created
Packet-based to flow
Yes
Yes
Packet-based
Packet-based
Packet-based to drop
No
No
Dropped
Dropped
- IPv6 transition mechanisms—Transition mechansisms such as NAT, NAT-PT, DS-lite, or tunneling are not supported in Junos OS Release 10.3.
- J-Web—Configuration of IPv6-related settings with J-Web is not supported in Junos OS Release 10.3. You must use the CLI to configure these settings.
- Multicast—IPv6 multicast is not supported in Junos OS Release 10.3.
- NSM—Configuration of IPv6-related settings with NSM is not supported in Junos OS Release 10.3. You must use the CLI to configure these settings.
- Routing protocols—Equal cost multipath (ECMP) or Intermediate System-to-Intermediate System (IS-IS) protocols are not supported in Junos OS Release 10.3.
- Screens—The following screens are not supported for IPv6 sessions in Junos OS Release 10.3: syn-flood/syn-proxy/syn-cookie, syn-ack-ack-proxy, ip-spoofing.
- Security policy—IDP and UTM for IPv6 sessions are not supported in Junos OS Release 10.3. If your current security policy uses rules with the IP address wildcard any, and IDP and UTM features enabled, you will encounter configuration commit errors because IDP and UTM features do not yet support IPv6 addresses. To resolve the errors, modify the rule returning the error so that it uses the any-ipv4 wildcard; and create separate rules for IPv6 traffic that do not include IDP or UTM features.
- Stateless firewall filters—The following features
are not supported for IPv6 traffic in Junos OS Release 10.3:
- Matching: IPv6 prefix list
- Actions: counter, log, reject, syslog
- System operations—DHCPv6 is not supported in Junos OS Release 10.3.
- User authentication—Firewall authentication or Web authentication over IPv6 is not supported in Junos OS Release 10.3.
- VPN—IPsec or SSL VPN for IPv6 traffic is not supported in Junos OS Release 10.3.
