Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring a 6rd Softwire

Configuring a 6rd Softwire Concentrator

The 6rd feature is supported on Multiservices 100, 400, and 500 PICs on M Series routers, and on MX Series routers equipped with Multiservices DPCs. The 6rd feature is not supported on MX Series routers with MS-MPCs or MS-MICs.

To configure a 6rd softwire concentrator:

  1. Assign a name to the 6rd softwire concentrator.
  2. Specify the address of the softwire tunnel.
  3. Specify the MTU for the softwire tunnel.
    Tip:

    In this release there is no support for fragmentation and reassembly, therefore the MTUs on the IPv6 and IPV4 network must be properly configured by the administrator.

Note:

Configuration changes to 6rd softwire concentrators do not become effective in the Packet Forwarding Engine. This is a known limitation. If you attempt to add the new configuration of softwire concentrators by overriding the existing configuration of 1024 softwire concentrators, which is the maximum limit of softwire concentrators that the system supports, the new configuration is not updated. To work around this limitation, you must delete the existing configuration and commit the settings, and then add the new configuration of softwire concentrators and commit the settings.

Note:

For 6rd softwire concentrators, packet drops are observed and error messages logged on the virtual terminal session (VTY) console, if one inline services (si-) interface is replaced with another si- interface without stopping the traffic during the replacement of the interface. In a scenario in which an si- interface is associated with a service set that has a large number of softwire concentrators, replacing that interface without halting the traffic causes traffic disruption. You must stop the traffic and restart it during such a replacement of si- interfaces with 6rd softwire concentrators. The following error messages are displayed on the VTY console of the FPC:

packet discarded because no ifl or not SI ifl

Configuring Stateful Firewall Rules for 6rd Softwire

You must configure a stateful firewall rule for use with 6rd softwires. The stateful firewall service is used only to direct packets to the softwire, not for firewalling purposes. The 6rd softwire service itself must be stateless. To support stateless processing, you must include an allow term in both directions of the stateful firewall policy.

The 6rd feature is supported on Multiservices 100, 400, and 500 PICs on M Series routers, and on MX Series routers equipped with Multiservices DPCs. The 6rd feature is not supported on MX Series routers with MS-MPCs or MS-MICs.

To include a stateful firewall rule for 6rd softwire processing:

  1. Assign a name to the rule.
  2. Specify the match direction.
  3. Assign a name for the term.
  4. Specify that all traffic in both directions should be accepted for the softwire process.

Example: Basic 6rd Configuration

Requirements

Note:

The 6rd feature is supported on Multiservices 100, 400, and 500 PICs on M Series routers, and on MX Series routers equipped with Multiservices DPCs. The 6rd feature is not supported on MX Series routers with MS-MPCs or MS-MICs.

This example describes how a 6rd concentrator can be configured for a 6rd domain, D1, to provide IPv6 Internet connectivity.

The following hardware components can perform 6rd:

  • M Series Multiservice Edge routers with Multiservices PICs

  • T Series Core routers with Multiservices PICs

  • MX Series 5G Universal Routing Platforms with Multiservices DPCs

Overview

This configuration example describes how to configure a basic 6rd tunneling solution.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Chassis Configuration

Step-by-Step Procedure

To configure the chassis:

  1. Define the ingress interface.

  2. Configure the ingress interface logical unit and input/output service options.

  3. Configure the address of the ingress interface.

  4. Define the egress interface.

  5. Define the logical unit and address for the egress interface.

  6. Define the services PIC.

  7. Configure the logical unit for the services PIC.

Results

Softwire Concentrator, Softwire Rule, and Stateful Firewall Rule Configuration

Step-by-Step Procedure

To configure the softwire concentrator, softwire rule, and stateful firewall rule:

  1. Define the 6rd softwire concentrator.

  2. Configure the softwire concentrator properties. Here, softwire address 30.30.30.1 is the softwire concentrator IPv4 address, 10.10.10.0/24 is the IPv4 prefix of the CE WAN side, and 3040::0/16 is the IPv6 prefix of the 6rd domain D1.

  3. Define the softwire rule.

  4. Define a stateful firewall rule and properties. You must configure a stateful firewall rule that accepts all traffic in both the input and output direction in order for 6rd to work; however, this is not enforced through the CLI. This is because in IPv6, gratuitous IPv6 packets are expected (due to Anycast) and should not be dropped. The service PIC can handle reverse traffic without seeing all forward traffic. This can also happen with service PIC switchover in the middle of a session. By default, the stateful firewall on the service PIC will drop all traffic unless a rule is configured explicitly to allow it.

Results

Service Set Configuration

Step-by-Step Procedure

To configure the service set:

  1. Define the service set for 6rd processing.

  2. Define the softwire and stateful firewall rules for the service set.

  3. Define the interface-service for the service set.

Results

High Availability and Load Balancing for 6rd Softwires

Note:

The 6rd feature is supported on Multiservices 100, 400, and 500 PICs on M Series routers, and on MX Series routers equipped with Multiservices DPCs. The 6rd feature is not supported on MX Series routers with MS-MPCs or MS-MICs.

Load Balancing a 6rd Domain Across Multiple Services PICs

The 6rd domain is an IPv6 network, which can potentially be very large. A single PIC, or network processing unit (NPU) on a Multiservices DPC, might not be able to handle all the traffic for the 6rd domain. To alleviate load problems, you can load-balance the 6rd domain traffic across multiple PICs. To do so, assign the same softwire rule to different services sets that use different interfaces. Configure explicit routes and equal-cost multipath (ECMP) to load-balance the 6rd traffic.

Example: Load Balancing a 6rd Domain Across Multiple Services PICs

Hardware and Software Requirements

This example requires the following hardware:

  • An MX Series 5G Universal Routing Platform with a services DPC with two available NPUs or an M Series Multiservice Edge router with two services PICs available for 6rd softwire concentrator processing

  • A domain name server (DNS)

This example uses the following software:

  • Junos OS Release 11.4 or higher

Overview

Because of anticipated volume, a provider needs to balance 6rd softwire traffic between two services PICs.

Configuration

Chassis Configuration
Step-by-Step Procedure

To configure the chassis:

  1. Define the ingress interface and its properties.

  2. Define the egress interface and its properties. In this example, the IPv6 clients try to reach the IPv6 server at 3abc::2/16.

  3. Define the services PICs for selection as softwire concentrators by the load-balancing process. This configuration uses two PICs/NPUs: sp-3/0/0 and sp-3/1/0. A next-hop style service set is configured (shown in the next section).

Softwire Concentrator and Softwire Rule Configuration
Step-by-Step Procedure

The softwire configuration is straightforward. In this example, the 6rd domain prefix is 3040::0/16, the 6rd softwire concentrator IPv4 address is 30.30.30.1, and the customer IPv4 network is 10.10.0.0/16. In the customer premises equipment (CPE) network, all customer edge (CE) devices have addresses that belong to the 10.10.0.0/16 network. To configure the softwire:

  1. Go to the [edit services softwire] hierarchy level.

  2. Configure IPv6 multicast.

  3. Go to the softtwire concentrator v6rd hierarchy level and name the softwire concentrator shenick01-rd1.

  4. Configure the softwire concentrator properties.

  5. Configure a softwire rule for incoming 6rd traffic.

Stateful Firewall Configuration
Step-by-Step Procedure

To configure the stateful firewall rule:

  1. Go to the stateful firewall hierarchy level and define a rule.

  2. Set the match direction.

  3. Configure a term that accepts all traffic.

Service Set Configuration
Step-by-Step Procedure

This configuration provides two service sets, each pointing to a different network processing unit (NPU). Both service sets use the same stateful firewall and softwire rules. Because they use the same softwire rule, they refer to same 6rd softwire concentrator. This results in the software concentrator being hosted on both the NPUs.

To configure the service set:

  1. Define a service set for the first NPU.

  2. Configure the softwire and stateful firewall rules for the first NPU.

  3. Configure the inside and outside interfaces for the next-hop service.

  4. Define a service set for the second NPU.

  5. Configure the softwire and stateful firewall rules for the second NPU.

  6. Configure the inside and outside interfaces for the next-hop service.

Load-Balancing Configuration
Step-by-Step Procedure

To configure load balancing:

Configure explicit routes and ECMP to load-balance the 6rd traffic. Configure explicit routes for both the 6rd concentrator IPv4 address and the 6rd domain prefix, so that they point to both NPUs.

  1. To configure static routes for the 6rd domain using the routing-table inet6.0, go to the [edit forwarding-options rib inet6.0 static] hierarchy level and set the routes for the 6rd domain and the 6rd concentrator IPv4 address.

    The service PIC daemon (spd) also adds default routes to these addresses pointing to the NPUs. However, the routes added by the spd use different metrics, which are computed based on the FPC, PIC, slot numbers, and subunit of the services PIC if used in the service set configuration. The static routes configured in this sample configuration will have metrics of 5 and therefore a higher preference than the spd-added routes.

    The explicitly configured routes are as follows:

    Best Practice:

    The spd-installed routes have higher metric values (hence a low preference) and the metrics are different. If the metrics are different and ECMP is not enabled, even though multiple routes exist for the same destination, only one of the routes is picked up all the time (based on the metric). For ECMP you must configure equal-cost routes, and hence a manual configuration of routes is needed as shown above.

  2. Configure equal-cost multipath (ECMP) load balancing by configuring the hash key at the [edit forwarding-optionshash-key] hierarchy level.

  3. Verify your configuration by displaying forwarding-options.

    Tip:

    Both IPv4 and IPv6 hash keys must be configured. The IPv4 hash key is used to distribute the traffic coming from CPE devices to the 6rd branch relay. The IPv6 hash key is used to distribute the traffic coming from the IPv6 Internet to the 6rd domain. Because the hash in the forward and reverse direction is for different families, different flows from the same session can reside on different NPUs. However, 6rd processing is stateless (as far as mapping IPv6 packets to softwires is concerned), so this should not be a problem.

Configuring High Availability for 6rd Using 6rd Anycast

You configure 6rd Anycast by defining two service sets that use the same softwire rule in both service sets, just as you do when you configure load balancing for 6rd. However, you do not configure ECMP, and as a result, the services PIC daemon (spd) installs two routes each for the softwire concentrator address and 6rd domain pointing to each service interface. The forwarding plane can select any route based on the priority, which is computed when the spd installs the routes. The priority is computed based on the FPC, PIC, slot numbers, and subunit number used on the sp- interface. Only one PIC is used based on the route priority, and that PIC gets all of the 6rd traffic. If the PIC goes down. the route pointing to it is also deleted and the forwarding plane automatically selects the alternate available PIC.

6rd Anycast is completely stateless. The spd installs the route and doesn’t run any state machine for the PIC. Because the routes are pre-installed and service sets are already on the PIC, there is no service delay if a failover occurs.