Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Configuring AFTR Redundancy Using an IPv6 Anycast Address on Multiple AFTRs

This example shows how to configure redundancy with two or more DS-Lite Address Family Transition Routers (AFTRs) using a single IPv6 anycast address.

Requirements

This example uses the following hardware and software components:

  • Juniper Networks MX Series 3D Universal Edge Routers with Multiservices Dense Port Concentrators (DPCs)

  • Juniper Networks® Junos® operating system (Junos OS) 10.4 or later running on the AFTRs

Note:

This configuration example has been tested using the software release listed and is assumed to work on all later releases.

Overview

You can provide redundancy using DS-Lite by configuring the same IPv6 anycast address on two or more AFTRs (softwire concentrators) as the softwire address. Basic Bridging Broadband Elements (B4s) only need to know this anycast address for the softwire endpoint, and the least-cost AFTR, per the routing updates, is used for the other softwire endpoint. If the least-cost AFTR goes down or the cost to get to this AFTR becomes higher than another AFTR, packets are redirected to the other AFTR. This is automatically handled by routing updates in the IPv6 cloud. You can also configure different Network Address Translation (NAT) pools at AFTRs and provide continuous service between IPv4 nodes in different domains.

Topology

Figure 1 provides a sample network topology for configuring IPv6 anycast address on two or more AFTRs.

Figure 1: Sample Topology for DS-Lite Anycast Configuration Using Multiple AFTRsSample Topology for DS-Lite Anycast Configuration Using Multiple AFTRs

In Figure 1:

  • The IPv4 client or host in the home network is configured with an IPv4 interface to the ISP and a static route to the IPv4 server on the Internet.

  • The address of the NAT pool between AFTR1 and the Internet is 7.7.7.0/24. The address of the NAT pool between AFTR2 and the Internet is 8.8.8.0/24.

  • The B4 or softwire initiator is configured with an IPv4 interface, an IPv6 interface, and an IPv4-in-v6 tunnel to an anycast address.

  • The pure IPv6 node in the IPv6 cloud is configured with interfaces to the IPv6 interfaces and OSPFv3 for route updates.

  • The AFTRs (AFTR1 and AFTR2) are configured with anycast address B001::1/128. If one of the links between the B4 and an AFTR fails, the other AFTR is used for traffic.

  • The IPv4 node on the Internet is configured with an IPv4 interface and routes for reverse traffic.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

AFTR1

AFTR2

Configuring AFTR1

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see the ../../../../../../.

Router AFTR1 is the primary router with an IPv6 interface to the ISP network (IPv6 cloud) and an IPv4 interface to the Internet. Configure the IPv4 interface, IPv6 interface, softwire endpoint, and NAT.

  1. Configure the Layer 3 service package.

    This example assumes that the PIC is in FPC 1, slot 1.

    The service package with its associated sp- interface is for manipulating traffic before it is delivered to its destination. For details about configuring service packages, see the Junos OS Services Interfaces Configuration Guide.

  2. Configure an IPv4 address and port for the NAT pool to specify the IPv4-to-IPv6 translation for packets traveling between the AFTR router and the Internet.

  3. Configure a NAT rule to translate the private IPv4 address from the home network to NAT pool ds1-p1.

    NAT rules specify the traffic to be matched and the action to be taken when traffic matches the rule. In this example, only one rule is required to accomplish the address translation. The rule selects all traffic coming from the source address 11.11.1.0.

  4. Configure the softwire concentrator, associate it with the IPv6 anycast address, and create a softwire rule.

    The rule in this example specifies that any traffic destined for the softwire concentrator dsl1 creates a new softwire. You can also configure more elaborate match conditions to perform as part of softwire initiator actions.

  5. Configure the maximum transmission unit (ranging from 1280 to 9192 bytes) for the softwire for encapsulating IPv4 packets to IPv6.

    This is the maximum packet size that can be sent on a tunnel from the AFTR to B4 without fragmentation. If the final length of the packet is greater than the MTU, the IPv6 packet would be fragmented.

    Note:

    Including the mtu-v6 statement is mandatory, and you cannot commit the example configuration unless this statement is configured.

  6. Configure the services interface that contains the service set.

  7. Configure a service set for the NAT and DS-Lite services using the dsl-nat1 NAT rule and the ds1-sw softwire rule configured in Step 3 and Step 4.

    In this example, the name of the service set it is dsl-ss.

  8. Associate the softwire and NAT rules and the service interface with the service set.

  9. Configure the interface between the home router running the B4 and the router in the ISP network running the AFTR, and include the IPv6 address of the AFTR router (softwire address).

    In this example, the interface is ge-2/1/0.

  10. Associate the appropriate service set for the NAT and DS-Lite services.

  11. Configure the IPv4 interface between the AFTR and the Internet, and specify the IPv4 address connected to the Internet.

    In this example, the interface is ge-2/1/6.

  12. Configure OSPFv3 for route advertisements.

Results

In configuration mode, confirm your configuration by entering the show chassis, show services, show interfaces, and show protocols ospf3 commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Configuring AFTR2

Step-by-Step Procedure

Router AFTR2 is the secondary router with an IPv6 interface to the ISP network (IPv6 cloud) and an IPv4 interface to the Internet. Configure the IPv4 interface, IPv6 interface, softwire endpoint, and NAT.

  1. Configure the Layer 3 service package.

    This example assumes that the PIC is in FPC 1, slot 1.

    The service package with its associated sp- interface is for manipulating traffic before it is delivered to its destination. For details about configuring service packages, see the Junos OS Services Interfaces Configuration Guide.

  2. Configure an IPv4 address and port for the NAT pool to specify the IPv4-to-IPv6 translation for packets traveling between the AFTR router and the Internet.

  3. Configure a NAT rule to translate the private IPv4 address from the home network to NAT pool dsl-p2.

    NAT rules specify the traffic to be matched and the action to be taken when traffic matches the rule. In this example, only one rule is required to accomplish the address translation. The rule selects all traffic coming from the source address 11.11.1.0.

  4. Configure the softwire concentrator, associate it with the IPv6 anycast address, and create a softwire rule.

    The rule in this example specifies that any traffic destined for the dsl2 softwire concentrator creates a new softwire.

  5. Configure the maximum transmission unit (ranging from 1280 to 9192 bytes) for the softwire for encapsulating IPv4 packets to IPv6.

    This is the maximum packet size that can be sent on a tunnel from the AFTR to B4 without fragmentation. If the final length of the packet is greater than the MTU, the IPv6 packet would be fragmented.

    Note:

    Including the mtu-v6 statement is mandatory, and you cannot commit the example configuration unless this statement is configured.

  6. Configure the services interface that contains the service set.

  7. Configure a service set for the NAT and DS-Lite services using the dsl-nat2 NAT rule and the dsl-sw2 softwire rule configured in Step 3 and Step 4.

    In this example, the name of the service set is dsl-ss2.

  8. Associate the softwire and NAT rules and the service interface with the service set.

  9. Configure the interface between the pure IPv6 node in the IPv6 cloud and the AFTR. In this example, the interface is ge-2/3/4.

  10. Include the IPv6 address of the AFTR router (softwire address).

  11. Associate the appropriate service set for the NAT and DS-Lite services.

  12. Configure the IPv4 interface between the AFTR and the Internet and specify the IPv4 address connected to the Internet.

    In this example, the interface is ge-2/3/0.

  13. Configure OSPFv3 for route advertisements.

  14. Configure a static route to the IPv4 node on the Internet.

Results

In configuration mode, confirm your configuration by entering the show chassis, show interfaces, show services, show protocols ospf3, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying Redundancy of the AFTRs

Purpose

Verify that traffic flow is maintained using the secondary AFTR if an interface on one AFTR is brought offline.

Action

  1. Verify traffic flow between the IPv4 host on the home network and the IPv4 node on the Internet.

    Additionally, check the softwire flows for AFTR1.

    The output shows ICMP source and destination addresses indicating traffic flow between the IPv4 host on the home network and the IPv4 node on the Internet. The DS-Lite protocol statistics indicate the softwire flows.

  2. Deactivate the interface ge-2/1/0 on AFTR1.

  3. Commit the configuration.

  4. Issue the show services stateful-firewall flows command on AFTR2 to verify the creation of softwire flows.

    Additionally, verify traffic flows between the IPv4 host on the home network and the IPv4 node on the Internet.

Meaning

The output shows NAT and softwire source and destination addresses for traffic flow between AFTR2 and the IPV4 node on the Internet. This indicates that AFTR2 is now operating as the secondary AFTR when AFTR1 is offline.