Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to configure next-hop style DS-Lite on am MX router using MS-MPC

0

0

Article ID: KB32230 KB Last Updated: 21 Nov 2017Version: 1.0
Summary:

This article provides an overview of DS-Lite with configuration steps and basic design guidelines for implementing DS-Lite with the Multiservices MPC(MS-MPC). DSlite on MS-MPC/MIC is supported from Junos 17.4R1.

Solution:

The dual-stack lite (DS-Lite) technology is intended for maintaining connectivity to legacy IPv4 devices and networks after the exhaustion of the IPv4 address space while service provider networks make a transition to IPv6-only deployments. DS-Lite allows IPv4 customers to continue to access IPv4 Internet with minimum disruption on their home networks, and at the same time, allowing IPv6 customers to access IPv6 content.

DS-Lite is an architecture that allows IPv4 services to be provided in an IPv6 network. Dual-Stack Lite also de-couples IPv6 deployment in the service provider network from the rest of the Internet, making incremental deployment easier.

B4 (Base Bridging Broadband Element) and AFTR (Address Family Translating Router) together deliver DS-Lite service to customers. B4 is implemented on the host or customer premises equipment (CPE). It creates IPv4-in-IPv6 tunnel, encapsulate private IPv4 network packets in IPv6 tunnel and forward them towards AFTR. On the other hand, AFTR element terminates IPv4-in-IPv6 tunnel and implements CGN (NAPT44) to deliver de-capsulated packets into IPv4 Internet.

Softwire Plugin: Softwire Plugin’s primary responsibility is to strip tunneled packets coming from DS-Lite B4 element, reinject inner IPv4 packets to go through configured IPv4 services and finally forwards them towards IPv4 Internet. And on the other direction IPv4 packets coming from IPv4 Internet and heading towards DS-Lite B4 are encapsulated within IPv6 header and forwards tunneled packets towards DS-Lite B4 element.
 

Topology

+--------------+
|              |
|     HOST     |
|              |
+------+-------+
       |  10.0.0.1
       |
       |
       |  10.0.0.2
+------+-------+
|              |
| Home Router  |lo0  5002::1/128
|    CPE B4    |
+------+-------+
       |  2001:0:0:1::1/48
       |
   IPv6 Network
       |  2001:0:0:1::2/48
+------+-------+
|              |
|  SP Router   |Softwire Address 1001::1
|    AFTR      | 
+------+-------+
       |  218.0.0.2/24
       |
       |
       |
       |  218.0.0.1/24
+------+-------+
|              |
|    INTERNET  |
|              |
+--------------+
 

Configuration

Host

Configure the private IPv4 address or DHCP via the B4 router.

set routing-instances CLIENT instance-type virtual-router
set routing-instances CLIENT interface ge-0/0/7.0
set routing-instances CLIENT routing-options static route 0.0.0.0/0 next-hop 10.0.0.2

B4

In this example, B4 is a generic JUNOS IP-IP device.
Configure both the IPv4 and IPv6 addresses and create the IP tunnel, as well as the necessary static route or routing protocol:

set interfaces ge-0/1/8 description "Connected to AFTR"
set interfaces ge-0/1/8 unit 0 family inet6 address 2001:0:0:1::1/48
set interfaces ge-0/1/7 description "Connected to CLIENT"
set interfaces ge-0/1/7 unit 0 family inet address 10.0.0.2/30
set interfaces ge-0/0/7 unit 0 family inet address 10.0.0.1/30
set interfaces lo0 unit 0 family inet6 address 5002::1/128
set interfaces ip-0/0/0 unit 0 tunnel source 5002::1
set interfaces ip-0/0/0 unit 0 tunnel destination 1001::1
set interfaces ip-0/0/0 unit 0 family inet
set routing-options rib inet6.0 static route 1001::1/128 next-hop 2001:0:0:1::2
set routing-options static route 218.0.0.0/24 next-hop ip-0/0/0.0

AFTR

AFTR is a MX device with MS-MPC card.
Configure both the IPv4 and IPv6 addresses with tunnel and softwire; IPv4-v4 NAT is also required:

set services service-set dslite-svc-set1 softwire-rules dslite-rule
set services service-set dslite-svc-set1 nat-rules dslite-nat-rule1
set services service-set dslite-svc-set1 next-hop-service inside-service-interface ms-6/0/0.1
set services service-set dslite-svc-set1 next-hop-service outside-service-interface ms-6/0/0.2
set services softwire ipv6-multicast-interfaces all
set services softwire softwire-concentrator ds-lite ds1 softwire-address 1001::1
set services softwire softwire-concentrator ds-lite ds1 mtu-v6 9192
set services softwire rule dslite-rule match-direction input
set services softwire rule dslite-rule term t1 then ds-lite ds1
set services nat pool dslite-pool1 address-range low 33.33.33.1 high 33.33.33.32
set services nat pool dslite-pool1 port automatic
set services nat pool dslite-pool1 ei-mapping-timeout 300
set services nat pool dslite-pool1 app-mapping-timeout 300
set services nat rule dslite-nat-rule1 match-direction input
set services nat rule dslite-nat-rule1 term t1 then translated source-pool dslite-pool1
set services nat rule dslite-nat-rule1 term t1 then translated translation-type napt-44
set services nat rule dslite-nat-rule1 term t1 then translated mapping-type endpoint-independent
set services nat rule dslite-nat-rule1 term t1 then translated filtering-type endpoint-independent
set services nat rule dslite-nat-rule1 term t1 then translated address-pooling paired
set interfaces ge-4/1/8 description "Connected to B4"
set interfaces ge-4/1/8 unit 0 family inet6 address 2001:0:0:1::2/48
set interfaces ge-4/1/7 description "Connected to Internet"
set interfaces ge-4/1/7 unit 0 family inet address 218.0.0.2/24
set interfaces ge-4/0/7 unit 0 family inet address 218.0.0.1/24
set interfaces ms-6/0/0 unit 1 family inet
set interfaces ms-6/0/0 unit 1 family inet6
set interfaces ms-6/0/0 unit 1 service-domain inside
set interfaces ms-6/0/0 unit 2 family inet
set interfaces ms-6/0/0 unit 2 family inet6
set interfaces ms-6/0/0 unit 2 service-domain outside
set forwarding-options family inet filter input TEST
set forwarding-options family inet6 filter input TEST-IPV6
set routing-options rib inet6.0 static route 5002::1/128 next-hop 2001:0:0:1::1
set firewall family inet filter TEST term 0 from source-address 10.0.0.0/30
set firewall family inet filter TEST term 0 then routing-instance CGNAT
set firewall family inet filter TEST term 1 then accept
set firewall family inet6 filter TEST-IPV6 term 1 from source-address 5002::1/128
set firewall family inet6 filter TEST-IPV6 term 1 then routing-instance CGNAT
set firewall family inet6 filter TEST-IPV6 term 2 then accept
set routing-instances CGNAT instance-type virtual-router
set routing-instances CGNAT interface ms-6/0/0.1
set routing-instances CGNAT routing-options rib CGNAT.inet6.0 static route ::/0 next-hop ms-6/0/0.1
set routing-instances CGNAT routing-options rib CGNAT.inet6.0 static route 5002::1/128 next-table inet6.0
set routing-instances CGNAT routing-options static route 0.0.0.0/0 next-hop ms-6/0/0.1
set routing-instances CGNAT routing-options static route 10.0.0.0/30 next-table inet.0

Internet

set routing-instances INTERNET instance-type virtual-router
set routing-instances INTERNET interface ge-4/0/7.0
set routing-instances INTERNET routing-options static route 0.0.0.0/0 next-hop 218.0.0.2

Verification

Here is an example where 1001::1 is configured as a softwire DSLITE concentrator address on the MX.

B4# run ping 1001::1 source 5002::1      
PING6(56=40+8+8 bytes) 5002::1 --> 1001::1
16 bytes from 1001::1, icmp_seq=0 hlim=63 time=0.746 ms
16 bytes from 1001::1, icmp_seq=1 hlim=63 time=0.703 ms
16 bytes from 1001::1, icmp_seq=2 hlim=63 time=0.535 ms
16 bytes from 1001::1, icmp_seq=3 hlim=63 time=0.551 ms
16 bytes from 1001::1, icmp_seq=4 hlim=63 time=2.431 ms
16 bytes from 1001::1, icmp_seq=5 hlim=63 time=0.536 ms

B4# run show route 1001::1

inet6.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1001::1/128        *[Static/5] 12:57:05
                    > to 2001:0:0:1::2 via ge-0/1/8.0
                    
AFTR# run show route 1001::1

CGNAT.inet6.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

1001::1/128        *[Static/1] 12:42:17
                    > via ms-6/0/0.1

Initiate ping from host to internet
B4# run ping 218.0.0.1 count 1 source 10.0.0.1 routing-instance CLIENT

AFTR> show services sessions     
ms-6/0/0
Service Set: dslite-svc-set1, Session: 234881026, ALG: icmp, Flags: 0x400200000, IP Action: no, Offload: no, Asymmetric: no
    Softwire                5002::1         ->         1001::1
ICMP           10.0.0.1        ->       218.0.0.1        Forward  I               1
ICMP          218.0.0.1        ->      33.33.33.1        Forward  O               1

Service Set: dslite-svc-set1, Session: 167772165, ALG: none, Flags: 0x200200000, IP Action: no, Offload: no, Asymmetric: no
DS-LITE          5002::1       ->         1001::1        Forward  I               1
DS-LITE          1001::1       ->         5002::1        Forward  O               1

AFTR> show services softwire
Interface: ms-6/0/0, Service set: dslite-svc-set1
Softwire                                     Direction     Flow count
5002::1         ->        1001::1               I                   1

AFTR> show services softwire count
Interface   Service set                    DS-Lite        6RD
ms-6/0/0    dslite-svc-set1                1              0     

AFTR> show services softwire sessions ds-lite         
ms-6/0/0
Service Set: dslite-svc-set1, Session: 268435458, ALG: icmp, Flags: 0x400200000, IP Action: no, Offload: no, Asymmetric: no
    Softwire                5002::1         ->         1001::1
ICMP           10.0.0.1        ->       218.0.0.1        Forward  I              54
ICMP          218.0.0.1        ->      33.33.33.2        Forward  O              54

Service Set: dslite-svc-set1, Session: 201326597, ALG: none, Flags: 0x200200000, IP Action: no, Offload: no, Asymmetric: no
DS-LITE          5002::1       ->         1001::1        Forward  I              54
DS-LITE          1001::1       ->         5002::1        Forward  O              54

AFTR> show services softwire statistics          
ms-6/0/0
    Total Session Interest events                           :24
    Total Session Destroy events                            :6
    Total Session Public Request events                     :26
    Total Session Accepts                                   :7
    Total Session Discards                                  :0
    Total Session Ignores                                   :6
    Total Session extension alloc failures                  :0
    Total Session extension set failures                    :0
Softwire statistics
    Total Softwire sessions created                         :21
    Total Softwire sessions deleted                         :6
    Total Softwire sessions created for reverse packets     :0
    Total Softwire session create failed for reverse pkts   :0
    Total Softwire rule match success                       :7
    Total Softwire rule match failed                        :6
    Softwire session limit exceeded                         :0
Softwire packet statistics
    Total Packets processed                                 :2058
    Total packets encapsulated                              :1029
    Total packets decapsulated                              :1029
    Encapsulation errors                                    :0
    Decapsulation errors                                    :0
    Encapsulated pkts re-inject failures                    :0
    Decapsulated pkts re-inject failures                    :0
    DS-Lite ICMPv4 Echo replies sent                        :0
    DS-Lite ICMPv4 TTL exceeded messages sent               :0
    ICMPv6 ECHO request messages received destined to AFTR  :0
    ICMPv6 ECHO reply messages sent from AFTR               :0
    ICMPv6 ECHO requests to AFTR process failures           :0
    V6 untunnelled packets destined to AFTR dropped         :0
    Softwire policy add errors                              :0
    Softwire policy delete errors                           :0
    Softwire policy memory alloc failures                   :0
    Softwire Untunnelled packets ignored                    :0
Softwire Misc errors
    DS-Lite ICMPv4 TTL exceed message process errors        :0
    
jtac@ERX-MX960-II-RE0# run show services service-sets plug-ins    
Interface: ms-6/0/0
  Service-set: dslite-svc-set1, State: Ready
  Plugins configured: 5
Plugin: junos-softwire-head, ID: 8
Plugin: jnx-msvcs-tcp-tracker-plugin, ID: 11
Plugin: junos-alg, ID: 2
Plugin: junos-nat, ID: 1
Plugin: junos-softwire-tail, ID: 9

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search