Wednesday, 2 June 2010
Juniper SRX210 Junos 10.2 flow based IPv6 forwarding
« work work work 2010 is busy! | Main | The book of Xen, review »I have previously talked about Juniper SRX and IPv6 forwarding, where it is possible to get them to forward IPv6 packets. In packet-based mode:
[edit security forwarding-options]
hlk@bender# show
family {
inet6 {
mode packet-based;
}
}
I was thus very interested when I got hold of the release notes for JUNOS 10.2 which told about flow-based forwarding. I downloaded the 10.2 relase and upgraded my small testsystem which is a SRX210B - low memory model. It needed some cleanup to free space, and update went smoothly - but slowly! Good dammmmmn slow!
But sorry, getting ahead of myself here. To change your SRX device into flow-based go to security and forwarding options:
[edit security forwarding-options] hlk@bender# set family inet6 mode flow-based
[edit security forwarding-options]
hlk@bender# exit
[edit]
hlk@bender# commit
warning: You have enabled/disabled inet6 flow.
You must reboot the system for your change to take effect.
If you have deployed a cluster, be sure to reboot all nodes.
commit complete
[edit]
Then reboot using:
hlk@bender# exit Exiting configuration mode hlk@bender> request system reboot Reboot the system ? [yes,no] (no) yes Shutdown NOW! [pid 1274] hlk@bender> *** FINAL System shutdown message from hlk@bender *** System going down IMMEDIATELY
and you are done - and have an IPv6 capable firewall :-)
I will suggest that you try to change this option immediately after upgrading, so consider this post a heads-up for that :-) Especially since it takes about 5 minutes from reboot requested until system is running again - maybe my configuration is somehow borken?!
Posted by at CEST 11:06 02/06/2010 in IPv6
[Trackback URL for this entry]
