Categories

Bluetrait
        Bluetrait
            Videos
            Solar
            Coding
            Geek
            General
            Coding
                PHP
                Bluetrait
                WordPress
                    Plugins
                PHP
                Bluetrait (Program)
            Geek
                Juniper
                Cisco
                IBM N2200 8363
                PCs
                Spam
                IPv6
                Apple
                NetScreen
                Internet
            General
                Uni

Sun, 17 Jan 2010 11:10 AM

Native IPv6 over PPPoE with Internode and a Juniper SSG5

Michael Dale

Internode released a trial of native IPv6 over ADSL a few months back, so anyone with an ADSL account with them can try it.

So one of my clients has an SSG5 and an internode connection so I thought I'd set it up.

So the setup:

  • ADSL modem in bridge mode
  • SSG5 running ScreenOS 6.3.0r2 (I had some issues with 6.2, so it is best to use the latest OS)

The very first step is to enable IPv6 on the SSG5, this requires you to run the following command and then restart/reboot the device:

set envar ipv6=yes

Once done you should now have access to all the IPv6 functions in the WebUI.

The next step is to modify your PPPoE connection settings.

set pppoe name "Internode" username "username@ipv6.internode.on.net" password "encryptedpassword"

set pppoe name "Internode" ppp ipv6cp ipcp

Now you need to enable IPv6 on the interface that the PPPoE connection is setup on.

set interface "ethernet0/0" ipv6 mode "host"

set interface "ethernet0/0" ipv6 enable

set interface ethernet0/0 ipv6 ra accept

unset interface ethernet0/0 ipv6 nd nud

So the above should be enough for you to get the /64 on the PPPoE interface.

Internode is currently handing out a /60 for use in your network (via DHCPv6), so lets now set that up.

set interface ethernet0/0 dhcp6 client

set interface ethernet0/0 dhcp6 client options rapid-commit

set interface ethernet0/0 dhcp6 client options request pd

set interface ethernet0/0 dhcp6 client pd ra-interface bgroup0

set interface ethernet0/0 dhcp6 client enable

In the above "bgroup0" is my LAN interface.

Now let's get IPv6 running on "bgroup0"

set interface "bgroup0" ipv6 mode "router"

set interface "bgroup0" ipv6 ip 2001:44b8:7763:baa0::1/64

set interface "bgroup0" ipv6 enable

set interface bgroup0 ipv6 ra link-address

set interface bgroup0 ipv6 ra transmit

unset interface bgroup0 ipv6 nd nud

In the above the IPv6 address there is my first /64 out of the /60, I've manually set it to a :1 address but you can use whatever it's default auto assigned address is.

Now you might want to hand out internodes IPv6 DNS server addresses to your LAN

set interface bgroup0 dhcp6 server

set interface bgroup0 dhcp6 server options dns dns1 2001:44b8:1::6

set interface bgroup0 dhcp6 server options dns dns2 2001:44b8:2::6

set interface bgroup0 dhcp6 server enable

Now we need to setup the default IPv6 route, as the one that is added by default is incorrect.

set route ::/0 interface ethernet0/0 gateway ::

And finally the IPv6 policy to allow traffic out (yay no NAT).

set policy id 12 from "Trust" to "Untrust"  "Any-IPv6" "Any-IPv6" "ANY" permit log

That should be all you need to do to get IPv6 working on your network.

There is more information over at the internode site if needed.

And here is a traceroute from a computer on the LAN

C:\Users\Administrator>tracert -6 ipv6.google.com

Tracing route to ipv6.l.google.com [2001:4860:c004::68]

over a maximum of 30 hops:

  1     1 ms    <1 ms    <1 ms  2001:44b8:7763:baa0::1

  2    37 ms    37 ms    37 ms  loop0.lns6.syd7.internode.on.net [2001:44b8:b070::4]

  3    37 ms    37 ms    37 ms  gi1-1.cor2.syd7.internode.on.net [2001:44b8:b070:5::1]

  4    37 ms     *       37 ms  gi6-0-0-146.bdr1.syd6.internode.on.net [2001:44b8:b060:146::1]

  5    37 ms    37 ms    37 ms  2001:4860:1:1:0:1283:0:2

  6    38 ms    38 ms    39 ms  2001:4860::1:0:9f8

  7   184 ms   295 ms   174 ms  2001:4860::1:0:165

  8   175 ms   175 ms   175 ms  2001:4860::1:0:890

  9   181 ms   176 ms   182 ms  2001:4860::29

 10   185 ms   176 ms   244 ms  tx-in-x68.1e100.net [2001:4860:c004::68]

Trace complete.


Comments

On Fri, 28 May 2010 at 1:05 AM, rick wrote anyone had any issues with IPv6 PPPoE on a NS5GT running 6.2. Ive set up all the commands as per above but nothing appears to happens. Nothing found in the ppp debugs. (??) 1: Comment Link

On Tue, 01 Jun 2010 at 11:27 PM, Michael Dale (of michaeldale.com.au) wrote Hi Rick, I take it you're with internode? Can you send me your configuration via the contact form? Thanks, Michael. 2: Comment Link

On Mon, 13 Sep 2010 at 7:32 PM, Marcel wrote Hi did you succeed to set this up? I am trying to connect with PPPoE as well and would like to know if there is a silver bullet.. Thanks in advance 3: Comment Link

On Mon, 13 Sep 2010 at 8:07 PM, Michael Dale (of michaeldale.com.au) wrote What problems are you having? ScreenOS 6.3 seems to have fixed most of the IPv6 issues but you cannot get it on the Netscreen 5GT, only the newer SSG5. 4: Comment Link

On Thu, 10 Mar 2011 at 7:35 PM, Cooper Lees wrote Hi Mate, Another SSG user here, great doco - All worked with 6.3.0r6. You have any SRX's that you use PPPoE and Internode with? I can not get PPPoE up and running with JunOS but works fine with ScreenOS ... :( May be a bug with PPPoE on JunOS (prob a setting tho ... I have even had JTAC assist me and still no go ....) 5: Comment Link

On Fri, 11 Mar 2011 at 6:04 PM, Michael Dale (of michaeldale.com.au) wrote Yeah PPPoE works fine on the SRX but that is about it. IPv6 only works in packet mode. I've decided that the SRX is a shit product so yeah get something else :p Na it isn't thhaaaaat bad but for the cost it should be much better. Email me your config and I'll have a look. 6: Comment Link

Comments?

HTML allowed: <a href="" title="" rel=""></a> <b></b> <blockquote cite=""></blockquote> <em></em> <i></i> <strike></strike> <strong></strong> <li></li> <ol></ol> <ul></ul>
ie: <b>bold</b>

Your comment may need to be reviewed before it is published.

Message

Name

Email (not shown)

WWW (optional)

Allow contact form email

Remember details