Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Download This Guide
Example: Configuring DS-Lite and 6rd in the Same Service Set
Requirements
The following hardware components can perform DS-Lite:
- M Series Multiservice Edge routers with Multiservices PICs
- T Series Core routers with Multiservices PICs
- MX Series 3D Universal Edge routers with Multiservices DPCs
Overview
This example describes a softwire solution that includes DS-Lite and 6rd in the same service set.
Configuration
Chassis Configuration
Step-by-Step Procedure
To configure the chassis:
- Configure the ingress interface.user@host# edit interfaces ge-1/2/0[edit interfaces ge-1/2/0]user@host# set unit 0 family inet service input service-set v6rd-dslite-service-setuser@host# set unit 0 family inet service output service-set v6rd-dslite-service-setuser@host# set unit 0 family inet address address 10.10.10.1/24user@host# set unit 0 family inet6 service input service-set v6rd-dslite-service-setuser@host# set unit 0 family inet6 service output service-set v6rd-dslite-service-setuser@host# set unit 0 family inet6 address address address 2001::1/16
Here the service set is applied on the inet (IPv4) and inet6 (IPv6) families of subunit 0. Both DS-Lite IPv6 traffic and 6rd IPv4 traffic hits the service filter and is sent to the services PIC.
- Configure the egress interface (IPv6 Internet). The IPv4
server that the DS-Lite clients are trying to reach is at 200.200.200.2/24,
and the IPv6 server is at 3ABC::2/16.user@host# edit interfaces ge-1/2/2[edit interfaces ge-1/2/2]user@host# set unit 0 family inet address 200.200.200.1/24user@host# set unit 0 family inet6 address 3ABC::1/16
- Configure the services PIC.user@host# edit interfaces sp-3/0/0[edit interfaces sp-3/0/0]user@host# set unit 0 family inetuser@host# set unit 0 family inet6
Results
[edit interfaces]user@host# showge-1/2/0 {
unit 0 {
family inet {
service {
input {
service-set v6rd-dslite-service-set;
}
output {
service-set v6rd-dslite-service-set;
}
}
address 10.10.10.1/24;
}
family inet6 {
service {
input {
service-set v6rd-dslite-service-set;
}
output {
service-set v6rd-dslite-service-set;
}
}
address 2001::1/16;
}
}
}
ge-1/2/2 {
unit 0 {
family inet {
address 200.200.200.1/24;
}
family inet6 {
address 3ABC::1/16;
}
}
}
sp-3/0/0 {
unit 0 {
family inet;
family inet6;
}
}
Softwire Concentrator, Softwire Rule, Stateful Firewall Rule Configuration
Step-by-Step Procedure
To configure the softwire concentrator, softwire rule, and stateful firewall rule:
- Configure the DS-Lite and 6rd softwire concentrators.user@host# edit services softwire softwire-concentrator ds-lite ds1[edit services softwire softwire-concentrator ds-lite ds1]user@host# set softwire-address 1001::1user@host# mtu-v6 9192usert@host# up 1usert@host# edit v6rd v6rd-dom1[edit services softwire softwire-concentrator v6rd v6rd-dom1]user@host# set softwire-address 30.30.30.1user@host# set ipv4-prefix 10.10.10.0/24user@host# set v6rd-prefix 3040::0/16user@host# set mtu-v4 9192
- Configure the softwire rules.user@host# edit services softwire rule v6rd-r1][edit services softwire rule v6rd-r1]user@host# set match-direction inputuser@host# set term t1 then v6rd v6rd-dom1user@host# up 1user@host# edit services softwire][edit services softwire]user@host# edit rule dslite-r1[edit services softwire rule dslite-r1]user@host# set term dslite-t1 then ds-lite ds1
The following routes are added by the services PIC daemon on the Routing Engine:
user@router# run show route 30.30.30.1inet.0: 43 destinations, 46 routes (42 active, 0 holddown, 1 hidden) + = Active Route, - = Last Active, * = Both 30.30.30.1/32 *[Static/786432] 00:24:11 Service to v6rd-dslite-service-set [edit] user@router# run show route 3040::0/16 inet6.0: 23 destinations, 33 routes (23 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 3040::/16 *[Static/786432] 00:24:39 Service to v6rd-dslite-service-setuser@router# run show route 1001::1inet6.0: 33 destinations, 43 routes (33 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 1001::1/128 *[Static/1] 1w2d 22:05:41 Service to v6rd-dslite-service-set - Configure a stateful firewall rule.user@host# edit services stateful-firewall rule r1[edit services stateful-firewall rule r1]user@host# set match-direction input-outputuser@host# set term t1 then accept[edit services stateful-firewall]rule r1 {match-direction input-output;term t1 {then {accept;}}}
Results
[edit services softwire]user@host# showsoftwire-concentrator {
ds-lite ds1 {
softwire-address 1001::1;
mtu-v6 9192;
}
v6rd v6rd-dom1 {
softwire-address 30.30.30.1;
ipv4-prefix 10.10.10.0/24;
v6rd-prefix 3040::0/16;
mtu-v4 9192;
}
}
rule v6rd-r1 {
match-direction input;
term t1 {
then {
v6rd v6rd-dom1;
}
}
}
rule dslite-r1 {
match-direction input;
term dslite-t1 {
then {
ds-lite ds1;
}
}
}
[edit services stateful-firewall]user@host# showrule r1 {
match-direction input-output;
term t1 {
then {
accept;
}
}
}
NAT Configuration for DS-Lite
Step-by-Step Procedure
To configure NAT for DS-Lite:
- Configure a NAT pool for DS-Lite.user@host# edit services nat pool dslite-pool[edit services nat pool dslite-pool]user@host# set address-range low 33.33.33.1 high 33.33.33.32user@host# set port automatic
- Configure a NAT rule.user@host# up 1[edit services nat rule dslite-nat-r1]user@host# set match-direction inputuser@host# set term dslite-nat-t1 from source-address 20.20.0.0/16 then translated translation-type napt-44
Results
[edit services nat]user@host# showpool dslite-pool {
address-range low 33.33.33.1 high 33.33.33.32;
port {
automatic;
}
}
rule dslite-nat-r1 {
match-direction input;
term dslite-nat-t1 {
from {
source-address {
20.20.0.0/16;
}
}
then {
translated {
source-pool dslite-pool;
translation-type {
source dynamic;
}
}
}
}
}
Because of this NAT rule, the following NAT routes are installed for the reverse DS-Lite traffic:
user@router# run show route 33.33.33.0/24 inet.0: 48 destinations, 52 routes (47 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both
33.33.33.1/32 *[Static/1] 1w2d 23:08:38
Service to v6rd-dslite-service-set
33.33.33.2/31 *[Static/1] 1w2d 23:08:38
Service to v6rd-dslite-service-set
33.33.33.4/30 *[Static/1] 1w2d 23:08:38
Service to v6rd-dslite-service-set
33.33.33.8/29 *[Static/1] 1w2d 23:08:38
Service to v6rd-dslite-service-set
33.33.33.16/28 *[Static/1] 1w2d 23:08:38
Service to v6rd-dslite-service-set
33.33.33.32/32 *[Static/1] 1w2d 23:08:38
Service to v6rd-dslite-service-set
The NAT rule triggers address translation for the traffic coming from 20.20.0.0/16 to public address range 33.33.33.1 to 33.33.33.32.
Service Set Configuration
Step-by-Step Procedure
This service set has a stateful firewall rule and 6rd rule for 6rd service. The service set also includes a softwire rule for DS-Lite and a NAT rule to perform address translation for all DS-Lite traffic. The NAT rule performs NAPT translation in the forward direction on the source address and port of the DS-Lite traffic.
To configure the service set:
- Define the service set.user@host# edit services service-set v6rd-dslite-service-set
- Configure the service set rules.[edit services service-set v6rd-dslite-service-set]user@host# set softwire-rules dslite-r1user@host# set stateful-firewall-rules r1user@host# set nat-rules dslite-nat-r1
- Configure the service set interface-service.[edit services service-set v6rd-dslite-service-set]user@host# set interface-service service-interface sp-3/0/0
Results
[edit services service-set]user@host# showv6rd-dslite-service-set {
softwire-rules v6rd-r1;
softwire-rules dslite-r1;
stateful-firewall-rules r1;
nat-rules dslite-nat-r1;
interface-service {
service-interface sp-3/0/0;
}
