Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Explore events
AINN AI Innovation Impact Virtual Event

AI-Native NOW: AI Innovation and Impact

Register NOW
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Configuring Dual-Stack Lite for IPv6 Access Configuring Dual-Stack Lite for IPv6 Access

Configuring Dual-Stack Lite for IPv6 Access

keyboard_arrow_up
close
keyboard_arrow_left
Configuring Dual-Stack Lite for IPv6 Access
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

Example: Configuring AFTR Redundancy Using an IPv6 Anycast Address on Multiple AFTRs

date_range 26-Aug-23
arrow_backward
arrow_forward

This example shows how to configure redundancy with two or more DS-Lite Address Family Transition Routers (AFTRs) using a single IPv6 anycast address.

Requirements

This example uses the following hardware and software components:

  • Juniper Networks MX Series 3D Universal Edge Routers with Multiservices Dense Port Concentrators (DPCs)

  • Juniper Networks® Junos® operating system (Junos OS) 10.4 or later running on the AFTRs

Note:

This configuration example has been tested using the software release listed and is assumed to work on all later releases.

Overview

You can provide redundancy using DS-Lite by configuring the same IPv6 anycast address on two or more AFTRs (softwire concentrators) as the softwire address. Basic Bridging Broadband Elements (B4s) only need to know this anycast address for the softwire endpoint, and the least-cost AFTR, per the routing updates, is used for the other softwire endpoint. If the least-cost AFTR goes down or the cost to get to this AFTR becomes higher than another AFTR, packets are redirected to the other AFTR. This is automatically handled by routing updates in the IPv6 cloud. You can also configure different Network Address Translation (NAT) pools at AFTRs and provide continuous service between IPv4 nodes in different domains.

Topology

Figure 1 provides a sample network topology for configuring IPv6 anycast address on two or more AFTRs.

Figure 1: Sample Topology for DS-Lite Anycast Configuration Using Multiple AFTRsSample Topology for DS-Lite Anycast Configuration Using Multiple AFTRs

In Figure 1:

  • The IPv4 client or host in the home network is configured with an IPv4 interface to the ISP and a static route to the IPv4 server on the Internet.

  • The address of the NAT pool between AFTR1 and the Internet is 7.7.7.0/24. The address of the NAT pool between AFTR2 and the Internet is 8.8.8.0/24.

  • The B4 or softwire initiator is configured with an IPv4 interface, an IPv6 interface, and an IPv4-in-v6 tunnel to an anycast address.

  • The pure IPv6 node in the IPv6 cloud is configured with interfaces to the IPv6 interfaces and OSPFv3 for route updates.

  • The AFTRs (AFTR1 and AFTR2) are configured with anycast address B001::1/128. If one of the links between the B4 and an AFTR fails, the other AFTR is used for traffic.

  • The IPv4 node on the Internet is configured with an IPv4 interface and routes for reverse traffic.

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

AFTR1

content_copy zoom_out_map
set chassis fpc 1 pic 1 adaptive-services service-package layer-3
set services service-set dsl-ss softwire-rules dsl-sw
set services service-set dsl-ss nat-rules dsl-nat1
set services service-set dsl-ss interface-service service-interface sp-1/1/0
set services softwire softwire-concentrator ds-lite dsl1 softwire-address b001::1
set services softwire softwire-concentrator ds-lite dsl1 mtu-v6 9192
set services softwire rule dsl-sw match-direction input
set services softwire rule dsl-sw term t1 then ds-lite dsl1
set services nat pool dsl-p1 address 7.7.7.0/24
set services nat pool dsl-p1 port automatic
set services nat rule dsl-nat1 match-direction input
set services nat rule dsl-nat1 term t1 from source-address 11.11.1.0/24
set services nat rule dsl-nat1 term t1 then translated source-pool dsl-p1
set services nat rule dsl-nat1 term t1 then translated translation-type napt-44
set services nat rule dsl-nat1 term t1 then syslog
set interfaces sp-1/1/0 unit 0 family inet
set interfaces sp-1/1/0 unit 0 family inet6
set interfaces ge-2/1/0 description B4-toward-AFTR
set interfaces ge-2/1/0 unit 0 family inet
set interfaces ge-2/1/0 unit 0 family inet6 service input service-set dsl-ss
set interfaces ge-2/1/0 unit 0 family inet6 service output service-set dsl-ss
set interfaces ge-2/1/0 unit 0 family inet6 address 8001::2/120
set interfaces ge-2/1/6 description AFTR-to-IPV4-node-on-the-Internet
set interfaces ge-2/1/6 unit 0 family inet address 88.88.1.1/24
set protocols ospf3 area 0.0.0.0 interface lo0.0
set protocols ospf3 area 0.0.0.0 interface ge-2/1/0.0

AFTR2

content_copy zoom_out_map
set chassis fpc 1 pic 1 adaptive-services service-package layer-3
set services nat pool dsl-p2 address 8.8.8.0/24
set services nat pool dsl-p2 port automatic
set services nat rule ds1-nat2 term t1 from source-address 11.11.1.0/24
set services nat rule ds1-nat2 match-direction input
set services nat rule ds1-nat2 term t1 then translated source-pool dsl-p2
set services nat rule ds1-nat2 term t1 then translated translation-type napt-44
set services softwire softwire-concentrator ds-lite dsl2 softwire-address b001::1
set services softwire softwire-concentrator ds-lite dsl2 mtu-v6 9192
set services softwire rule dsl-sw2 match-direction input
set services softwire rule dsl-sw2 term t1 then ds-lite dsl2
set interfaces sp-1/1/0 unit 0 family inet
set interfaces sp-1/1/0 unit 0 family inet6
set services service-set dsl-ss2 softwire-rules dsl-sw2
set services service-set dsl-ss2 nat-rules dsl-nat2
set services service-set dsl-ss2 interface-service service-interface sp-1/1/0
set interfaces ge-2/3/4 description V6-cloud-to-ipv6-node-in-v6-cloud
set interfaces ge-2/3/4 unit 0 family inet
set interfaces ge-2/3/4 unit 0 family inet6 service input service-set dsl-ss2
set interfaces ge-2/3/4 unit 0 family inet6 service output service-set dsl-ss2
set interfaces ge-2/3/4 unit 0 family inet6 address 9001::2/120
set interfaces ge-2/3/0 description to-ipv4-node-on-the-internet
set interfaces ge-2/3/0 unit 0 family inet address 89.89.1.1/24
set protocols ospf3 area 0.0.0.0 interface ge-2/3/4.0
set protocols ospf3 area 0.0.0.0 interface lo0.0
set routing-options static route 88.88.1.0/24 next-hop 89.89.1.2

Configuring AFTR1

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see the ../../../../../../.

Router AFTR1 is the primary router with an IPv6 interface to the ISP network (IPv6 cloud) and an IPv4 interface to the Internet. Configure the IPv4 interface, IPv6 interface, softwire endpoint, and NAT.

  1. Configure the Layer 3 service package.

    This example assumes that the PIC is in FPC 1, slot 1.

    content_copy zoom_out_map
    [edit chassis]
user@AFTR1# set fpc 1 pic 1 adaptive-services service-package layer-3

    The service package with its associated sp- interface is for manipulating traffic before it is delivered to its destination. For details about configuring service packages, see the Junos OS Services Interfaces Configuration Guide.

  2. Configure an IPv4 address and port for the NAT pool to specify the IPv4-to-IPv6 translation for packets traveling between the AFTR router and the Internet.

    content_copy zoom_out_map
    [edit services nat]
user@AFTR1# set pool ds1-p1 address 7.7.7.0/24
user@AFTR1# set pool dsl-p1 port automatic

  3. Configure a NAT rule to translate the private IPv4 address from the home network to NAT pool ds1-p1.

    NAT rules specify the traffic to be matched and the action to be taken when traffic matches the rule. In this example, only one rule is required to accomplish the address translation. The rule selects all traffic coming from the source address 11.11.1.0.

    content_copy zoom_out_map
    [edit services nat]
user@AFTR1# set rule ds1-nat1 match-direction input
user@AFTR1# set rule ds1-nat1 term t1 from source-address 11.11.1.0/24
user@AFTR1# set rule ds1-nat1 term t1 then translated source-pool ds1-p1
user@AFTR1# set rule ds1-nat1 term t1 then translated translation-type napt-44
user@AFTR1# set rule dsl-nat1 term t1 then syslog

  4. Configure the softwire concentrator, associate it with the IPv6 anycast address, and create a softwire rule.

    The rule in this example specifies that any traffic destined for the softwire concentrator dsl1 creates a new softwire. You can also configure more elaborate match conditions to perform as part of softwire initiator actions.

    content_copy zoom_out_map
    [edit services softwire]
user@AFTR1# set softwire-concentrator ds-lite dsl1 softwire-address b001::1
user@AFTR1# set rule dsl-sw match-direction input
user@AFTR1# set rule dsl-sw term t1 then ds-lite dsl1

  5. Configure the maximum transmission unit (ranging from 1280 to 9192 bytes) for the softwire for encapsulating IPv4 packets to IPv6.

    This is the maximum packet size that can be sent on a tunnel from the AFTR to B4 without fragmentation. If the final length of the packet is greater than the MTU, the IPv6 packet would be fragmented.

    Note:

    Including the mtu-v6 statement is mandatory, and you cannot commit the example configuration unless this statement is configured.

    content_copy zoom_out_map
    [edit services softwire]
user@AFTR1# set softwire-concentrator ds-lite dsl1 mtu-v6 9192

  6. Configure the services interface that contains the service set.

    content_copy zoom_out_map
    [edit interfaces]
user@AFTR1# set sp-1/1/0 unit 0 family inet
user@AFTR1# set sp-1/1/0 unit 0 family inet6

  7. Configure a service set for the NAT and DS-Lite services using the dsl-nat1 NAT rule and the ds1-sw softwire rule configured in Step 3 and Step 4.

    In this example, the name of the service set it is dsl-ss.

  8. Associate the softwire and NAT rules and the service interface with the service set.

    content_copy zoom_out_map
    [edit services]
user@AFTR1# set service-set dsl-ss softwire-rules dsl-sw
user@AFTR1# set service-set dsl-ss nat-rules dsl-nat1
user@AFTR1# set service-set dsl-ss interface-service service-interface sp-1/1/0

  9. Configure the interface between the home router running the B4 and the router in the ISP network running the AFTR, and include the IPv6 address of the AFTR router (softwire address).

    In this example, the interface is ge-2/1/0.

    content_copy zoom_out_map
    [edit interfaces]
user@AFTR1# set ge-2/1/0 description B4-toward-AFTR
user@AFTR1# set ge-2/1/0 unit 0 family inet
user@AFTR1# set ge-2/1/0 unit 0 family inet6 address 8001::2/120

  10. Associate the appropriate service set for the NAT and DS-Lite services.

    content_copy zoom_out_map
    [edit interfaces]
user@AFTR1# set ge-2/1/0 unit 0 family inet6 service input service-set dsl-ss
user@AFTR1# set ge-2/1/0 unit 0 family inet6 service output service-set dsl-ss

  11. Configure the IPv4 interface between the AFTR and the Internet, and specify the IPv4 address connected to the Internet.

    In this example, the interface is ge-2/1/6.

    content_copy zoom_out_map
    [edit interfaces]
user@AFTR1# set ge-2/1/6 description AFTR-to-V4-node-on-the-Internet
user@AFTR1# set ge-2/1/6 unit 0 family inet address 88.88.1.1/24

  12. Configure OSPFv3 for route advertisements.

    content_copy zoom_out_map
    [edit protocols]
user@AFTR1# set ospf3 area 0.0.0.0 interface lo0.0
user@AFTR1# set ospf3 area 0.0.0.0 interface ge-2/1/0.0

Results

In configuration mode, confirm your configuration by entering the show chassis, show services, show interfaces, and show protocols ospf3 commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

content_copy zoom_out_map
user@AFTR1# show chassis
fpc 1 {
    pic 1 {
        adaptive-services {
            service-package layer-3;
        }
    }
}
content_copy zoom_out_map
user@AFTR1# show services
service-set dsl-ss {
    softwire-rules dsl-sw;
    nat-rules dsl-nat1;
    interface-service {
        service-interface sp-1/1/0;
    }
}
softwire {
    softwire-concentrator {
        ds-lite dsl1 {
            softwire-address b001::1;
            mtu-v6 9192;
        }
    }
    rule dsl-sw {
        match-direction input;
        term t1 {
            then {
                ds-lite dsl1;
            }
        }
    }
}
nat {
    pool dsl-p1 {
        address 7.7.7.0/24;
        port {
            automatic;
        }
    }
    rule dsl-nat1 {
        match-direction input;
        term t1 {
            from {
                source-address {
                    11.11.1.0/24;
                }
            }
            then {
                translated {
                    source-pool dsl-p1;
                    translation-type {
                        napt-44;
                    }
                }
                syslog;
            }
        }
    }
}
content_copy zoom_out_map
user@AFTR1# show interfaces
sp-1/1/0 {
    unit 0 {
        family inet;
        family inet6;
    }
}
ge-2/1/0 {
    description B4-toward-AFTR;
    unit 0 {
        family inet;
        family inet6 {
            service {
                input {
                    service-set dsl-ss;
                }
                output {
                    service-set dsl-ss;
                }
            }
            address 8001::2/120;
        }
    }
}
ge-2/1/6 {
    description AFTR-to-V4-node-on-the-Internet;
    unit 0 {
        family inet {
            address 88.88.1.1/24;
        }
    }
}
content_copy zoom_out_map
user@AFTR1# show protocols ospf3
area 0.0.0.0 {
    interface lo0.0;
    interface ge-2/1/0.0;
}

If you are done configuring the device, enter commit from configuration mode.

Configuring AFTR2

Step-by-Step Procedure

Router AFTR2 is the secondary router with an IPv6 interface to the ISP network (IPv6 cloud) and an IPv4 interface to the Internet. Configure the IPv4 interface, IPv6 interface, softwire endpoint, and NAT.

  1. Configure the Layer 3 service package.

    This example assumes that the PIC is in FPC 1, slot 1.

    content_copy zoom_out_map
    [edit chassis]
user@AFTR2# set fpc 1 pic 1 adaptive-services service-package layer-3

    The service package with its associated sp- interface is for manipulating traffic before it is delivered to its destination. For details about configuring service packages, see the Junos OS Services Interfaces Configuration Guide.

  2. Configure an IPv4 address and port for the NAT pool to specify the IPv4-to-IPv6 translation for packets traveling between the AFTR router and the Internet.

    content_copy zoom_out_map
    [edit services nat]
user@AFTR2# set pool dsl-p2 address 8.8.8.0/24
user@AFTR2# set pool dsl-p2 port automatic

  3. Configure a NAT rule to translate the private IPv4 address from the home network to NAT pool dsl-p2.

    NAT rules specify the traffic to be matched and the action to be taken when traffic matches the rule. In this example, only one rule is required to accomplish the address translation. The rule selects all traffic coming from the source address 11.11.1.0.

    content_copy zoom_out_map
    [edit services nat]
user@AFTR2# set rule ds1-nat2 match-direction input
user@AFTR2# set rule ds1-nat2 term t1 from source-address 11.11.1.0/24
user@AFTR2# set rule ds1-nat2 term t1 then translated source-pool dsl-p2
user@AFTR2# set rule ds1-nat2 term t1 then translated translation-type napt-44

  4. Configure the softwire concentrator, associate it with the IPv6 anycast address, and create a softwire rule.

    The rule in this example specifies that any traffic destined for the dsl2 softwire concentrator creates a new softwire.

    content_copy zoom_out_map
    [edit services softwire]
user@AFTR2# set softwire-concentrator ds-lite dsl2 softwire-address b001::1
user@AFTR2# set rule dsl-sw2 match-direction input
user@AFTR2# set rule dsl-sw2 term t1 then ds-lite dsl2

  5. Configure the maximum transmission unit (ranging from 1280 to 9192 bytes) for the softwire for encapsulating IPv4 packets to IPv6.

    This is the maximum packet size that can be sent on a tunnel from the AFTR to B4 without fragmentation. If the final length of the packet is greater than the MTU, the IPv6 packet would be fragmented.

    Note:

    Including the mtu-v6 statement is mandatory, and you cannot commit the example configuration unless this statement is configured.

    content_copy zoom_out_map
    [edit services softwire]
user@AFTR2# set softwire-concentrator ds-lite dsl2 mtu-v6 9192

  6. Configure the services interface that contains the service set.

    content_copy zoom_out_map
    [edit interfaces]
user@AFTR2# set sp-1/1/0 unit 0 family inet
user@AFTR2# set sp-1/1/0 unit 0 family inet6

  7. Configure a service set for the NAT and DS-Lite services using the dsl-nat2 NAT rule and the dsl-sw2 softwire rule configured in Step 3 and Step 4.

    In this example, the name of the service set is dsl-ss2.

  8. Associate the softwire and NAT rules and the service interface with the service set.

    content_copy zoom_out_map
    [edit services]
user@AFTR2# set service-set dsl-ss2 softwire-rules dsl-sw2
user@AFTR2# set service-set dsl-ss2 nat-rules ds1-nat2
user@AFTR2# set service-set dsl-ss2 interface-service service-interface sp-1/1/0

  9. Configure the interface between the pure IPv6 node in the IPv6 cloud and the AFTR. In this example, the interface is ge-2/3/4.

    content_copy zoom_out_map
    [edit interfaces]
user@AFTR2# set ge-2/3/4 description V6-cloud-to-ipv6-node-in-v6-cloud
user@AFTR2# set ge-2/3/4 unit 0 family inet

  10. Include the IPv6 address of the AFTR router (softwire address).

    content_copy zoom_out_map
    [edit interfaces]
user@AFTR2# set ge-2/3/4 unit 0 family inet6 address 9001::2/120

  11. Associate the appropriate service set for the NAT and DS-Lite services.

    content_copy zoom_out_map
    [edit interfaces]
user@AFTR2# set ge-2/3/4 unit 0 family inet6 service input service-set dsl-ss2
user@AFTR2# set ge-2/3/4 unit 0 family inet6 service output service-set dsl-ss2

  12. Configure the IPv4 interface between the AFTR and the Internet and specify the IPv4 address connected to the Internet.

    In this example, the interface is ge-2/3/0.

    content_copy zoom_out_map
    [edit interfaces]
user@AFTR2# set ge-2/3/0 description to-ipv4-node-on-the-internet
user@AFTR2# set ge-2/3/0 unit 0 family inet address 89.89.1.1/24

  13. Configure OSPFv3 for route advertisements.

    content_copy zoom_out_map
    [edit protocols ospf3]
user@AFTR2# set area 0.0.0.0 interface ge-2/3/4.0
user@AFTR2# set area 0.0.0.0 interface lo0.0

  14. Configure a static route to the IPv4 node on the Internet.

    content_copy zoom_out_map
    [edit routing-options]
user@AFTR2# set static route 88.88.1.0/24 next-hop 89.89.1.2

Results

In configuration mode, confirm your configuration by entering the show chassis, show interfaces, show services, show protocols ospf3, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

content_copy zoom_out_map
user@AFTR2# show chassis
fpc 1 {
    pic 1 {
        adaptive-services {
            service-package layer-3;
        }
    }
}
content_copy zoom_out_map
user@AFTR2# show interfaces
sp-1/1/0 {
    unit 0 {
        family inet;
        family inet6;
    }
}
ge-2/3/0 {
    description to-ipv4-node-on-the-internet;
    unit 0 {
        family inet {
            address 89.89.1.1/24;
        }
    }
}
ge-2/3/4 {
    description V6-cloud-to-ipv6-node-in-v6-cloud;
    unit 0 {
        family inet;
        family inet6 {
            service {
                input {
                    service-set dsl-ss2;
                }
                output {
                    service-set dsl-ss2;
                }
            }
            address 9001::2/120;
        }
    }
}
content_copy zoom_out_map
user@AFTR2# show services
service-set dsl-ss2 {
    softwire-rules dsl-sw2;
    nat-rules ds1-nat2;
    interface-service {
        service-interface sp-1/1/0;
    }
}
softwire {
    softwire-concentrator {
        ds-lite dsl2 {
            softwire-address b001::1;
            mtu-v6 9192;
        }
    }
    rule dsl-sw2 {
        match-direction input;
        term t1 {
            then {
                ds-lite dsl2;
            }
        }
    }
}
nat {
    pool dsl-p2 {
        address 8.8.8.0/24;
        port {
            automatic;
        }
    }
    rule ds1-nat2 {
        match-direction input;
        term t1 {
            from {
                source-address {
                    11.11.1.0/24;
                }
            }
            then {
                translated {
                    source-pool dsl-p2;
                    translation-type {
                        napt-44;
                    }
                }
            }
        }
    }
}
content_copy zoom_out_map
user@AFTR2# show protocols ospf3
area 0.0.0.0 {
    interface ge-2/3/4.0;
    interface lo0.0;
}
content_copy zoom_out_map
user@AFTR2# show routing-options
static {
    route 88.88.1.0/24 next-hop 89.89.1.2;
}

If you are done configuring the device, enter commit from configuration mode.

Verification

Confirm that the configuration is working properly.

Verifying Redundancy of the AFTRs

Purpose

Verify that traffic flow is maintained using the secondary AFTR if an interface on one AFTR is brought offline.

Action

  1. Verify traffic flow between the IPv4 host on the home network and the IPv4 node on the Internet.

    Additionally, check the softwire flows for AFTR1.

    content_copy zoom_out_map
    user@AFTR1> show services stateful-firewall flows
Interface: sp-1/0/0, Service set: dsl-ss
Flow                                                			State    Dir       Frm count
TCP 			 20.20.1.2:1025	 ->	  200.200.200.2:80			Forward  I	 	
107621
    NAT source      20.20.1.2:1025   ->    7.7.7.0
    Softwire          2001::3        ->    1001::1

TCP 			 200.200.200.2:80	 ->	  7.7.7.0	 	
208420
    NAT source      7.7.7.0   ->    20.20.1.2:1025
    Softwire        2001::3   ->         1001::1
ICMP        10.0.10.1        ->     88.88.88.1.1       		Watch    I               3
    NAT source      10.0.10.1         ->         129.0.0.1
    Softwire          8001::2         ->         1001::1
DS-LITE        2001::3      ->        1001::1       			Forward  I                6
ICMP        88.88.88.1       ->        129.0.0.1     			Watch    O                3
    NAT dest         129.0.0.1         ->       10.0.10.1
    Softwire          8001::2         ->         1001::1

    The output shows ICMP source and destination addresses indicating traffic flow between the IPv4 host on the home network and the IPv4 node on the Internet. The DS-Lite protocol statistics indicate the softwire flows.

  2. Deactivate the interface ge-2/1/0 on AFTR1.

    content_copy zoom_out_map
    user@AFTR1# deactivate interfaces ge-2/1/0

  3. Commit the configuration.

  4. Issue the show services stateful-firewall flows command on AFTR2 to verify the creation of softwire flows.

    Additionally, verify traffic flows between the IPv4 host on the home network and the IPv4 node on the Internet.

    content_copy zoom_out_map
    user@AFTR2> show services stateful-firewall flows
Interface: sp-1/0/0, Service set: dsl-ss2
Flow                                                			State    Dir       Frm count
TCP 			 20.20.1.2:1025	 ->	  200.200.200.2:80			Forward  I	 	
107621
    NAT source      20.20.1.2:1025   ->    8.8.8.0
    Softwire          2001::3        ->    1001::1

TCP 			 200.200.200.2:80	 ->	  7.7.7.0	 	
208420
    NAT source      8.8.8.0   ->    20.20.1.2:1025
    Softwire        2001::3   ->         1001::1
ICMP        10.0.10.1        ->     88.88.88.1.1       		Watch    I               3
    NAT source      10.0.10.1         ->         129.0.0.1
    Softwire          2001::3         ->         1001::1
DS-LITE        2001::3      ->        1001::1       			Forward  I               6
ICMP        88.88.88.1       ->        129.0.0.1     			Watch    O               3
    NAT dest         129.0.0.1         ->       10.0.10.1
    Softwire          2001::3         ->         1001::1

Meaning

The output shows NAT and softwire source and destination addresses for traffic flow between AFTR2 and the IPV4 node on the Internet. This indicates that AFTR2 is now operating as the secondary AFTR when AFTR1 is offline.

Related Documentation

arrow_backward PREVIOUS Example: Configuring Redundancy and Load Balancing Using a Single AFTR and Multiple Services PICs
NEXT arrow_forward
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top