Configuring IPv6 on a Juniper SRX

Within this article we will provide the steps required to enable IPv6 on a Juniper SRX device.

IPv6 Forwarding

First of all we enable IPv6 forwarding. Once this is added you will need to reboot the device.

set security forwarding-options family inet6 mode flow-based

You can confirm that IPv6 forwarding is enabled once the device has rebooted by running,

root@240> show security flow status 
  Flow forwarding mode:
    Inet forwarding mode: flow based
    Inet6 forwarding mode: flow based
    MPLS forwarding mode: drop
    ISO forwarding mode: drop
  Flow trace status
    Flow tracing status: off

Interface Addressing

Next we configure the interface with an IPv6 address. In this example we configure both a global and link-local based IPv6 address.

set interfaces reth0 unit 0 family inet6 address 2a00:1b30:2401:d4::1/64
set interfaces reth0 unit 0 family inet6 address fe80::d41/64
 set interfaces reth1 unit 0 family inet6 address 2a00:1b30:2401:d5::1/64
set interfaces reth1 unit 0 family inet6 address fe80::d51/64

NOTE In a typical scenario you would not configure a link-local (fe80::) and just leave the system to generate a link-local address using EUI64. This was only added to this example as a matter of completeness.

Routing

We then set our default gateway. You can use either a link-local or global address. If you use a link-local address you (as shown below) will need to specify the interface.

set routing-options rib inet6.0 static route ::/0 qualified-next-hop fe80::140 interface reth0.0

Caveats

The main caveat you may find is around packet captures. Support for packet capturing on an reth based interface was only added to X45-D30 and X46-D25 within the 12.1 code train.

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• How to Configure a BIND Server on Ubuntu - March 15, 2018
• What is a BGP Confederation? - March 6, 2018
• Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial