The SRX300 (and SRX550M) are configured to drop IPv6 traffic by default: see documentation: When IPv6 is configured on SRX300 Series and the SRX550M devices, the default behavior is set to drop mode because of memory constraints.https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/ipv6-flow-processing-enabling.html This can be confirmed: admin@CS7-HQ-FW02> show security flow status Flow forwarding mode: Inet forwarding mode: flow based Inet6... Continue Reading →
Demonstration of the EIGRP leak-map feature in an IPv6 topology. The leak-map feature allows for a prefix to be advertise which forms part of a larger summary prefix.
I am currently experimenting running an IPv6 only WLAN at work, so thought I'd try experimenting at home. Whereas at work we have a CSR1000v to perform the NAT64 and a separate Linux VM for DNS64, the config below details combining both functions on a Raspberry Pi (RPi). The topology looks like this: apt-get install... Continue Reading →
A recent issue with a Linux IPv6 firewall which saw on-link hosts appear to be flapping according to monitoring tools, highlighting a IPv6 ND table overflow problem. The short version of the solution required: net.ipv6.neigh.default.gc_thresh1 = 256 net.ipv6.neigh.default.gc_thresh2 = 1024 net.ipv6.neigh.default.gc_thresh3 = 2048 To keep an eye on the neighbor table I created a series... Continue Reading →
Cisco 7206VXR FA-GE= port adapter performance High CPU utilization is not uncommon, especially when a router is struggling to process a packet and punts it between switching processes. The graphs below show the output from a production Cisco 7206VXR (NPE-G1, PA-GE=, PA-2FE-TX) router which is the primary for an IPv6 HSRP pair. Whenever the primary... Continue Reading →
IPv6 tunnel This scenario details how to connect an IPv6 enabled site which has no native IPv6 internet service to connect to a remote IPv6 routing service to facilitate end to end IPv6 transport, thus avoiding the need for NAT64. Hurricane Electirc (http://ipv6.he.net/) offers an excellent free service which allows for the use of global... Continue Reading →