IPv6 Routing on EX4200 / EX3300 – Common Questions

ipv6juniper-exroutingswitch

we have about 5 Servers and currently only a cheap L2 Switch.

We got an /42 IPv6 Network assigned from our provider and want to route this /42 Network into multiple /64 subnets. These can just be static without any DHCP but they should have access to the internet.
In this case we want to upgrade our switch to an L3 Switch to support basic routing options.

We are thinking about a Juniper EX4200-48T or a Juniper EX3300-48T but we don't want to buy anything that expensive without knowing the switch is the right one.
Also we have seen we need an AFL license to enable all the L3 routing features and only basic L3 features are available without the AFL license.
Since nobody has done this before here, we are probably a little bit confused what exactly we are needing now.

Here is a little pull out of the EX4200 documentation:

Layer 3 Features: IPv6

Max number of Neighbor Discovery (ND) entries: 16,000 (shared with IPv4)

Max number of IPv6 unicast routes in hardware: 4,000

Max number of IPv6 multicast routes in hardware: 2,000

routing protocols: rIPng, OSPFv3, IPv6, ISIS, BGP4+, PIM, MLD, MLDv2

Static routing

Am I right when I assume we just need "static ipv6 routing" for what we want to do?
And does anybody know whether static ipv6 routing is useable without an AFL license.
If someone has a better suggestion what we should do or which switch we need to do this I would be very grateful.

Thank you.

//Edit

We don't want to exchange subnet information with neighboring routers.
We only want that every server or virtual Server which is connected to that switch gets his own /64 subnet.
My thought was here, we just have to create for every subnet a static ipv6 route which is available without AFL (i think)

Router -> Juniper Switch

Port1 = Server1 with its own /64 subnet

Port2 = Server2 with its own /64 subnet and every vserver on it

Port3 = Server3 with its own /64 subnet

Best Answer

If you aren't trying to exchange subnet information with neighboring routers about these /64's, then you'll be fine with the stock EX4200 loadout. However, if you were going to, you'll need routing protocol support (i.e. RIPng, OSPFv3, ISIS, BGP) that only comes with an AFL. Given your design intentions, you don't need the AFL.

Check out Juniper's "Understanding Software Licenses for EX Series Switches" to get more information into what you actually get with the AFL.

Note: All of this functionality exists with/without the AFL, you simply get a warning/syslog message when you don't. They go on more of an honor system.

Related Solutions

Routing – Layer 3 Switch Routing vs Router on a Stick

My sugestion is to configure switch virtual interfaces(SVI) in core switch for each Vlan . And enable inter-Vlan routing by using command "IP Routing" After enabling inter-Vlan routing all vlan will communicate to each other , Now Configure access-list accordinglly to restrict traffic among Vlans accordinglly to your business requirements . Further connect access switches to coreswitch and Configure trunk port or access ports according to requirements.

Configure default route in coreswitch pointing towards firewall Ingress interfàce . From firewall again default route is configured pointing towards ISP gateway for internet traffic routing. .

Now firewall is used to control and monitor inbound & Outbound tràffic .

Juniper EX4200 QinQ Configuration and Troubleshooting

Q-in-Q on the 4200 is super non-intuitive, but here is the configuration that will work for you:

If you're mixing Q-in-Q and dot1q, you need to set the dot1q tunnelling ethertype to be 0x8100

set ethernet-switching-options dot1q-tunneling ether-type 0x8100

Now, configure the interface you'll be receiving the C-TAGs on - note that you will only configure it as an untagged interface (very non-intuitive):

set interfaces ge-0/0/7 unit 0 family ethernet-switching

Now create your S-VLAN 5 and "C-VLAN" 41 and apply them to interface ge-0/0/7.0 - note that because the interface is not tagged in the previous step, you have to apply the interface within the VLAN configuration as per below (other interfaces in VLAN 41 can be applied in the normal way):

set vlans SV5 vlan-id 5
set vlans SV5 interface ge-0/0/7.0
set vlans SV5 dot1q-tunneling customer-vlans 42
set vlans SV5 dot1q-tunneling customer-vlans 51
set vlans SV5 dot1q-tunneling customer-vlans 52
set vlans CV41 vlan-id 41
set vlans CV41 interface ge-0/0/7.0

The last piece is how to deal with the dot1q tag being received; if you leave things as they are, the dot1q traffic for VLAN 41 will be dropped on ingress to port ge-0/0/7.0, so you need to create a VLAN swap action which essentially swaps 41 with 41 (like I said, it's super non-intuitive):

set vlans CV41 interface ge-0/0/7.0 mapping 41 swap

Now you should be able to handle both dot1q and q-in-q frames on the same interface.

One caveat to be aware of is that you can't have an S-VLAN ID the same as any of your C-VLAN IDs, since you need to create the VLAN on the switch to tunnel.

Best Answer

Related Solutions

Routing – Layer 3 Switch Routing vs Router on a Stick

Juniper EX4200 QinQ Configuration and Troubleshooting

Related Topic