Why Doesn’t IPv6 Work on My Juniper EX Switch?

Sad Panda

Once upon a time I had a lovely home network where IPv4 and IPv6 coexisted in perfect harmony. And then the big bad Juniper EX3200 switch was installed, and suddenly my IPv6 world ended. In a similar vein to the multicast issue I described in a previous post, out of the box, this (admittedly somewhat old) release of Junos OS kills IPv6 on the LAN.

I could argue – probably quite successfully – that a layer 2 switch should try and act like a layer 2 switch and not get its nose stuck into protocols that aren’t any of its business. But it is what it is, and what you really need to know is how to fix it, right?

IPv6 Architecture

I don’t, for the record, do anything particularly special or clever with IPv6. I have a global /64 that I use on my home LAN, and my edge router connects me to a IPv6 tunnel broker so I can reach the rest of the IPv6 world – at least until Comcast starts offering dual stack connections. The Juniper EX3200 is acting as a layer 2 switch for my main home LAN, but I have configured a Layer 3 interface on that VLAN for ease of management:

Testing

Some quick WireShark testing confirmed that while I was sending IPv6 from my devices, nothing was making it through the EX. This is a pretty effective way to kill off connectivity.

The Solution

There’s no point wasting time, because what you need to know is how to fix this problem. It’s simple – enable IPv6 on the layer 3 interface. Yes, I know – but it works:

The final configuration:

Yes it really is that simple. The moment that’s configured, IPv6 starts flowing through the switch again. One simple line of configuration and once again I have access to the huge swathes of exclusivley IPv6-accessible content on the interwebs. Nyah nyah!

If You Don’t Have IPv6

If you don’t have IPv6, you don’t know what you’re missing. It’s like a secret club, and you’re not invited. I happen to use sixxs.net as my broker for various historical reasons, but  if you’re in the US, Hurricane Electric are also an awesome choice. I’m sure there are others out there too.

Is This Still The Way?

My switch is still creaking along on Junos OS 9.2R1, so it’s entirely possible that things have changed since then. If you have any insight into that, please let me know!

5 Comments on Why Doesn’t IPv6 Work on My Juniper EX Switch?

  1. This apparently is normal for EX Series. Since you turned on L3 routing you must enable v6. Family inet6 does the trick. Also, it looks to me that v6 wasn’t really supported until 9.3 on EX so you may see some weirdness.

    • It’s an odd “normal” though, don’t you think? I don’t believe I should have to enable inet6 on the RVI just to allow the EX to switch IPv6 frames!

      Thankfully I don’t need the router to actually /route/ IPv6 right now, so I’m less worried about its capabilities. At some point, I’ll upgrade it. Chris Jones gave me a bunch of tips and caveats for that process, and I just need to find time to put them into action!

      Thanks for the comments and information!

      • It is different than I would have expected. Underlying hardware of the platform drives a lot these kind of decisions. I do not deal with EX a lot but curious enough to dig a little.

        I am fairly confident you activated the routing processes when you configured an IP on the vlan interface. Once you did that you needed to turn on v6 and doing that via a family protocol statement is a very Junos thing to do :).

    • Part of the issue might be that the management interface is actually me0 (believe it is on the back on EX3200). Be interesting to see if the problem exists if you configured me0 with the IP and plugged that port into L2 vlan (removing the interface vlan family inet commands).

      • Indeed – avoiding me0 was just laziness on one level, plus I needed to have the RVI present to do some NAT for me for something else. I would like to try without the RVI to see the behavior though. Regardless of how I happen to manage the switch though, I think the behavior is incorrect – if I had an RVI on the VLAN for any other reason, I’d hit this issue.

        Thanks!

Leave a Reply

Your email address will not be published.


*