Hi Group, We recently purchased some MX240's for our network. Initially the where supposed to be used as MPLS PE routers. And for DHCP + PPPoE subscriber termination. We are relying on netflow, for traffic accounting so we also got the MS-DPC's for that purpose.
But the MS-DPC offers much more than netflow :). Today we have several IPv4 MPLS based VPN's, for our customers. So what i wanted to achieve was to map each VPN's private address space, to a common IPv6 address space for management purposes. As an example the customer VRF's could be mapped as shown below: Vrf A 172.16.0.0/12 to 2a01:3a0:3333:0:0:2:ac10::/108 Vrf B 172.16.0.0/12 to 2a01:3a0:3333:0:0:3:ac10::/108 The management stations are all located on an IPv6 network, and should be presented with the same IPv4 addresses in each VRF. Junipers documentation calls NAT which translates both source and destination "Twice NAT". Twice nat between IPv4 and IPv6 works, with one exception. When a TCP session is closed, the MS-DPC tears down the flow in the statefull firewall too early. I seems like he session is terminated when the first FIN packet is seen in either direction. That's a bug for sure, and I hope Juniper will fix it. But for SNMP, ICMP, and syslog im still OK. The second issue I have is that the IPv4 source pool for the management stations should be the same I each customer VRF for two reasons. I think that this should be possible, as long as the source is within different VRF's 1. Same source, means all CE devices have the same configuration for management. 2. To make sure that there is no addressing conflict within the customer vrf's I want to use public IP's, allocating different IP's to each VRf would be a waste of IPv4 addresses Med venlig hilsen / Kind Regards Peter Krupl Netværksspecialist Teknik Direkte +45 3525 4752 Kundeservice +45 7026 2300 Fax +45 7026 2301 Stationsparken 25 . 2600 Glostrup . Danmark . siminn.dk _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
