Juniper: 6VPE Centralized Internet Access

I recently worked on a pilot project which aim is to provide IPv6-only global connectivity to a open wireless network. The network is mostly made of IEEE 802.11n base stations routing traffic from various mobile devices (e,g. laptops, smartphones) to outside services on the Internet. I had to address three challenges; the first being the lack of proper IPv6 support on some platforms, in particular on 'old' Android 4.x devices. The second challenge was to forward and transport the native IPv6 traffic from the clients, through the base stations and up to the nearest service provider's exit point. To address the latter I decided to leverage 6VPE on the MPLS backbone; the latter being composed of multi-vendors equipments from Cisco Systems and Juniper Networks. The label distribution protocol chosen is LDP for it's simplicity of operation and troubleshooting. Finally, and this is the topic of this article, I had to provide Internet Services to the wireless VPN instances so mobile clients can browse the web in a transparent and efficient manner, despite their physical locations and the base station they're associated with.

Read More

NAT66 and IPv6 ULA on Juniper SRX

Sometimes, you do not have access to enough public address space to number all your subnets. This is especially recurrent in virtualized environments where network segmentation is a natural design choice. In such environments, you may have several VLANs and routing instances (call them routing domains, or contexts, depending of the vendor terminology you're familiar with), and for each, comes a unique set of subnets. Every network operator knows how painful IP address management is, and we all want to avoid renumbering our network, especially if the following account for hundreds, if not thousands of subnets. You certainly also figured out that Network Address Translation (NAT) could help in this manner, but do you know its benefits could be as well applied to the IPv6 world?

Read More