Reply to comment:

Anonymous
<div class="content legacycomment"> <p> Juniper ScreenOS has a mostly solid IPv6 track record, we use ScreenOS 6.3.0r2 in a Active/Passive dual-stack setup with OSPFv2+v3 routing, and we are very satisfied. </p> <p> &nbsp; </p> <p> There's one column in the table:SNMP which still is in &quot;vendor&quot;. I've just tried this out, and there are some limitations/bugs. </p> <p> &nbsp; </p> <p> First, allowed clients to query SNMP can be defined with </p> <p> &nbsp; </p> <p> set snmp host &quot;&lt;community&gt;&quot; IPv4/IPv6 prefix </p> <p> &nbsp; </p> <p> But when you set an IPv6 address and use a non/128 prefix, you'll get: </p> <p> &nbsp; </p> <p> &quot;set snmp host foo 2001:a18:1:8::/64 </p> <p> Wrong ipv6 address mask, must be 128 bits.&quot; </p> <p> &nbsp; </p> <p> Useful; &quot;enter any prefix you like, as long as it's 128.&quot; - For IPv4, netmasks are supported just fine. </p> <p> &nbsp; </p> <p> A second nuisance comes with the use of manage-ip addresses. In our Active/Passive setup, there is a routed IP address which moves with the active host, and two per-device addresses that stay on the physical box also in event of failover. But: manage-ip addresses only work with IPv4; and if manage-ip are configured, the devices will refuse answering management traffic on the routed address. Consider scenario </p> <p> &nbsp; </p> <p> Primary </p> <p> -------- </p> <p> routed IPv4: A.B.C.1 </p> <p> routed IPv6: 2001::1 </p> <p> manage-ip A.B.C.2 </p> <p> &nbsp; </p> <p> Secondary </p> <p> ---------- </p> <p> standby routed IPv4: A.B.C.1 </p> <p> standby routed IPv6: 2001::1 </p> <p> manage-ip A.B.C.3 </p> <p> &nbsp; </p> <p> Querying SNMP works with A.B.C.2 and A.B.C.3 as expected. But even though no IPv6 manage-ip is set (ScreenOS doesn't support this!), the device will not respond to SNMP on 2001::1 on the respective primary. </p> <p> &nbsp; </p> <p> Effectively, this means enabling the feature manage-ip will as a by-product disable IPv6 SNMP. </p> <p> &nbsp; </p> <p> BTW: Other manage-services, like SSH, behave better: they will respond on A.B.C.2 (primary device), A.B.C.3 (secondary device) and 2001::1 (currently active device). </p> </div>