IPv6 support in Cisco’s Data Center gear – Fall’11

Comparing promises, deliverables and generic progress seems to be popular in the harvest season, so let’s see how far Cisco pushed the Data Center IPv6 support in the six months since my last status report.

Kudos to the Nexus 7000/NX-OS team for doing the right thing. Not only did they make me happy by implementing full-blown MPLS, MPLS/TE and MPLS/VPN, they included 6PE and 6VPE in the first release of the MPLS code. Great job!

ACE team managed to beat me to the punch and released A5(1.0) software with full IPv6 support literally hours before I published this post. Congratulations!

Honorable mentions to the security folks who managed to repackage ASA into a different form factor (good bye, FWSM) and IOS XE engineers who rolled out non-redundant stateful NAT 64 in IOS XE release 3.4S almost two years after it was announced.

Last but definitely not least, I will not comment on IronPort’s glacial release strategy. The last Cisco IronPort AsyncOS for Email was released a year ago; IPv6 support is supposedly roadmapped for second half of 2011.

And here’s the color-coded chart:

FunctionalityIPv6 readiness state
Routers All WAN edge routers are IPv6 ready
Switches Catalyst 6500, Nexus 7000
Nexus 5000 (no IPv6 routing), Nexus 1000V (no IPv6 PACL)
Servers UCS infrastructure management (UCS Manager, KVM) works only over IPv4.
Firewalls ASA and ASA Service Module for Catalyst 6500
Virtual Security Gateway filters IPv6 based on Ethertype
Email/Web security IPv6 only supported by cloud-based Ironport solution (NAT64 anyone?)
Load balancers SLB64, SLB46, NAT64, NAT46 available on ACE30
NAT64 Stateless and stateful NAT64 on ASR1000. Still waiting for stateful failover implementation.
WAN optimization IPv6 not supported

2011-09-21 07:50GMT - added Servers section and updated Load balancers section.

Getting more information

The problems you might encounter when deploying IPv6 in your data center are described in my Enterprise IPv6 – the first steps webinar (recording); a Service Provider-focused version is scheduled for October 19th (register). Both webinars are available as part of the yearly subscription.

13 comments:

  1. IPv6 support is only roadmap in Cisco UCS, see:

    http://www.youtube.com/watch?v=HYTzs6TRbZ8
    http://www.cisco.com/en/US/products/ps10281/products_configuration_example09186a0080aefd13.shtml

    Tore

    ReplyDelete
  2. Thanks. Added the 'servers' category.

    ReplyDelete
  3. Nexus 7000 still doesn't have ISIS ipv6 support
    http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/unicast/configuration/guide/l3_isis.html

    ReplyDelete
  4. That's a coincidence, ACE support for IPv6 was released with A5(1.0) yesterday, see the release notes:
    http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA5_1_x/release/note/ACE_mod_rn_A51x.html

    ReplyDelete
  5. Wow :-P That happens when you schedule your posts a few hours in advance :-E

    Fixed. Thank you!

    ReplyDelete
  6. Cisco 3560/3750 can't do HSRP v6 and v4 on the same device. It is only v4 or v6 which is a pain. You can't do a dual stack implementation using this devices.
    http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_55_se/configuration/guide/swhsrp.html#wp1051422

    ReplyDelete
  7. And they wonder why the adopting rate of IPv6 is so slow. It's because the supported technology rate is so slow!

    ReplyDelete
  8. Does UCS Express support IPv6? Since it is based on ISR Gen2 possibly since the 15x code supports IPv6 and if the server modules support win 2008(IPv6) will it work in its VM? Just curious if anyone has tried this yet.

    ReplyDelete
  9. Cisco 3560/3750 can't do HSRP v6 and v4 on the same device. It is only v4 or v6 which is a pain. You can't do a dual stack implementation using this devices.
    ____________
    interesting Kiksen, is it possible to just keep HSRP for IPv4 but use IPv6 NDP to set the router preference with tuned RAs default router preference and lifetime for the same results? Or neighbor unreachability/dead gateway detection with Ipv6 icmp redirects for local router only?

    ReplyDelete
  10. The RA-based failover is probably not fast enough. Based on configuration guide it seems that the minimum RA interval you can set is 3 seconds and RA lifetime has to be at least twice the RA interval (or a single lost RA packet might cause problems).

    Is 8-10 seconds good enough for you? Tweak RA timers. Less than that? Use NHRP.

    ReplyDelete
  11. Hi Ivan,

    Part of enterprise DC could also wireless thing like WCS which support IPv6 this way --> (from doc) Always set to "1" because WCS only supports ipv4 addresses.
    http://www.cisco.com/en/US/docs/wireless/wcs/7.0/configuration/guide/7_0admin.html
    I`m not able found anything Cisco Prime and IPV6.

    and if customer using WLC as anchor (DMZ) for internet access --> then only IPv6 pass-through is available http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70ovrv.html

    you have most updates base on datasheet, which could not working properly.
    I like RIPE methodology. They sorted base on vendor claimant or confirmed by users.
    http://labs.ripe.net/Members/mirjam/ipv6-cpe-survey-updated-january-2011

    ReplyDelete
  12. Jon Harald Bøvre21 September, 2011 21:40

    ME3600X:
    IPv6 to be released 2011/2012 from what I was told from Cisco earlier this year.
    MPLS VPN IPv6 (VPNv6) will be later next year according to what I read in a Blog somewhere.

    ReplyDelete
  13. You must use -X or -E

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.