Just in case you haven’t noticed: RIPE region ran out of unallocated IPv4 addresses last Friday. RIPE members (regional registries) can get a single /22 each, enterprises that want to be IPv4-multihomed cannot get provider-independent addresses any more. It just might be time to start considering IPv6 in your data center. Let’s see whether the vendors agree with me.
Data center switches
I have some great news for you: most vendors started supporting IPv6 in their data center switches.
Cisco added IPv6 support on Nexus 5500 in the latest software release (all other Cisco’s DC switches supported IPv6 for quite a while), and Arista EOS documentation has a section on IPv6, although the data sheets still claim IPv6 will be supported in a future release.
All switches from Dell Force10 and HP, as well as EX-series switches from Juniper and MLX switches from Brocade had IPv6 support for a long time, as did Avaya and Alcatel Lucent.
And the products stuck in IPv4-only-land? Juniper’s QFabric has very limited IPv6 support in Junos release 12.2 (static routes on network node group only), Brocade VDX switches will support layer-3 forwarding with the new Network OS 3.0, but only for IPv4, and NEC ProgrammableFlow switches are still IPv4-only devices.
Firewalls and load balancers
Most (physical) firewalls and load balancers supported IPv6 for a while, often with significantly reduced performance. There were some notable exceptions, but that’s gruesome history that we should quickly forget.
These people must be living on a different planet. Obviously the virtual versions of physical appliances (example: BIG-IP virtual edition from F5) support IPv6, but one would hope that the vendors claiming to be focused on network virtualization wouldn’t forget that there’s life beyond virtual MACs and IPv4.
Nexus 1000V, Virtual Security Gateway (VSG) and vShield Edge (oops, VMware vCloud Networking and Security) have no IPv6 support. Juniper has announced IPv6 in its vGW Virtual Gateway, but the supporting documentation hasn’t found its way to Juniper’s web yet.
The clear winner in this category: Cisco ASA 1000V Cloud Firewall does not support IPv6. Let me get this straight: you took ASA code that had IPv6 support since (at least) release 7.0(1) from June 2007 and you removed IPv6 from it? Wow. Just wow.
Do we care?
You might not. You might decide deploying 6-to-4 load balancer in front of your legacy data center is good enough for the next 25 years. However, there are a “few people” that do – the service providers trying to provide common services to their data center clients. They cannot rely on coordinated usage of network 10.0.0.0/8 and thus have to provide the common services on public IPv4 addresses. Somewhat hard if you can’t get them, don’t you think?