Is Anyone Using DMVPN-over-IPv6?

One of my readers sent me an interesting challenge: they’re deploying a new DMVPN WAN, and as they cannot expect all locations to have native (non-NAT) IPv4 access, they plan to build the new DMVPN over IPv6. He was wondering whether it would work.

Apart from “you’re definitely going in the right direction” all I could tell him was “looking at the documentation I couldn’t see why it wouldn’t work” Has anyone deployed DMVPN over IPv6 in a production network? Any hiccups? Please share your experience in the comments. Thank you!

Recent posts in the same categories

6 comments:

  1. Ed Horley 08 September 2014 04:15
    Ivan,
    It works, I've run v6 over v6, v6 over v4, and v4 over v4 just not v4 over v6 in my lab and some small deployments. I've used http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_dmvpn/configuration/15-2mt/ip6-dmvpn.html but there may be an updated version of that doc that is more current. The routing protocol selection (as you are aware) is likely the bigger deal given what you want to do. We can chat at Interop if you want to chat details. - Ed H.
  2. Anonymous 08 September 2014 06:35
    It's working fine. I've run v6 over v6 and v6 over v4 in a test environment using ios xe. Last I looked 6 months ago, the 6500 can't do any v6 dmvpn yet.
  3. Anonymous 08 September 2014 09:31
    On my side I tried ipv4 over ipv6 ipsec tunnel, so my outside interfaces were in ipv6 while inside were in ipv4... and it works well
    I used "mode gre ipv6" with "protection ipsec" with IOS 15.1(4)M6
    it was in VTI
    Nico
  4. Anonymous 08 September 2014 17:43
    It was my understanding that while DMVPN could transport either v4 or v6 in its tunnels, it required a v4 WAN at this time.
  5. James Small 08 September 2014 19:27
    Per Cisco Live Europe, 2013, BRKSEC-3052:
    * Cat 6500 - Not recommended for DMVPN
    * IPv6 transport support (underlying transport or "outer" VPN) added in IOS 15.2(1)T and IOS-XE 3.8S

    Also, 15.2(4)M was classified as a mainline release in June of 2013 and is currently one of the recommended releases for the ISR-G2s. So if you have ASRs or ISR-G2s I would be comfortable deploying with testing. The other big caveat is you have to make sure your carriers and internal operations/NMS can handle this decision.
  6. A Santoro 10 September 2014 21:01
    Thank you everyone for your feedback. -Tony
Add comment
Home
Sidebar