Despite ongoing warnings about an impending IPv4 address exhaustion, enterprises are still slow to begin their...
IPv6 migration plans. Given the spotty vendor record on supporting the new 128-bit hexadecimal addressing specification on wide area network (WAN) devices and services, who can blame them?
"The results [from vendors] are mixed," said Ivan Pepelnjak, CCIE No. 1354 and chief technology adviser at NIL Data Communications, a consulting firm based in Slovenia. "Many reputable vendors have implemented IPv6 on their core products, but some of them have clearly forgotten auxiliary products they offer or [from] recent acquisitions."
Issues range from products lacking basic IPv6 support to performance and configuration inconsistencies, said Pepelnjak, who found lackluster IPv6 support for WAN devices in Cisco Systems' data center portfolio last fall.
"Cisco's routers, switches and firewalls have supported IPv6 for years, and F5's implementation on their load balancers is robust enough to survive production deployment at Facebook," he said. But Cisco's Application Control Engine (ACE) load balancer has "no IPv6 support whatsoever," he added.
Cisco's WAN optimization product, Wide Area Application Services (WAAS), also offers no IPv6 support, Pepelnjak said. He found no IPv6 support on its application-level firewall for ACE, XML Gateway. Earlier problems with IPv6 failover in Cisco's flagship Adaptive Security Appliances (ASA) have since been resolved, Pepelnjak said. Cisco announced IPv6 support for IronPort, its email and Web security product, in June.
The level of IPv6 support among the other vendors of WAN devices varies. Some are reluctant to talk about their IPv6 posture at all. A Riverbed Technology spokesman declined a request to discuss how the WAN optimization vendor will help customers with IPv6 migrations, saying the company was not ready to speak publicly about its strategy.
Silver Peak Systems' NX and VX series WAN optimization devices optimize IPv6 traffic when encapsulated in IPv4 headers, according to Jeff Aaron, vice president of marketing at Silver Peak. The products are expected to have native IPv6 support toward the end of the year via a software upgrade, he said.
Meanwhile, many service providers haven't yet completed their own IPv6 migrations -- much less issue IP addresses or launch services, Pepelnjak said. That will be an issue for enterprises using Multiprotocol Label Switching (MPLS), a Layer 3 technology, for virtual private network (VPN) services, he added, noting that virtual private LAN services (VPLS), a Layer 2 technology, presents fewer problems.
"Lack of IPv6-enabled MPLS VPN services will be a major pain in the short term," Pepelnjak said. "Users determined to deploy IPv6 in their enterprise networks will sometimes have to resort to IPv6-over-IPv4 tunnels to circumvent the [service provider] limitations."
With so few IPv6 migrations, are WAN devices a concern?
Enterprises have been hesitant to embrace IPv6 and eager to find ways to delay the transition, so it remains unclear whether support for IPv6 on WAN devices is a serious and widespread concern yet for networking pros.
I would suggest any [IT pro] ensure that either their current vendors support IPv6 or, at [minimum], have a good roadmap on getting there.
W. Kelly Reed Network EngineerU.S. transportation company
Plotting an IPv6 migration is a distant thought for Bob Andreini, global director of ISIT at Measurement Specialties, a designer and manufacturer of sensors and sensor-based systems with 14 manufacturing plants throughout the United States, Western Europe and China.
"We are not doing anything with IPv6 at this point," Andreini said. "[It's] not even a topic of discussion."
W. Kelly Reed, a network engineer with a U.S. transportation company, said his organization is just beginning its IPv6 transition by making IPv6 support a requirement for new equipment purchases. Finding IPv6-capable equipment has not been a problem so far, and he recently chose Riverbed's Steelhead appliance for its IPv6 support.
Reed expects that his IPv6 transition will center on supporting remote connectivity for partners and clients coming from IPv6 addresses, and he acknowledged that he has "not even started thinking about what it would require, honestly."
"I don't mean to sound anti-dramatic, but most of our vendors already support IPv6. Outside the pure headache of readdressing, we are not that concerned about the migration," Reed said. "I would suggest any [IT pro] ensure that either their current vendors support IPv6 or, at [minimum], have a good roadmap on getting there."
IPv6 support on WAN devices not just 'a checkbox item'
Enterprises will find that they need to look beyond the fact that their WAN devices can understand IPv6, according to Joda Schaumberg, west-area vice president of sales engineering at Global Crossing. WAN managers should plan to spend "significant" time on configuration to ensure that features perform the same in IPv6 as they do in an IPv4 environment.
"On paper, you might think the answer is very straightforward: 'Hey it's just another IP address scheme' … and unfortunately that's not the case," Schaumberg said, citing his recent work with a North American enterprise's IPv6 transition. "We've done quite a bit of due diligence into the different IOS levels from Cisco, and it's not as straightforward as configuring an IPv6 address on a router and saying it's good to go."
Blue Coat Systems is approaching WAN optimization for IPv6 with its focus on the users and the applications at Layer 7, not at Layer 3, according to Qing Li, chief scientist at Blue Coat, which recently incorporated application-level gateway support and application acceleration for IPv6 traffic on its ProxySG appliances.
"Many vendors are really providing IPv6 as a checkbox item," Li said. "When you're translating, you're taking the original packet and creating another packet from it…. We do not do mechanical translation. We take the language, read the language, fully understand what the [application] is trying to convey and re-convey that message natively ... so that an IPv4 user getting IPv6 content is getting the right content."
Find IPv6-capable network appliances using this advice from Blue Coat chief scientist Qing Li.