160 likes | 515 Views
IPv6 on Cisco ACE 30 and ACE 4710. Vikas Deolaliker ECBU Product Management Version Date: September, 2011. Availability – September 20 th , 2011. Ordering Guide. Performance. IPv6 on ACE Overview.
E N D
IPv6 on Cisco ACE 30 and ACE 4710 Vikas Deolaliker ECBU Product Management Version Date: September, 2011
Availability – September 20th, 2011 • Ordering Guide
IPv6 on ACE Overview IPv6 support for load balancing, management and gateway. USGv6 and IPv6Ph2 Logo compliance ready KEY FEATURES • COMPLIANCE: Enable ACE-30 and ACE4710 to comply with IPv6 base profiles for network devices from DISR and Cisco Arch. Guidelines • MANAGEMENT: Enable Management of IPv6 over IPv4 interface functionality ACE through • CLI on Module/Appliance • DM for ACE 4710 • ANM for ACE-30 and ACE-4710 • SLB: Enable load balancing of IPv6 servers with • i. Sticky • ii. ACLs • iii. Health checks • GATEWAY: V6Gateway for HTTP/HTTPs • i. V6 to V4 and V4 to V6translation 1 IPv4-to-IPv4 Catalyst Server farm ACE 2 1 IPv6-to-IPv6 IPv6-to-IPv4 IPv4-to-IPv6 2 ANM 3 3 4 Available on ACE 30 and ACE4710 September 20th, 2011
More Specifically… SLB Services applied to V6 VIP …. that load balances to servers … And is managed via v4 interface by v6 enabled manager. • IPv6-based SLB predictors • IPv6 based classMap • IPv6 based stickiness • IPv6-based Source NAT • IPv6-based Extended ACLs • SSL, incl. Client Certificate Authentication • IPv6-based probes • IPv6-based SLB stateful HA over IPv4 FT VLAN • Load balancing packets on a port channel based on IPv6 address, TCP/UDP port • IPv6 DSR Support (Transparent server farm) • IPv6 TCP/IP Normalization • Add Static IPv6routes • V6 Gateway for translation between v6/v4 clients to v6/v4 servers 14. IPv6 or IPv4 addressing 15. DHCPv6 Relay 16. Protocols supported in Phase I: (HTTP, SSL, DNS) Phase II: (SIP, Radius, DIAMETER, RTSP) • 17. Virtualized dual-stack IPv4/IPv6 • 18. IPv6 baseline Compliance • 19. DM for ACE 4710 • 20. Support in ANM for IPv6 Management Services IPv6 Enabled Services to Servers in SF IPv6 Enhanced SLB Services
Transparency with IPv4 Deployments A dual-stack approach to IPv6 enables ACE to support all deployment models (NAT, Bridge Mode) with minimal loss of performance for IPv4 traffic. Server Farm –V4 Server Farm – V6 IPv6 on ACE Key Differentiators • Deployment Mode Support • F5 does not have Bridge Mode with DSR • V6 Gateway Support (Translation between v6/v4 clients to v6/v4 servers) • Support for HTTP/s • Latency of IPv6 Web App • F5 translates/gateways regardless of configuration. (Hint: product called gateway) • Gateway sold as product module i.e. consumes the CPU and has no acceleration • Solution Approach • F5 does not work when front-ended with FW • F5 does not support VPN services on IPv6 1 2 One Arm Two Arm Routed DSR Bridged IPv4-to-IPv4 2 1 IPv6-to-IPv6 IPv6-to-IPv4 3 3 4 IPv4 Clients IPv6 Clients
Phased Implementation Compliance 1 SLB Services 2 Server Farm –V6 Virtual Dual Stack ALL Deployment Models Latency under 130ms L3 V6-V6 SLB CLI/Configuration Consistency with IPv4 V6 Gateway V6 Gateway for SIP, Radius, Diameter, RTSP, IMAP, SMTP, POP3 Server Farm – V4 USGv6 IPv6Ph2 Logo IPv6 on ACE Phase I Protocol Support Phase I: HTTP/s, SSL, DNS Phase II: SIP, Radius, Diameter, RTSP 3 One Arm Two Arm Routed DSR Bridged IPv4-to-IPv4 IPv6-to-IPv6 IPv6-to-IPv4 V6 Management Hybrid Server Farm 5 4 Hybrid Server Farms with richer SLB policies attached to hybrid servers (dual stack SAC of ServerFarm V6 Transport for Mgmt Apps IPv4 Clients IPv6 Clients Phase II
Product or Feature Target Roadmap IPv6 on ACE is expected in Q4CY11 1H CY11 2H CY11 1H CY12 2H CY12 • Phase - I • IPv6 Addressing for • Interfaces • VIP • Servers in SF • DHCPv6 Relay • V6-V4 Translation (HTTP) • Health Monitoring • Extended ACLs • Protocols: HTTP/s, DNS • DM Support for ACE 4710 • ANM Support for ACE-30 Phase - II Management over V6 Stateless Autoconfig Hybrid server support in SF Protocols: SIP Beta started May 31st.
Competitive: Deployment Model and IPv6 Addressing Dual stack implementation enables ACE to support all deployment models *V6 to V4 Only
Competitive: Beyond Compliance Comprehensive support for IPv6 features enables ACE to offer rich SLB services beyond “just” compliance
Competitive: Management Integration with upstream Cisco devices enables a customer to implement end-to-end IPv6 network.
Customer Research We polled 18 ACE customers across verticals for the IPv6 deployment status and requirements. • Survey Says … • Customer wants • V6-V6 for initial deployment • Are OK with management over V4 • REQUIRE IPv6 Baseline Compliance • Want Support for HTTP/s, then DNS Customer Preference for Dual Stack
IPv6 Adoption – Core and Datacenter 1.2% of the Web Server on internet have IPv6 services 4.4% of the AS on internet support IPv6 routes • 4.4% is not uniform across all AS. • 18% of Transit AS support IPv6 • 2.3% of Origin AS support IPv6 • 1.2% of web servers • 18% of Transit AS support IPv6 • 2.3% of Origin AS support IPv6 Source: APNIC
IPv6 Clients and Transit Routes Majority of clients are MacOS Majority of ISPs tunnel over IPv4 Based on incoming IPv6 address prefix, we can deduce that 31% of clients travelled over native IPv6 network. 66% of clients came over IPv4 through a tunneling technology deployed at ISP. Source: Google