- Gold, 750 points or more
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to learn about dual IPv6 and IPv6 stacked environment with Cisco subject matter expert Phil Remaker who can also explain typical failure modes in IPv6 transport and DNS that might be experienced. Phil will introduce some websites you can use to test your IPv6 connectivity in advance of World IPv6 Day and will be able to share with you about IPv6 connectivity options for websites and end users. is a distinguished support engineer at Cisco and is recognized for his wide range of knowledge and skills in Cisco products, networking protocols, and systems. He currently works as a technical leader in the Cisco Services Technical Services organization focusing on vexing problems around security, software release, and product manageability. You can watch the webcast here. You can also read all the questions that were asked and responded during the live webcast here.
Remember to use the rating system to let Phil know if you have received an adequate response.
Phil might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the discussion forum shortly after the event. This event lasts through May 27, 2011. Visit this forum often to view responses to your questions and the questions of other community members.
'Implementing VoIP for IPv6' is a reference for using IPv6 features in Cisco Voice Gateway products.
If your 3 devices are just acting as IPv6 packet routers not as VoIP endpoints, code older than 12.4(22) should be OK.
However, what worries me is that you report the version as 12.4(13r), which is not an IOS version but a ROM Monitor version. Please issue the "show version" command and look for the IOS Software version and not the ROM monitor version.
Will you be using the Cisco devices as voice gateways?
Thanks to all who attended and asked questions. I will do my best to answer them based on what I understand the question to mean. If I am not clear, please rephrase the question or ask another question.
Is there a way to test IPv6 tunnels if your service provider is not providing IPv6?
Yes. You can use a number of free public tunnel broker services. Three of the most popular are Hurricane Electric, SiXXS and Freenet6. You can find a longer list of tunnel broker providers at http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers. You can also use 6to4 or Teredo, but you can expect a more predictable experience from a Tunnel Broker. See also: https://supportforums.cisco.com/docs/DOC-14969
Do Cisco ASA's support tunnelbroker services from HE?
This functionality was just added in 8.3, but I'm not yet aware of a Cisco authored tech note on the topic. I did find an external site discussing it at http://efreedom.com/Question/2-147899/Cisco-ASA-Static-IPv6-Tunnel-Endpoint and I invite you to write up your own tech note on the support communities when you get it working. This topic may merit an independent thread!
Correction: 5/20/2011 - several folks privately pointed out to that the mentioned article above refers only to passing IP protocol 41 through the firewall from a tunnel endpoint inside the firewall. As of this writing, the ASA does not have the capability to terminate a 6in4 tunnel.
How can I buy an AS & PI ipv6 subnet?
Contact your local Regional Internet Registry (RIR). For example, the American Registry for Internet Numbers (ARIN) has their fee schedule for AS and PI subnets at https://www.arin.net/fees/fee_schedule.html. The other RIRs are listed at http://en.wikipedia.org/wiki/Regional_Internet_registry
Thoughts comparing dual stack deployment versus native IPv6 w/ NAT64/DNS64? Considering going with the latter (I'm starting the testing).
It depends a lot on your environment. If the devices are mostly under your administrative control and still have to contact a lot of IPv4 devices, dual stack still makes the most sense.
If you are facing serious IPv4 address space constraints or the devices will primarily speak to other IPv6 or you want to be able to take advantage of the simplicities of an all IPv6 environment the, NAT64 may be the better choice.
Be aware that at this point, the Cisco NAT64 implementations are 1:1 (stateless) meaning that each IPv6 address reaching out an IPv4 device needs to be matched to a dedicated IPv4 address. Presumably, a 1:many (stateful) NAT64 implementation will eventually become available.
In the end, the decision rests on your goals in your own network. Ivan Pepelnjak makes a good case for NAT64 in a recent blog at http://blog.ioshints.info/2011/05/nat64-its-all-about-legacy-content.html, but most enterprises I see are opting for dual stack since they have well established IPv4 processes. Even so, I know one large enterprise that prefers all IPv6 internally for the ease of subnet migration afforded by IPv6 as well as the ability to do away with stateful DHCP and IPv4 subnet management issues. For them, NAT64/DNS64 is the best path to access legacy IPv4 content.
Will 6to4 clients be impacted if we don't route IPv6 with our Inet carrier?
The beauty (horror?) of 6to4 is that it can run completely on an all-IPv4 carrier infrastructure. In fact, if you have a Windows Vista (o later) end host that gets assigned a global (non-RFC1918) address, it will automatically build a 6to4 tunnel to the nearest 6to4 relay using the well known anycast address of 192.0.2.42. Similarly, some home gateways will automatically form 6to4 tunnels without end-user intervention. So, even if your carrier does not run IPv6, any device that can reach the anycast address of 192.0.2.42 and pass IP protocol 41 can form a 6to4 tunnel. In summary, 6to4 clients do not need IPv6 on the carrier as long as they can reach a 6to4 relay over IPv4
Do I need to change configuration in my router to route to ipv6 address host?
If you want to run IPv6 natively on the LAN, you will need to configure IPv6 on your router. However, it is possible for IPv4 speaking hosts to directly terminate IPv6 through IPv4 so that the router does not NEED to participate. However, for the most seamless experience to the end user, IPv6 should be enabled on the router interfaces.
Roughly what percentage of public networks do not yet support ipv4?? Conversely, does common modern datacenter equipment already support ipv6 and come configured to use it by default?
I would estimate that zero percent of public networks do not support IPv4. Assuming the question intended to say IPv6, this question can be answered several ways. Cisco's own Eric Vyncke tracks the number of IPv6 capable web sited by top level domain at http://www.vyncke.org/ipv6status/. If you mean the number of service providers that can offer a native IPv6 connection, http://www.sixxs.net/faq/connectivity/?faq=native provides a list. The "BGP Weathermap at http://bgpmon.net/weathermap.php?inet=6 shouls the number of IPv6 prefixes appearing on a per-country basis, and http://www.cidr-report.org/v6/as2.0/ provides Geoff Huston's report on the number of autonomous systems carrying IPv6 routes (prefixes).
As for the second part of the question, it depends on your definition of "Modern Datacenter Equipment." My estimation is "not enough!!" Clearly, all layer 2 switches "support" IPv6, but layer-crossing features like ARP and DHCP spoofing defense take different form when using IPv6 (collectively, the feature set is called "First Hop Security"). Industry wide, vendors are striving to get more IPv6 features in more places as fast as possible. Which features do you most need in your modern datacenter equipment?
5/20/2011: Corrected erroneous statement on ASA tunnel termination.