1Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
R1.3.1
IPv6 on Cisco ACE 30 and ACE 4710
Vikas Deolaliker
ECBU Product Management
Version Date: September, 2011
2Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
Availability – September 20th, 2011
Ordering Guide
3Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
PerformanceDevice Layer 4
Connections per second
Layer 4 Throughput Gbps
Layer 7 Requests per second
SSL TPS SSL Bulk (Gbps)
Compression (Gbps)
ACE20-V4 545,578 11.5 214,397 31,403 6.534 6.5
ACE30-V6 409,774 12.1 173,327 32,469 5.32 6.7
ACE30-V4 500,191 11.4 198,100 31,496 6.326 6.587
ACE30-V6XV4
285,438 12.3 151,825 31,853 6.641
ACE30-V4XV6
ACEAPP-4.1-V4
102,007 3.6 35,500 7096 1.2 2.4
ACEAPP-5.1-V6
64,515 3.8 26,910 6639 1.1 2.0
ACEAPP-5.1-V4
94,071 3.8 32,994 6890 1.1 2.1
ACEAPP-5.1-V6XV4
65,369 3.8 28,305 6719 1.9
ACEAPP-5.1-V4XV6
4Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
IPv6 on ACE Overview
ACE
Catalyst
1. COMPLIANCE: Enable ACE-30 and ACE4710 to comply with IPv6 base profiles for network devices from DISR and Cisco Arch. Guidelines
MANAGEMENT: Enable Management of IPv6 over IPv4 interface functionality ACE through i. CLI on Module/Applianceii. DM for ACE 4710iii. ANM for ACE-30 and ACE-4710
SLB: Enable load balancing of IPv6 servers with
i. Sticky ii. ACLs iii. Health checks
GATEWAY: V6 Gateway for HTTP/HTTPs i. V6 to V4 and V4 to V6 translation
KEY FEATURES
ANM
Available on ACE 30 and ACE4710September 20th, 2011
1
2
3
1
Ser
ver
farm
2
3
IPv6 support for load balancing, management and gateway. USGv6 and IPv6 Ph2 Logo compliance ready
IPv4-to-IPv4
IPv6-to-IPv6IPv6-to-IPv4IPv4-to-IPv6
4
5Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
More Specifically…SLB Services applied to V6 VIP ….
Management Services
IPv6 Enabled Services to Servers in SF
IPv6 Enhanced SLB Services
1. IPv6-based SLB predictors
2. IPv6 based classMap
3. IPv6 based stickiness
4. IPv6-based Source NAT
5. IPv6-based Extended ACLs
6. SSL, incl. Client Certificate Authentication
7. IPv6-based probes
8. IPv6-based SLB stateful HA over IPv4 FT VLAN
9. Load balancing packets on a port channel based on IPv6 address, TCP/UDP port
10. IPv6 DSR Support (Transparent server farm)
11. IPv6 TCP/IP Normalization
12. Add Static IPv6 routes
13. V6 Gateway for translation between v6/v4 clients to v6/v4 servers
14. IPv6 or IPv4 addressing
15. DHCPv6 Relay
16. Protocols supported in
Phase I: (HTTP, SSL, DNS)
Phase II: (SIP, Radius, DIAMETER, RTSP) 17. Virtualized dual-stack IPv4/IPv6
18. IPv6 baseline Compliance
19. DM for ACE 4710
20. Support in ANM for IPv6
that load balances to servers …
And is managed via v4 interface by v6 enabled manager.
6Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
Transparency with IPv4 DeploymentsA dual-stack approach to IPv6 enables ACE to support all deployment models (NAT, Bridge Mode) with minimal loss of performance for IPv4 traffic.
Deployment Mode Support• F5 does not have Bridge Mode with
DSR •
V6 Gateway Support (Translation between v6/v4 clients to v6/v4 servers)• Support for HTTP/s
Latency of IPv6 Web App• F5 translates/gateways regardless
of configuration. (Hint: product called gateway)
• Gateway sold as product module i.e. consumes the CPU and has no acceleration
Solution Approach• F5 does not work when front-
ended with FW
• F5 does not support VPN services on IPv6
Key Differentiators
1
3
4
2
Server Farm – V6
IPv4 Clients IPv6 Clients
Server Farm –V4
IPv4-to-IPv4IPv6-to-IPv6IPv6-to-IPv4
One ArmTwo ArmRouted
DSRBridged
1
2
3
IPv6 on ACE
7Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
Phased ImplementationP
has
e I
Ph
ase
II
1 2I. USGv6II. IPv6 Ph2 Logo
Compliance SLB Services
Server Farm – V4
IPv4 Clients IPv6 Clients
Server Farm –V6
IPv4-to-IPv4IPv6-to-IPv6IPv6-to-IPv4
One ArmTwo ArmRouted
DSRBridged
IPv6 on ACE
4
Protocol Support
Phase I: HTTP/s, SSL, DNS
Phase II: SIP, Radius, Diameter, RTSP
5 V6 Management
I. Virtual Dual Stack
II. ALL Deployment Models
III. Latency under 130ms
IV. L3 V6-V6 SLB
V. CLI/Configuration Consistency with IPv4
VI. V6 Gateway
VII. V6 Gateway for SIP, Radius, Diameter, RTSP, IMAP, SMTP, POP3
I. SAC of ServerFarm
II. V6 Transport for Mgmt Apps
I. Hybrid Server Farms with richer SLB policies attached to hybrid servers (dual stack
Hybrid ServerFarm
3
8Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
Product or Feature Target Roadmap
1H CY11
2H CY11
1H CY12
2H CY12
Phase - I
1. IPv6 Addressing for I. InterfacesII. VIPIII. Servers in SF
2. DHCPv6 Relay3. V6-V4 Translation (HTTP)4. Health Monitoring5. Extended ACLs6. Protocols: HTTP/s, DNS7. DM Support for ACE 47108. ANM Support for ACE-30
IPv6 on ACE is expected in Q4 CY11
Phase - II
1. Management over V62. Stateless Autoconfig3. Hybrid server support in SF4. Protocols: SIP
Beta started May 31st.
9Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
Competitive: Deployment Model and IPv6 Addressing
IPv6 Functionality Description ACE F5 CitrixSupported SLB Insertion Models
- Dual Stack Node Independent Dataplanes for V4 and V6 Yes No No
- Gateway Node V6 -> V4 or V4 -> V6 translation Yes* Yes Yes
- InterSLB communication in V6 HA heartbeat or state exchange using interfaces with V6 addresses Ph-2 No No
- Transparent Mode Support (IP transparency) Source IP of client sent to the host Yes No No
- HA over IPv6 HA configuration over IPv6 Only. Without this, HA goes over IPv4 Ph-2 Yes No
IPv6 Addressing for SLB Resources IPv6 addresses for
- Device - ACE Yes Yes Yes
- NAT - Source IPv6 used when not DSR Yes Yes Yes
- VIP - VIP-6 Yes Yes Yes
- GSS - IP on which GSS send KALs Yes Yes Yes
- Server Farm - IPv6 addr for v-servers Yes Yes Yes
- Mixed v4/v6 Server Farm - V6 and V4 addresses in ServerFarm Yes Yes Yes
Dual stack implementation enables ACE to support all deployment models
*V6 to V4 Only
10Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
Competitive: Beyond Compliance
IPv6 Functionality Description ACE F5 Citrix
IPv6 Services to servers in serverfarm
- Path MTU Discovery Allows hosts to query SLB and get optimal MTU side Ph2 No No
- ICMPv6 support Provides network health information (dropped packets) to hosts in server farm Yes * Yes
- DNS Support (PTR and AAAA) AAAA maps a URL to IPv6 Addr, PTR maps address to hostname Ph2 * Yes
- Router Advertisement ACE will send RA messages to hosts in the routed mode Yes * Yes
- Neighbor Redirect When multiple routers available ACE can sets router preference through NR message Yes * Yes
IPv6 Compliance
IPv6 Baseline and Compliance
- Address Resolution Yes * Yes
- Duplicated Address Detection Yes * *
- Neighbor Unreachability Detection Yes * *
- Router Discovery Yes * Yes
- Prefix Delegation Yes * No
Comprehensive support for IPv6 features enables ACE to offer rich SLB services beyond “just” compliance
11Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
Competitive: Management
IPv6 Functionality Description ACE BigIP NS
Management Tools
- Ping for v6 Yes * Yes
- SSH for v6 Ph2 * Yes
- GUI for v6 Ph2 * Yes- Transport Protocol over DM over V6
Ph2 * Yes
- Probes Yes No Yes
- CLI, GUI and Manager Management/configuration over V4 Yes Yes Yes
IPv6 Enabled SLB Services
- Static Routing and RHI Yes * Yes
- DSR Support Direct Server Return Yes No No
- ACL Support Yes Yes Yes
- Port based VLAN Support Yes No Yes
3rd Party Management Apps Enablement
- XML API Support Yes Yes Yes
- SNMP v6 Support No * Yes
Integration with upstream Cisco devices enables a customer to implement end-to-end IPv6 network.
12Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
IPv6 on ACE PerformanceDevice Layer 4
Connections per second
Layer 4 Throughput Gbps
Layer 7 Requests per second
SSL TPS SSL Bulk (Gbps)
Compression (Gbps)
ACE30-4.1-V4
545,578 11.5 214,397 31,403 6.534 6.5
ACE30-5.1-V6
409,774 12.1 173,327 32,469 5.32 6.7
ACE30-5.1-V4
500,191 11.4 198,100 31,496 6.326 6.587
ACE30-V6XV4
285,438 12.3 151,825 31,853 6.641
ACE30-V4XV6
ACEAPP-4.1-V4
102,007 3.6 35,500 7096 1.2 2.4
ACEAPP-5.1-V6
64,515 3.8 26,910 6639 1.1 2.0
ACEAPP-5.1-V4
94,071 3.8 32,994 6890 1.1 2.1
ACEAPP-5.1-V6XV4
65,369 3.8 28,305 6719 1.9
ACEAPP-5.1-V4XV6
13Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
14Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
TBD v4only v6-v4 v6-v60
1
2
3
4
5
6
7
8
9
SLEDISPFEDEnterprise
Customer Research
Survey Says … Customer wants
1.V6-V6 for initial deployment
2.Are OK with management over V4
3.REQUIRE IPv6 Baseline Compliance
4.Want Support for HTTP/s, then DNS
Customer Preference for Dual Stack
We polled 18 ACE customers across verticals for the IPv6 deployment status and requirements.
15Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
IPv6 Adoption – Core and Datacenter4.4% of the AS on internet support IPv6
routes
4.4% is not uniform across all AS. 18% of Transit AS support IPv62.3% of Origin AS support IPv6
1.2% of the Web Server on internet have IPv6 services
1.2% of web servers18% of Transit AS support IPv62.3% of Origin AS support IPv6
Source: APNIC
16Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.
IPv6 Clients and Transit Routes
Based on incoming IPv6 address prefix, we can deduce that 31% of clients travelled over native IPv6
network. 66% of clients came over IPv4 through a tunneling technology
deployed at ISP.
Operating System
IPv6 Source IP
MacOS 2.42%
Linux 0.96%
Vista 0.37%
Win 2K3 .07%
Majority of clients are MacOS Majority of ISPs tunnel over IPv4
Source: Google