1 cisco highly confidential nda required © 2010 cisco systems, inc. all rights reserved. r1.3.1...

1Cisco Highly ConfidentialNDA Required © 2010 Cisco Systems, Inc. All rights reserved.

R1.3.1

IPv6 on Cisco ACE 30 and ACE 4710

Vikas Deolaliker

ECBU Product Management

Version Date: September, 2011


Availability – September 20th, 2011

Ordering Guide


PerformanceDevice Layer 4

Connections per second

Layer 4 Throughput Gbps

Layer 7 Requests per second

SSL TPS SSL Bulk (Gbps)

Compression (Gbps)

ACE20-V4 545,578 11.5 214,397 31,403 6.534 6.5

ACE30-V6 409,774 12.1 173,327 32,469 5.32 6.7

ACE30-V4 500,191 11.4 198,100 31,496 6.326 6.587

ACE30-V6XV4

285,438 12.3 151,825 31,853 6.641

ACE30-V4XV6

ACEAPP-4.1-V4

102,007 3.6 35,500 7096 1.2 2.4

ACEAPP-5.1-V6

64,515 3.8 26,910 6639 1.1 2.0

ACEAPP-5.1-V4

94,071 3.8 32,994 6890 1.1 2.1

ACEAPP-5.1-V6XV4

65,369 3.8 28,305 6719 1.9

ACEAPP-5.1-V4XV6


IPv6 on ACE Overview

ACE

Catalyst

1. COMPLIANCE: Enable ACE-30 and ACE4710 to comply with IPv6 base profiles for network devices from DISR and Cisco Arch. Guidelines

MANAGEMENT: Enable Management of IPv6 over IPv4 interface functionality ACE through i. CLI on Module/Applianceii. DM for ACE 4710iii. ANM for ACE-30 and ACE-4710

SLB: Enable load balancing of IPv6 servers with

i. Sticky ii. ACLs iii. Health checks

GATEWAY: V6 Gateway for HTTP/HTTPs i. V6 to V4 and V4 to V6 translation

KEY FEATURES

ANM

Available on ACE 30 and ACE4710September 20th, 2011

1

2

3

1

Ser

ver

farm

2

3

IPv6 support for load balancing, management and gateway. USGv6 and IPv6 Ph2 Logo compliance ready

IPv4-to-IPv4

IPv6-to-IPv6IPv6-to-IPv4IPv4-to-IPv6

4


More Specifically…SLB Services applied to V6 VIP ….

Management Services

IPv6 Enabled Services to Servers in SF

IPv6 Enhanced SLB Services

1. IPv6-based SLB predictors

2. IPv6 based classMap

3. IPv6 based stickiness

4. IPv6-based Source NAT

5. IPv6-based Extended ACLs

6. SSL, incl. Client Certificate Authentication

7. IPv6-based probes

8. IPv6-based SLB stateful HA over IPv4 FT VLAN

9. Load balancing packets on a port channel based on IPv6 address, TCP/UDP port

10. IPv6 DSR Support (Transparent server farm)

11. IPv6 TCP/IP Normalization

12. Add Static IPv6 routes

13. V6 Gateway for translation between v6/v4 clients to v6/v4 servers

14. IPv6 or IPv4 addressing

15. DHCPv6 Relay

16. Protocols supported in

Phase I: (HTTP, SSL, DNS)

Phase II: (SIP, Radius, DIAMETER, RTSP) 17. Virtualized dual-stack IPv4/IPv6

18. IPv6 baseline Compliance

19. DM for ACE 4710

20. Support in ANM for IPv6

that load balances to servers …

And is managed via v4 interface by v6 enabled manager.


Transparency with IPv4 DeploymentsA dual-stack approach to IPv6 enables ACE to support all deployment models (NAT, Bridge Mode) with minimal loss of performance for IPv4 traffic.

Deployment Mode Support• F5 does not have Bridge Mode with

DSR •

V6 Gateway Support (Translation between v6/v4 clients to v6/v4 servers)• Support for HTTP/s

Latency of IPv6 Web App• F5 translates/gateways regardless

of configuration. (Hint: product called gateway)

• Gateway sold as product module i.e. consumes the CPU and has no acceleration

Solution Approach• F5 does not work when front-

ended with FW

• F5 does not support VPN services on IPv6

Key Differentiators

1

3

4

2

Server Farm – V6

IPv4 Clients IPv6 Clients

Server Farm –V4


One ArmTwo ArmRouted

DSRBridged

1

2

3

IPv6 on ACE


Phased ImplementationP

has

e I

Ph

ase

II

1 2I. USGv6II. IPv6 Ph2 Logo

Compliance SLB Services

Server Farm – V4

IPv4 Clients IPv6 Clients

Server Farm –V6


One ArmTwo ArmRouted

DSRBridged

IPv6 on ACE

4

Protocol Support

Phase I: HTTP/s, SSL, DNS

Phase II: SIP, Radius, Diameter, RTSP

5 V6 Management

I. Virtual Dual Stack

II. ALL Deployment Models

III. Latency under 130ms

IV. L3 V6-V6 SLB

V. CLI/Configuration Consistency with IPv4

VI. V6 Gateway

VII. V6 Gateway for SIP, Radius, Diameter, RTSP, IMAP, SMTP, POP3

I. SAC of ServerFarm

II. V6 Transport for Mgmt Apps

I. Hybrid Server Farms with richer SLB policies attached to hybrid servers (dual stack

Hybrid ServerFarm

3


Product or Feature Target Roadmap

1H CY11

2H CY11

1H CY12

2H CY12

Phase - I

1. IPv6 Addressing for I. InterfacesII. VIPIII. Servers in SF

2. DHCPv6 Relay3. V6-V4 Translation (HTTP)4. Health Monitoring5. Extended ACLs6. Protocols: HTTP/s, DNS7. DM Support for ACE 47108. ANM Support for ACE-30

IPv6 on ACE is expected in Q4 CY11

Phase - II

1. Management over V62. Stateless Autoconfig3. Hybrid server support in SF4. Protocols: SIP

Beta started May 31st.


Competitive: Deployment Model and IPv6 Addressing

IPv6 Functionality Description ACE F5 CitrixSupported SLB Insertion Models

- Dual Stack Node Independent Dataplanes for V4 and V6 Yes No No

- Gateway Node V6 -> V4 or V4 -> V6 translation Yes* Yes Yes

- InterSLB communication in V6 HA heartbeat or state exchange using interfaces with V6 addresses Ph-2 No No

- Transparent Mode Support (IP transparency) Source IP of client sent to the host Yes No No

- HA over IPv6 HA configuration over IPv6 Only. Without this, HA goes over IPv4 Ph-2 Yes No

IPv6 Addressing for SLB Resources IPv6 addresses for

- Device - ACE Yes Yes Yes

- NAT - Source IPv6 used when not DSR Yes Yes Yes

- VIP - VIP-6 Yes Yes Yes

- GSS - IP on which GSS send KALs Yes Yes Yes

- Server Farm - IPv6 addr for v-servers Yes Yes Yes

- Mixed v4/v6 Server Farm - V6 and V4 addresses in ServerFarm Yes Yes Yes

Dual stack implementation enables ACE to support all deployment models

*V6 to V4 Only


Competitive: Beyond Compliance

IPv6 Functionality Description ACE F5 Citrix

IPv6 Services to servers in serverfarm

- Path MTU Discovery Allows hosts to query SLB and get optimal MTU side Ph2 No No

- ICMPv6 support Provides network health information (dropped packets) to hosts in server farm Yes * Yes

- DNS Support (PTR and AAAA) AAAA maps a URL to IPv6 Addr, PTR maps address to hostname Ph2 * Yes

- Router Advertisement ACE will send RA messages to hosts in the routed mode Yes * Yes

- Neighbor Redirect When multiple routers available ACE can sets router preference through NR message Yes * Yes

IPv6 Compliance

IPv6 Baseline and Compliance

- Address Resolution Yes * Yes

- Duplicated Address Detection Yes * *

- Neighbor Unreachability Detection Yes * *

- Router Discovery Yes * Yes

- Prefix Delegation Yes * No

Comprehensive support for IPv6 features enables ACE to offer rich SLB services beyond “just” compliance


Competitive: Management

IPv6 Functionality Description ACE BigIP NS

Management Tools

- Ping for v6 Yes * Yes

- SSH for v6 Ph2 * Yes

- GUI for v6 Ph2 * Yes- Transport Protocol over DM over V6

Ph2 * Yes

- Probes Yes No Yes

- CLI, GUI and Manager Management/configuration over V4 Yes Yes Yes

IPv6 Enabled SLB Services

- Static Routing and RHI Yes * Yes

- DSR Support Direct Server Return Yes No No

- ACL Support Yes Yes Yes

- Port based VLAN Support Yes No Yes

3rd Party Management Apps Enablement

- XML API Support Yes Yes Yes

- SNMP v6 Support No * Yes

Integration with upstream Cisco devices enables a customer to implement end-to-end IPv6 network.


IPv6 on ACE PerformanceDevice Layer 4

Connections per second

Layer 4 Throughput Gbps

Layer 7 Requests per second

SSL TPS SSL Bulk (Gbps)

Compression (Gbps)

ACE30-4.1-V4

545,578 11.5 214,397 31,403 6.534 6.5

ACE30-5.1-V6

409,774 12.1 173,327 32,469 5.32 6.7

ACE30-5.1-V4

500,191 11.4 198,100 31,496 6.326 6.587

ACE30-V6XV4

285,438 12.3 151,825 31,853 6.641

ACE30-V4XV6

ACEAPP-4.1-V4

102,007 3.6 35,500 7096 1.2 2.4

ACEAPP-5.1-V6

64,515 3.8 26,910 6639 1.1 2.0

ACEAPP-5.1-V4

94,071 3.8 32,994 6890 1.1 2.1

ACEAPP-5.1-V6XV4

65,369 3.8 28,305 6719 1.9

ACEAPP-5.1-V4XV6


TBD v4only v6-v4 v6-v60

1

2

3

4

5

6

7

8

9

SLEDISPFEDEnterprise

Customer Research

Survey Says … Customer wants

1.V6-V6 for initial deployment

2.Are OK with management over V4

3.REQUIRE IPv6 Baseline Compliance

4.Want Support for HTTP/s, then DNS

Customer Preference for Dual Stack

We polled 18 ACE customers across verticals for the IPv6 deployment status and requirements.


IPv6 Adoption – Core and Datacenter4.4% of the AS on internet support IPv6

routes

4.4% is not uniform across all AS. 18% of Transit AS support IPv62.3% of Origin AS support IPv6

1.2% of the Web Server on internet have IPv6 services

1.2% of web servers18% of Transit AS support IPv62.3% of Origin AS support IPv6

Source: APNIC


IPv6 Clients and Transit Routes

Based on incoming IPv6 address prefix, we can deduce that 31% of clients travelled over native IPv6

network. 66% of clients came over IPv4 through a tunneling technology

deployed at ISP.

Operating System

IPv6 Source IP

MacOS 2.42%

Linux 0.96%

Vista 0.37%

Win 2K3 .07%

Majority of clients are MacOS Majority of ISPs tunnel over IPv4

Source: Google

1 cisco highly confidential nda required © 2010 cisco systems, inc. all rights reserved. r1.3.1...

Documents

ipv4 ipv6

ipv6 support

management of ipv6

cisco ace

ipv6 address

management services

ipv6based probes

cisco systems