The current state of IPv6 support in many vendors products makes me want to donkey-kick someone right in the… well, let’s just say it upsets me.
I have been leading an IPv6 roll-out for some time now, among other things, and have found some interesting and widely differing levels of support for the next generation Internet Protocol. With some vendors, many things work and work well, while with others it’s as if things haven’t changed in a decade or more. Even with the vendors who do have relatively good support for IPv6, however, there remains often odd, even inexplicable, gaps in that support. This has made our deployment a lot more challenging than it needed to be.
Much has been made of the chicken-and-egg nature of the problem: does demand drive the support, or does having support create the demand? Self-named analysts, vendor representatives, media pundits, and even my dog seem to have an opinion on this, but I’ve heard little from the people in the trenches actually trying to implement this stuff. Implement as in across the board full feature parity, not half-assed or “it worked in the lab” analyses.
Further exasperation comes as you figure out that you don’t know what you don’t know, and get 65% into the project before you figure out that some feature is missing. A feature like, say, HSRP. Whenever I complain that HSRP support is missing (or other FHRP) someone inevitably suggests RA tuning as a solution to the problem, which is a bit like handing someone asking for a Hamburger a popsicle; nice, but not the same. Just how fast do you think you can achieve failover with RA tuning anyhow? And don’t even get me started on what happens in a dual stacked failover scenario where RA tuning is handling IPv6 and some FHRP is handling IPv4. At least BFDv3 is available for route failovers.
It’s not even that big, significant, oh-my-god features are always the ones missing, however. Often times it’s the random, little features. Cisco’s ASA, for instance, can’t do stateful failover using anything but an IPv4 address. Why? They’ve implemented IPv6 ACLs, objects, NAT (god help us all) and a lot of the bulk gotta-have-it features. Why not failover? Oh, and OSPFv3 support is missing too. Why? Dunno.
Our UCS is no exception to this rule, as almost nothing is IPv6 ready that I can find. Ditto for the VMware installation we run on it. Never mind that we’re at the newest patch levels, running VSphere 5, ESXi, etc. View? Nope, no support there either. Our NetApp array on the back-end? The big beast with multiple glorious 10-Gig connections? Bubkiss for the IPv6 support there as well. Although they do have a nice bit of marketing available online here. See if you can tell when they’ll have IPv6 support from that document.
In all fairness here, I should point out that the Virtual Machines that you run in VMware, on the UCS do support IPv6 just fine, or at least as fine as the individual OS you’re installing (see previous rant on Windows 7 here). SLES (Suse’s flagship server product) supports IPv6 from the command line, for instance, but not from within YaST. Not a big deal if you’ve used Linux or any flavor of Unix for a while, but for a junior engineer? That can mean more escalations and a more inefficient NOC.
In a lot of ways, actually, the Operating System purveyors seem to be way ahead of most infrastructure (network, storage, security) providers in supporting IPv6–even with their flaws–but that may be simply do to the amount of features they have to port vs. what a Cisco, Juniper or HP has to support. The notable exception here being Apple, which for some inexcusable reason just dropped IPv6 support from their Airport Wireless product.
At the end of the day, I understand that rewriting absolutely everything to support an entirely new protocol is incredibly difficult. I also understand that IPv6 has some behaviours that mean feature parity is not always going to be at 100% because it just doesn’t make sense. I even understand that features will be rolled out in some sort of priority-ranked order, and that maybe management interfaces aren’t at the top of that list. But what I don’t understand, or can’t get my head around, is why so many glaring inconsistencies exist when we’ve had so long to work at it. Or why some vendors give little more than lipservice to IPv6 while not supporting any of it in their products.