Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. R1.3.1 IPv6 on Cisco ACE 30 and ACE 4710 Vikas Deolaliker ECBU.

Similar presentations


Presentation on theme: "1 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. R1.3.1 IPv6 on Cisco ACE 30 and ACE 4710 Vikas Deolaliker ECBU."— Presentation transcript:

1 1 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. R1.3.1 IPv6 on Cisco ACE 30 and ACE 4710 Vikas Deolaliker ECBU Product Management Version Date: September, 2011

2 2 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. Availability – September 20 th, 2011  Ordering Guide

3 3 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. Performance DeviceLayer 4 Connections per second Layer 4 Throughput Gbps Layer 7 Requests per second SSL TPSSSL Bulk (Gbps) Compression (Gbps) ACE20-V4545, ,39731, ACE30-V6409, ,32732, ACE30-V4500, ,10031, ACE30- V6XV4 285, ,82531, ACE30- V4XV6 ACEAPP-4.1- V4 102, , ACEAPP-5.1- V6 64, , ACEAPP-5.1- V4 94, , ACEAPP-5.1- V6XV4 65, , ACEAPP-5.1- V4XV6

4 4 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. IPv6 on ACE Overview ACE Catalyst 1.COMPLIANCE: Enable ACE-30 and ACE4710 to comply with IPv6 base profiles for network devices from DISR and Cisco Arch. Guidelines MANAGEMENT: Enable Management of IPv6 over IPv4 interface functionality ACE through i.CLI on Module/Appliance ii.DM for ACE 4710 iii.ANM for ACE-30 and ACE-4710 SLB: Enable load balancing of IPv6 servers with i. Sticky ii. ACLs iii. Health checks GATEWAY: V6 Gateway for HTTP/HTTPs i. V6 to V4 and V4 to V6 translation KEY FEATURES ANM Available on ACE 30 and ACE4710 September 20 th, Server farm 2 3 IPv6 support for load balancing, management and gateway. USGv6 and IPv6 Ph2 Logo compliance ready IPv4-to-IPv4 IPv6-to-IPv6IPv6-to-IPv4IPv4-to-IPv6 4

5 5 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. More Specifically… SLB Services applied to V6 VIP …. Management Services IPv6 Enabled Services to Servers in SF IPv6 Enhanced SLB Services 1.IPv6-based SLB predictors 2.IPv6 based classMap 3.IPv6 based stickiness 4.IPv6-based Source NAT 5.IPv6-based Extended ACLs 6.SSL, incl. Client Certificate Authentication 7.IPv6-based probes 8.IPv6-based SLB stateful HA over IPv4 FT VLAN 9.Load balancing packets on a port channel based on IPv6 address, TCP/UDP port 10.IPv6 DSR Support (Transparent server farm) 11.IPv6 TCP/IP Normalization 12.Add Static IPv6 routes 13.V6 Gateway for translation between v6/v4 clients to v6/v4 servers 14. IPv6 or IPv4 addressing 15. DHCPv6 Relay 16. Protocols supported in Phase I: (HTTP, SSL, DNS) Phase II: (SIP, Radius, DIAMETER, RTSP) 17. Virtualized dual-stack IPv4/IPv6 18. IPv6 baseline Compliance 19. DM for ACE Support in ANM for IPv6 that load balances to servers … And is managed via v4 interface by v6 enabled manager.

6 6 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. Transparency with IPv4 Deployments A dual-stack approach to IPv6 enables ACE to support all deployment models (NAT, Bridge Mode) with minimal loss of performance for IPv4 traffic. Deployment Mode Support F5 does not have Bridge Mode with DSR V6 Gateway Support (Translation between v6/v4 clients to v6/v4 servers) Support for HTTP/s Latency of IPv6 Web App F5 translates/gateways regardless of configuration. (Hint: product called gateway) Gateway sold as product module i.e. consumes the CPU and has no acceleration Solution Approach F5 does not work when front- ended with FW F5 does not support VPN services on IPv6 Key Differentiators Server Farm – V6 IPv4 ClientsIPv6 Clients Server Farm –V4 IPv4-to-IPv4 IPv6-to-IPv6IPv6-to-IPv4 One Arm Two Arm Routed DSR Bridged IPv6 on ACE

7 7 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. Phased Implementation Phase I Phase II 1 2 I.USGv6 II.IPv6 Ph2 Logo Compliance SLB Services Server Farm – V4 IPv4 ClientsIPv6 Clients Server Farm –V6 IPv4-to-IPv4 IPv6-to-IPv6IPv6-to-IPv4 One Arm Two Arm Routed DSR Bridged IPv6 on ACE 4 Protocol Support Phase I: HTTP/s, SSL, DNS Phase II: SIP, Radius, Diameter, RTSP 5 V6 Management I.Virtual Dual Stack II.ALL Deployment Models III.Latency under 130ms IV.L3 V6-V6 SLB V.CLI/Configuration Consistency with IPv4 VI.V6 Gateway VII. V6 Gateway for SIP, Radius, Diameter, RTSP, IMAP, SMTP, POP3 I.SAC of ServerFarm II.V6 Transport for Mgmt Apps I.Hybrid Server Farms with richer SLB policies attached to hybrid servers (dual stack Hybrid Server Farm 3

8 8 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. Product or Feature Target Roadmap 1H CY11 2H CY11 1H CY12 2H CY12 Phase - I 1.IPv6 Addressing for I.Interfaces II.VIP III.Servers in SF 2.DHCPv6 Relay 3.V6-V4 Translation (HTTP) 4.Health Monitoring 5.Extended ACLs 6.Protocols: HTTP/s, DNS 7.DM Support for ACE ANM Support for ACE-30 IPv6 on ACE is expected in Q4 CY11 Phase - II 1.Management over V6 2.Stateless Autoconfig 3.Hybrid server support in SF 4.Protocols: SIP Beta started May 31 st.

9 9 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. Competitive: Deployment Model and IPv6 Addressing IPv6 FunctionalityDescriptionACEF5Citrix Supported SLB Insertion Models - Dual Stack NodeIndependent Dataplanes for V4 and V6YesNo - Gateway NodeV6 -> V4 or V4 -> V6 translationYes*Yes - InterSLB communication in V6 HA heartbeat or state exchange using interfaces with V6 addresses Ph-2No - Transparent Mode Support (IP transparency)Source IP of client sent to the hostYesNo - HA over IPv6 HA configuration over IPv6 Only. Without this, HA goes over IPv4 Ph-2YesNo IPv6 Addressing for SLB ResourcesIPv6 addresses for - Device- ACEYes - NAT- Source IPv6 used when not DSRYes - VIP- VIP-6Yes - GSS- IP on which GSS send KALsYes - Server Farm- IPv6 addr for v-serversYes - Mixed v4/v6 Server Farm- V6 and V4 addresses in ServerFarmYes Dual stack implementation enables ACE to support all deployment models *V6 to V4 Only

10 10 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. Competitive: Beyond Compliance IPv6 FunctionalityDescriptionACEF5Citrix IPv6 Services to servers in serverfarm - Path MTU Discovery Allows hosts to query SLB and get optimal MTU side Ph2No - ICMPv6 support Provides network health information (dropped packets) to hosts in server farm Yes * - DNS Support (PTR and AAAA) AAAA maps a URL to IPv6 Addr, PTR maps address to hostname Ph2*Yes - Router Advertisement ACE will send RA messages to hosts in the routed mode Yes* - Neighbor Redirect When multiple routers available ACE can sets router preference through NR message Yes* IPv6 Compliance IPv6 Baseline and Compliance - Address Resolution Yes* - Duplicated Address Detection Yes* * - Neighbor Unreachability Detection Yes** - Router Discovery Yes* - Prefix Delegation Yes* No Comprehensive support for IPv6 features enables ACE to offer rich SLB services beyond “just” compliance

11 11 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. Competitive: Management IPv6 FunctionalityDescriptionACEBigIPNS Management Tools - Ping for v6Yes* - SSH for v6 Ph2 *Yes - GUI for v6 Ph2 *Yes - Transport Protocol over DM over V6 Ph2*Yes -ProbesYesNoYes - CLI, GUI and Manager Management/configuration over V4Yes IPv6 Enabled SLB Services - Static Routing and RHIYes* - DSR SupportDirect Server ReturnYesNo - ACL SupportYes - Port based VLAN SupportYesNoYes 3rd Party Management Apps Enablement - XML API SupportYes - SNMP v6 SupportNo*Yes Integration with upstream Cisco devices enables a customer to implement end-to-end IPv6 network.

12 12 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. IPv6 on ACE Performance DeviceLayer 4 Connections per second Layer 4 Throughput Gbps Layer 7 Requests per second SSL TPSSSL Bulk (Gbps) Compression (Gbps) ACE V4 545, ,39731, ACE V6 409, ,32732, ACE V4 500, ,10031, ACE30- V6XV4 285, ,82531, ACE30- V4XV6 ACEAPP-4.1- V4 102, , ACEAPP-5.1- V6 64, , ACEAPP-5.1- V4 94, , ACEAPP-5.1- V6XV4 65, , ACEAPP-5.1- V4XV6

13 13 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved.

14 14 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. Customer Research Survey Says … Customer wants 1.V6-V6 for initial deployment 2.Are OK with management over V4 3.REQUIRE IPv6 Baseline Compliance 4.Want Support for HTTP/s, then DNS Customer Preference for Dual Stack We polled 18 ACE customers across verticals for the IPv6 deployment status and requirements.

15 15 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. IPv6 Adoption – Core and Datacenter 4.4% of the AS on internet support IPv6 routes 4.4% is not uniform across all AS. 18% of Transit AS support IPv6 2.3% of Origin AS support IPv6 1.2% of the Web Server on internet have IPv6 services 1.2% of web servers 18% of Transit AS support IPv6 2.3% of Origin AS support IPv6 Source: APNIC

16 16 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. IPv6 Clients and Transit Routes Based on incoming IPv6 address prefix, we can deduce that 31% of clients travelled over native IPv6 network. 66% of clients came over IPv4 through a tunneling technology deployed at ISP. Operating System IPv6 Source IP MacOS2.42% Linux0.96% Vista0.37% Win 2K3.07% Majority of clients are MacOSMajority of ISPs tunnel over IPv4 Source: Google


Download ppt "1 Cisco Highly Confidential NDA Required © 2010 Cisco Systems, Inc. All rights reserved. R1.3.1 IPv6 on Cisco ACE 30 and ACE 4710 Vikas Deolaliker ECBU."

Similar presentations


Ads by Google