11 Jul

Auditing IPv6 readiness on Cisco networks

IPv6 is coming. You should already know that and get prepared. One of the step one should consider is performing IPv6 Readiness audit. This audit should consist of network and application checking with great care of network functionality and security. Results might be surprising but that’s not the main point of this post. Auditing process might be interesting and hard itself.

List of things that must or should be taken into consideration is very long. Checking hardware readiness for IPv6 (yes, we do want IPv6 to be handled in hardware, not software), software readiness (no OSPFv3 CE-PE? maybe it will be in future release), security aspects are just examples of things that have to be checked. We have to check those things for every type of device we have in our network. Automated processes as Netfomix Network Discovery might be helpful to get list of hardware and software components in our network fast but process of analysis unfortunately would be pretty much manual – long hours with data sheets and release notes. Unless we buy Cisco’s Advanced Services service. They have deployed internal application that makes this process semi-automatic and much faster. Of course for adequate price. If in our network we have devices from other vendors we might do this part of auditing alone, or check if on local market are companies that provides multi-vendor auditing services. Do you think we’re done? Don’t be so fast, it’s just the beginning of fun 😉

3 thoughts on “Auditing IPv6 readiness on Cisco networks

  1. Let me rephrase: One thing you should have done years ago.... ;-) Some of problems I encountered so far: - OPSFv3 Authentication (e.g on CAT 6500) - DHCPv6 Relay , missing feature on CAT 6500 (alt least some time ago) and a bug in the Windows 2008 DHCP Server (see http://blog.quux.de/?p=1157 for details) - No DHCPv6 Client on XP (http://blog.quux.de/?p=1161) - Broken traceroute on the ASA when trying to trace to a IPv6 only or dual stacked host
  2. DHCPv6 relay on Cat6500 is in 12.2(33)SXI4 and later: int vlan X ipv6 dhcp relay destination ... DHCPv6 doesn't work without autoconfiguration in many situations. Autoconfiguration must be configured in network too :-(

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: