Tag Archives: Network

IPv6 subnetting

Posted on by | Leave a reply

There are couple of differences between IPv6 and IPv4 address allocation.

  • The prefix length for an IPv6 subnet will always be /64; no more, no less. It allows you to place as many IPv6 devices as the underlying network medium allows. The 128 bit IPv6 address is automatically created from the /64 bit subnet extended with the 64 bit MAC-address of the NIC.

With IPv4, prefix length varies between subnets to subnets, and it caused painful costs when renumbering subnets (for example, imagine when you renumber an IPv4 subnet from /28 to /29 or vice versa).

  • An ordinary leaf site will always get /48 of address space. This will be sufficient for most small to medium sized networks.

With IPv4, the allocation varies by the size of the site, and made it very painful when you migrated from one ISP to another, for example.

Cisco ASA IPv6 failover not supported

Posted on by | 1 Reply

Due to the shortage of IPv4 IP addresses, we will run out of IPv4 some day in the near future (approx. 699 days from now, http://inetcore.com/project/ipv4ec/index_en.html). To be prepared for this we are experimenting with IPv6. We got a /32 allocated by RIPE, and are currently preparing a live network to connect some services via native  IPv6 to the internet. While reviewing the IPv6 capabilities of the network equipment we use, I found out that Cisco ASA/Pix does not support failover when running IPv6. For details on this matter please see the following links:

  • http://www.v4tov6.com/2009/06/cisco-asa-ipv6-failover-update.html
  • http://v4tov6.com/2008/11/cisco-asa-ipv6-failover.html
  • http://forums.cabling-design.com/cisco/Re-PIX-IPv6-Failover-bug-4167-.htm

This failover support seems to be lacking for some time now, and is still missing in the latest release. I’ve notified our sales rep. at Cisco about this. Personally I think this is quite a serious issue, as failover is a essential part of building serious infrastructures. I hope Cisco will see that this feature should be implemented as soon as possible.

If you consider this a serious issue as well, I recommend you notify your Cisco contact. Also leave a comment, just because I’m wondering how many people think this is a problem 🙂

06 april 2010: Cisco released ASA version 8.3 which solves this problem: http://www.networkworld.com/community/node/58537