Response: IPv6 Support on MX Security & SD-WAN Platforms!

PhilipDAth
Kind of a big deal
Kind of a big deal

Response: IPv6 Support on MX Security & SD-WAN Platforms!

Since we are not allowed to comment on feature announcements, this is a response to:

https://community.meraki.com/t5/Feature-Announcements/IPv6-Support-on-MX-Security-amp-SD-WAN-Platfor... 

 

I'm so happy!  After switching to Meraki some time ago I had to give up my IPv6 support.  Today, as of 17.5 on MX, I have it back!

 

This is what it looks like:

 

PhilipDAth_3-1642655095936.png

 

 

PhilipDAth_0-1642654965884.pngPhilipDAth_1-1642655006949.png

 

PhilipDAth_2-1642655049355.png

 

PhilipDAth_4-1642655178756.png

 

19 Replies 19
PhilipDAth
Kind of a big deal
Kind of a big deal

PhilipDAth_0-1642655427555.png

 

Brash
Kind of a big deal
Kind of a big deal

So Good! Didn't realise you can run it dual stack.
I'm super excited aye!

KarstenI
Kind of a big deal
Kind of a big deal

Yes, finally. Took some time, let's hope that v17 matures fast so it can be used as a general deployment. And the announcement even mentioned the old MX64. Nice to see that this device is still updated to new features.

 

@Brash it is not "also Dual Stack", it is "only Dual Stack". As per feature description, IPv6-only is not supported yet.

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
ww
Kind of a big deal
Kind of a big deal

What would be the mx device load increase (%) using dual stack.

PhilipDAth
Kind of a big deal
Kind of a big deal

Barring bugs, I would expect the load increase to be almost zero.  A device will generate either an IPv4 or an IPv6 packet to talk to the remote device, so the same number of packets are generated (with the number of packets being the main generator of load).  All that changes is the addressing.

CptnCrnch
Kind of a big deal
Kind of a big deal

IPv6 finally. Thanks for that late birthday present @Meraki🤗😎

jbright
A model citizen

I have it working on a spare MX64. Connected to a Cox Communications cable modem and a Starlink dish. Working fine on Cox, Starlink does not currently support IPV6. It's nice that you can specify on each WAN interface whether IPV6 is enabled or disabled.

BHC_RESORTS
Head in the Cloud

No way we are running that bleeding edge of a firmware on our bigger networks, but we might test this at our corporate office. 

 

I would be very curious to see someone doing a large scale IPv6 deployment on a guest VLAN, with 1000+ clients to see how it goes.

BHC Resorts IT Department
cmr
Kind of a big deal
Kind of a big deal

@BHC_RESORTS we have been running the 17.x firmware in the IPv6 beta for a few months on our largest site for the guest VLAN and it has about 2,500 clients connecting per week, of which over 2,000 have been dual stack with many connecting out via IPv6.  IT has been very stable for us on the MX84 with static WAN IPs for both IPv4 and IPv6 

If my answer solves your problem please click Accept as Solution so others can benefit from it.
BHC_RESORTS
Head in the Cloud

@cmr That's good feedback. It would be quite nice to finally have a dual stack offering. Literally 1% of our guests would realize it - but we would know and be happier for it.

BHC Resorts IT Department
rhbirkelund
Kind of a big deal
Kind of a big deal

rbnielsen_0-1642756823364.jpeg

 

LinkedIn ::: https://blog.rhbirkelund.dk/

Like what you see? - Give a Kudo ## Did it answer your question? - Mark it as a Solution 🙂

All code examples are provided as is. Responsibility for Code execution lies solely your own.
KarstenI
Kind of a big deal
Kind of a big deal

@rhbirkelund I can feel your pain! Some years ago I was a DSL customer of O2 and asked every year when I get IPv6. The answers ranged from "you don't need that" to "We are aware of IPv6" ...

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
Greenberet
Head in the Cloud

Is anyone else expiering performance issues as soon as you are on dual stack?

 

 

I didn't run a packet capture yet, but when I'm opening e.g. Google it is working fine ->, search takes ages.

Ads on mobile games are not working at all(so something good 😂)

 

As soon as I disable ipv6 in that vlan, everything is working fine again.

PhilipDAth
Kind of a big deal
Kind of a big deal

I can't notice any performance difference.  I'm getting the same number of adverts as before.

 

It might be the ISP doesn't have as good IPv6 connectivity as IPv4.

BHC_RESORTS
Head in the Cloud

Has anyone configured Spectrum (legacy Charter) ipv6? They give you a /127 for your edge equipment and a routed /48. I can't get it working which may or may not be because of Charter not giving me the right settings.

 

The ipv6 routing is awful too. Routes all over the place and Spectrum is lazy with their rdns on ipv6 routers, almost none are named.

BHC Resorts IT Department
PhilipDAth
Kind of a big deal
Kind of a big deal

That is not a common deployment from what I have seen.  Most ISPs give you a /56 (as recommended by RFC) and then your CPE is expected to sub-allocate out of that for each of the VLANs.

 

If the routed /48 is static then you could add it as a static prefix allocation.

BHC_RESORTS
Head in the Cloud

Yeah a /127 is like a P2P allocation which is weird. They gave me the gateway and I try to use the other IP in the /127 to assign to the MX, it shows connected but won't ping nor route traffic. I can't figure it out.

BHC Resorts IT Department
giovanitestoni
Conversationalist

Hi!

 

It's common equipmant supports prefix /64 or higher on wan links. Normally ISPs give /56 for wan links and /64 for lan links via slaac.

 

I recommend you to request change subnet to /64.

BHC_RESORTS
Head in the Cloud


@giovanitestoni wrote:

I recommend you to request change subnet to /64.


A national carrier isn't going to change the way they assign IPs for a one-off.

BHC Resorts IT Department
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels