WE Need IPV6 Support in MX

SOLVED
cantechit
New here

WE Need IPV6 Support in MX

Subject says it all...  We need proper IPV6 support in the MX Platform...    Even IPV6 tunnelling doesn't work at this point.

 

Anyone else have soem comments?

1 ACCEPTED SOLUTION

Hi all, thank you for your continued patience on this topic. We’d like to provide an update and bring further transparency on the IPv6 status for Cisco Meraki products.  Firstly, we want to acknowledge the clear gap in supporting IPv6 across the Meraki portfolio and sincerely understand the frustration that’s been expressed. 

 

Each Cisco Meraki product has a different set of IPv6 requirements and technical complexities. IPv6 is not a single feature but rather a suite of features and capabilities that need to be enabled as a journey; which, unfortunately, is not a quick undertaking especially since we need to solve for effective management of IPv6 functionality in addition to enabling IPv6 data plane capabilities. 

 

On our IPv6 journey, we have identified the key functions to be delivered across the Cisco Meraki portfolio. Our primary objective is to deliver IPv6 in a phased manner that is as simple and streamlined as possible to adopt for our existing and future customers.  IPv6 is one of our strategic cross-product initiatives and this is backed by engineering resources we have aligned to it.

 

We know you have asked for details, and we don’t yet have publicly-sharable specifics, but please rest assured that we have a comprehensive plan for IPv6 support that we are aggressively driving and are committed to providing continued updates on our progress.  As such, please expect the next update by the end of September 2019 on our IPv6 @ Meraki thread.

 

Thank you for your continued partnership,

 

The Cisco Meraki team

 

 

[Mod comment: We are marking this post as the solution to this thread. This is not because the issue is solved, but because we want to make the new location for updates from Meraki on this topic easier to access. That topic is: IPv6 @ Meraki.]

View solution in original post

277 REPLIES 277
BHC_RESORTS
A model citizen


@cantechit wrote:

Subject says it all...  We need proper IPV6 support in the MX Platform...    Even IPV6 tunnelling doesn't work at this point.

 

Anyone else have soem comments?


Can't agree enough. Specifically, on the WAN portion.

BHC Resorts IT Department

I have spent about a total of 8 hours over the last few weeks searching upon scouring the interwebs and my portal for any sort of snippet on this.

 

Nothing, its the same sob story, im kind of amazed how they do not have this implemented.  I am actually starting to pull some of my clients from this and switching to Ubiquiti.  

 

Thanks Cisco.

Well this thread makes me want to just cry. I just spent crazy amounts of money on this stuff only to learn ipv6 over vpn doesn't work so now i have a 10 thousand dollar utm that can't even provide a vpn? What the ...

 

Seriously meraki fix this like yesterday please. I can't even begin to explain my amazement by this whole situation. I feel like a complete moron for buying this thing. The AP's work fine but this is completely unacceptable for a device in this price range. I need to be able to provide a vpn through my utm. All I can say is i am not spending another penny on a meraki product until i see this resolved.

 

As of 2018: The lack of an IPv6 stack is a BUG, not a missing feature!!!

The very sad reality is that they want this as a push for you to buy asa's and more of the enterprise gear.  The also sad reality is that from a IT support as consultants or engineers, we love the dashboards and simplistic views and being able to manage on the fly with things.  Cisco is also getting a sh*&ton of $$ with either product that we are purchasing from them.

 

So please.  Implement it already.

 

 


@RickJames wrote:

Well this thread makes me want to just cry. I just spent crazy amounts of money on this stuff only to learn ipv6 over vpn doesn't work so now i have a 10 thousand dollar utm that can't even provide a vpn? What the ...

 

Seriously meraki fix this like yesterday please. I can't even begin to explain my amazement by this whole situation. I feel like a complete moron for buying this thing. The AP's work fine but this is completely unacceptable for a device in this price range. I need to be able to provide a vpn through my utm. All I can say is i am not spending another penny on a meraki product until i see this resolved.

 


If you purchased it less than 30 days ago request an RMA but be sure to tell them why you are doing so.

Cohort Networks Inc.
Your Business. Connected.

Selection_819.png

 

Selection_820.png

 

 

Selection_821.png

 

MRCUR
Kind of a big deal

@nikiwaibel While I understand what you're going for, badgering Support about this isn't going to change anything right now. Make sure your sales team knows you want IPv6 support in the MX line so they can add your account ($$$) to the feature request. 

MRCUR | CMNO #12
adymeblack
Conversationalist

@MRCUR:

 

Badgering support would probably have a better result. The last people I would want to speak with is the Meraki Sales team. They probably don't know, or care, about the technical requirements of today. They are there to sell the product.

 

I personally would badger any and every soul that works @ Meraki about this.

 

These MX devices should have NEVER hit the public market without IPv6 support. Let alone all of the 'new' devices that STILL don't support it. How much use is that LTE connection going to be when more and more mobile ISP's are moving to IPv6 ONLY every day like T-Mobile?

 

I mean, for the love of god (or whatever deity you choose....or not), even Windows XP could support IPv6.

 

Also, just to throw it out there, IPv6 is a network standard, not a feature, and should be treated as such.

Not my intent to be disrespectful in suggesting this but this requires drastic measures at this point. Perhaps it's time to Contact Todd Nightingale is SVP, General Manager at Cisco Meraki since everyone below him in the Meraki organization has  ignored our cries for transparency on IPv6 or provided useless responses on the matter.

 

He has a profile on LinkedIn: https://www.linkedin.com/in/todd-nightingale-a106b510/

He is also on Twitter here: https://twitter.com/tnight?lang=en

 

Why introduce the new MX products supporting LTE when some carriers and ISP are only supporting IPv6 this late in the game? Meraki needs to focus their resources on fixing this IPv6 predicament NOT releasing new products.

 

 

Cohort Networks Inc.
Your Business. Connected.

@MRCUR: i disagree. sales, in my case, does actively ignore *all* my IPv6 comments. if there is a response, it is this: https://documentation.meraki.com/zGeneral_Administration/Other_Topics/IPv6_Device_Compatibility. i am pretty sure, most of sales have no clue what i am / we are talking about.

 

but, the support teams know ***exactly*** what i am / we are talking about! and they may have the power to raise a hand.

 

i see two possible reasons for this situation:

a) cisco wants to keep the meraki produkt line "low"; maybe irrelevant in the future. (meraki may have been seen as a real competition, so they acquired them back in 2012).

b) the hardware may be cheap/old and no IPv6 stacks are available. not sure, if all MR/MX/… run linux.

i hope i am wrong with both points.

 

at least, i did not get an immediate, standard answer to my last post in case 03249519. for the record: the lack of an IPv6 full stack is not a missing feature. that's a BUG!!!

 

i suggest, if anyone is still interested in meraki, open a supportcase (example above) and tweet/message Todd Nightingale, as @Cohort_Networks suggests:

 Twitter: https://twitter.com/tnight

 LinkedIn: https://www.linkedin.com/in/todd-nightingale-a106b510/

if you want, also create a feature request / wish and contact sales. maybe that helps as well.

I was told the hardware supports IPv6 but there are some current software packages they need to replace before they can support it.

@Bovie2K: that's great news. porting/extending/replacing/updating some packages may take some time and get the GUI and logic ready as well. i still have some hope, that they have already gotten the shouting and have some surprise for all of us in 2018.

Owen
Getting noticed

I agree that it is a software issue rather than hardware, the hardware certainly supports it. The MX64 can be booted into the broadcom reference software image which supports IPv6. Even though the Z1 is EoL you can load openwrt onto it which runs IPv6 dual stack.

 

Selection_823.png

 

Honestly, I don't care if the hardware supports it and they are just replacing packages at this point.  To me it sounds like more excuses.

MRCUR
Kind of a big deal

I've been requesting this for a while now. Clearly not a priority for the MX team unfortunately. 

MRCUR | CMNO #12
aws_architect
Building a reputation

One year past  what about IPv6 ? 

 

Any ETA ?

 

Someone at meraki to give a bit of visibility to us ?

@davidvan You post on other threads but won't address rebuttal to your non-answer post from June. Can you please comment on posts made RE: IPv6 since your last post?

davidvan
Meraki Alumni (Retired)

@JasonCampbell Unfortunately, I'm hamstrung on talking internal R&D efforts in a public forum. My last response is all I discuss publicly at this point.

 

But, don't hesitate to continue to put pressure on us. As soon as I have any update for you on this, I will be sure to notify the community.

 

 

@davidvan Thanks for the post. I understand you are limited on what can be said but I think this forum thread is enough to take back to management to show there is a real NEED and WANT for full IPv6 and NAT64 support from MX. Like I said in an earlier post it wouldn't please everyone but even a middle ground of the phone home still using IPv4 but the MX's at least having NAT64 support would be great in the nearer term.

 

Also not knowing is the worst. We don't know if its two years away or two months away. Some statement at all would be helpful.

 

Thanks

davidvan
Meraki Alumni (Retired)

@Bovie2K I understand your point not knowing, and i'll see what I can do. Do you have a Meraki sales representative you can contact and discuss this issue with?

Please don't bother talking to your sales rep. since they know even less. Its a sales rep. why would it bother with technical stuff anyway.

My sales rep has changed 3 times in under a year, makes it hard to develop a relationship. Plus, I got my setup free for attending webinars.

@davidvan Yes I can ask my rep.

Morgan
Here to help

This has become a problem for our customers that use the client VPN and have T-Mobile iOS devices. Since T-Mobile has moved to IPv6 only, and the iPhone's lack of CLAT support, the VPN client doesn't work.

Bryan_Vukich
Conversationalist

I've been waiting for IPv6 support for years now, and there's been little or no apparent movement on it.  I'd be happy with a separate beta firmware branch that has it enabled even if it's a bit broken.


@Bryan_Vukich wrote:

I've been waiting for IPv6 support for years now, and there's been little or no apparent movement on it.  I'd be happy with a separate beta firmware branch that has it enabled even if it's a bit broken.


This. All of our WAN providers have IPv6 being given to us, and we can't use it.

BHC Resorts IT Department
Bovie2K
Getting noticed

I'll second. The time has come for full IPv6 support.

CharlieCrackle
Getting noticed

Yes much needed support.  Have to sell cisco solutions when customer need IPv6 which is more and more    Websites behind meraki need IPv6 support.   Would love to sell meraki solution

 

Rol
Conversationalist

Fully agree... and if IPv6 is too complicated for Meraki's developers, they probably can get some help from Cisco dev. team 😉

 

Meraki, you've added the possibility to have an IPv6 to the Switches... now finish the work and add a full IPv6 support to the MX, the AP, ...

 

Rol.

At this point I'm genuinely curious about the lack of IPv6 support on the WAN for the MX series. They have expanded IPv6 support to much of the other product lines, yet it remains missing from the WAN side.

BHC Resorts IT Department
MRCUR
Kind of a big deal

@BHC_RESORTS Agreed. I've been asking about it for a while now. Perhaps they're having a hard time making it Meraki simple to run dual-stack. 

MRCUR | CMNO #12
etamminga
Conversationalist

Can we get a formal statement from Meraki Product Manager on the lack of IPv6 support on the MX products? Is the PM listening in on this thread?

 

This is now more and more a must-have!

 

Regards,

Erik

gutree
Conversationalist

Totally agree. Chasing them for a year now. Just cannot believe that this is so hard to develop. Every other plastic box has it.

agreed. especially for clientVPN.

Cohort_Networks
Getting noticed

Completely agree, especially for Client VPN.

 

Meraki MX Product Managers, why are you so silent on this topic? What is the point of having a "community" if you aren't going to update those of us deploying and managing Meraki based networks for our mutual customers? IPV6 has landed and you can't support it?

Cohort Networks Inc.
Your Business. Connected.

The main thing is IPv6 is supported on the CIsco platform, its adapting it for the Meraki Dashboard that takes an effort and they haven't informed us of their time/effort on this.

 

I really strongly recommend IPv6 implementation since more and more web resources are efficient via IPv6 due to NAT traversal that IPv4 has to perform.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator
MRCUR
Kind of a big deal


@Chris_M wrote:

The main thing is IPv6 is supported on the CIsco platform, its adapting it for the Meraki Dashboard that takes an effort and they haven't informed us of their time/effort on this.


Just to be clear - the MX devices don't run IOS. 

MRCUR | CMNO #12
DataBitzNZ
Conversationalist

Does anyone have a update on this, and did anyone see this post below by chance then attend the webinar?

Also I see there is another quarterly update webinar coming up, maybe an opportunity to ask Meraki directly.

 

https://community.meraki.com/t5/Security-SD-WAN/MX100/m-p/7718/highlight/true#M1987
Correct @MRCUR IPv6 routing is not there now but being developed on the MX line.  @JeromeBL tune into a Meraki Quarterly or Meraki MX webinar and you can ask live Q&A.  For example there is an MX webinar coming up on Jan 4th.  https://meraki.cisco.com/webinars

 

I will be attending the quarterly update webinar. We'll see if anything being said there.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator

The quarterly update confirms that they are aware of the increasing request for IPv6. Some regions are becoming exclusively or dominantly IPv6 and a team is working on it but no projections at this time.

 

Its recommended to provide a use case so they can optimize their development process to fulfill our wishes.


Find my post helpful? Please give me a kudo!
CCNP Certified and Meraki Operator

use case: VPN clients with IPv6 only connectivity must be able to connect.

MRCUR
Kind of a big deal


@Chris_M wrote:

Its recommended to provide a use case so they can optimize their development process to fulfill our wishes.


This sort of drives me nuts about the Meraki internal feature request process. What is the use case for IPv6 on the MX line (or ANY product line)? IPv6 connectivity is the use case. It's 2018. IPv6 is not new. It's widely available from the ISP side. 

 

Not everything can directly be tied to a specific sale or use case. The MX line is meant to be a modern UTM/firewall appliance... IPv6 should probably be part of the feature set. 

MRCUR | CMNO #12
Bovie2K
Getting noticed

@MRCUR Agreed. I heard MS's are getting IPv6 Routing and MR's already have some support its time for MX's to get full IPv6 support. Especially when cheap consumer routers are getting it.

 

I totally understand providing use cases to justify some feature requests but @MRCUR hits the nail with this one the use case is getting the support.

@MRCUR: Completely agree. Our ISPs offer us IPv6 and it would be great to offer it as well.

BHC Resorts IT Department
BlakeRichardson
Kind of a big deal

I agree, other vendors have been offering this for a while now. I suggest we all go to our dashboard now and make a request for it, if you have already made a request do it again.

 

At the end of the day we need products that work for us and if Meraki won't listen they will lose business.

 

@MerakiDave @CarolineS Can you push this, the community have been asking for a long time now!

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI

ACK.  There will be some announcements coming up in the next month, unfortunately I don't think IPv6 for the MX is in the next batch of regular product/feature announcements.  But the fearute request is firmly in place.  Please do get your designs and use cases fed back through your Meraki sales team, they need to take any/all of your opportunities and add them to the Feature Request so things can be prioritized, and you may also be able to get on an early beta firmware when the time comes.

@MerakiDave IPv6 WAN support is really what is needed on our side. All of our upstream providers offer it. While we don't really have any plans for IPv6 port forwarding or anything like that ATM, offloading traffic to native IPv6 is just part of being a good netizen. We also like to support the broadest range of connectivity options we can.

BHC Resorts IT Department
PiperHans
Here to help

We need IPv6 support for a customer solution to service the dual stack solution they are asking!

rarodrigo
Getting noticed

Now the new year started and we continue without support of IPv6 in MX devices. All the provider are offering IPv6 and many sites working inside of this technology, as well as IPv6 traffic globally keep increasing.

 

We need has this support in order to increase customer support and increase installation and many countries. All vendor are accepting this feature. 


Kind Regards,
Rodrigo
Twitter: @rar_21
If this was helpful Kudo me 🙂

At the moment the MX range is like a premier league player's WAG. 

To explain, the northern county of Cheshire is is very pleasant and full of desirable properties (like Greenwich, or Scarsdale or Bronxville for East Coasters) so is choc full of flash money. Dry northern humour says of these otherwise admirable women, something along the lines of "that's all fur coat, no knickers" it is even in the Oxford dictionary.

 

Back to the MX, too much it doesn't do -

 

in no particular order and with no pretense at being comprehensive

 

  • IGMP proxy (for multicast)
  • can't provide access to Chromecast devices from a different VLAN (unlike Bonjour)
  • no IPv6 (and don't even contemplate tunnelling, please)
  • can't put a local IP address on WAN uplink
  • no IKEv2 (forst published 2005 - Internet standard 2014)

as the dictionary definition says - Have an impressive or sophisticated appearance which belies the fact that there is nothing to substantiate it. The MX is in need of love and attention. Cisco manages to do it.

 

 

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

IGMP proxy (for multicast)

I'm curious on your use case for this. Hardly ever see multicast used in most environments.
BHC Resorts IT Department


@BHC_RESORTS wrote:
IGMP proxy (for multicast)

I'm curious on your use case for this. Hardly ever see multicast used in most environments.

@BHC_RESORTS

Well different technologies in different parts of the world.

 

In North America corporations make extensive use of video conferencing over internal networks. Multicast makes a lot of sense in this situation, it helps prevent duplicate streams overwhelming the network (not unlike Akamai). In Europe and East Asia a slightly different configuration is used to distribute premium subscription TV content. As the telcos, who also happen to be content distributors, like to make efficient use of their own networks, they chose to use multicast. These telcos, mostly the original PTT incumbents, also provide managed services. They need the equipment they use to provide and mange services to be able to handle fixed, mobile, VoIP, broadband and television subscriptions. If it can't do VoIP and television, it is not nearly as popular as it could be.

 

I will be watching the Winter Olympics live from Korea in 4K TV, not having multicast for something like that is very expensive for the carrier/ISP. The most popular sport on television in most of the world is football (soccer in the USA). The most watched leagues globally are the Champions League (top European teams) and the premier leagues of the UK, Germany, Spain, Italy and France, even in East Asia. Getting 4K TV is a big part of this.

 

Delivering managed services to bars with premium sport on TV is big and profitable business.

 

These premium services go beyond sports, so many professional practices will have multicast capability as part of their corporate infrastructure, but also they are able to handle the version that the subscription services make use of. Certainly I saw the the TV in the doctors waiting room showing multicast channels.

 

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
ControlAltIT
Here to help

Yes!  We needed this like a year ago.  Most of our cell phone users can’t connect to the client VPN since carriers are switching to IPv6 only.  Please get this done Meraki!

If Meraki is looking for a use case here is one:

 

The Meraki MX systems value manageability over connectivity as compared to all the other firewall vendors.  This puts them behind in basic functionality.  If you need or want IPV6, a Meraki MX is not for you.  Is that what the company really wants?

 

Why can Sonicwall, Cisco, Watchguard, Fortinet and others all support IPV6.  Does Meraki not understand that the IPV4 pool in the US was depleted last year?

jhouts
Conversationalist

Agreed.  The phone carriers push out an update last week that broke our phone VPN's for all carriers except ATT.  This is directly impacting our business as our sales people can't VPN into our network to do their demos.  I am the | | close to telling Meraki to pick up their gear.  v6 is 15 years old and there is no excuse for lack of support.


@jhouts wrote:

Agreed.  The phone carriers push out an update last week that broke our phone VPN's for all carriers except ATT.  This is directly impacting our business as our sales people can't VPN into our network to do their demos.  I am the | | close to telling Meraki to pick up their gear.  v6 is 15 years old and there is no excuse for lack of support.


I can't find a flaw in your argument. The entire MX line probably needs replacement.

 

For our own distributed environment we are placing a BrandX gateway ahead of each MX because that gives us IPv6, hideous IoT and multicast coverage, that Meraki simply does not address.

 

If Meraki does come up with an MX alternative, I seriously hope that they adopt the principal of zonal security.

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
FM
Here to help

You're right! It would be great if IPv6 is supported.

edcho
New here

Has Meraki said anything officially or unofficially about this yet?

 

As more and more IPv6-only endpoints appear, it's becoming more of an issue everyday in various environments.

 

 

MRCUR
Kind of a big deal


@edcho wrote:

Has Meraki said anything officially or unofficially about this yet? 


The MX team did mention that v6 is "on our roadmap" in the Quarterly Update yesterday. See here (33:05 timestamp): https://youtu.be/CBCTMh-h2zs?t=33m5s

MRCUR | CMNO #12
SDTHI
New here

I agree with this, awaiting response from Cisco Meraki due to VPN's breaking and support for IPv6.

adymeblack
Conversationalist

I do find it a bit disappointing that for the price and everything else that these devices don't support IPv6.

 

These are supposed to be the best of the best yet can't handle IPv6.

I would imagine adding support for IPV6 would be a full stack project the touches all parts of the architecture, so it not a task to jump into lightly.  That said, there are no more IPV4 addresses in the US, except at ISPs.  Any new technologies like 5G will need IPV6 addresses, so it high time for Meraki to be working actively on the issue.

 

It is good to hear that it is on the road map, but it would be better to know that there is a live project for it.

The T-Mobile IPV6 is going to cost a multi hundred device deal with a client of mine. We highly recommended Meraki a while back and the lack of support and the promise of it is coming but never being here has egg all over our faces.

We have just been notified by 2 of our rural ISPs that they will no longer be able to provide IPv4 addresses. They are such small ISPs that cannot keep IPv4 address space and will be converting everyone to IPv6 over the next 6 months. (Note these are the only ISPs available) This will not matter to their residential customers who just get a new modem and they work fine. BUT! We have MANY sites with MX devices that are critical to our business and the safety and well being of people in these areas. We do not have the money to replace all these devices with something else, not to mention it will break our VPN mesh. Meraki we need IPv6 support ASAP, we can no longer wait.

Meraki, your silence on this topic speaks volumes...

 

Surely your product managers are aware that IPV6 became a Draft Standard in December 1998, and became a ratified Internet standard on 14 July 2017. Service providers are already making the switch in a big way yet a "premium product" like Meraki doesn't support a ratified standard, it isn't as though this is all new at this point.  Products at a fraction of the cost already support it.What's the delay?

 

Meraki needs to stop being silent on this topic and inform your "valued partners" and proponents re IPV6 with more than a "its on our roadmap"

 

 

Cohort Networks Inc.
Your Business. Connected.

I have a meeting next week with a large gaming/hotel company that we are recommending to remove ALL Meraki and goto another solution immediately. They are looking at over ten thousand room's of hotel space and Meraki just doesn't give a hoot.

davidvan
Meraki Alumni (Retired)

Meraki is excited to bring lots of new features to market to delight our customers with a sophisticated feature set that has simplicity built-in. The MX team is aware of the request for IPV6, along with several other features that have been listed in this thread and elsewhere on the community. We appreciate everyone’s feedback, your “Make a Wish” requests on the dashboard, and coming to talk to us during trade shows. Thanks, and keep it coming!

 

I’d love to give you a peek into the Meraki magic happening behind the scenes to see what we have in store! Unfortunately, we generally do not comment publicly on our roadmap. Please get in touch with your Meraki representative for specific timelines for new features.