Firewall Wizards mailing list archives
Re: IPv6
From: "Orca" <klrorca () Hotmail com>
Date: Mon, 27 Dec 2010 15:03:13 -0800
IPv6 is supported on most Cisco, Juniper, Foundry and and other major player gear for a while now. For Cisco almost all gear that supports IOS 12.2 onwards (and introduced in 12.0), so generally speaking, most company LAN environments need not spend a huge amount of money supporting IPV6 in your LAN, unless one built their corporate gear with cheap SOHO gear. Additionally Cisco ASA, Checkpoint, and Juniper firewalls all support IPv6. Most major DNS and DHCP vendors all support IPv6. Most major server/desktop OS also support IPv6.
Both the ACE and F-5 support IPv6 as well, for major load-balancers.Here is a good list of features, series and IOS levels for Cisco Products: http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-roadmap.html#wp1121383
I have been implementing dual stack IPv6 in two datacenters projects I designed in the last few years, one was for a Windows shop and one for Solaris/Red Hat shop, using Cisco, F-5 and Juniper gear.
In most cases it is not too difficult, and works readily with existing equipment, with maybe an OS update here and there.
Windows does allow removal of IPV6 from the IP stack, I am unsure what you mean about it making it "unsupported", there is nothing I could find from M.S. that states you must have IPv6 running in your IP stack for them to "support" your O.S.
-----Original Message----- From: Jim Seymour
Sent: Monday, December 27, 2010 1:21 PM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] IPv6 Carl Friedberg wrote:
You may not be planning to think about IPV6, but the folks at Redmond have been. If you Google on IPV6 and Windows Server 2008 R2 (or Windows 7, or even Vista), you will find that the IPV6 protocol is a mandatory component of those OS, and you are told that disabling IPV6 (unbinding that protocol from an interface) makes your OS unsupported. Microsoft did not bother to test those OS with IPV6 disabled (or so they say, at this point).
[snip] Not seeing what bearing any of that, or what I deleted, has on the original question. Neither my border router nor my (current, archaic) firewall do IPv6. Nor, come to think of it, does any of my core LAN equipment. If I tried to approach my boss to tell him we needed to throw away all of our network gear and replace it, at a cost of 10s of thousands of dollars, to support IPv6, he'd either fire me or have me committed. And yes: The corporate LAN is, unfortunately, riddled with 'doze PCs. Oddly enough: The lack of IPv6 support on LAN, WLAN, and 'net connection (and WLAN, when we had one) did not seem to be a problem. Jim -- Note: My mail server employs *very* aggressive anti-spam filtering. If you reply to this email and your email is rejected, please accept my apologies and let me know via my web form at <http://jimsun.LinxNet.com/contact/scform.php>. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs comhttps://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- IPv6 Paul D. Robertson (Dec 26)