VMware, Please Fix IPv6 in ESXi 5

Many moons ago I had a blog post on the initial IPv6 support in VMware vSphere 4.1.  Since then most things have improved but one catastrophic thing changed in ESXi 5 that destroyed your viability of really doing IPv6 properly on an ESXi host.  I have talked about this in my presentations for awhile and figured I would do a quick post on this in an effort to get others to fight to get this bug resolved.

In ESXi 5.0 (all builds I can find) you can no longer statically define an IPv6 Link Local address as a default gateway.  If you attempt to from the host console you get: 

 

At least the above error is accurate and understandable.  If you attempt to assign a Link Local address via the vSphere Client you get a totally useless error which bears no indication of the actual problem:

Please reach out to your VMware team (I have been trying for months) to get this resolved.  As I state in all of my talks, you do NOT need to configure IPv6 on the ESXi hosts or any part of vSphere to get your guest VMs to use IPv6, but IF you do want to have an IPv6-enabled VMware environment then stuff like this no support for Link Local gateways (required by RFC) is total nonsense.

Fight the good fight!!

Shannon

Posted in IPv6 | Tagged , , , , , , | Leave a comment

North American IPv6 Summit – Denver

Starting today the North American IPv6 Summit, hosted by the Rocky Mountain IPv6 Task Force will begin with a day of pre-conference tutorials with two more days of excellent speakers on a variety of topics.

Check out the main page and you can register onsite if you had your schedule free up: http://www.rmv6tf.org/IPv6Summit.htm

I am one of a few doing 30 minute keynotes on Tuesday, but in my view the real deal starts on Wed with the breakouts.

Some talks that I am really looking forward to are:
Wed:
9:45AM to 10:30AM – John Brzozowski, Distinguished Engineer, Comcast – IPv6 Deployment to the home at Comcast and CE industry Initiatives to support that effort

1:00PM to 1:45PM – Paul Zawacki, Sr. Principal Network Engineer, Oracle and Jeff Hartley, Brocade – Lessons Learned from Enterprise IPv6 Deployment

1:45PM to 2:30PM – Ciprian Popoviciu, President/CEO, Nephos6 – How to Evaluate the IPv6 Readiness of the IT Environment

2:45PM to 3:30PM – Ed Horley, Principal Solutions Architect, Groupware Technology – Advanced IPv6 design and deployment items for enterprise networks that are Microsoft technology focused

3:30PM to 4:15PM – John Vail, University Student, East Carolina University – Cloud Providers that Support IPv6

I will follow-up with some notes, summary and thoughts regarding the even this year.  I will see you at the summit!

Shannon

Posted in IPv6 | Tagged , , , | Leave a comment

New Cisco Validated Design – Deploying IPv6 in the Internet Edge

Just before the holiday break I posted a new Cisco Validated Design (CVD) on Deploying IPv6 in the Internet Edge.  Check it out here:

PDF version

Online version

To meet deadlines I had to cut a few things out that I had originally planned on including such as:

  • More on NetFlow
  • Network Management using Cisco Prime
  • Considerations for IPv6 access to your content on a cloud providers network
  • and other junk

Future work on this document will include the above as well as:

Posted in IPv6 | Tagged , , , , , , , , , , , , , , , , , , , , | Leave a comment

Cisco Launches IPv6 Support for Cisco ACE

I have been pushing for IPv6 support for Cisco ACE for years now and today, finally, the first release of support is on Cisco.com.

Cisco ACE software release A5(1.0) provides several feature enhancements with IPv6 being the most important in my view. ;-)

A summary of IPv6 features added:
•Dual stack:

–IPv4-to-IPv4 and IPv6-to-IPv6

–HTTP and DNS inspection for native IPv6-IPv6 traffic

•Translation:

–SLB64, SLB46 for all Layer 4 load balancing which do not require payload modifications or pinholes

–NAT64, NAT46 for all TCP and UDP protocols which do not need payload modifications or pinholes

–SLB64 and SLB46 support for Layer 7 load balancing for HTTP and SSL protocols.

–No DNS64 or DNS46 support on ACE

•Mixed IPv4 and IPv6 real server support

•IPv6 addressing, including link-local, global unicast, unique local, peer, and alias addresses.

•IPv6 protocol support:

–Neighbor Discovery (ND)

–Router Discovery (RD)

–Duplicate Address Detection (DAD)

–ICMPv6

–DHCPv6

•Application awareness: HTTP, HTTPS, and DNS

•Online Certificate Status Protocol (OCSP) support for authenticating Secure Socket Layer (SSL) offloaded sessions, for both IPv6 and IPv4 support

•DM GUI changes in A5(1.0):

–Support for the IPv6 and SSL OCSP features and functions outlined above.

–Updated look and feel to the DM GUI and all associated pages.

–Homepage—A launching point to selected areas within the DM GUI. It appears under the Home option menu. Homepage includes quick access to a series of operational tasks, monitoring functions, Guided Setup tasks, configuration functions, and quick links to the associated user documentation.

–Guided Setup—Provides a series of setup sequences that offers screen guidance and networking diagrams to simplify the configuration of the ACE appliance through the DM GUI.

–Network monitoring enhancements:

Dashboards—Allows faster and more accurate assessment and analysis of device and virtual context health and usage, as well as performance. Corresponding monitoring views allow for quick access to details for further investigation into potential problems highlighted in the dashboards. Graphs, as well as monitoring screens, allow you to view historical data and compare the performance with the peer objects.

Historical Graphs—Displays data recorded during the last hour, 2-hour, 4-hour, 8-hour, 24-hour interval, or 30-day (last month) interval. There is also support for real-time charts as part of the monitoring graphs feature

Dedicated Real Server and Probe Views—Displays load-balancing information that is related to real servers and the probes that monitor the health and availability of a real server.

Topology Maps—Provide a graphical representation of an application network.

Cisco ACE A5(1.0) Configuration Documentation: http://bit.ly/pKQxIq

Cisco ACE A5(1.0) Release Notes: http://bit.ly/oO0Skn

Slideshare configuration examples I have built on Cisco ACE SLB66/SLB64, ASR1k Stateful NAT64 and proxy: http://t.co/RLVof3jU

Posted in IPv6 | Tagged , , , , | 3 Comments

VMware View Bootcamp – 9-part Video Series

I was happy to have been invited to participate as one of the speakers for the VMware View Bootcamp series.

Check it out:

http://communities.vmware.com/community/vmtn/desktop/view/bootcamp/

Posted in VDI/DaaS, Virtualization | Tagged , , , , , , | Leave a comment

Public DaaS – I have questions

Desktop as a Service (DaaS) is one of the many cloud service components that is really just VDI but with a cloud-sounding acronym.  I know customers who call their internal VDI deployments a DaaS service and I also know cloud purist who say DaaS only applies to the public cloud.  Whatever.  I care nothing about nomenclature.

What I do care about is usable services that customers can use for solving business and technical problems.  In small, medium and large VDI deployments we find that the complexity of design, deployment and ongoing management ends up being nearly as painful as the traditional thick desktop model, at least for a while.

I am starting to hear more and more from customers of all sizes that they would like to move to VDI for all of the traditional advantages, but only they don’t want to own or manage the environment that supports it.  Here come public cloud DaaS offerings and our discussion.

Companies like Desktone, CSC’s Dynamic Desktop service and others are providing a desktop in the public cloud.  The feedback from customers I have talked to ranges from barely usable to a completely acceptable service for certain user groups. In the very small amount of time that I have devoted to looking at some of these offerings I have found that the traditional issues that are found in old-school VDI deployments equally apply to these new DaaS offerings, but in some cases are compounded by the variability of the Internet.

User Experience

We know this is the make or break element of any VDI or Terminal Services-style deployment.  It comes down to display protocol performance, compute performance and back-end storage.  In some of the DaaS offerings, the display protocol has to deal with the variability of the Internet (loss/latency/jitter/bandwidth).  We know that even the best performing display protocols that also have the usual goodies bolted on the network to help them out (i.e. WAN optimization), still offer less-than-acceptable user experience in many cases.  Take this already tough situation and dump it over a public Internet connection and things get interesting, fast.

In addition to display protocols you have to wonder how powerful the compute design is and how extravagant the storage is when the provider has to balance a reasonable price for the service with an upfront deployment of what should be a highly scalable service.  Is the SAN going to be that kick ass (acceptable IO, tiered storage capabilities, etc.)?  Will the compute be able to keep up with anything other than task worker loads?

Can the DaaS provider offer dedicated links to enterprises where they have more control over the network variables?  Sure, some providers are but this cannot scale and only adds more to the cost model making it more attractive for the enterprise to keep this whole thing on their network.  If a traditional SP got into the DaaS business then offered a network service just for DaaS then this may make more sense.

Storage/Data Privacy

It’s the cloud. It’s not your cloud, but the providers cloud and you are just buying time on it. So, now you have a desktop to connect to, but where do you go now?  You probably need to access enterprise applications (i.e. SAP, Oracle, call center apps) and not just Office. You either use this desktop to go back to your own environment or other SaaS application or you have local apps on that desktop that access local data.  That local data is the issue.  Who has access to it?  Does the DaaS provider do encryption at rest?  Inflight?

This is one of the usual issues with the whole public cloud debate – who has access to my super critical data?

Companies like Box (http://www.box.net/features/security) and Oxygen Cloud (http://www.oxygencloud.com/features/security) and others do encryption in flight (over IP) and at rest.  But these guys are probably not appropriate for DaaS due to the IO requirements.  High-end storage vendors like EMC, NetApp, Hitachi and many others do this too and they meet the availability, scalability and IO requirements, but at a price.

It is a balancing act with cost, performance, privacy of data and scale.  I don’t have the answers and I don’t think anyone does – at least not all of them.

Use Cases

Who is DaaS for?  Given a group of task workers such as call center agents seems good as the resource requirements and number of apps is low, but if you want to integrated voice into the equation then it gets rough due to rich media, QoS and all of the stuff in the user experience section.  Where does the call center apps reside.  Are they SaaS-able so the desktop can just access them via a browser connecting to another SaaS provider?  Is the DaaS provider going to host enterprise-class applications on-premises (doubtful)?

Power/Knowledge Workers have the same requirements as task workers in addition to a much larger list of applications and probably a much higher need for a butt-kicking user experience due to the diversity of apps and rich media uses.

Summary

Am I rambling?  You bet.  I am just now getting into research mode on what is out there and what is available.  I am hearing about this from customers on an alarmingly growing rate and need to have some answers on what is real, what is a pipe dream and/or what is real, but out in the future.

I welcome comments of any kind on any questions I have asked and any that I have not.  I am very much in the I don’t know what I don’t know mode.

More to come on this topic.

Shannon

 

 

Posted in VDI/DaaS | Tagged , , , , , , | Leave a comment

Pearson IT Certification: Q&A with Shannon McFarland

I did a Q&A Interview with the Pearson folks on the new Cisco Press title: IPv6 in Enterprise Networks.

Check it out:
http://www.pearsonitcertification.com/articles/article.aspx?p=1692561

Posted in IPv6 | Tagged , , , , , | Leave a comment

IPv6 for Enterprise Networks – Available Now

It’s out!  Available at book stores, online retailers and also in electronic format.  “IPv6 for Enterprise Networks” by Cisco Press is ready for your consumption. For you Safari Online readers, the book should be available by end of this week (4/8) or beginning of next week.

Amazon:

http://www.amazon.com/IPv6-Enterprise-Networks-Networking-Technology/dp/1587142279/ref=sr_1_1?ie=UTF8&s=books&qid=1301616511&sr=1-1

Cisco Press (Hardcover):

http://www.ciscopress.com/bookstore/product.asp?isbn=1587142279

Cisco Press (Electronic):

http://www.ciscopress.com/bookstore/product.asp?isbn=1587142325

Anyone that knows me knows that I am pretty straightforward with my comments and am especially self-deprecating.  I have two things to say about this book that I co-authored:

-I really like that we now have technical books that are available electronically. I hated carrying around a massive book on planes.  Now I don’t have to but the auto-justify KILLS the configurations.  As a guy who learns new stuff by reading configuration flow, this is irritating as hell as it is tough to follow configs that are all jacked up based on formatting.  Jerking around with font size helps, but it is no picnic to read.

-As with any technology book, you are late to the game on some topics the moment you lock changes and the book goes to print.  We did not have time to really do a good job of Internet Edge/DMZ design and also any real depth on topics such as multi-homing.  While these designs are pretty much the same as what you already do with IPv4, we still wanted to cover them but didn’t, which disappoints me.

I hope you enjoy the book.  I have to get busy documenting minor errors in it so we can update the next printing batch. ;-)

Shannon

Posted in IPv6 | Tagged , , , , , | 2 Comments

My New Book – IPv6 in Enterprise Networks

You can pre-order the book I co-authored from Cisco Press (Pearson) or Amazon.  It comes in hardcover and eBook format.  It should be available April 7th, 2011

Amazon:

http://www.amazon.com/IPv6-Enterprise-Networks-Networking-Technology/dp/1587142279/ref=sr_1_1?ie=UTF8&s=books&qid=1301616511&sr=1-1

Cisco Press (Hardcover):

http://www.ciscopress.com/bookstore/product.asp?isbn=1587142279

Cisco Press (Electronic):

http://www.ciscopress.com/bookstore/product.asp?isbn=1587142325

 

Posted in IPv6 | Tagged , , , , , , , , , , | Leave a comment

Rocky Mountain IPv6 Summit – Registration Open

The annual Rocky Mountain IPv6 Summit in Denver, CO will be happening April 25, 2011 – April 27 at the Grand Hyatt Denver.

You can register here: http://conta.cc/f2vpHZ

More info about the event here: http://www.rmv6tf.org/IPv6Summit.htm

This is event was fantastic last year and it is looking to be another great agenda this time around.  See you there.

Shannon

Posted in IPv6 | Leave a comment