[c-nsp] Roadmap questions reqarding various IPv6 features

Joerg Mayer jmayer at loplof.de
Fri Feb 19 07:54:07 EST 2010


as our SE has been unable to answer our questions regarding the IPv6
roadmap for 2960 and 3560 switches, maybe someone on this list can help

The setup:

Student Dormitory Network
- one IPv4 Address per appartment
- appartment==IPv4==Port Quota via Netflow(v9)
  from central device (option 82)
- no way for a user to use a different IPv4
  than the assigned one (IPSG)
- no MAC-Addr registration
- Hardware:
  central aggregation: 6500 / SUP720
  one 3560 as local router, L2 bondary, and some access-ports
  multiple 2960 switches directly and cascaded connected to router
IPv4 solution:
- DHCP-Snooping + DAI + IPSG
- DHCP IP-Address assignment using Option82
  remote-id + port-info extracted from circuit-id

We would like to implement something like that with IPv6.
Essential features that are missing in IPv6 right now:

1) option 82 support
2) RA-guard (or IPv6 port acls on 2960)
3) DHCPv6 snooping
4) equivalent to DAI (ND-Filtering based on DHCPv6 snooping)
5) IPv6 source guard

While I'a at it, a question regarding IPv6 on the WiSM:
1) Is there / will there be any ra-guard feature? This missing feature
   causes about 200000 DHCPv6 requests per hour, compared to 4000 DHCPv4.
2) MLD-snooping

So if anyone on this list knows about Cisco's plans regarding any of these
features, please share.

Joerg Mayer                                           <jmayer at loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.

More information about the cisco-nsp mailing list