/27 the new /24

Mel Beckman mel at beckman.org
Sun Oct 4 15:55:01 UTC 2015


What Cisco routers, and what vintage IOS, are you finding have no IPSec support? I've not run into that problem. 

 -mel beckman

> On Oct 4, 2015, at 8:33 AM, Jon Lewis <jlewis at lewis.org> wrote:
> 
>> On Sun, 4 Oct 2015, Mel Beckman wrote:
>> 
>> If it doesn't support IPSec, it's not really IPv6. Just as if it failed to support any other mandatory IPv6 specification, such as RA.
> 
> Go tell cisco that.  IIRC, the first network I dual-stacked, I was kind of surprised when I found I could not use authentication in OSPFv3, because OSPFv3 assumes IPv6 will supply the IPSec to do auth...but these routers didn't support IPSec.  They still managed to route IPv6 and support IPv6 customers...so it really was IPv6...just not the full suite of everything you'd expect from IPv6.
> 
>> Your observation simply means that users must be informed when buying IPv6 devices, just as they must with any product. You can buy either genuine IPv6 or half-baked IPv6 products. When I speak of IPv6, I speak only of the genuine article.
> 
> Does anyone buy "IPv6 devices"?
> 
> The biggest hurdle I've seen with IPv6 adoption (i.e. going dual-stack, with the idea that we'll gradually transition most things / most traffic from v4 to v6) is the number of end-user network providers that don't offer v6 at all.  My home cable internet provider still doesn't offer IPv6.  When I asked one of their support people about it recently, I was told not to worry, they have plenty of v4 addresses left, but it was implied that they do plan to start offering v6 sometime soon.  They should have started rolling out IPv6 to any customers that wanted it years ago, so that by today, it would be standard for all their installations to be dual-stack.  But here we are, nearly 2016, and they don't have a single IPv6 customer (AFAIK) yet.
> 
> ----------------------------------------------------------------------
> Jon Lewis, MCP :)           |  I route
>                             |  therefore you are
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________



More information about the NANOG mailing list