Multiple vendors' IPv6 issues

Ca By cb.list6 at
Tue May 26 23:27:53 UTC 2015

On Tuesday, May 26, 2015, David Sotnick <sotnickd-nanog at> wrote:

> The company I work for has no business case for being on the IPv6-Internet.
> However, I am an inquisitive person and I am always looking to learn new
> things, so about 3 years ago I started down the IPv6 path. This was early
> 2012.
> Fast forward to today. We have a /44 presence for our company's multiple
> sites; All our desktop computers have been on the IPv6 Internet since June,
> 2012 and we have a few AAAAs in our external DNS for some key services —
> and, there have been bugs. *Lots* of bugs.
> Now, maybe (_maybe_) I can have some sympathy for smaller network companies
> (like Arista Networks at the time) to not quite have their act together as
> far as IPv6 goes, but for larger, well-established companies to still have
> critical IPv6 bugs is just inexcusable!
> This month has just been the most disheartening time working with IPv6.
> Vendor 1:
> Aruba Networks. Upon adding an IPv6 address to start managing our WiFi
> controller over IPv6, I receive a call from our Telecom Lead saying that or
> WiFi VoIP phones have just gone offline. WHAT? All I did was add an IPv6
> address to a management interface which has *nothing* to do with our VoIP
> system or SSID, ACLs, policies, roles, etc.
> Vendor 2:
> Palo Alto Networks: After upgrading our firewalls from a version which has
> a nasty bug where the IPv6 neighbor table wasn't being cleaned up properly
> (which would overflow the table and break IPv6), we now have a *new* IPv6
> neighbor discovery bug where one of our V6-enabled DMZ hosts just falls of
> the IPv6 network. The only solution: clear the neighbor table on the Palo
> Alto or the client (linux) host.
> Vendor 3:
> Arista Networks: We are seeing a very similar ND bug with Arista. This one
> is slightly more interesting because it only started after upgrading our
> Arista EOS code — and it only appears to affect Virtual Machines which are
> behind our RedHat Enterprise Virtualization cluster. None of the hundreds
> of VMware-connected hosts are affected. The symptom is basically the same
> as the Palo Alto bug. Neighbor table gets in some weird state where ND
> breaks and the host is unreachable until the neighbor table is cleared.
> Oh, and the final straw today, which is *almost* leading me to throw in the
> IPv6 towel completely (for now): On certain hosts (VMs), scp'ing a file
> over the [Arista] LAN (10 gigabit LAN) takes 5 minutes over IPv6 and <1
> second over IPv4. What happened?
> It really saddens me that it is still not receiving anywhere near the kind
> of QA (partly as a result of lack of adoption) that IPv4 has.
> Oh, and let's not forget everybody's "favorite" vendor, Cisco. Why is it,
> Cisco, that I have to restart my IPv6 OSPF3 process on my ASA every time my
> Palo Alto firewall crashes and fails over, otherwise none of my VPN clients
> can connect via IPv6?
> Why do you hurt me so, IPv6? I just wanted to be friends, and now I just
> want to break up with you. Maybe we can try to be friends again when your
> vendors get their shit together.
> -David

Had ipv4 ever hurt you ?

Me too.


More information about the NANOG mailing list