On Tue, 12 Feb 2013, Luke Jenkins wrote:
MLD Snooping and IPv6 ACLs are a must.
MLD Snooping only seems important to me if you are actually going to do multicast outside of the local broadcast domain, which I can't imagine doing in most service provider environments. Am I missing a reason for it or a use case otherwise?
Check to make sure that the solution allows for many (for your network's definition of many) IPv6 addresses per host. You'll have at least three per host between link local, global, and one or more privacy addresses.
It would seem to me that either a wifi vendor would support source address shield for IPv6, which MUST include multiple addresses, or it would just pass everything without paying attention to source addresses. Is there a vendor that does not do one or the other? If so, please name names.
I've been providing native dual stack on my Cisco controller based wireless network for a few years now. IPv6 support was brought up a notch with the 7.2 code release. RA Guard was the obvious big features that was added, but I also appreciated the addition of ND caching to keep that chatter down. http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bae5...
Nice. Can you confirm if they've added DHCPv6 shield too? Source address shield for IPv6?
I've also used some Ruckus gear on an IPv6 network and it seemed to have all the right knobs and pass all the right IPv6 packets. Though this was on my home network so I can't speek to their IPv6 scalability (no reason to doubt it, just wanted to be clear).
Thanks, that's a useful data point. -- Brandon Ross Yahoo & AIM: BrandonNRoss +1-404-635-6667 ICQ: 2269442 Schedule a meeting: https://doodle.com/bross Skype: brandonross