Skip to main content
Important: This knowledge repository has been retired. All its content has been migrated to our new repository.
Please search for our articles either on our F5® Distributed Cloud Technical Knowledge Hub or on MyF5.

IPv6 Early Access Support for CEs in May, 2024 Release

  • Updated

Summary

IPv6 functionality will be available as early access (EA) with May release for non-orchestrated CEs – Baremetal, VMware, KVM for both S-MCN and App Stack use-cases. To gain access to this early access IPv6 functionality on CEs, please reach out to your account team to enable this for your tenant. Tenant UI may show IPv6 objects, but the functionality is not turned on until the tenant is allow-listed for IPv6 functionality.

 

CE IPv6 Functionality Available in Early Access

Note that IPv6 on REs is not supported as part of early access. It’s important to note that our approach to enable IPv6 for CE is using dual stack where possible where IPv6 addresses can be assigned along with IPv4.

The following is a list of CE functionality which is now IPv6 ready as part of the early access pilot for Secure Mesh CEs.

  • Dual Stack Network Interfaces: IPv6 address assignment for SLO and SLI interfaces.
  • Routing & Firewall: IPv6 BGP peering and route exchange with external BGP speakers, IPv6 support for Site Mesh Group and DC Cluster Group, Enhanced Firewall Rules.
  • Load Balancer: IPv6 VIP & origin pools, VIP advertisement over BGP/ECMP, Service Policy, Forward Proxy.
  • App Security: WAF, IPv6 Reputation, Malicious Users, Trusted Clients, DDoS.

App Stack CEs support everything above including the following below:

  • IPv6 Dual stack address support for pods and VMs.
  • SR-IOV interfaces with IPv6 addresses.

Known Caveats with IPv6 on CE Early Access Pilot

 Functionality     Known Caveat
Forward Proxy  Forward Proxy policy allowed/denied connections does not support option for IPv6 prefix
SLI Interface Editing the DHCPv6 Network Prefix of the SLI with same prefix length adds new v6 entries to the interface.
Fast ACL Fast ACL with IPv6 does not work
DHCP IPv6 subnet For App Stack sites, DHCP for IPv6 subnet does not work 
VMware ESXi OVA   IPv6 address can not be specified via ESXi OVA workflow works fine via SiteCLI workflow.
SLI DHCPv6 server DHCPv6 server on SLI prefix updates does not work.
DHCP IPv6 IP  Exclusion/Inclusion of IPv6 IPs does not work for DHCP IPv6 server config.

IPv6 Assignment for DHCP Server

 IPv6 DHCP Server config is available under ‘stateful DHCP IPv6’  with IPv6 AutoConfiguration selection for interface IP addressing.

IPv6 support for SLO Interfaces

 This is not supported for CE-CE traffic, such as SMG or DC groups.

Related articles