Cisco's IPv6 Confused Marketing Team

I decided that my first ever O'Reilly blog post should be a complaint. I'm quite fond of complaining.

To be fair, I'm talking only about the c3750. Here's the deal:
The 3750 supports IPv6 in hardware, sort of; more on that later. When we first purchased many 3750s we were blissfully unaware that IPv6 software wasn't available yet. A few years later (really) the Advanced IP Services image came out with IPv6 support and Cisco wanted another chunk of change for it. Ok, fine.

Running the new image with our previously configured policy routing along side IPv6 required that we adjust the TCAM allocation. Unfortunately, there was no option in sdm prefer to allocate TCAMs for both policy routing and IPv6. It is a cheap router, and we implemented an L2 solution for the thing policy routes used to do, so this wasn't that big of a deal. Annoying, sure, but our prayers to the hardware gods went unnoticed, so we still have a limited amount of TCAMs.

router#sh sdm prefer
 The current template is "desktop IPv4 and IPv6 default" template.
 The selected template optimizes the resources in
 the switch to support this level of features for
 8 routed interfaces and 1024 VLANs.

Eight isn't really enough.. (you have to be really old to get that joke)

After a reboot and configuring OSPF to speak IPv6, we started bringing up interfaces. Everything worked quite nicely, until we actually started to use it. Linux clients nabbed an IP very quickly, Solaris required starting in.ndpd, an interface plumb, and touch /etc/hostname6.eri0, and Windows required ipv6 install then ipv6 if. Oh, Windows clients. That reminds me: we need ACLs.

The terror begins. You can create IPv6 ACLs until your fingers fall off, but actually applying them to an interface is impossible. It seems the required command is missing! You cannot just "conf t" "int vl1" "ip access-group" anymore. Buried in the documentation, Cisco shows us:

(config-if)# ipv6 traffic-filter  { in | out }

This yields:

(config-if)#ipv6 t?
% Unrecognized command

The command is actually missing. We were using: c3750-advipservicesk9-mz.12.2-25.SEB1 at the time. There was a slightly newer rev available, so we assumed it had some bug fixes. This is where the next major bug reared its head. After installing the new image on the group of switches, it failed to reboot. Long story short, the switch won't boot with IPv6 interfaces configured. Remove them, boot, add them back, and everything works again. Except we can't protect the Windows boxes, since the command to apply ACLs is missing.

I should note that the Juniper routers had no problems with IPv6. I haven't tried it on any expensive Cisco routers yet, but I assume it should work a bit better. So let's recap some of the unadvertised features you get on the c3750 (with an expensive IP Services image):

• Policy routing and IPv6 cannot live together
  
• ACLs exist but you can't apply them to an interface
  
• You cannot boot the router with IPv6 interfaces configured
  
• And finally, I forgot to mention, there's a memory leak if you disable OSPFv3

The last item wasn't a problem for me, but I'm sure it will bite someone. Quite a list, isn't it? We'd like to offer IPv6 natively (non-tunneled) for the University, but certain vendors definitely don't make it easy.

I'd love to hear other people's experiences with Cisco+IPv6 on 3750s or other devices.