Requirements and Limitations for Dual-Stack Mode (IPv6 Support)
Secure Workload clusters running on physical hardware can be configured to use IPv6 in addition to IPv4 for certain communications to and from the cluster.
Note |
|
Limitations
If you are considering enabling dual stack mode, note the following:
-
You can enable IPv6 connectivity only during initial deployment or upgrade to a major release (you cannot enable this feature during patch upgrades).
-
Dual-stack mode is supported only on physical hardware or bare metal clusters.
-
There is no support for IPv6-only mode.
-
You cannot revert to IPv4-only mode after dual stack mode is enabled for the cluster.
-
(Applicable for releases 3.8 and earlier) Data Backup and Restore (DBR) is not supported if dual-stack connectivity is enabled.
-
Do not enable dual-stack mode for clusters that are configured with Federation.
-
The following features always and only use IPv4 (note that IPv4 is always enabled even if IPv6 is enabled):
-
(Applicable for releases 3.9.1.1, 3.8.1.1, 3.7.1.5, and 3.6.x) Enforcement on AIX agents
-
(Applicable only for release 3.6.x) Hardware agent communication with the cluster
-
(Applicable only for release 3.6.x) Connectors for flow ingestion, inventory enrichment, or alert notifications
-
Requirements
-
Configure both A and AAAA DNS records for FQDN before enabling dual stack mode for your cluster.
-
External services such as NTP, SMTP, and DNS must be available over both IPv4 and IPv6, for redundancy purposes.
-
To configure dual stack mode for a cluster:
-
Each of the two cluster leaf switches must be allocated routable IPv6 addresses on two different networks, for redundancy, and default gateways must be provided for each network.
-
For 39RU clusters, a site routable IPv6 network with space for at least 29 host addresses is required.
-
For 8RU clusters, a site routable IPv6 network with space for at least 20 host addresses is required.
-
The first three host addresses of the site routable IPv6 network are reserved for the Cisco Secure Workload cluster HSRP configuration and must not be used by any other devices.
-