(Optional) Requirements and Limitations for Dual-Stack Mode (IPv6 Support)
Secure Workload clusters running on physical hardware can be configured to use IPv6 in addition to IPv4 for certain communications to and from the cluster.
Note |
You can use the Dual-Stack Mode (IPv6 support) feature when installing or upgrading to 3.6.1.5 and 3.7.1.5 releases, however, the feature is not available when you are installing or upgrading to patch releases. |
Limitations
If you are considering enabling dual stack mode, note the following:
-
You can enable IPv6 connectivity only during initial deployment or upgrade to a major release (you cannot enable this feature during patch upgrades.)
-
Dual-stack mode is supported only on physical hardware/bare-metal clusters.
-
There is no support for an IPv6-only mode.
-
You cannot revert to IPv4-only mode after dual stack mode is enabled for the cluster.
-
Data Backup and Restore (DBR) is not supported if dual-stack connectivity is enabled.
-
Do not enable dual-stack mode for clusters configured with Federation.
-
The following features always and only use IPv4 (note that IPv4 is always enabled even if IPv6 is enabled):
-
(Applicable for release 3.7.1.5 and 3.6.x) Enforcement on AIX agents
-
(Applicable for release 3.6.x) Hardware agent communication with the cluster
-
(Applicable for release 3.6.x) Connectors for flow ingestion, inventory enrichment, or alert notifications
-
Requirements
-
You must configure both A and AAAA DNS records for FQDN. You must configure this before you enable dual stack mode for your cluster.
-
External services such as NTP, SMTP, and DNS should be available over both IPv4 and IPv6, for redundancy purposes.
-
In order to configure dual stack mode for a cluster:
-
The two cluster leaf switches will each need to be allocated routable IPv6 addresses on two different networks, for redundancy, and default gateways will need to be provided for each network.
-
For 39RU clusters, a site routable IPv6 network with space for at least 29 host addresses is required.
-
For 8RU clusters, a site routable IPv6 network with space for at least 20 host addresses is required.
-
The first three host addresses of the site routable IPv6 network are reserved for the Cisco Secure Workload cluster HSRP configuration and must not be used by any other devices.
-
Additional Information
Agents communicate with the cluster using IPv4 unless you configure them to use IPv6. For instructions, see the User Guide available from the Secure Workload portal.