The big networking related news recently was the exhaustion of IPv4 Address space. Public news reports stated that IPv4 Addresses has exhausted and that no more IPv4 addresses are available. What really happened is that the last 5 sets of IPv4 addresses blocks available were allotted to the regional Internet registries who will then allocate the address to users based on requests and other factors. Though all these blocks combined have a possible 80 million addresses, they possibly will last for 3 months at the current rate of allocation(1).

This does not mean that IPv4 will disappear immediately from use. Both addressing schemes are expected to coexist for some time before IPv6 takes over completely. It has even been suggested that content providers must support IPv6 by early 2012 so as to cater to the needs of customers who use IPv6(2). These factors necessitated the move to IPv6 and now almost all enterprise level network device vendors supports IPv6 addressing and routing along with IPv4, thus making possible a seamless transition.

The advantage of IPv6 itself is the reason for its existence – unlimited number of IP addressing space available which IPv4 cannot provide. At some point during the Internet boom, the possible exhaustion of IPv4 address, numbering to 2^32, which is almost 4 billion addresses, was identified. This prompted IETF to work on and develop Internet Protocol version 6. IPv6 uses 128 bit addresses, thus providing 2^128 possible addresses. That is..? I do not know..I think inexhaustible is the answer.

Let me not delve into the use of IPv6 or its technicalities as this is one technology that kept falling into the limelight every time an IPv4 Addresses block was allocated or a vendor started supporting the technology. For those who would like to know more, some good resources are:

Traffic Analytics and IPv6 :

When networks migrate to IPv4, it is also important that the monitoring software and technologies too support reporting on IPv6 routed traffic. SNMP, NetFlow and packet capture are the primary the major technologies available today for bandwidth monitoring and traffic analytics. SNMP MIBs with IPv6 support are already available from many vendors and packet capture does not need any specific support as packet information is read as it is.

NetFlow version 9 is Cisco’s new and advanced version of NetFlow export, which allows a high level of flexibility to flow based reporting. The version allows users to add custom fields, define key fields and modify the exported flow information to have only specific data. All this, finally to have a Flexible NetFlow export with custom specifications. It is over this NetFlow version that reporting and export of IPv6 fields is supported thus moving NetFlow too to the IPv6 ready state.

Next up is the capability of reporting tools to support IPv6 data. The flow reporting tool should have the capability to process the IPv6 flows exported from routing and switching devices and generate reports. This is important to ensure visibility into conversations over IPv6 which otherwise will not be accounted for. ManageEngine NetFlow Analyzer is introducing preliminary support for IPv6 in both Professional and Enterprise editions from Version 9 and Version 7.6 respectively.

Enabling IPv6 collection in NetFlow :

To configure your devices for NetFlow export with information about IPv6 routed packets, NetFlow version 9 needs to be used. You may need prior understanding on Flexible NetFlow exports using Flow Record, Flow Exporter and Flow Monitor to understand this. Below is the Flow Record configuration to collect IPv6 conversation information from your router and export it to NetFlow Analyzer.

cisco_2811(config)#flow record FNFrec
cisco_2811(config-flow-record)#match ipv6 source address
cisco_2811(config-flow-record)#match ipv6 destination address
cisco_2811(config-flow-record)#match transport source-port
cisco_2811(config-flow-record)#match transport destination-port
cisco_2811(config-flow-record)#match interface input
cisco_2811(config-flow-record)#match ipv6 protocol
cisco_2811(config-flow-record)#match ipv6 dscp
cisco_2811(config-flow-record)#collect routing source as
cisco_2811(config-flow-record)#collect routing destination as
cisco_2811(config-flow-record)#collect routing next-hop address ipv6
cisco_2811(config-flow-record)#collect transport tcp flags
cisco_2811(config-flow-record)#collect counter bytes
cisco_2811(config-flow-record)#collect counter packets
cisco_2811(config-flow-record)#collect timestamp sys-uptime first
cisco_2811(config-flow-record)#collect timestamp sys-uptime last
cisco_2811(config-flow-record)#collect interface output
cisco_2811(config-flow-record)#collect flow direction
cisco_2811(config-flow-record)#collect ipv6 source mask
cisco_2811(config-flow-record)#collect ipv6 destination mask

You can then associate the Flow Record and Flow Exporter (configuration for which is not show here) to a Flow Monitor, which then has to be associated with an interface. The router then exports the IPv6 related traffic information to NetFlow Analyzer which will then start generating reports.
At this point, IPv6 data is shown only in reports generated from raw NetFlow data. We will continue to enhance this feature based on your requirements. So, feel free to email your suggestions to nfs ‘@’

Don Thomas Jacob

Download | Interactive Demo | Product overview video | Twitter | Customers


  1. Don Thomas Jacob

    We have not yet seen options to export NetFlow data to an IPv6 destination. I believe this is something Cisco will come out with soon. I have also raised this to Cisco TAC and will keep you posted as soon as I get some info.

    Don Thomas

  2. Jon Kaeton

    Every example that I have seen of flow-exporter configuration will only export to IPv4 destinations. Where collection and source can be IPv6 address based, the collector destination can only be expressed with an IPv4 address or hostname. There does not appear to be an alternative command, beginning with “ipv6..” to replace the “destination x.x.x.x” command in the flow-exporter configuration either. Am I missing something?