VMware vSphere ESX/ESXi 4.1 supports IPv6 for use with the Service Console and VMkernel management interfaces, and is compatible with vMotion, High Availability (HA) and Fault Tolerance (FT).
Notes:
IPv6 support can be enabled or disabled on a vSphere ESX/ESXi 4.1 host using the vSphere Client, the console or using the vSphere Command-Line Interface. Enabling IPv6 requires a restart to take effect.
To enable IPv6 using the vSphere Client:
To enable IPv6 using the console or vCLI commands:
esxcfg-vmknic
--enable-ipv6 true
vicfg-vmknic
connection_options
--enable-ipv6 true
esxcfg-vswif --enable-ipv6 true
true
with false
in the commands and restart. To enable IPv6 in ESXi 5.5 and 6.0:
IPv6 addresses can be configured for VMkernel and Service Console network interfaces using the vSphere Client or using the command line.
To set an IPv6 address using the vSphere Client, see the VMkernel Networking Configuration and Service Console Configuration section in the ESX/ESXi 4.1 Configuration Guide.
Set an IPv6 address for a VMkernel network interfaces using the console or vCLI by running one of these commands:
esxcfg-vmknic --ip X:X:X:X::/XPortgroupName
vicfg-vmknic
connection_options
--ip X:X:X:X::/X PortgroupName
Set an IPv6 address for a Service Console network interface using the console by running this command:
esxcfg-vswif --ip X:X:X:X::/X vSwifName
Internet Protocol Security (IPsec) secures IP communications coming from and arriving at an ESX/ESXi host. VMware vSphere ESX/ESXi 4.1 supports IPsec using IPv6 with manual key exchange for VMkernel network interfaces only.
When IPsec is enabled on a host, authentication and encryption of incoming and outgoing packets is performed. When and how IP traffic is encrypted depends on configuration of the system's security associations and policies. For more information, see the Internet Protocol Security section of the ESX/ESXi Server Configuration Guide.
Configuration can be performed from the ESX/ESXi host console using the esxcfg-ipsec
command, or remotely through the vSphere Command-Line Interface using the vicfg-ipsec
command. Configuration of IPsec cannot be performed using the vSphere Client. The two commands have the same syntax, and only vicfg-ipsec
is used in subsequent examples. For more information, see the vSphere Command-Line Interface documentation and the vicfg-ipsec command reference.
vicfg-ipsec
connection_options
--add-sa --sa-src x:x::/x --sa-dst x:x::/x --sa-mode transport --ealgo null --spi 0x200 --ialgo hmac-sha1 --ikey keySAName
vicfg-ipsec
connection_options
--add-sp --sp-src x:x::/x --sp-dst x:x::/x --src-port 100 --dst-port 200 --ulproto tcp --dir out --action ipsec --sp-mode transport --sa-name SANameSPName
vicfg-ipsec
connection_options
--add-sp --sp-src any -sp-dst any --src-port any --dst-port any --ulproto any --dir out --action ipsec --sp-mode transport --sa-name SANameSPName
vixcfg-ipsec
connection_options
--add-sp --sp-src x:x::/x --sp-dst x:x::/x --src-port 100 --dst-port 200 --ulproto tcp --dir out --action discard SPName
vicfg-ipsec
connection_options --list-sa
vicfg-ipsec
connection_options --list-sp
vicfg-ipsec
connection_options --remove-sa SAName
vicfg-ipsec
connection_options --remove-sp SPName
The Internet Engineering Task Force has designated IPv6 as the successor to IPv4. The adoption of IPv6, both as a standalone protocol and in a mixed environment with IPv4, is rapidly increasing. With IPv6, you can use vSphere features in an IPv6 environment.
A major difference between IPv4 and IPv6 is address length. IPv6 uses a 128-bit address rather than the 32-bit addresses used by IPv4. This helps alleviate the problem of address exhaustion that is present with IPv4 and eliminates the need for network address translation (NAT). Other notable differences include link-local addresses that appear as the interface is initialized, addresses that are set by router advertisements, and the ability to have multiple IPv6 addresses on an interface.
An IPv6-specific configuration in vSphere involves providing IPv6 addresses, either by entering static addresses or by using an automatic address configuration scheme for all relevant vSphere networking interfaces.
For more information, see the Advanced Networking: Internet Protocol Version 6 section of the ESX/ESXi 4.1 Configuration Guide.
Configuring IPv6 on ESX 4.0.x