Skip Links

IPv6 deployment starts at the network edge

Six ADCs deliver IPv6 capabilities to apps hosted on IPv4 Web servers

By Scott Hogg, Network World
February 13, 2012 12:08 AM ET

Network World - IT execs know they will have to deploy IPv6 at some point, but where to begin? One approach that establishes some  IPv6 capability without spending a lot of time or money is to start at the perimeter.

IPv6-enabling routers, firewalls and DNS servers should be straightforward. If an organization were to deploy an IPv6-capable Server Load Balancer (SLB) or, using the most current term, Application Delivery Controller (ADC), they could configure an IPv6 Virtual IP (VIP) and an IPv4-only server farm.

This would allow Web apps hosted on IPv4-only servers to appear to the Internet user as IPv6-applications. The way it works is that clients would connect to the IPv6 VIP, and the ADC would perform a reverse-proxy function and terminate the IPv6 HTTP Internet connection, then create a new IPv4 HTTP back-end connection to the IPv4-only application servers. The server would not necessarily know the IP version being used by the client and it would happily return the data to the ADC appliance using IPv4. The ADC appliance takes that IPv4 response from the server, copies the HTTP application data and transmits it back to the IPv6-connected client.

Quiz: are you ready for IPv6?

We tested the IPv6 capabilities of the major ADC vendors' products: A10 Networks, Brocade, Cisco, Citrix, F5 and Riverbed/Zeus. We tested all of the IPv6 features that these vendors listed on their data sheets and determined that all of these systems are suitable for aiding in an Internet edge IPv6 deployment scenario.

IPv6: What you need to do now

One piece of good news: The ADC your company already owns may have IPv6 capabilities. It could be as simple as a software upgrade and you would have an IPv6-capable reverse proxy server that could help accelerate your IPv6 Internet edge deployment.

Long list of features

ADCs can provide a wide variety of IPv6 capabilities. Most of the products tested had these features.

• IPv4/IPv6 Server Load Balancing (reverse proxy), IPv6 VIP with IPv4 or dual-protocol real-servers/server-farms

• SSL offload and acceleration for IPv6-VIPs and servers

• Ability to perform content filtering, regular expression matching, URL rewriting, for IPv6 connections

• IPv6-capable Web Application Firewall (WAF)

• IPv6-enabled security features (distributed denial-of-service (DoS) protection, SYN-cookies, IPS, content filtering)

• Stateful access control lists f(ACL) or IPv6 packets, ICMPv6 filtering, extension header filtering and denial of RH0 packets

• High-availability for IPv6 connections (IPv6 connection state synchronization between high availability pairs)

• Logging of IPv6 connections (internal logging and with Syslog)

• Ability to check the IPv6 neighbor cache entries

• IPv6 static routing

There are also some nice-to-have optional features.

• IPv6-enabled Geographical Server Load Balancing (GSLB)

• Authoritative dual-protocol DNS server

• Stateful NAT64 capabilities

• DNS64 integration with NAT64

• IPv6 routing protocol support (static routing, RIPng, OSPFv3, IS-IS [ST & MT], MP-BGP, RHI)

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News