IPV6 Proxy

Mention IPv6, and I believe most people will know what you are referring to. But that's all, they basically will be limited to a general recognition of what you're talking about. Starting with the mid 90s of the last century after the birth of IPv6, the discussion on the topic of IPv6 has been hot, but amongst the majority of users, there are few who can really use IPv6 applications!

Where does the problem lie? On the one hand, the application and deployment of IPv6 itself is small; and on the other, or even more crucial is the interoperability between traditional IPv4 applications and the IPv6 network, which make IPv6 networks and applications basically their own little islands: the traditional IPv4 users do not have access, and currently the development of new IPv6 networks is not widespread.

The root cause of this situation, was in fact, an incompatible IPv6 protocol with existing IPv4 technology. 51CTO.com reported previously, the Internet Engineering Task Force (IETF) admitted that they committed a fatal error in the IPv6 standards, in not providing in the existing Internet protocol a way to have IPv4 backward compatibility. An IPv6 senior architect from Blue Coat in the United States, Qing Li, a security expert, in an interview, said: "The lack of real applications for IPv6-oriented solutions, forces enterprises to consider in the end either the use of an appropriate relocation program [to IPv6 networks] or to conduct a comprehensive upgrade. There are huge and comprehensive upgrade costs, enough to make most companies look and stop."

In other words, the current key issue is how to solve getting users from IPv4 to IPv6, basically a transition and convergence between the two. Mr Li said: "To smooth the shift to IPv6, requires a safe migration of business applications and services strategy." Well, is there a solution to this problem?

The answer is yes. It is called an IPv6 Proxy.

The IPv6 proxy is a proxy between IPv4 and IPv6 networks, allowing for transition and conversion with the use of a single piece of equipment. Mr Li explained that the intelligence behind the IPv6 proxy, is that it allows the the user access between networks, without the need for an address translation, administrators do not have to rewrite applications or upgrade IT Infrastructure, and IPv6 applications can be accessed with IPv4 networks today. Services and data in both the IPv4 and IPv6 environments can now interact smoothly today, and have an an easy migration tomorrow.

In other words, the IPv6 proxy acts as the client and server, regardless of whether the client is IPv4 or IPv6, so that an IPv6 client agent without special equipment can communicate to an IPv4 server. And similarly, when a traditional IPv4 client communicating with an IPv6 server application sends a request, the IPv4 to IPv6 proxy will be able to intercept the request, and then convert the request to an IPv6 request to the server; when the server returns the information, it also goes through the IPv6 proxy, eventually returning to the client.

How does this conversion work? Mr Li explained that on the Blue Coat IPv6 proxy, the TCP protocol is used in the suspension and re-packaging of packets. As we all know, TCP protocol works in the fourth layer on top of the IP protocol negotiation, while other applications are built on TCP or UDP protocols. The Blue Coat IPv6 proxy issues the TCP receive client request to the one side, and then analyzes the application layer protocol request, and then accesses security policies that meet the request of the new negotiation with the packet, and issues appropriate requests to the server, while clients also receive a normal response.

In the client view, the issue of requests and responses are normal as expected (either IPv4 or IPv6), without any address translation or other intervention on the client, so everything is transparent. And on the server, the client appears to send a request that meets and conforms with the IPv6 protocol itself. For existing enterprise IPv4 applications, the IPv6 proxy device can issue IPv4 requests from IPv6 clients, allowing for a more secure IPv6 backbone network, and allow IPv4 applications the use of IPv6 applications and services as well.

With the IPv6 proxy the challenge of IPv4 and IPv6 interaction appears to be solved. But a company may ask: with conversion between the two protocols, are there any safety concerns? Moreover, with the deployment of such a device, will the network transmission speed and quality be affected? Will a proxy affect existing applications? Will it greatly increase the network cost?

Mr Li explained that on the IPv6 agent equipment and network, companies may be faced with a challenge. He sums them up into four areas, that need to be examined using the initials "SUVA".

First, companies have the issue of content security control (Security), that is, how to use IPv6 and the proxy to ensure that enterprise applications meet the business management system and compliance needs, and also eliminate the need for re-certification of existing security policy.

Followed by availability (Usability), making sure the product application is convenient and reliable, and the original applications look transparent and convenient.

Third is the application of visibility (Visibility), which is very high in terms of IPv6 proxy requests. The proxy with all the applications through it require visual management to help network administrators with the application flow and a comprehensive understanding of Web content and control. Achieving effective application performance monitoring and adjusting network resources is key.

Finally, application layer protocol, where a business needs to accelerate applications (Acceleration). Acting as an intelligent device, IPv6 proxy should also provide acceleration capability so the network and application capabilities provide the best experience for end-users.

It should be said that these challenges also contributed to the development of the IPv6 proxy, an important reason for the relative difficulty in bringing the product to market. Mr Li explained that, Blue Coat's first-generation IPv6 proxy required R & D to spend five years developing the product. The key point of their success in the intelligent IPv6 proxy access to client requests, is not just a simple address translation, but a number of management issues, including the analysis of applications, auditing and security management, and content caching strategies such as acceleration. In the end, for network access, only if the functionality of a device meets the enterprise security management requirements, will the proxy request will be issued, and optimized.

Editor's note: This article is translated from Chinese, and the grammar has been corrected, but we haven't taken the extensive time necessary to make this article flow and read like fluent English.