A phased approach to IPv6 that's so easy, you'll almost think you're still ignoring it

By John Matthews, Network World |  Networking, IPv6

If you use dual-stacked application delivery controllers (ADCs) to manage traffic to your Web servers, you can accomplish this step making few if any changes to the servers themselves. ADCs that understand both IPv4 and IPv6 can be used as gateway devices to proxy IPv6 traffic to IPv4. Assign your ADCs the new virtual IPv6 addresses and have them point to your existing IPv4-based Web servers. Then, add those new IPv6 addresses to your DNS server and make them publicly available on IPv6 to establish your presence on the IPv6 Internet. Your ADC devices will continue handling requests from IPv4 clients as usual, but they will also be able to serve requests from IPv6-only clients, directing them to your existing IPv4-based Web servers.

IN DEPTH: IPv6: Dual-stack strategy starts at the perimeter

Remember, your goal in this phase is simply to enable your customers and the general public to stay connected to you. If your DNS servers can return an IPv6 record to an IPv6 client, then you've accomplished that goal -- without making any infrastructure or application changes.

Phase II: Consider the core network, protecting your Web applications and network resources.

Passing traffic through a gateway means you lose the ability to see the source IP addresses of client devices, so you need to take into account the capabilities of your security tools. To guard against DoS, DDoS, SQL injection, cross-site scripting and myriad other security threats, you already use a variety of security tools such as firewalls, proxies, IDS/IPS, authentication services and antivirus software. Ideally, those same tools should be IPv6-aware so you can use them to see the unique client information of IPv6 devices, whether they're connecting from outside of your organization or from within your network. [Also see: "Hackers target IPv6"]

Thankfully, some security vendors' products already support IPv6; others are moving in that direction. Solutions that support both protocols are preferred because they eliminate the need to add more point solutions in your environment. If your current solutions don't support IPv6, you can either wait for them to catch up or find new tools that enable you to provide the same level of protection on IPv6 that you're currently providing on IPv4.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

NetworkingWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question