Network Migration Gateway |
The Network Migration Gateway (NMG) is a capability of the
.vantronix Firewall Operating System (.vtFOS) that is
introduced with the FW.48 release
on March 1st, 2011.
|
The current infrastructure of the Internet is based on its underlying
TCP/IP protocol suite – the Internet Protocol version 4. The IPv4
protocol uses a 32bit address space, which limits the Internet to a
possible maximum of 4,294,967,296 (2 32) unique addresses, for
connected systems, servers or routers. The next-generation protocol
IPv6 introduces extended functionality and a 128bit address space, or
340,282,366,920,938,463,463,374,607,431,768,211,456
(2 128) unique addresses.
-
IPv4 addresses exhausted -
In February 2011, the Internet Assigned Numbers Authority (IANA)
announced the exhaustion of the primary IPv4 address pool. The rapid
growth of global Internet users and an increasing need for unique IP
addresses exhausted the address space about 30 years after the
standardization of IPv4 in 1981.
-
IPv6 for compliance -
Some governments started to require IPv6 compliance for any new
systems connected to their networks. For example, the US Government
requires IPv6 since Mid-2010 with their USGv6 standard by the National
Institute of Standards and Technology (NIST). It is sometimes even
required to run IPv6-only systems that prevent “dual-stack” use of
IPv4 and IPv6 in parallel.
Many businesses are facing the problem of migrating their networks and
solutions to IPv6. Many legacy systems don’t even support
IPv6 and cannot be replaced or upgraded in the next number of years. A
significant investment is required to upgrade all systems, products
and solutions to IPv6 but it is required to meet the compliance
criteria and to drive the future business.
So it is either IPv4 or IPv6 but what about interconnecting both
“worlds”? The NMG combines and extends the .vantronix IPv6 Gateway
with the transparent IP security option, improved usability,
flexibility and superior performance. It is a technology to connect
legacy IPv4 clouds to latest generation IPv6 networks,
state-of-the-art IPv6 networks to the traditional IPv4 Internet, and
to provide dynamic protection with the IKEv2 IP security mechanism.
The existing .vantronix IPv6/IPv4 Gateway this
functionality with a relay for TCP and DNS, but the new NMG is
providing an improved translation mechanism for all IP protocols. It
is now based on PF, the Packet Filter that is driving the
.vantronix stateful firewall and policy-based routing engine. The new
IP security option dynamically protects unprotected IP traffic with
IPSec and IKEv2.
Application Delivery -
Application Delivery Controllers (ADC) or Load Balancers typically run
in front of public web sites to terminate the Internet traffic and to
distribute it to a pool of internal application servers. The Network
Migration Gateway allows to add IPv6 compatibility to IPv4-only server
pools by using it on .vantronix load balancers. The NMG is accepting
IPv6 on a public IP address and distributing it to IPv4-only servers
internally that do not have to be touched or updated for IPv6.
Bump-in-the-Wire -
A Bump-in-the-Wire is a gateway that is transparently running in front
of a legacy system. It typically is a 1:1 network migration solution
where a dedicated gateway is bundled with a single legacy system. This
solution is typically used for operating highly specialized
IPv4-connected systems, machines, or medical equipment in restricted
or even classified IPv6-only networks.
A BitM can also transparently protect the IP traffic with IKEv2 IPsec.
|
IPv6 NAT and Firewall -
The .vantronix Network Migration Gateway is part of a routing firewall
solution that supports unlimited stateful firewalling for IPv4 and
IPv6. Network address translation (NAT) is a very common way to
connect local to global IPv4 networks, but was extended to be the key
technology for NAT46, NAT64 and IPv6-to-IPv6 NAT66. And yes, we do
think that NAT is important for IPv6-only as well.
|
|