Understanding vGW Series IPv6 Support

This topic covers IPv6 in relation to vGW Series. It considers IPv6 with the understanding that the cloud and IPv6 are inherently linked. vGW Series secures the cloud, and it provides support for IPv6 alone or with IPv4 in a dual stack implementation.

This topic covers how vGW Series displays or allows you to enter IPv6 address in the vGW Security Design VM modules.

vGW Security Design VM and vGW CLI Support for IPv6 Addresses

vGW Series implements support for IPv6 addresses in all areas of the vGW Security Design VM, console, and CLI output where addresses are represented as text. Attributes used in Smart Groups that pertain to IPv4 addresses have IPv6 corollaries. For example, the vi.ipv4 Smart Group attribute now has a vi.ipv6 corollary. In another example, Figure 32 shows the console displaying both the IPv4 and the IPv6 addresses for the SVM-176.

Figure 32: Console Showing IPv6 and IPv4 vGW Security VM Addresses

Console Showing IPv6 and IPv4 vGW Security
VM Addresses

For releases of vGW Series prior to vGW Series 5.5, IP addresses were assumed to be 32-bit IPv4 addresses. Network and host objects, security policies, and logging and reporting data were all assumed to accept or display IPv4 addresses only. For vGW Series 5.5, any area of the product that used IPv4 addresses now accepts, validates, and supports both IPv4 and IPv6 addresses. If the vGW Security Design VM is configured for dual-stack support, both IPv6 and IPv4 addresses are accepted or displayed. For details on configuring the vGW Security Design VM for dual stack, see Configuring the vGW Series Network Settings.

Note: By default, a dual stack vGW Security Design VM communicates with a vGW Security VM using the IPv4 protocol. However, you can use the vGW CLI to change the default IP protocol used by setting the center.dual.stack.default.communication.ipv4 parameter to false.

center.dual.stack.default.communication.ipv4=false

By default, this parameter is set to true.

This parameter is relevant only if the vGW Security Design VM is configured for dual stack and one or more vGW Security VMs is also configured for dual stack. In all other cases, the protocol used is the one that is common to both the vGW Security Design VM and the vGW Security VM, and this parameter is irrelevant.

Entering IPv6 Addresses

vGW Series IPv6 text representation follows the canonical text representation format for IPv6 recommended by the RFC 5952 standard. You can enter IPv6 addresses in any of the standard text representation formats, and the vGW Security Design VM will accept them as valid IPv6 addresses. However, it compresses IPv6 addresses when it displays them.

vGW Series IPv6 Address Representation

The vGW Security Design VM interface, reports, logs, log collections, CLI output, and console messages include coverage of IPv6 addresses, in addition to IPv4 addresses.

IPv6 addresses have the following format in which each xxxx is a 16-bit hexadecimal value, and each x is a 4-bit hexadecimal value.

xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

Here is an example of an IPv6 address:

3ffe:0000:0000:0001:0200:f8ff:fe75:50df

To utilize display space, the vGW Series compresses IPv6 addresses, following the RFC 5952 standard recommendation for address compression.

For an IPv6 address that includes contiguous sections each of which contains zeros, the vGW Series compresses the 16-bit groups of zeros to double colons (::).

vGW Series would present the following IPv6 address that contains four sections of zeroes:

2001:db8:0:0:0:0:2:1

in its IPv6 compressed representation:

2001:db8::2:1

IPv4-Mapped IPv6 Addresses

vGW Series supports IPv4-mapped IPv6 addresses, which are a class of addresses that are utilized in hybrid dual-stack IPv6/IPv4 implementations. The first 80 bits of these addresses are zero, the next 16 bits are one, and the remaining 32 bits are the IPv4 address. In some cases, these addresses are written with the first 96 bits in standard IPv6 format and the last 32 bits written in IPv4 dot-decimal notation.

The following representation stands for the IPv4 address 192.0.2.128:

::ffff:192.0.2.128

vGW Security Design VM Filter Boxes

All vGW Security Design VM filters that you can use to filter on specific IP addresses and systems are enhanced to support IPv6 values.

Filter boxes for source and destination addresses display IPv4 addresses, IPv6 addresses, or both, depending on how the system is configured.

Searching the VM Tree for VMs and Hypervisors with IPv6 Addresses

You can use the VM tree search box Advanced Filter Editor to locate VMs that have IPv6 addresses bound to them. You can specify a single IPv6 address or a range of addresses to display the VMs that the addresses are assigned to. In response, vGW Series highlights the matching VMs.

vGW Security Design VM and IPv6 and IPv4 Addressing

The vGW Security Design VM supports IPv4 addresses, IPv6 addresses, and IPv4-IPv6 addresses for dual stack.

vGW Security VM IP Addressing Support

A vGW Security VM must have either an IPv4 address or an IPv6 address bound to it or both types of addresses if it is configured for dual stack. You should configure the IP address for a vGW Security VM based on how the vGW Security Design VM is configured.

Related Documentation