Network Box IPv6


The Internet is migrating from IPv4 to IPv6. The IPv4 address space is depleted and new services will soon have no choice but to be deployed using IPv6. As part of this migration, most UTM vendors are offering a dual-stack solution, supporting both IPv4 and IPv6 network stacks on the same appliance, and in that regard Network Box is no different. NBRS-5.0 includes both IPv4 and IPv6 network stacks and has excellent support for both protocols - a network architecture designed both for the present (IPv4) as well as the future (IPv6).


But, what sets NBRS-5.0 apart from others is that we surpass merely supporting IPv6, instead providing you product features and services to assist you with your migration to IPv6. We combine dual-stack with protocol translation.


Using router-level technologies, combined with high-level proxies and services, NBRS-5.0 supports bi-directional translation between IPv4 and IPv6, allowing IPv4 clients to connect to IPv6 servers, and vice-versa.


Network Box NBRS-5.0 IPv6


Pundits have been predicting the imminent death of today's Internet Protocol IPv4 for more than twenty years now, but somehow it keeps going on and on. It had its last 'reprieve' with extensive deployment of source NAT technology and RFC 1918 private addresses (10/8, 172.16/12 and 192.168/16). But, with last year's distribution of the final five /8 network blocks to the regional Internet registries (RIRs), IANA's exhaustion on 31 January 2011, and the RIR APNIC's exhaustion on 15 April 2011, it finally looks like the sun is setting on IPv4. The remaining RIRs are expected to deplete their pools within a few years.


What is the big deal?


So, "what is the big deal?", we hear people say - "All modern devices have IPv6 support".


Well, the most pressing problem is a lack of experience and testing. IPv4 has had decades of real world experience. With billions of devices talking the protocol, most inter-operability problems were resolved early on and any incompatibilities were relatively easy to see. This is not the case with IPv6.


Now, today we have a very large number of devices taking the dual- stack approach, running their IPv4 network stacks alongside IPv6 stacks. The difference being that the IPv6 stack has had little to no testing. The IPv6 protocol itself is also significantly more complicated than its IPv4 predecessor. So, even though your Internet-connected toaster may have both IPv4 and IPv6 support, you can be vastly more confident that the IPv4 will work, when compared to IPv6.

Add on the problems of inter-operability between the two stacks (including the decision that must be made as to which stack should be used for a particular network connection), and you can start to see the problem.


The Big Bang Event


If IPv4 were to be turned off tomorrow and everyone switch to IPv6, chaos would reign. The two protocols are incompatible, and the vast majority of Internet users do not even have IPv6 connectivity from the ISPs (with a significant number of ISPs not even supporting IPv6 on their networks).


A more sensible approach is a gradual transition to IPv6 by first offering IPv6 as an option, then using automatic dual-stack switching mechanisms, then finally preferring IPv6 and phasing out IPv4. This is the approach being used today.


World IPv6 day was June 8th 2011. This was a 24 hour test of the effect of publishing both AAAA (IPv6) as well as A (IPv4) address records, and evaluation of the connectivity issues. The test was largely successful for the big 400 companies that participated, proving that the most common sites on the Internet (google, facebook, etc) could still be accessed in an automatic dual IPv4-IPv6 world.


World IPv6 Launch Day


While Network Box NBRS-3.0 like most of our competitors had basic support for IPv6, using a dual-stack approach similar to our competitors, it has only limited higher-level proxy support for the protocol.


NBRS-5.0 takes this further, offering full native support for both IPv4 and IPv6 protocols at all levels. In addition, NBRS-5.0 supports translation services to assist with the co-existence and migration between these two protocols. Using router-level technologies, combined with high-level proxies and services, NBRS-5.0 will support bi-directional translation between IPv4 and IPv6. This means that a customer with an internal IPv4-only environment can use his NBRS-5.0 Network Box to accept both IPv4 and IPv6 traffic and translate it to the IPv4 infrastructure.


For those customers without IPv6 connectivity from their ISP, NBRS-5.0 includes support for IPv6-in-IPv4 tunnels to provide IPv6 connectivity over the existing IPv4 ISP links.


The goal of supporting IPv6 has guided many of the design and implementation decisions of NBRS-5.0 since the beginning of development, in particular the design and implementation of the system-wide configuration middleware components. From the point of view of NBRS-5.0, IPv6 is a first class citizen, recognised and supported to the same extent as the traditional IPv4.


NBRS-5.0 IPv6 Ready


Beyond the success of support for IPv6 in the middleware layer, Network Box has realised the need to meaningfully demonstrate the correctness and compliance of IPv6 support at the lower network layers. Network Box is committed to stating that when NBRS-5.0 is released, it will be certified to the current phase 2. This is the industries most thorough and recognised IPv6 readiness certification.


IPv6 Ready is an internationally recognised certification that is awarded to vendor products after they undergo a comprehensive set of tests that measure the compliance of the products IPv6 networking stack against formats, features and behaviours defined in the official IPv6 internet standards. It is the closest thing to guaranteeing inter-operability that we have today.


Network Box has spent significant time and effort fine tuning the implementation and configuration of the NBRS-5.0 IPv6 networking layer, and has recently succeeded in passing the preliminary IPv6 evaluations, which are a direct mirror of the evaluations that will be performed by the official testing laboratory.


Network Box will soon submit NBRS-5.0 for certification against IPv6 Ready - Phase 2 criteria for the Core Protocols test specification.


Given the success of NBRS-5.0 in preliminary evaluations, full IPv6 Ready certification is just a step away, which will bring Network Box into a category of vendors populated by names such as: Cisco, Juniper, IBM, Fujitsu. In addition, Network Box NBRS-5.0 is set to be the first Hong Kong developed product to achieve IPv6 Ready certification, and possibly the first product in the world to do so with the most up to date version of the test specification as of the end of 2011.




NBRS-5.0 is designed to assist our customers with their migration to IPv6, not merely to act as an IPv6 device on the network. On launch, it will be IPv6 Ready certified to the Phase 2 criteria for the Core Protocols test specification.



Network Box is the first, and so far only, Managed Security Service Provider to achieve IPv6 Ready Core Phase-2 Certification.