• 02/16/2011
    1:57 PM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

The First IPv6 WAN Optimizer: Speed At What Price?

Last week, Blue Coat upgraded its MACH5 to become the industry's first IPv6-compatible WAN optimizer. WAN optimizers have long supported tunneled IPv6 over IPv4, but the MACH5 is the first WAN optimization appliance to accelerate native IPv6--and then some. The MACH5 is actually a very sophisticated IPv6 application layer gateway (ALG), providing IPv6 connectivity, security and optimization in a single device. Yet it's precisely its sophistication that raises questions around device scalability

What's particularly interesting from a technological perspective is the complexity of this challenge. While many v4-to-v6 translation schemes focus on converting at the network layer, application layer issues remain unaddressed. This represents a problem because often applications will still reference IPv4 addresses and will hence be unable to run in a IPv6 environment.

The situation is only made more complex by the sheer number of sessions that are spawned by average Web pages as they aggregate Flash and other live content. Blue Coat claims the MACH5 can track and convert each of those sessions so users receive a Web page as it's supposed to appear.

One of the major issues around IPv6 has been potential security holes. The IPv4 stack has been well-tested and vetted. Any holes are known and can be addressed. That hasn't been the case with IPv6, where there just hasn't been the same level of operational expertise.

Even where IPv6 terminates at the edge, though, there are security problems that need to be addressed. Li declined to enumerate all the techniques implemented by Blue Coat for solving these use cases, but he did point to a few examples. Often Web sites, for example, will use IPv4 addresses within their cookies as an initial factor of authentication. The MACH5 will detect those cookies and supply the representative v6 addresses. The same goes for ACL.

As for accelerating IPv6, Blue Coat claims the MACH5 appliance can provide application-specific optimizations for CIFS, MAPI, HTTP, SSL, RTMP, RTSP and other application-specific optimizations. The MACH5 is also capable of doing application level content inspection.
Within Firefox, for example, colons within IPv4 addresses denote port numbers, but within IPv6, colons are used to separate the number of the address itself. The MACH5 can make the necessary changes so that an IPv6 address will be directed appropriately.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.

Log in or Register to post comments