Last week, Blue Coat upgraded its MACH5 to become the industry's first IPv6-compatible WAN optimizer. WAN optimizers have long supported tunneled IPv6 over IPv4, but the MACH5 is the first WAN optimization appliance to accelerate native IPv6--and then some. The MACH5 is actually a very sophisticated IPv6 application layer gateway (ALG), providing IPv6 connectivity, security and optimization in a single device. Yet it's precisely its sophistication that raises questions around device scalability and price.
The device is a logical move for Blue Coat, which has long championed the adoption of IPv6 technology, particularly at the endpoints first. "IPv6 networks are easier to manage, so it makes sense that IT will want to migrate clients first to IPv6," says Qing Li, Blue Coat's chief scientist. "However, organizations have invested heavily in v4 applications and services as a complete and comprehensive business solution, so they won't migrate them to v6 overnight."
As a result, says Li, organizations are going to find themselves in a situations with clusters of users and offices, particularly new offices, wanting to connect v6 at the end points back to the IPv4 servers. Alternatively, they may have some sectors, such as internal government applications, where v4 clients need to access v6 content .
The MACH5 enables this transition by translating between the two environments. It monitors the A and AAAA records of the DNS response (AAAA records carry IPv6 DNS information) to determine whether a domain offers IPv4 or IPv6 content. Additionally, checks are made to verify whether v4 or v6 is implemented. If there's a discrepancy between the IP version supported by the client and that supported by the server, the MACH5 can spoof the connection on either end.
In the example just provided, the IPv6 client is given an IPv6 address for an IPv4 server. The v6 address terminates at the MACH5, not at the server. On the other side, the IPv4 server is given an IPv4 address for the IPv6 client that terminates at the MACH5, not at the client. The MACH5 can then monitor the session, converting between the two environments.