Appendices : IPv6
Feature Overview
Topics:
IPv6 Ready Certification
IPv6 Technology Overview
IPv6 Benefits
Dell SonicWALL IPv6 Feature Support
Dell SonicWALL IPv6 Features Not Currently Supported
Supported IPv6 RFCs
Non-Supported IPv6 RFCs
IPv6 Ready Certification
Dell SonicWALL has met the requirements for "IPv6 Ready" Phase-1 and Phase-2, as specified by the IPv6 Forum, a world-wide consortium providing technical guidance for the deployment of IPv6. The IPv6 Ready Logo Program is a conformance and interoperability testing program intended to increase user confidence by demonstrating that IPv6 is available now and ready to be used.
The IPv6 Ready series of tests extends from a basic level of minimum coverage in Phase-1 to a more complete coverage with Phase-2:
Phase-1 (Silver) Logo: In a first stage, the Logo indicate that the product includes IPv6 mandatory core protocols and can interoperate with other IPv6 implementations.
Phase-2 (Gold) Logo: The "IPv6 ready" step implies a proper care, technical consensus and clear technical references. The IPv6 Ready Logo will indicate that a product has successfully satisfied strong requirements stated by the IPv6 Logo Committee (v6LC).
Dell SonicWALL has been certified for Phase 2 (Gold) IPv6 Ready status. A future Phase-3 level of IPv6 Ready coverage is currently being developed.
For more information, see: http://www.ipv6ready.org/
* 
NOTE: Wizards for IPv6 are not supported in SonicOS.
IPv6 Technology Overview
Every device that is connected to the Internet (computer, printer, smart phone, smart meter, etc.) requires an IP address. The Internet Protocol version 4 (IPv4) provides for approximately 4.3 billion unique IP addresses. The rapid global expansion in usage of the Internet, mobile phones, and VoIP telephony will soon lead to the exhaustion of these 4.3 billion IP addresses.
On February 3rd, 2011, the Internet Assigned Numbers Authority (IANA) distributed the last-remaining blocks of IPv4 addresses to the Regional Internet Registries (RIRs). After the RIRs distribute these addresses to ISPs later this year, the world’s supply of new IPv4 addresses will be exhausted.
Luckily, the Internet Engineering Task Force (IETF) began planning for this day back around 1992, and in 1998, RFC 2460 was published to define Internet Protocol, Version 6 (IPv6). By increasing the address length from 32 bits to 128 bits, IPv6 dramatically increases the number of available addresses compared to IPv4:
IPv4: 4,294,967,296 addresses
IPv6: 340,282,366,920,938,463,463,374,607,431,768,211,456 addresses
Understanding IPv6 Addresses
IPv6 addresses are written in eight groups of four hexadecimal digits separated by colons, in the form:
XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
IPv6 addresses are logically divided into two parts: a 64-bit (sub-)network prefix, and a 64-bit interface identifier. Here is an example of an IPv6 address:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
* 
NOTE: The hexadecimal digits in IPv6 addresses are case-insensitive.
IPv6 address can be abbreviated using the following two rules:
1
Leading zeroes within a 16-bit value may be omitted. Thus, our example address can be abbreviated from the full form:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
to this abbreviated form:
2001:db8:85a3:0:0:8a2e:370:7334
2
Any number of consecutive groups of four zeros (technically 16-bits of zeros) can be expressed by a double colon (the “::” symbol). Combining these two rules, our example address can be abbreviated from the full form:
2001:0db8:85a3:0000:0000:8a2e:0370:7334
to this abbreviated form:
2001:db8:85a3::8a2e:370:7334
 
Table 111. Types of IPv6 addresses
Type of Address
Full Address
Abbreviated Address
unicast address
1080:0:0:0:8:800:200C:417A
1080::8:800:200C:417A
multicast address
FF01:0:0:0:0:0:0:101
FF01::101
loopback address
0:0:0:0:0:0:0:1
::1
unspecified address
0:0:0:0:0:0:0:0
::
* 
NOTE: Networks must have IPv4 internet connectivity to get connected to IPv6 internet.
* 
NOTE: IPv6 stack must be enabled for computers at the local network sites.
Here is a simplified picture showing connectivity model for a typical IPv6 deployment.
Figure 63. Typical IPv6 deployment
The following diagram shows a comparison of the header elements between IPv4 and IPv6.
Figure 64. Comparison of IPv4 and IPv6 header elements
IPv6 Benefits
IPv6 brings some key features to improve the limitations exposed by IPv4. The new IP standard extends IPv4 in a number of important aspects:
6to4 tunnel (allows IPv6 nodes to connect to outside IPv6 services over an IPv4 network)
6to4 Auto Tunnel
GRE Tunnel
IPv6 Manual Tunnel
New, simplified IPv6 header format
Massively large number of available IPv6 addresses
Efficient and hierarchical addressing and routing infrastructure
Auto address assignment to hosts and routers using Neighbor Discovery Protocol (NDP) and DHCPv6
Stateless and stateful address configuration
Built-in security - AH and ESP strongly recommended
Better support for QoS - Flow label in the header
New protocol for neighboring node interaction
Extensibility for new features using extension headers
Dell SonicWALL IPv6 Feature Support
The following is a list of IPv6 services and features that are currently supported by Dell SonicWALL:
Access Rules
Address Objects
Advanced Bandwidth Management:
Bandwidth Management Monitor
Anti-Spyware
App Flow Server:
IPv6 App Flow generating to App Flow Server
IPv6 App Flow generating to 3rd party App Flow Server
Application Firewall:
App Rules
Attack prevention:
Land Attack
MAC Anti-spoof
Ping of Death
Smurf
SYN Flood
Client Anti-Virus Enforcement
Connection Cache
Connection Monitor:
IPv6 Address Filtering
Content Filtering:
ActiveX, Java, Cookies Restriction
CFS Custom List
CFS Exclusion List
Content Filtering Service
Keywords Blocking
DHCP:
DHCP Server
Dynamic Lease Scope
Generic Options
Integrated Options (DNS/WINS Server)
Lease Persistence
Static Lease Scope
Diagnostics:
Nslookup
Ping6
Reverse Nslookup
Traceroute
DNS client
DNS lookup and reverse name lookup
Dual Stack IPv4 and IPv6
EPRT
EPSV
FTPv6
Flood Protection:
TCP Sync Proxy
Fragmentation Handling
Gateway Anti-Virus
Header Validation
High Availability:
Connection Cache
DHCP Server
FTP
Monitoring IP
NDP
SonicPoint
ULAv6
VPN
HTTP/HTTPS management over IPv6
ICMPv6
IDP
IKEv2
Interface:
DHCP Client Mode
IPv6 Interface
Layer 2 Bridged Mode
Wire Mode
Intrusion Prevention Service
IP Spoof Protection
IPv4 Syslog messages, including messages with IPv6 addresses
IPv6 Connection Limit
ISATAP
Layer 2 Bridge Mode
Log:
IPv6 Address Log Entry
Logging IPv6 events
Login uniqueness
NAT
NAT load balancing (sticky IP only / no probe support)
Neighbor Discovery Protocol
NetExtender connections for users with IPv6 addresses
NDP
OSPFv3
Packet Capture
Ping
Policy Based Routing
QoS Mapping
Reassemble Handling
Remote management
RIPng
Routing
Security services for IPv6 traffic with DPI
Site-to-site IPv6 tunnel with IPSec for security
SNMP
SonicPoint IPv6 support
SSL VPN
Stateful inspection of IPv6 traffic
Syslog:
IPv4 syslog messages to include IPv6 address
Tunneling
IPv4 to IPv6 tunneling
IPv6 to IPv4 tunneling
Users:
IPv6 User Login and Management
Login Uniqueness
User status
Virtual Assistant
Visualization
App Flow Monitor
App Flow Report
Real-Time Monitor
Threat Report
User Monitor
VLAN:
IPv6 VLAN in Layer 2 Bridged Mode
IPv6 VLAN Interface
PPPoE Client Mode
VPN policies
Wireless
Dell SonicWALL IPv6 Features Not Currently Supported
The following is a list of IPv6 services and features that are not currently supported by Dell SonicWALL.
* 
NOTE: SonicOS 6.2 is a dual IP stack firmware. Features that are not supported for IPv6 are still supported for IPv4.
Address Objects:
DAO
FQDN
Anti-Spam
Botnet Filter
Command Line Interface
Connect App Flow Server with IPv6 Address
Content Filtering:
CFS Policy per IP Address Range
Websense Enterprice
DHCP over VPN
DHCP Relay
DPI-SSL
Dynamic Address Objects for IPv6 addresses
Dynamic DNS
E-CLI Configuration
Flood Protection:
ICMP
UDP
FQDN
GeoIP Filter
Global VPN Client (GVC)
GMS
VPN:
DHCP over VPN
Group VPN
IKE
IKE DPD
L2TP Server
Mobile IKEv2
OCSP
Route Based VPN
H.323
High Availability:
Multicast v6
Oracle SQL/Net
RTSP
VoIP
IKEv1
Interface:
L2TP Client Mode
Transparent Mode
IP Helper
IPv6 Syslog messages
LDAP
Log:
Logs from IPNET Stack
Log DNS Name Resolution
MAC-IP Anti-Spoof
Multicast Proxy
NAT between IPv6 and IPv4 addresses
IPv4 to IPv6 NAT
IPv6 to IPv4 NAT
NetBIOS over VPN
Network Monitor
NTP
QoS Mapping
RADIUS
RAS Multicast Forwarding
RBL
Route-based VPNs
Single Sign On
SMTP Real-Time Black List (RBL) Filtering
SSH
SSL Control
Stateful Protocol:
Oracle SQL/Net
SIP
Syslog:
IPv6 syslog messages to include IPv6 address
Users:
Guest Service
LDAP
Radius
SSO
ViewPoint
VLAN:
DHCP Client Mode
L2TP Client Mode
VoIP
WAN Acceleration
WAN Load Balance
Web proxy
Supported IPv6 RFCs
This section lists the IPv6 RFCs that are supported in SonicOS 6.2.
TCP/IP stack and Network Protocols
RFC 1886 DNS Extensions to support IP version 6 [IPAPPL dns client]
RFC 1981 Path MTU Discovery for IPv6
RFC 2113 IP Router Alert Option
RFC 2373 IPv6 Addressing Architecture
RFC 2374 An IPv6 Aggregatable Global Unicast Address Format (obsoleted by 3587)
RFC 2375 IPv6 Multicast Address Assignments
RFC 2460 IPv6 specification
RFC 2461 Neighbor discovery for IPv6
RFC 2462 IPv6 Stateless Address Autoconfiguration
RFC 2463 ICMPv6 for IPv6 specification
RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
RFC 2473 Generic Packet Tunneling in IPv6 Specification
RFC 2474 Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers
RFC 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing
RFC 2553 Basic Socket Interface Extensions for IPv6
RFC 2710 Multicast Listener Discovery (MLD) for IPv6
RFC 2711 IPv6 Router Alert Option
RFC 2784 Generic Routing Encapsulation
RFC 2893 Transition Mechanisms for IPv6 Hosts and Routers
RFC 2991 Multipath Issues in Unicast and Multicast Next-Hop Selection
RFC 3056 Connection of IPv6 Domains via IPv4 Clouds
RFC 3484 Default Address Selection for Internet Protocol version 6 (IPv6) (no policy hooks)
RFC 3493 Basic Socket Interface Extensions for IPv6
RFC 3513 Internet Protocol Version 6 (IPv6) Addressing Architecture
RFC 3542 Advanced Sockets Application Program Interface (API) for IPv6
RFC 3587 IPv6 Global Unicast Address Format (obsoletes 2374)
IPsec Conformance
RFC 1826 IP Authentication Header [old AH]
RFC 1827 IP Encapsulating Security Payload (ESP) [old ESP]
NAT Conformance
RFC 2663 IP Network Address Translator (NAT) Terminology and Considerations.
RFC 3022 Traditional IP Network Address Translator (Traditional NAT).
DNS Conformance
RFC 1886 DNS Extensions to support IP version 6
Non-Supported IPv6 RFCs
This section lists the IPv6 RFCs that are currently not supported in SonicOS 6.2.
RFC 2002 IP Mobility Support
RFC 2766 Network Address Translation - Protocol Translation (NAT-PT)
RFC 2472 IP Version 6 over PPP
RFC 2452 IP Version 6 Management Information Base for the Transmission Control Protocol.
RFC 2454 IP Version 6 Management Information Base for the User Datagram Protocol.
RFC 2465 Management Information Base for IP Version 6: Textual Conventions and General Group.