Prisma Access Unlocks End-to-End IPv6 Network Transformation

Prisma Access, a market-leading security service edge (SSE) component of Palo Alto Networks flagship Prisma SASE solution, is expanding its support for IPv6, extending beyond private applications to enable comprehensive full IPv6 functionality.

Now, organizations that support mobile users with IPv6-only or dual-stack endpoints can seamlessly connect to Prisma Access over IPv6 using the GlobalProtect app. Additionally, digital businesses have gained the capability to access the internet and public SaaS applications over IPv6 and address the increasing demand for IPv6 connectivity.

IPv6 provides a vastly larger address space than IPv4, offering virtually limitless unique IP addresses. This availability of unique IP addresses is now driving larger enterprises and service providers to adopt IPv6 as their primary IP technology.

IPv6 Adoption: Four Primary Benefits

IPv6 adoption has steadily increased over the years as the depletion of IPv4 addresses became more imminent and the internet continued to expand. Here are four main reasons for IPv6 adoption:

1. Address Exhaustion: The primary driver for IPv6 adoption is the depletion of IPv4 addresses. IPv4, with its 32-bit address space, has a limited number of addresses (approximately 4.3 billion). As more devices connect to the internet, the available IPv4 addresses are quickly running out.
2. IPv6 Address Space: IPv6, with its 128-bit address space, provides an astronomically large number of addresses (approximately 340 undecillion). This virtually limitless address space ensures enough IP addresses for all conceivable devices, facilitating the continued growth of the internet.
3. Internet service providers (ISPs): Many ISPs worldwide have started offering IPv6 connectivity to their customers, including residential and business customers. ISPs play a crucial role in IPv6 adoption as they provide the infrastructure and connectivity necessary for users to access IPv6-enabled services.
4. Content Providers: Major content providers like Google, Facebook, and Netflix have enabled IPv6 on their platforms to help ensure that users accessing these services over IPv6 networks can do so seamlessly. Content providers play a significant role in driving IPv6 adoption by making their services accessible over IPv6.

IPv6 Challenges: Four Implementation Issues

Despite the benefits of IPv6 and the efforts to promote its adoption, several challenges and issues hinder its widespread implementation, including:

1. Legacy Infrastructure: Many networks, devices, and applications are built on IPv4 and may not be compatible with IPv6 without significant upgrades or modifications. This legacy infrastructure poses a barrier to IPv6 adoption, especially for organizations with extensive investments in IPv4-based systems.
2. Cost of Transition: Transitioning from IPv4 to IPv6 can be costly and complex. It involves upgrading hardware, software, and network configurations and training staff on IPv6 technologies. For smaller organizations or those with limited resources, the cost of migration can be a significant deterrent.
3. Lack of IPv6 Support: While IPv6 support is becoming more widespread, there are still instances where devices, applications, or services must fully support IPv6 or offer limited functionality over IPv6 connections. This lack of support can create interoperability issues and limit the benefits of IPv6 adoption.
4. Interoperability Challenges: During the transition period, seamless interoperability between IPv4 and IPv6 networks, devices, and services is critical. However, interoperability issues such as incompatible protocols, translation mechanisms, and protocol mismatches can complicate IPv6 deployment and degrade the user experience.

Image 1: IPv6 adoption curve

While IPv6 adoption has progressed, it varies significantly by region and industry. Some areas and sectors are further along in their adoption journey than others, but the trend toward IPv6 is evident as the internet continues to evolve and expand.

Image 2: IPv6 World Adoption

IPv6 Customer Benefits with Prisma Access

With these latest enhancements, Prisma Access can help ensure compatibility with IPv6 and dual-stack connections, simplifying the migration from IPv4 to IPv6, supporting backward compatibility, and facilitating the transition to cloud and IPv6-enabled networks. Full IPv6 support on Prisma Access also provides additional benefits, including:

• Prisma Access delivers comprehensive security capabilities, including User-ID, data loss prevention (DLP), Next-Generation CASB, and IoT security for mobile users with IPv6.
• The Palo Alto Networks Bring Your Own IP (BYOIP) service offers Public IPv6, addressing desired cloud partner providers for internet-facing interfaces. IPv6 features such as DNS64, NAT64, and NPTv6 are enabled to facilitate smooth IPv6 deployment.
• Native IPv6 access for the internet, external SaaS, and public apps on Prisma Access will soon be available in future product releases.
• Federal, DoD, and Public sector customers can leverage IPv6 capabilities on FedRAMP Moderate, FedRAMP High, and IL5 once those environments update to the Prisma Access version recommended release.

Seamless IPv6 Configuration and Deployment with Prisma Access

Image 3: End-to-End IPv4/IPv6 with Prisma Access

Facilitating an IPv6 connection to network infrastructure with Prisma Access involves six simple steps:

1. Enable IPv6 on your tenant.
2. For mobile users utilizing GlobalProtect, determine whether to use IPv6 networking. Specify IPv6 mobile user IP address pools and IPv6 DNS server addresses as needed.
3. Define IPv6 scope for infrastructure network.
4. Add any transport methods for exchanging peering information, including IPv4, IPv6, or a combination.
5. Configure your IPsec tunnels depending on the use case.
6. Commit configuration and start using IPv6.

Setting a New Standard in Connectivity

The latest Prisma Access IPv6 enhancements enable organizations to unlock a wealth of advantages, including:

• Native, full IPv6 support: Extend end-to-end IPv6 functionality for mobile users with IPv6-enabled secure underlay and access to IPv6-enabled SaaS and internet apps.
• Backward compatibility: It supports IPv6 and dual-stack connections, simplifying the migration from IPv4 to IPv6, ensuring backward compatibility, and facilitating the transition to cloud and IPv6-enabled networks.
• Dedicated public IPv6 addresses: Each tenant has a defined public IPv6 large enough to satisfy any demands.
• Smooth IPv6 deployment: Enable IPv6 features such as DNS64, NAT64, and NPTv6 for smooth deployment.
• Routing and Symmetry: Full support routing protocols and symmetry end-to-end across multiple autonomous systems.
• IPv6 language localization: Allow public IPv6 prefix mapping to specific Prisma Access locations in geo-location databases. Public IPv6 prefix mapping enables SaaS providers to tailor content based on the incoming connection's source IP, enhancing end-user experiences. Moreover, full IPv6 support on Prisma Access enables service providers to tailor content based on users' geographical locations, thereby improving content relevancy and engagement.

Separating from the Pack

Competitive solutions to Prisma Access may tout strong IPv6 capabilities, but when examined closely, they often fail to deliver full IPv6 support.

Some competitive solutions may rely on ISPs for NAT64 traffic and don’t support end-to-end IPv6, just part of it. Without end-to-end IPv6 support, ISPs force customers to rely on old technologies to scale on subnetting, which may cause these organizations to face additional challenges when deploying an IPv6 network.

The expansion of IPv6 support in Prisma Access represents a significant milestone in the evolution of networking technologies. By embracing the full potential of IPv6, Prisma Access addresses the pressing challenges of IPv4 exhaustion and lays the groundwork for a more scalable, resilient, and future-proof network infrastructure. With its advanced deployment capabilities and unwavering commitment to innovation, Prisma Access can lead the way in the IPv6 networking era.

Is your enterprise preparing for IPv6 adoption? Learn more about Prisma Access and what it can do for you.