IPv6 Forum Network Engineer Silver

This section of the Sixscape website has articles that cover all of the topics in the IPv6 Forum Network Engineer Silver training. This is the introductory class in the IPv6 Forum curriculum. There are no prerequisites and no prior knowledge of (or experience with) IPv6 is assumed. General knowledge of networking and IPv4 will be very helpful, but is not strictly required. The materials are from my book on IPv6 ("The Second Internet") and my Network Engineer Silver training slides, but have been brought up to date, cleaned up quite a bit, and expanded significantly.


The training on this website has been certified by the IPv6 Forum to contain accurate and up-to-date information that will allow you to pass the Network Engineer Silver Certification Exam. This certification was issued by the IPv6 Forum on 31 August 2013. and can be verified here. The technical level of the material in this course is comparable to the Cisco CCNA certification. It is suitable for entry level network technicians. This course is the pre-requisite for IPv6 Forum Network Engineer Gold, Network Security Engineer and Network Programmer courses.

You can study the material on this website, and then take the IPv6 Forum Network Engineer Silver Online Certification Exam from Nephos6. If you pass that online exam, you will be fully IPv6 Forum certified, the same as if you had attended an instructor led class and passed a certification exam there.

In an instructor led class, a physical or virtual Dual Stack class network is set up for you (ideally with access to the IPv6 Internet), and a series of labs have been prepared for you to perform on that network. The content and quality of those labs vary considerably from one training provider to another. These labs reinforce the topics covered in the training. If you take a certification class, you may find this website very helpful in preparing for it, as reference while taking the class, and for review and follow-up afterward.

Taking a certification class is a good approach, especially if you have a limited time to get up to speed. The classes aren't cheap, but your company may be willing to cover part or all of the cost. This may also involve travel to one of the training centers, although some trainers will travel to your site for some minimum number of candidates. Many IPv6 training classes are government subsidized because IPv6 is so important to national competitiveness. Check with official training centers for information on this.

The IPv6 Forum estimates there are some 20 million network engineers who need to master this material, and the certified training centers haven't really made much of a dent in this number so far. I certified over 100 telco and ISP engineers in Singapore and Malaysia myself, but this is a drop in the bucket compared to the need. This website (together with the Nephos6 Online Certification Exam) is an attempt to make it possible for literally millions of engineers to learn IPv6, and even obtain official certification at very reasonable cost (US$100 per exam), on your own time schedule, and with no need for travel.

If you are trying to master IPv6 on your own using this website, I have included several do-it-yourself projects on this website that allow you to create a lab network yourself, both for learning IPv6 and to begin your actual deployment of IPv6. These cover all the labs I used to run in my IPv6 Network Engineer Silver training, and then some (you hopefully have more than one day to deploy labs).

You can build these projects yourself using generic PCs (or network appliance boxes), open source software, and free tunneled service (assuming your network doesn't have native IPv6 yet). If you have enough memory on your PC (16 to 32GB is very affordable today), you can deploy an entire class network in VirtualBox. With a virtual router built with FreeBSD, you can make some very complex multi-subnet networks. If you have sufficiently powerful servers, you can actually create production grade web and email servers with these projects. These make great class projects for a college level course in networking. If you are an instructor using these in a college class, drop me a line and let me know how it goes.


SolidGate Commercial Grade Dual Stack Firewall

One of the network projects involves creating a dual stack firewall using the free open source m0n0wall software. If you prefer, we offer a commercial grade "softpliance" firewall (SolidGate) on this website (you download an ISO image and install the appliance firmware in your own hardware). You can deploy this in an inexpensive desktop PC (with two or more NICs), or a purpose build network appliance box. You will need to purchase a license online for this to run. You can request a 30-day full-function evaluation license to try it out. SolidGate can be used to bring IPv6 into your legacy network using 6in4, 6rd or TSP tunneling (even from free tunneled service providers, such as Hurricane Electric). It also provides all of the features of an IPv4 firewall (including NAT and DHCPv4), plus a Router Advertisement source (to enable SLAAC). It has full IPv4 and IPv6 GUI firewall rule management. It will also work as a native Dual Stack firewall if you are lucky enough to have an ISP who can supply native Dual Stack service. With good NICs (e.g. Intel) and even an average CPU, SolidGate can manage up to 700 or 800 Mbits/sec throughput (this is a commercial grade product, comparable to firewalls selling for thousands of dollars). It is IPv6 Ready certified.

SolidGate Firmware sells for US $145 per year, or $495 for a perpetual license.


Commercial Grade IPv4<->IPv6 Translating Web Proxy

If you want to jump start IPv6 in your network very quickly, you can buy the SolidProxy softpliance (and deploy in your own hardware). SolidProxy is a version of SolidGate with some advanced Web Proxies added. SolidProxy allows IPv4-only nodes in an existing legacy IPv4-only network to immediately access any node on the IPv6 Internet (and vice versa - it also allows IPv6-only nodes to access nodes on the legacy IPv4 Internet). It will allow external IPv6 nodes to access your IPv4-only web servers (and external IPv4 nodes to access your IPv6-only web servers). In effect your legacy web servers become dual stack without any changes required to the existing web servers. This requires adding one resource record in your authoritative DNS server. Once this is in place, your legacy nodes are basically dual stack instantly. This uses Layer 7 proxy translation, not NAT64/DNS64, so no nonstandard DNS is required. SolidProxy does need access to the IPv6 Internet, but it can use 6in4 tunneling to accomplish that. Alternatively, you can deploy SolidProxy in a dual stack co-location facility, and use it from your network. It is IPv6 Ready certified.

SolidProxy Firmware sells for $295 per year, or $995 for a perpetual license.

There is also a free Windows app (NetConf) that will help tremendously in your IPv6 training and deployment.