Black Box ET0010A User Manual
EncrypTight Deployment Planning
34
EncrypTight User Guide
IPv6 addresses are 128-bit addresses consisting of eight hexadecimal groups that are separated by colons,
followed by an indication of the prefix length. Each group is a 4-digit hexadecimal number. The
hexadecimal letters in IPv6 addresses are not case sensitive.
followed by an indication of the prefix length. Each group is a 4-digit hexadecimal number. The
hexadecimal letters in IPv6 addresses are not case sensitive.
The prefix length is a decimal value that indicates the number of contiguous, higher-order bits of the
address that make up the network portion of the address. The decimal value is preceded by a forward
slash (/). Valid values are 0-128 inclusive.
address that make up the network portion of the address. The decimal value is preceded by a forward
slash (/). Valid values are 0-128 inclusive.
IPv6 addresses are typically composed of two logical parts: a network prefix (a block of address space,
like an IPv4 subnet mask), and a host part. The prefix length indicates the number of bits used for the
network portion of the address.
like an IPv4 subnet mask), and a host part. The prefix length indicates the number of bits used for the
network portion of the address.
The following is an example of an IPv6 address with a 64-bit prefix:
2001:0DB8:0000:0000:0211:11FF:FE58:0743/64
IPv6 representation can be simplified by removing the leading zeros in any of the hexadecimal groups.
Trailing zeroes may not be removed. Each group must include at least one digit.
Trailing zeroes may not be removed. Each group must include at least one digit.
IPv6 addresses often contain consecutive groups of zeros. To further simplify address entry, you can use
two colons (::) to represent the consecutive groups of zeros when typing the IPv6 address. You can use
two colons (::) only once in an IPv6 address.
two colons (::) to represent the consecutive groups of zeros when typing the IPv6 address. You can use
two colons (::) only once in an IPv6 address.
If any of your ETEPs are configured with an IPv6 address on the management port, the ETKMSs and the
management workstation must be assigned an IPv6 address or configured for dual-homed operation to
support both IPv4 and IPv6 addresses. If the ETKMS software is configured with an IPv4 address only, it
cannot initiate connections to ETEPs that have IPv6 addresses. ETPM will not allow you to deploy a
policy that includes an IPv4 ETKMS and IPv6 ETEPs.
management workstation must be assigned an IPv6 address or configured for dual-homed operation to
support both IPv4 and IPv6 addresses. If the ETKMS software is configured with an IPv4 address only, it
cannot initiate connections to ETEPs that have IPv6 addresses. ETPM will not allow you to deploy a
policy that includes an IPv4 ETKMS and IPv6 ETEPs.
Certificate Support
You can secure the management communications in an EncrypTight deployment using Public Key
Infrastructure (PKI) certificates. By default, communications between EncrypTight components use the
TLS protocol, which encrypts the communications. If you enable strict authentication, the
communications are also authenticated with digitally signed certificates.
Infrastructure (PKI) certificates. By default, communications between EncrypTight components use the
TLS protocol, which encrypts the communications. If you enable strict authentication, the
communications are also authenticated with digitally signed certificates.
To use strict authentication, you need to select a Certificate Authority (CA) from which you want to
obtain signed certificates. Depending on the CA you choose and other factors such as the types of
certificates you want to purchase, acquiring certificates can take as little as an hour or less, or several
days.
obtain signed certificates. Depending on the CA you choose and other factors such as the types of
certificates you want to purchase, acquiring certificates can take as little as an hour or less, or several
days.
This User Guide assumes you already have a relationship with a CA. If you do not already have an
established relationship with a CA, acquiring CA-signed certificates can take longer. The CA that you
choose can provide information regarding their process and what to expect, as well as the costs involved.
established relationship with a CA, acquiring CA-signed certificates can take longer. The CA that you
choose can provide information regarding their process and what to expect, as well as the costs involved.
Table 2
IPv6 address representations
Address Format
Address Representation
Full format
2001:0DB8:0000:0000:0211:11FF:FE58:0743
Leading zeroes dropped
2001:DB8:0:0:211:11FF:FE58:743
Compressed format (two colons) with leading
zeroes dropped
2001:DB8::211:11FF:FE58:743