Download
using ipsec to secure ipv6 in ipv4 tunnels draft ietf v6ops ipsec tunnels 03 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Using IPsec to Secure IPv6-in-IPv4 Tunnels draft-ietf-v6ops-ipsec-tunnels-03 PowerPoint Presentation
Download Presentation
Using IPsec to Secure IPv6-in-IPv4 Tunnels draft-ietf-v6ops-ipsec-tunnels-03

Using IPsec to Secure IPv6-in-IPv4 Tunnels draft-ietf-v6ops-ipsec-tunnels-03

178 Views Download Presentation
Download Presentation

Using IPsec to Secure IPv6-in-IPv4 Tunnels draft-ietf-v6ops-ipsec-tunnels-03

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Using IPsec to Secure IPv6-in-IPv4 Tunnelsdraft-ietf-v6ops-ipsec-tunnels-03 Richard Graveman Mohan ParthasarathyPekka Savola (editing) Hannes Tschofenig IETF 67, 6 November 2006 San Diego

  2. History • Completed WG LC in August 2005 • Added brief discussion of AH • Fixed BYPASS rule • Received reviews from P. Eronen and F. Dupont • Fixed PAD and other easy items • Supporting IPsec tunnel mode turned out to be more complicated • Recommended supporting just transport mode IPsec at last meeting • Followed up on subsequent discussion and posted -03

  3. Version -03 Changes • Aligns SPD representation format with RFC 4301 • Describes IKEv2 Peer Authorization Database (PAD) entries • At least IPv4 addresses and shared keys should be supported • Adds references to other documents describing using transport mode in a similar context (RFC3884, RFC3193, RFC4023) • Moves tunnel mode discussion to appendix • Recommends transport mode • Keeps discussion of the tunnel mode issues • Notes that tunnel mode (when implemented without an interface) may be applicable in scenarios where the lack of multicast and link-local traffic is not an issue and, e.g., MOBIKE is needed • Moves tunnel mode implementation approach discussion to appendix • Interface or not, SSPD/GSPD • Also moves Dynamic Address Configuration, NAT traversal and Mobility, and Tunnel Endpoint Discovery to appendix • The first two are most applicable to tunnel mode which is in appendix • The last requires manual configuration so TEP discovery does not work well right now

  4. Summary • Authors believe all issues have been addressed • Suggest one-week WG LC