1 / 4

Using IPsec to Secure IPv6-in-IPv4 Tunnels draft-ietf-v6ops-ipsec-tunnels-03

Using IPsec to Secure IPv6-in-IPv4 Tunnels draft-ietf-v6ops-ipsec-tunnels-03. Richard Graveman Mohan Parthasarathy Pekka Savola (editing) Hannes Tschofenig. IETF 67, 6 November 2006 San Diego. History. Completed WG LC in August 2005 Added brief discussion of AH Fixed BYPASS rule

catrin
Download Presentation

Using IPsec to Secure IPv6-in-IPv4 Tunnels draft-ietf-v6ops-ipsec-tunnels-03

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using IPsec to Secure IPv6-in-IPv4 Tunnelsdraft-ietf-v6ops-ipsec-tunnels-03 Richard Graveman Mohan ParthasarathyPekka Savola (editing) Hannes Tschofenig IETF 67, 6 November 2006 San Diego

  2. History • Completed WG LC in August 2005 • Added brief discussion of AH • Fixed BYPASS rule • Received reviews from P. Eronen and F. Dupont • Fixed PAD and other easy items • Supporting IPsec tunnel mode turned out to be more complicated • Recommended supporting just transport mode IPsec at last meeting • Followed up on subsequent discussion and posted -03

  3. Version -03 Changes • Aligns SPD representation format with RFC 4301 • Describes IKEv2 Peer Authorization Database (PAD) entries • At least IPv4 addresses and shared keys should be supported • Adds references to other documents describing using transport mode in a similar context (RFC3884, RFC3193, RFC4023) • Moves tunnel mode discussion to appendix • Recommends transport mode • Keeps discussion of the tunnel mode issues • Notes that tunnel mode (when implemented without an interface) may be applicable in scenarios where the lack of multicast and link-local traffic is not an issue and, e.g., MOBIKE is needed • Moves tunnel mode implementation approach discussion to appendix • Interface or not, SSPD/GSPD • Also moves Dynamic Address Configuration, NAT traversal and Mobility, and Tunnel Endpoint Discovery to appendix • The first two are most applicable to tunnel mode which is in appendix • The last requires manual configuration so TEP discovery does not work well right now

  4. Summary • Authors believe all issues have been addressed • Suggest one-week WG LC

More Related