50 likes | 55 Views
Discover how implementing IPv6 at the network edge can restore control, enhance security, and enable the introduction of new protocols and services. Learn about the benefits of IPv6, including the elimination of NATs, auto-configuration, and built-in IPsec for enhanced security.
E N D
IPv6 for theNetwork Edge Steve Deering deering@cisco.com March 20, 2000
Which Edge? • end-user site / devices as the edge, orIP / upper-layer interface as the edge? • either way, I disagree with premise of workshop — intelligence / control was originally at edge (either definition) but has been migrating to the “inside”: • firewalls • NATs • packet-hijacking caches • TCP helpers • layer 4-7 “routers” • ...
Why Current Direction is Bad • inhibits introduction of new protocols / services • gives monopoly control over services to the carriers • makes Internet behavior harder to understand, manage, diagnose, and correct • often reduces performance • often reduces security If only we had managed to deploy ubiquitous, end-to-end encryption of tranport headers and above...
IPv6 to Restore Edge Control • eliminates need for NATs • 2128 addresses should suffice for a Very Big Edge • auto-configuration to make a Very Big Edge feasible • built-in IPsec for security without “inside” agents, such as firewalls Note: need not put IPv6 everywhere to get these benefits — just in edge devices and “internal edges”
IPv6 Status • core specs are IETF Draft Standard => stable and well-tested • all major host and router vendors have implementations at some stage of completeness • current implementations already exceed IPv4 capabilities • ongoing work to further improve functionality