nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /27 the new /24

From: Mel Beckman <mel () beckman org>
Date: Sun, 4 Oct 2015 14:52:27 +0000
If it doesn't support IPSec, it's not really IPv6. Just as if it failed to support any other mandatory IPv6 
specification, such as RA. 

There's really no excuse for not supporting IPSec, as it's a widely available open source component that costs nothing 
to incorporate into an IPv6 stack. 

Your observation simply means that users must be informed when buying IPv6 devices, just as they must with any product. 
You can buy either genuine IPv6 or half-baked IPv6 products. When I speak of IPv6, I speak only of the genuine article. 

 -mel beckman

On Oct 4, 2015, at 7:41 AM, "sthaug () nethelp no" <sthaug () nethelp no> wrote:


Keep in mind that IPv6 has IPSec VPN built into the protocol. It doesn't need to be in the router. 

Unlike IPv4, where the IPSec VPN protocol is an add-on, optional service, with IPv6 it's built into every device, 
because IPsec is a mandatory component for IPv6, and therefore, the IPsec security model is required to be supported 
for all IPv6 implementations.


If you really believe all IPv6 devices support IPsec, I can only
conclude that your IPv6 experience is limited...

Steinar Haug, Nethelp consulting, sthaug () nethelp no
Previous By Date Next
Previous By Thread Next

Current thread: