[184485] in North American Network Operators' Group
Re: /27 the new /24
daemon@ATHENA.MIT.EDU (Mel Beckman)
Sun Oct 4 10:27:36 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: Matthias Leisi <matthias@leisi.net>
Date: Sun, 4 Oct 2015 14:27:27 +0000
In-Reply-To: <CC68C824-29EB-420C-AAE2-BCF29B90C10A@leisi.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
Keep in mind that IPv6 has IPSec VPN built into the protocol. It doesn't ne=
ed to be in the router.=20
Unlike IPv4, where the IPSec VPN protocol is an add-on, optional service, w=
ith IPv6 it's built into every device, because IPsec is a mandatory compone=
nt for IPv6, and therefore, the IPsec security model is required to be supp=
orted for all IPv6 implementations.=20
Thus it is a true end-to-end secure transport between two nodes -- even whe=
n those nodes are behind a firewall. You can still created IPv6 VPNs from s=
ite-to-site (called "tunnel mode"), but the idea with IPv6 is that since yo=
u can directly encrypt every TCP session, eventually the need for tunnels w=
ill diminish, if not go away completely.=20
Interestingly, IPsec came out of funding from Clinton administration for se=
curely hosting the whitehouse.gov email server. Trusted Information Systems=
software engineer Wei Xu started researching IP security methods in July 1=
994, and ultimately developed the first rendition of IPSec. He ported it to=
several server OSes of the time.=20
-mel beckman
> On Oct 4, 2015, at 6:41 AM, Matthias Leisi <matthias@leisi.net> wrote:
>=20
> The built-in VPN which only supports IPv4 (that one specifically on an As=
us router).
