[184488] in North American Network Operators' Group
Re: /27 the new /24
daemon@ATHENA.MIT.EDU (Mel Beckman)
Sun Oct 4 10:52:36 2015
X-Original-To: nanog@nanog.org
From: Mel Beckman <mel@beckman.org>
To: "sthaug@nethelp.no" <sthaug@nethelp.no>
Date: Sun, 4 Oct 2015 14:52:27 +0000
In-Reply-To: <20151004.164120.41639562.sthaug@nethelp.no>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
If it doesn't support IPSec, it's not really IPv6. Just as if it failed to =
support any other mandatory IPv6 specification, such as RA.=20
There's really no excuse for not supporting IPSec, as it's a widely availab=
le open source component that costs nothing to incorporate into an IPv6 sta=
ck.=20
Your observation simply means that users must be informed when buying IPv6 =
devices, just as they must with any product. You can buy either genuine IPv=
6 or half-baked IPv6 products. When I speak of IPv6, I speak only of the ge=
nuine article.=20
-mel beckman
On Oct 4, 2015, at 7:41 AM, "sthaug@nethelp.no" <sthaug@nethelp.no> wrote:
>> Keep in mind that IPv6 has IPSec VPN built into the protocol. It doesn't=
need to be in the router.=20
>>=20
>> Unlike IPv4, where the IPSec VPN protocol is an add-on, optional service=
, with IPv6 it's built into every device, because IPsec is a mandatory comp=
onent for IPv6, and therefore, the IPsec security model is required to be s=
upported for all IPv6 implementations.
>=20
> If you really believe all IPv6 devices support IPsec, I can only
> conclude that your IPv6 experience is limited...
>=20
> Steinar Haug, Nethelp consulting, sthaug@nethelp.no
