IPv6 for the Network Edge Steve Deering deering@cisco.com March 20, 2000 1 Which Edge? • end-user site / devices as the edge, or IP / upper-layer interface as the edge? • either way, I disagree with premise of workshop — intelligence / control was originally at edge (either definition) but has been migrating to the “inside”: – – – – – – firewalls NATs packet-hijacking caches TCP helpers layer 4-7 “routers” ... 2 Why Current Direction is Bad • inhibits introduction of new protocols / services • gives monopoly control over services to the carriers • makes Internet behavior harder to understand, manage, diagnose, and correct • often reduces performance • often reduces security If only we had managed to deploy ubiquitous, end-to-end encryption of tranport headers and above... 3 IPv6 to Restore Edge Control • eliminates need for NATs • 2128 addresses should suffice for a Very Big Edge • auto-configuration to make a Very Big Edge feasible • built-in IPsec for security without “inside” agents, such as firewalls Note: need not put IPv6 everywhere to get these benefits — just in edge devices and “internal edges” 4 IPv6 Status • core specs are IETF Draft Standard => stable and well-tested • all major host and router vendors have implementations at some stage of completeness • current implementations already exceed IPv4 capabilities • ongoing work to further improve functionality 5