IPv6 for the Network Edge Steve Deering March 20, 2000

advertisement
IPv6 for the
Network Edge
Steve Deering
deering@cisco.com
March 20, 2000
1
Which Edge?
• end-user site / devices as the edge, or
IP / upper-layer interface as the edge?
• either way, I disagree with premise of workshop —
intelligence / control was originally at edge (either
definition) but has been migrating to the “inside”:
–
–
–
–
–
–
firewalls
NATs
packet-hijacking caches
TCP helpers
layer 4-7 “routers”
...
2
Why Current Direction is Bad
• inhibits introduction of new protocols / services
• gives monopoly control over services to the carriers
• makes Internet behavior harder to understand,
manage, diagnose, and correct
• often reduces performance
• often reduces security
If only we had managed to deploy ubiquitous, end-to-end
encryption of tranport headers and above...
3
IPv6 to Restore Edge Control
• eliminates need for NATs
• 2128 addresses should suffice for a Very Big Edge
• auto-configuration to make a Very Big Edge feasible
• built-in IPsec for security without “inside” agents,
such as firewalls
Note: need not put IPv6 everywhere to get these
benefits — just in edge devices and “internal edges”
4
IPv6 Status
• core specs are IETF Draft Standard
=> stable and well-tested
• all major host and router vendors have
implementations at some stage of completeness
• current implementations already exceed IPv4
capabilities
• ongoing work to further improve functionality
5
Download