| Main Archive Page > Month Archives > ipsec archives |
Re: [IPsec] Difference between IPv4 and IPv6 IPsec
From: Yoav Nir <ynir_at_nospam>Date: Sun Oct 11 2009 - 10:15:21 GMT
To: Hui Deng <denghui02@gmail.com>
Hi Hui
I think there is very little difference between IPv4 and IPv6 as regards to IPsec. See below
On Oct 11, 2009, at 9:50 AM, Hui Deng wrote:
> Dear IPsec forks,
>
> May I get advice about the differnce between them:
> 1) IPv4 doesn't mandate the support IPsec, IPv6 also doesn't mandate
> it based on RFC?
IPv4 does not mandate it, because IPv4 predates IPsec. RFC 4294 says in section 8.1:
Security Architecture for the Internet Protocol [RFC-4301] MUST be supported.
> 2) Most IPv4 hosts have(Linux, BSD, Windows) by default implemented
> IPsec(IKE), but don't launch it, need more configuration?
> Most IPv6 hosts haven't by default implemented IPsec(IKE), it need
> further download and configuration?
IPv6 hosts, like IPv4 hosts, run Linux, BSD, Windows or some other OS. With most of them, the latest versions support IPv6 for IKE and IPsec.
> 3) IPv4 IPsec need traversal NAT, but IPv6 don't need it, so it could
> support more about end to end other than site to site.
That is assuming that IPv6 does not have NAT. I don't think we have enough implementation experience to say that for sure.
> 4) IPv6 IPsec support is based on extension header which is different
> from IPv4, it may more closer to the kernal level implementation.
I don't see why this would necessarily be true.
>
> thanks for the discussion.
> best regards,
>
> -Hui
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec