ipsec October 2009 archive
Main Archive Page > Month Archives  > ipsec archives
ipsec: Re: [IPsec] Difference between IPv4 and IPv6 IPsec

Re: [IPsec] Difference between IPv4 and IPv6 IPsec

From: Yoav Nir <ynir_at_nospam>
Date: Sun Oct 11 2009 - 10:15:21 GMT
To: Hui Deng <denghui02@gmail.com>

Hi Hui

I think there is very little difference between IPv4 and IPv6 as regards to IPsec. See below

On Oct 11, 2009, at 9:50 AM, Hui Deng wrote:

> Dear IPsec forks,
> May I get advice about the differnce between them:
> 1) IPv4 doesn't mandate the support IPsec, IPv6 also doesn't mandate
> it based on RFC?

IPv4 does not mandate it, because IPv4 predates IPsec. RFC 4294 says in section 8.1:

    Security Architecture for the Internet Protocol [RFC-4301] MUST be     supported.

> 2) Most IPv4 hosts have(Linux, BSD, Windows) by default implemented
> IPsec(IKE), but don't launch it, need more configuration?
> Most IPv6 hosts haven't by default implemented IPsec(IKE), it need
> further download and configuration?

IPv6 hosts, like IPv4 hosts, run Linux, BSD, Windows or some other OS. With most of them, the latest versions support IPv6 for IKE and IPsec.

> 3) IPv4 IPsec need traversal NAT, but IPv6 don't need it, so it could
> support more about end to end other than site to site.

That is assuming that IPv6 does not have NAT. I don't think we have enough implementation experience to say that for sure.

> 4) IPv6 IPsec support is based on extension header which is different
> from IPv4, it may more closer to the kernal level implementation.

I don't see why this would necessarily be true.

> thanks for the discussion.
> best regards,
> -Hui

IPsec mailing list