1

IPv6 for theNetwork Edge

Steve Deeringdeering@cisco.com

March 20, 2000

2

Which Edge?

• end-user site / devices as the edge, orIP / upper-layer interface as the edge?

• either way, I disagree with premise of workshop — intelligence / control was originally at edge (either definition) but has been migrating to the “inside”:– firewalls– NATs– packet-hijacking caches– TCP helpers– layer 4-7 “routers”– ...

3

Why Current Direction is Bad

• inhibits introduction of new protocols / services

• gives monopoly control over services to the carriers

• makes Internet behavior harder to understand, manage, diagnose, and correct

• often reduces performance

• often reduces security

If only we had managed to deploy ubiquitous, end-to-end encryption of tranport headers and above...

4

IPv6 to Restore Edge Control

• eliminates need for NATs

• 2128 addresses should suffice for a Very Big Edge

• auto-configuration to make a Very Big Edge feasible

• built-in IPsec for security without “inside” agents, such as firewalls

Note: need not put IPv6 everywhere to get these benefits — just in edge devices and “internal edges”

5

IPv6 Status

• core specs are IETF Draft Standard => stable and well-tested

• all major host and router vendors have implementations at some stage of completeness

• current implementations already exceed IPv4 capabilities

• ongoing work to further improve functionality