/27 the new /24
mel at beckman.org
Sun Oct 4 14:52:27 UTC 2015
If it doesn't support IPSec, it's not really IPv6. Just as if it failed to support any other mandatory IPv6 specification, such as RA.
There's really no excuse for not supporting IPSec, as it's a widely available open source component that costs nothing to incorporate into an IPv6 stack.
Your observation simply means that users must be informed when buying IPv6 devices, just as they must with any product. You can buy either genuine IPv6 or half-baked IPv6 products. When I speak of IPv6, I speak only of the genuine article.
On Oct 4, 2015, at 7:41 AM, "sthaug at nethelp.no" <sthaug at nethelp.no> wrote:
>> Keep in mind that IPv6 has IPSec VPN built into the protocol. It doesn't need to be in the router.
>> Unlike IPv4, where the IPSec VPN protocol is an add-on, optional service, with IPv6 it's built into every device, because IPsec is a mandatory component for IPv6, and therefore, the IPsec security model is required to be supported for all IPv6 implementations.
> If you really believe all IPv6 devices support IPsec, I can only
> conclude that your IPv6 experience is limited...
> Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the NANOG