/27 the new /24
mel at beckman.org
Sun Oct 4 18:15:04 UTC 2015
You're right. I remember hearing rumblings of vendors requesting this change, mostly because embedded processors of the time had difficulty performing well with IPv6. I see that in 2011 rfc6434 lowered IPSec from "must" to "should". Nevertheless, plenty of products produced before 2011 included IPSec and the vast majority of IPv6-capable nodes on the Internet have it today. Performance is no longer an issue.
> On Oct 4, 2015, at 8:58 AM, Sander Steffann <sander at steffann.nl> wrote:
>> Op 4 okt. 2015, om 16:52 heeft Mel Beckman <mel at beckman.org> het volgende geschreven:
>> If it doesn't support IPSec, it's not really IPv6. Just as if it failed to support any other mandatory IPv6 specification, such as RA.
> I think you're still looking at an old version of the IPv6 Node Requirements. Check https://tools.ietf.org/html/rfc6434#section-11, specifically this bit:
> Previously, IPv6 mandated implementation of IPsec and recommended the key management approach of IKE. This document updates that recommendation by making support of the IPsec Architecture a SHOULD for all IPv6 nodes.
> This was published in December 2011.
More information about the NANOG