Next Generation Automatic IP Configuration Deployment Issues (original) (raw)
Related papers
Next generation automatic IP configuration deployment issues
2008
Although Dynamic Host Configuration Protocol for IPv6 (DHCPv6) protocol was defined in 2003, it was designed as a framework rather than a complete solution to the automatic configuration in IPv6 networks. There are still some unsolved problems and new options yet to be defined. One example of such case is Fully Qualified Domain Name (FQDN) option, which final version has been published in late 2007. It describes DHCPv6 client and server behavior, but some important aspects remain unaddressed. Authors developed and released working open source implementation over a year before FQDN standard reached mature phase. This paper discuses those issues and recommends possible solutions. Another important development area in the DHCPv6 protocol is a lack of well defined authentication and authorization. Experimental AAA implementation has been developed and reached validation phase. Quick overview of the Dibbler project -a working, multi-platform, open-source DHCPv6 implementation -is also provided, its strengths, used solutions and validation methods used to prove its correctness are discussed. Conclusions and discussion regarding areas for further studies appears in the last section of this article.
This paper proposes a new security method for protecting signalling for Domain Name System (DNS) architecture. That is, it makes secure DNS update messages for binding a Fully Qualified Domain Name (FQDN) of an IPv6 node and the IPv6 address of the node owning this FQDN. This method is based on the use of Cryptographically Generated Addresses (CGA) and IDBased Cryptography (IBC). Combination of these two techniques allows DNS server to check the ownership of the IPv6 address and the FQDN, sent by the DNS client. In addition, this paper describes how this method has been implemented.
User identification in IPV6 network
The paper presents analysis of IPv6 address assignements used in current networks. Moreover, it brings guidelines how to identify a user in IPv6 networks.
Deploying IPv6-practical problems from the campus perspective
On February 2011, IANA has run out of IPv4 addresses. On April 2011, APNIC pool reached the final /8 IPv4 address block. Projected address pool exhaustion for other RIRs varies from the beginning of the 2012 to the end of 2014. This situation pushes organizations to think about transition to IPv6. Unfortunately IPv4 and IPv6 are incompatible protocols that make the transition more difficult and raise new security issues. This paper shares experiences of deploying IPv6 in the university campus network, describes the most significant troubles that we have been faced with and describes the best practices in the practical IPv6 deployment. The article discusses differences in IPv6 and IPv4 networks with focus on the first hop security, autoconfiguration (SLAAC, DHCP, DHCPv6) and different clients' support.
Deploying IPv6 - practical problems from the campus perspective
The purpose of this presentation is to share experiences with deploying IPv6 in the university campus network and describe the most significant troubles that we have been faced with. Many problems met during the IPv6 deployment at the university environment are very similar to problems that ISPs have to also solve. Huge amount of users using mixed platforms and their differed requirements brings many problems that are not present in a typical enterprise environment. Techniques for IPv6 address assignment implemented differently in various operating systems (OS) can be one of the examples. Missing implementations of security tools (RA Guard, SEND, SAVI etc.) is also a serious issue. Privacy extensions, is often in contradiction with ISP's needs - that is accounting, billing and the user tracking in order to solve security incidents. Transition techniques can raise security problems - it is possible to overcome ISP's firewalls. Improperly configured operation systems sending r...
A Comparison of Internet Protocol (IPv6) Security Guidelines
The next generation of the Internet Protocol (IPv6) is currently about to be introduced in many organizations. However, its security features are still a very novel area of expertise for many practitioners. This study evaluates guidelines for secure deployment of IPv6, published by the U.S. NIST and the German federal agency BSI, for topicality, completeness and depth. The later two are scores defined in this paper and are based on the Requests for Comments relevant for IPv6 that were categorized, weighted and ranked for importance using an expert survey. Both guides turn out to be of practical value, but have a specific focus and are directed towards different audiences. Moreover, recommendations for possible improvements are presented. Our results could also support strategic management decisions on security priorities as well as for the choice of security guidelines for IPv6 roll-outs.