IPsecによるVPN構築 - IPv6 Summit 2015

Download Report

Transcript IPsecによるVPN構築 - IPv6 Summit 2015

Global IPv6 Summit in Japan
Making the Change to IPv6
2000/12/19
Akihiro Shirahashi
NET ONE SYSTEMS CO.,LTD.
IPv4 inconvenience
From system integrator's point of view:
■ Frequent
collisions of private addresses when
connecting one company to another company
using leased line or Internet VPN.
■ The abuse of NAT makes the network design and
management nightmares for administrators.
■ For
2
IPv6, no need for address translation.
Copyright ©2000, Akihiro Shirahashi, Net One Systems Co.,Ltd.
Security model for IP networks
■ Direct
IP reachability between end nodes is the
basic concept of IP networks.
■ The current IPv4 networks are separated into
many pieces by firewalls and address translations.
■ Firewall can provide security against attackers
from outside, but actually there are much more
attacks from inside.
■ Fine grain security can be achieved by the host
based security technology such as IPsec.
3
Copyright ©2000, Akihiro Shirahashi, Net One Systems Co.,Ltd.
IPv6 benefits for security
■ IPsec
can be used for IPv4, but IPv6 will support
IPsec intrinsically.
■ There is no address translation for IPv6.
■ Finer
grain security can be expected using IPv6.
■ IPv6 network security is based on filtering and
IPsec, suitable for faster networks.
■ Centralized policy management is key for next
generation security.
4
Copyright ©2000, Akihiro Shirahashi, Net One Systems Co.,Ltd.
For new security standard
■ Zero
base reconstruction of IPv6 networks may
give chances for better security than the current
IPv4 networks.
■ For example, ingress filtering for anti-spoofing
may be realistic for IPv6 networks ?
■ Killer
application can emerge with security using
IPv6 ?
5
Copyright ©2000, Akihiro Shirahashi, Net One Systems Co.,Ltd.