IP Security, proposed by IETF, touted as the best security solution for VPNs
- Network layer tunneling protocol for IP
- Per-packet, end to end, or segment to segment protection.
- wide variety of cryptographic algorithms
- high flexibility
- efficient key management
Components:
1) Authentication header
2) Encapsulating security payload (ESP)
3) Internet Key Exchange (IKE)
IPSec is the resident protocol of IPv6
AH and ESP are two of the six extension headers that are defined in the IPv6 protocol.
What does an IPv6 packet look like?
Base Header
{ Extension headers...}
Payload (TCP/UDP header + data)
Only base header is mandatory.
EHs:
- authentication header *
- encapsulating security payload *
- hop by hop
- source routing
- framentation
- destination option
*relevant for security
IPSEC can also be used for IPv4 datagrams.
Index