Deployment of a Policy-Based Management System for the Dynamic Provision of IPsec-Based VPNs in IPv6 Networks

Abstract

Security is considered as a key service in IP networks. This is equally true for IPv4- and IPv6-based networks, and for them the IPsec protocol was defined to provide security at the network layer. IPsec can be used in different scenarios, being the VPN the most widely used. However, IPsec-based VPNs are experiencing important limitations mainly because they are usually based on information manually configured, and the integration with PKI-related services is still under definition and is far from being mature. This is especially true in IPv6 networks where IPsec is defined as a mandatory component to be implemented in all stacks and PKI services in these networks are just starting to be designed and deployed. This paper describes how IPsec-based VPNs can be dynamically deployed in an IPv6 network as the one designed in the Euro6IX EU IST project. Such dynamicity is provided using a new management paradigm based on security policies.