Technical Summary
Network elements such as firewalls are an integral aspect of a
majority of IP networks today, given the state of security in the
Internet, threats, and vulnerabilities to data networks. Current IP
networks are predominantly based on IPv4 technology and hence
firewalls have been designed for these networks. Deployment of IPv6
networks is currently progressing, albeit at a slower pace.
Firewalls for IPv6 networks are still maturing and in development.
Mobility support for IPv6 has been standardized as specified in RFC
3775. Given the fact that Mobile IPv6 is a recent standard, most
firewalls available for IPv6 networks do not support Mobile IPv6.
Unless firewalls are aware of Mobile IPv6 protocol details, these
security devices will interfere in the smooth operation of the
protocol and can be a detriment to deployment. This document
captures the issues that may arise in the deployment of IPv6 networks
when they support Mobile IPv6 and firewalls.
The issues are not only applicable to firewalls protecting enterprise
networks, but are also applicable in 3G mobile networks such as GPRS/
UMTS and CDMA 2000 networks.
The goal of this Internet draft is to highlight the issues with
firewalls and Mobile IPv6 and act as an enabler for further
discussion. Issues identified here can be solved by developing
appropriate solutions in the MIP6 WG.
Working Group Summary
This document was produced by the MIP6 WG. The WG has consensus
to publish this document as an informational RFC.
Protocol Quality
This document was reviewed for the IESG by Margaret Wasserman. It
was Also reviewed by Steve Bellovin and Henrik Levkowetz during the
AD Review period.