Skip to main content

Mobile IPv6 and Firewalls

Document Type Expired Internet-Draft (individual)
Author Franck Le
Last updated 2004-07-20
Stream (None)
Intended RFC status (None)
Expired & archived
plain text htmlized pdfized bibtex
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)
This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at:


Firewalls are an integral aspect of a majority of IP networks today given the state of security issues, threats and vulnerabilities to data networks. IP networks today are predominantly based on IPv4 technology and hence firewalls have been designed for these networks. IPv6 networks are growing at a slow rate. Firewalls for IPv6 networks are still maturing and in development. The IETF has recently standardized Mobile IPv6 which adds mobility support to IPv6. Given the fact that Mobile IPv6 is a recent standard, most firewalls available for IPv6 networks today do not support Mobile IPv6. Unless firewalls are aware of Mobile IPv6 protocol details, these security devices will hamper large-scale deployment of the protocol. This document presents in detail some of the issues that people deploying IPv6 networks which include firewalls should consider when expanding the scope to support Mobile IPv6 as well. The issues are not only applicable to firewalls protecting corporate networks, but are also applicable in 3G mobile networks such as GPRS/UMTS and cdma2000 networks where packet filters are implemented in the GGSN in GPRS/UMTS networks and the PDSN in cdma2000 networks. The goal of this Internet draft is to highlight the issues with firewalls and Mobile IPv6 and act as an enabler for further discussion. Issues identified here can be solved by developing appropriate solutions in the MIP6 WG.


Franck Le

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)