Security Considerations for Intrinsic Monitoring within IPv6 Networks
نویسندگان
چکیده
Intrinsic Monitoring is a method of collecting and disseminating node specific monitoring data throughout an IPv6 network by using the IPv6 extension headers as a carrier medium. The advantages of such a monitoring mechanism can be invaluable to a network operator, offering a wide range of performance and accuracy enhancements over traditional SNMP based or active probing based approaches. This paper discusses previous proposals related to Intrinsic Monitoring and highlights a number of security considerations that must first be resolved for such an approach to be deployable within an operational IP network. The paper offers initial contributions towards addressing these challenges.
منابع مشابه
Intrinsic Monitoring Using Behaviour Models in IPv6 Networks
In conventional networks, correlating path information to resource utilisation on the granularity of packets is a hard problem when using policy-based traffic handling schemes. We introduce a new approach termed ‘intrinsic monitoring’ which relies on the use of IPv6 extension headers in combination with formal behaviour models to gather resource information along a path. This allows a network m...
متن کاملIPv6 Security Vulnerabilities
Internet Protocol version 6 (IPv6) is the newest version of the protocol that is used for communications on the Internet. This version has been in existence for many years. But, currently many organizations have slowed their migration to IPv6 because they realize that the security considerations and products for IPv6 might be insufficient, despite the fact that the network infrastructure is rea...
متن کاملSimulation Study of a Many-to-One Mapping for IPv6 Address Owner Identification in an Enterprise Local Area Network
Owner identification is an important aspect of improving network visibility and enhancing network security within local area networks deploying IPv6. This paper presents a simulation study for owner identification in an enterprise local area network from their IPv6 addresses. The study is based around the reverse implementation (many-to-one mapping) of a one-to-many reversible mapping. The pape...
متن کاملSecured Route Optimization and Micro-mobility with Enhanced Handover Scheme in Mobile IPv6 Networks
خسارات وارد شده به شبکه گاز شهری در یک زلزله میتواند زیانهای زیادی از جمله خسارت ناشی از آتشسوزی در شبکه زیر ساخت، و خسارت ناشی از قطع خدمات رسانی، تعمیر و تعویض اعضای شبکه، را در بر داشته باشد. در این مقاله یک مدل آتشسوزی پیشنهاد شده است. مدل پیشنهادی در یک مدل نیمه احتمالاتی مرسوم برای برآورد خسارتهای مختلف ناشی از آسیب دیدن شبکه گاز شهری، به کار برده شده است. هدف از این کار توسعه یک ابز...
متن کاملMonitoring of Tunneled IPv6 Traffic Using Packet Decapsulation and IPFIX (Short Paper)
IPv6 is being deployed but many Internet Service Providers have not implemented its support yet. Most of the end users have IPv6 ready computers but their network doesn’t support native IPv6 connection so they are forced to use transition mechanisms which transports IPv6 packets through IPv4 network. Unfortunately deployment of IPv6 is slow and at this rate, completion of the migration from IPv...
متن کامل