Sie sind auf Seite 1von 14

Chapter 3

Literature Review and Theoretical Development

3.1 Introduction
The basic aim of this chapter is to bring together the different research works that have
taken place so far in the fields of IPv4 and IPv6. It was in the year 1990 that the engineers
realized that within 2007 to 2012, Internet Protocol version 4 will fail to provide required
IP addresses. Their prediction came out to be true. The work started for building a new
Internet Protocol in 1993. The detailed description in this regard is included in the
introductory Chapter 1. IPv6 officially came into existence in the year 1999, since then,
many research scholars have worked on this technology to improve it day by day. The
basic transition mechanisms and the effects on the globalization with this resultant
transition have been discussed in most of these researches. In near future there will be a
need for some time to use IPv6 along with IPv4 networks. Hence there is a need to
analyze the architectural differences and the relationship between them. IPv6 is the need
of hour because of its various important features and extended addressing space
In this chapter focus is laid on the work done by various research scholars, who also have
performed some kind of research and analyzed both IPv4 and IPv6 networks and their
respective conclusions, which they have drawn. Going through this thorough analysis,
various pros and cons of both the protocols are derived and thereby some fruitful
remedies to bridge down this gap and deeply understanding the advantages and
disadvantages of these protocols can be laid down. Several researchers have focused on
IPv6 network performance. The upcoming paragraphs cover some related work that has
been done using four major areas covered in this research work:
1. Performance Evaluation of IPv4 and IPv6
2. Transition Mechanisms from IPv4 to IPv6
3. Precautions Before Transition
4. Adoption of IPv6
5. Security Management in IP6 using IPsec

3.2 Performance Evaluation of IPv4 and IPv6

Ettikan et al. [2000] have worked on the performance analysis of IPv6 in comparison to
the old version IPv4 using Dual stack execution of KAME and FreeBSD using File
Transfer Protocol and ping applications, and they have taken the packet transmission time
as the measurement metric. After the test results of the experiment they shown that IPv6
performance is poorer in comparison to IPv4 and it doesn’t follow the theoretical results.
AlJa'afreh et al. [2008] stressed the need of the new Internet Protocol, owing to the
present limited running IP address condition. Hence some kind of transition mechanism
is required to migrate from IPv4 to new protocol IPv6. In their research work, they used
OMNeT++ simulation tool to evaluate the performance of BDMS, which was
implemented to study the protocol behavior when different buffer sizes are used. BDMS
had been designed and proposed as an IPv4 – IPv6 translator tool mechanism. The
performance parameters used by them were RTT, EED and Total Queuing Delay.
Finally, based on the results of their simulation, they concluded that when the translator
buffer size increases, the respective RTT and EED also increase for the particular
communication session.
Govil et al. [2008] concentrated on the various techniques and the relevant standards
which are required for easy and high level of compatibility between both the protocols.
Authors have discussed some of the constraints which would come while interoperating
between IPv4 and IPv6 for smooth transition. The compatibility issues arise as both the
Internet protocols are completely different and separated from each other’s workflow.
Issues include the IPv4 hosts and routers which will not be able to deal with IPv6 traffic
directly and vice-versa. There would be extreme difficulties with the current IPv4 address
allocation feature making it nearly impossible to switch over to IPv6 over night. The
constraint on which authors basically emphasized is of the numerable web and mobile
based applications which still support only IPv4 protocol. There is an immediate need to
make the upcoming applications which could widely work on v6 protocol environment as
Yuk-Nam Law et al. [2008] have worked on a dual-stack environment and calculated the
empirical performance of the IPv4 and IPv6 networks. The comprehensive empirical
measurements have been evaluated from an end user’s perspective. Focusing on the
global scale deployment of IPv6 network, they have created a dual stack IPv4/IPv6 test
bed. This is for sending the probe traffic from test bed to nearly 2000 dual stack hosts
worldwide. The parameters for quantifying the performance differences taken are hop
count, RTT, network connectivity, Operating system dependencies, throughput as well as
the address configuration latency. Thorough investigation has also been done to use IPv6
tunneling brokers’ rather native IPv6 services which affect the performance efficiency.
Results have being compared regularly with the previous progress of IPv6
deployment/performance. They have concluded with the fact that IPv6 has improved to
provide 95% of the network connectivity to various IPv6 sites. Performance offered by
the IPv6 tunnel brokers have also been compared to native v6 services in case of end user
Chakraborty et al. [2009] performed the comparative analysis of the performance of
IPv4-only network vs. Dual stack mechanism under a number of traffic patterns using
network simulator NS2. The authors’ proposed Dual stack enabled network structure in
which the nodes in IPv4 network initialize the connection with the nodes in IPv4 over an
integrated IPv4/IPv6 network. The authors’ considered the performance metric for end-
to-end delay in both the situations. As a result, estimation of the end-to-end delay is
carried out on number of applications such as real audio, File Transfer Protocol (FTP)
over TCP and CBR over UDP.
Yhi Shi et al. [2009] have considered the Application Layer of the Network model, and
how it impacts the windows based operating system. They have suggested that some
fundamental changes are required in the current data communications and network
infrastructures to make the interconnections of the networks more efficient. But there are
many limitations which hinders its growth. Their research work has focused on the
solution provided by IPv6 about addressing the inherent problems of IPv4. At the same
time it has offered new opportunities which would eventually lead to the enhanced
communication experiences. This work has also stated that the overhead which would be
increasing in IPv6 will have a direct impact on the operating system of the user whenever
he interacts with the hosts of the communication protocol. Basically the network
performance issues were addressed in this work. The authors have done a thorough
research taking five windows operating systems which are then configured with both
IPv4 and IPv6 versions of the protocol at same time. Thereby they have empirically
evaluated the performance difference which includes the parameters like, throughput,
latency and jitter basically for the simulated DNS and game traffic types. They have
hence concluded that the overall performance of the network depends not only on the
type of Internet Protocol used or the traffic type, but also on the operating system used by
the user.
Narayan et al. [2010] working as a team have obtained the various network performance
factors in case multiple hardware routers were implemented on a test-bed. They have
basically focused on the impact on the network which will consequently occur when
transforming the protocol architecture from v4 to v6. In their research work the basic
performance difference between the IPv4 and IPv6 have been measured. They have
arrived at the conclusion that, with the increase in the routers, a significant difference in
the delay has been observed between the IPv4 and IPv6 protocol versions. They have also
emphasized on the fact that UDP and TCP traffic types register different performance
metrics values.
Amin et al. [2011] have jointly evaluated the performance of IPv4 and IPv6 network in
the absence of Link Layer protection. In their research, authors have discussed and
simulated both IPv6 and IPv4 protocols in an ideal scenario in low noise, medium noise;
followed by high and very high noise environments. They have observed that the
transmission behavior at each router connected wirelessly in the network. The simulation
results were computed in order to understand the comparative performance of the
datagram in case of v4 and v6 protocol versions. The performance parameters for which
the networks were simulated were, transmission time, number of corrupted packets,
throughput and number of re-transmissions. From results they inferred that IPv6 performs
better than IPv4. It has been better in low noise environment where there is no checksum
to be computed on each router. Also the number of retransmissions for corrupted packets
has been less. In the scenario of high noise, a significant performance declination has
been observed. In this high noise environment IPv4 proves to be better as it produces less
corrupted packets, saves extra bandwidth and hence provides better throughput. Thus
they have arrived to a mixed conclusion, where both the protocols are ideal to use in
either case. They have left to the readers and users to choose the protocol as per their
Svec et al. [2011] have also analyzed the performance of the network using the transport
layer protocol and measured the transmission time. They have tested the impact of TCP
on the new IPv6 protocol and evaluated the network performance on the basis of network
router load and efficiency. The basic problem that they have observed is that with higher
load, the efficiency is affected and becomes worse, leading to the problem of global IPv6
deployment. They have hence proposed a methodology of the measurement of traffic on
the basis of different stochastic systems. They have also generated different SCTP, UDP
and TCP traffic depending on uniform probability distribution for packet size and packet
inter-departure time. The generator that they have used is capable enough to reproduce
experiment using similar seed for the random values. Parameters for which the authors
have focused are correlation between size of the packet, load on the communicating
nodes and the inter-departure time to the routers. Experiments were performed on both v4
and v6 environment. Their conclusion states that the usage of new v6 protocol will lead
to higher network efficiency of data transfer. Using the forward regression analysis they
identified the variables which imply the packet transfer time.
Valle-Rosado1 et al. [2012] worked on Design and Simulation of an IPv6 Network by
means of Dual stack and tunnelling transition mechanisms. Their research was focused
on the main theoretical concepts of the IPv6, such as address allocation, addressing,
routing with the help of Routing Information Protocol next generation (RIPng) and two
main IPv4 to IPv6 migration strategies. It represents the design and simulation of the
connectivity between network devices configured with IPv6 protocol, after implementing
dual stack and tunnelling as transition techniques. These techniques were implemented
through the two network simulators, GNS3 and Packet Tracer.
After the experimental results they concluded that during the deployment of network both
mechanisms are good enough as per the scope of the network. Although Dual stack
mechanism is easier to implement, however network devices must support both the
protocols IPv4 and IPv6, which results in larger number of entries in routing tables and
this creates more processes and takes larger processing time. In contrast tunnelling as a
transition mechanism is a better choice for the networks that contains devices which do
not support IPv6 protocol. Because in tunnelling packets can travel encapsulated inside
the IPv4 packets, the drawback of this strategy is that 20 bytes increases in the header of
every IPv4 packet, moreover troubleshooting becomes more complex.
After using both the simulators they concluded that both the simulators are good to work
on. Working with the packet tracer is easy because most of the functions are incorporated
in the software tool itself, but the tunneling transition mechanism does not support the
packet tracer, consequently GNS3 was also used, because it supported tunneling,
however, it becomes slower with its use because the GNS3 software does not consist of
all the required things for a network configuration and as a result user need to configure
several additional things. The reason for using these tools is that it is available for free
and both tools are powerful.

3.3 Transition Mechanisms from IPv4 to IPv6

Raicu [2003] worked on IPv4 to IPv6 transition mechanisms. His work was based on two
transition mechanisms, specifically IPv6 in IPv4 tunnelling and 6-over-4 mechanism over
local area network test-bed. He examined and evaluated the performance of IPv4 to IPv6
transition using these two mechanisms and explored the impact of these strategies having
on user application performance by measuring metrics such as transmission latency,
throughput, host CPU utilization, connection time of TCP and the number of TCP
connections/second that a client can set up with a remote server. All experiments were
carried out by using two dual stack (IPv4 and IPv6) routers and two end-hosts running
Windows 2000, having dual IPv4/IPv6 stack.
The results of their experiment showed that 6 over 4 (host-to-host encapsulation)
transition mechanisms had 66% greater CPU utilization when compared to IPv6 in IPv4
tunnelling (router-to-router tunnelling) or to IPv6. Further, the results concluded that
router-to-router tunnelling had a smaller amount of overhead in comparison to the IPv6.
Moreover, the 6over4 transition mechanism had better performance as compared to the
IPv6 in IPv4 tunnelling or IPv6.
Chang et al. [2004] worked on performance analysis of IPv4 to IPv6 transition
techniques. They addressed majorly the performance of the numerous tunnelling
strategies implemented in the different networks. Their work investigated and estimated
the performance of configured tunnel, 6to4 tunnel, and tunnel broker transition
mechanisms in a real network scenario. Different implementation were performed with a
ping6 program running on a reliable ICMPV6 packets used for connecting a remote IPv6
network such as the KAME and 6bone sites. The outcome of these experiments on the
performance of the applications was investigated for the metrics such as throughput,
transmission latency, packet loss and CPU utilization. The results revealed that the
measured throughput and latency of the 6to4 mechanism are superior to those of the
tunnel broker and configured tunnel mechanisms by 94.83% and 89.38%, 48.76% and
42.47%. Though, the 6to4 strategy should work to a great extent (for greater overhead)
for every packet sent, and therefore it must run at a greater CPU utilization for the edge
router. For all three tunnelling technologies, large sized packets had higher loss rates.
Mohamad Tahir et al. [2006] worked on the Dual Stack transition mechanism between all
the IPv4 to IPv6 transition mechanisms. They implemented the dual stack mechanism
over IPv6 test bed called as 6iNet in University Utara Malaysia, so that their test-bed can
reach to the IPv4-only network nodes. They used dual stack mechanism over 6iNet (that
is based on IPv6-only networks) because dual stack nodes on IPv6-only network nodes
can get to IPv4-only network nodes on the internet. For 6iNet they implemented
manually configured tunnel. They chose manually configured tunnel for the reason that it
is more secure and stable for regular communication among two-edge routers, or among
end-systems. With the implementation of Dual Stack Transition Mechanism over 6iNET,
IPv6 networks can communicate with the IPv4 networks or applications. 6iNet test-bed is
the foremost IPv6 test bed in the university and hence became the platform for IPv6
related researches in UUM.
Xia et al. [2006] analysed the advantages of Dual stack transition mechanism and
evaluated its characteristics including performance, implementation status, portability and
interoperability. Their analysis was based on 2 DSTM test-beds established in the U.S.
and France respectively. The experimental results asserted that Dual Stack Transition
strategy is a very light-weight transition strategy.
Bi et al. [2007] discussed the IPv4 to IPv6 transition mechanisms and Univer6
architecture. The authors compared tunnelling and translation approaches and discussed
the security issues in transition techniques and then for future IPv6 transition they
presented the Univer6 architecture.
Tseronis et al. [2007] have stated that with the huge rapid growth of the Internet and
depletion of addresses in IPv4, the time has come to switch over to the v6 protocol which
efficiently meets this drawback. Their research work has focused on the interoperability
between IPv4 and IPv6 in the mobile communication networks. In this, they have
analyzed various handoff scenarios for a dual-stack mobile node, which performed in a
mixed v4/v6 environment with a predominated IPv6 home address roaming. Methods by
which the handoffs can be supported have been discussed. Parameters taken for the
performance evaluation in this study included handoff-signaling cost, different traffic and
mobility patterns, and handoff delay and handoff-failure probability. Results demonstrate
the performance of handoff scenarios. The conclusion provides in-depth understanding
and insights to design a new cost effective mobility support mechanism for the
interoperation between IPv4 and IPv6 transition.
Law et al. [2008] worked on the performance of IPv6 vs. IPv4 using Dual Stack
mechanism. The authors evaluated the throughput, Round Trip Time (RTT), operating
system dependencies and address configuration latency. In particular, the authors sent the
packets from the dual stack test-bed to 2000 dual stack hosts globally. The authors have
measured the performance differences among IPv4 and IPv6 plus the impact of using
tunnel broker mechanism vs. Native IPv6 mechanism. The results demonstrated that the
IPv6 backbone had improved compared to earlier published findings. Moreover, thet
asserted that the IPv6 tunnel broker performance was as good as with that of Native IPv6.
Punithavathani [2009] published his contribution on IPv4/IPv6 transition mechanism.
The author majorly addressed the performance of number of tunnelling techniques for
transition. The result of the mechanism on performance of networks was examined using
various metrics, for example throughput, packet transmission latency, packet loss and
CPU utilization. The result showed that calculated throughput and latency of IPv4-IPv6
strategy was much better than the tunnel broker (configured tunnel) mechanism.
Dey et al. [2011] have stated that the migration from the current IPv4 protocol to the new
IPv6 protocol has become vital. Authors have focused on the reports presented by IANA
which state that IPv4 will soon run out of addresses. But there are many issues which are
to be considered in order to have a successful transition from IPv4 to IPv6. The issues
basically include hardware and software support which will be required for this
deployment. Further they have also emphasized on the impact on the corporate world
which will take nearly a decade to completely adapt this new protocol.
Wu et al. [2011] worked on integration of tunnelling and translation techniques to
migrate from IPv4 to IPv6. They said that tunnelling fulfils the demand of IPv4 to IPv6
traversing and translation accomplishes IPv4 to IPv6 interconnection. Though, translation
mechanism faces numerous challenges with operation complexity, heterogeneous
addressing and scalability issues. Even though researchers have put their efforts to
decompose and make these problems simpler, slight achievement has been achieved
caused by these problems. These researchers proposed a new translation spot selection
technique that has capability to solve the existing issues from a different point of view
and hence makes efficient use of translation mechanisms. Based on this technique, they
suggest a transition framework for edge networks and transit. This structure integrates
both translation and tunnelling to support IPv4 to IPv6 interconnection and traversing.
And uses this approach to make communication models supple for different demand
scenarios. Besides this they presented signalling methods for both the cases, to
accomplish context advertisement and automatic translation spot selection.
Amer [2012] had given introduction about both IP (IPv4 and IPv6) and discussed the
merits of IPv6, demerits of IPv4 and when to choose IPv6 and specify the significance of
migration from IPv4 to IPv6. He concluded that migrating from IPv4 to IPv6 in a
moment is impossible because of the large size of the Internet and of the large number of
IPv4 users and inspect when to immigrate from IPv4 to IPv6 and the risks of this
Nizar Abu Ali, A. [2012] compared the IPv4 and IPv6 protocols and tried to find some
migration technique from IPv4 to IPv6. The author said that these days IPv6 over IPv4
tunnels are broadly used to form the worldwide IPv6 Internet. His work demonstrated the
two tunnels and explained when to migrate from IPv4 to IPv6 and after that author
discussed the risks of migration.
Waixi et al. [2012] stated that there had been many problems encountered in
implementing the protocol translation technology. Authors very vividly proposed a new
method to solve the current issues in NAT-PT of v4/v6 translator. There are three basic
steps mentioned as per their research work. Foremost step explains the bi-direction
translation of IPv4 and IPv6 which can be implemented on the basis of same address pool
and the fragmented IP packets can also be translated. On the second note, the Discard
Rate is eventually decreased to 1/65536 when one address of IPv4 protocol serves 264
sessions. Lastly, overall required translation for TCP, UDP or ICMP packet is completed.
3.4 Precautions Before Transition
Cisco Systems [2009] focus on the different challenges that will be faced in order to
migrate from IPv4 to IPv6 network. The most important issue with the entire world is that
it will not migrate to IPv6 protocol version at the same time. Neither is this possible that
the applications and the equipment on which the several organizations work will be
suddenly transformed to IPv6 from basic v4 version. The author has emphasized on some
smart switching plan and certain tools, with their help there would be an orderly
transition between both the standards. Next challenge is with the time for the production
environment which should be as low as possible. Author has discussed in detail the other
issues in this regard. The engineers need to make sure that the network in IPv6 ought to
have the same reach ability and similar isolation characteristics as IPv4 has. Security is
next alarming issue which has to be maintained in the new Internet Protocol. Then is the
performance and efficiency of the network which is required to either remain same or
better than the previous protocol. Lastly it has to be ensured that both IPv4 and IPv6 co-
exist with each other.
Domingues et al. [2011] reported in their research work that there is an important item
which needs to be carefully studied and analyzed before deploying IPv6 networks. And
that is- designing the network in the similar way as IPv4 is done. They have focused on
bringing the advantages of IPv4 protocol network to the IPv6 networks. They have then
proposed the “IP agnostic” concept for the users of public Internet. With the increased
availability of the Operating Systems and the numerous Applications based on IP
agnostic, the stability of the dual stack network on the IPv6 side would be fundamental.
Rather, inadequately deploying the IPv6 will eventually result to discredit the benefits
that the end users may get by the ample amount of addressing space available to them.
Authors have also emphasized on the fact that the IPv6 addresses should not be free to
end-users so that ISP who can earn some extra revenue from the assignment of fixed IP
address subnets to their clients and at the same time the end-users will be able to get an
extended public address space for some nominal price.
Since a huge amount of networks and sub networks have already been deployed and used
as IPv4 infrastructure, it becomes nearly impossible and difficult to imagine for the new
ISP to install the new Internet Protocol version 6 without having the assurance that the
old legacy nets continues to provide Internet and new ones work more effectively. In
their research work the authors have focused on the transition mechanism proposing new
ideas which can be used especially by the IPv6 users who still want to have
communications with their old devices and applications. They have discussed the
tunneling mechanism which has proved to be better than the other proposed and available
models for this purpose. They have effectively shown the mechanism, which establishes
the hybrid network communications transparently between the IPv4 and IPv6 world.
Issues such as scalability, efficiency and overall network performance had also been
discussed in this research work. Authors have proposed DTI or the Dynamic Tunneling
Interface method which helps in the transition procedure more effectively and is more
scalable to adapt to the IPv6 characteristics. This model removes any kind of routing
information from the IPv4 address assignment procedure. In addition to this the proposed
model has advantage of being multi-homed.
3.5 Adoption of IPv6
Hsieh et al. [2005] published their contribution in evaluating the coexistence of IPv4 and
IPv6 with various transition strategies. The authors presented a practical way to manage
the co-existence of networks. Using this approach the authors initially determined the
fundamental transition mechanism by assembling corresponding IPv6 addresses, for this
ICMPV4 and ICMPV6 both messages are used to collect all IP addresses of the network.
When transition mechanisms were discovered, the facilities for their proper management
were developed to maintain the co-existence of the network and implemented
accordingly. For proper management of coexistence, detection of IP misuse, topology
discovery and traffic monitoring were notified.
Wang et al. [2005] had published their work and according to them a large extent of
effort has been put on the IPv6 standards and test-bed implementation. But still few
things are known about the performance of the existent IPv6 Internet, particularly from
the end users point of view. In this research the authors presented a measurement study of
existing IPv6 performance carried out from CERNET. The authors studied 585, 680
packet-level map out with 133,340 million datagram gathered from 936 IPv4/IPv6 dual
stack net servers situated in 44 countries. They presented a widespread performance
comparison of IPv6 vs. IPv4, together with connectivity, datagram loss rate, RTT (round-
trip time), etc. Their measurement results illustrated that IPv6 network connections tend
to have lesser RTTs than their matching IPv4 network connections, but experience higher
packet loss rate at the same point of time. They also observed that paths with the tunnel
were not having prominent performance degradation in contrast with the native paths. At
the time of publication this research was the first performance study based on both huge
scale ICMP and TCP traffic measurement in existent IPv6 Internet.
Narayan et al. [2008] considered two Microsoft operating systems namely, Windows XP
and Windows Server 2003 configured with the two versions of IP and empirically
evaluated their performance difference. The experimental results demonstrate that
theoretical and practical performance values are different. It also showed that network
performance depends not only on IP version and traffic type, but also on the choice of the
operating system.
An IEEE-USA research team [2009] discussed the problem of IPv4 address exhaustion
and strategies to reduce the severity. The authors of the white paper said that though the
address space of IPv4 is quite large but it is finite and is continuously diminishing. They
predicted that this address space will exhaust in the coming few years. However, running
out of IPv4 address space would not result in instant worldwide system crash but the
consequences are more dangerous. Such as, new clients will not be able to connect to the
internet directly, several new ground-breaking applications will not be able to use the
new participants and they cannot use complete end-to-end internet technologies to run the
applications. Besides, largely the IPv4 address exhaustion mitigation approaches trust on
network service providers to take steps as doorkeepers to selectively allot temporary IPv4
addresses to the network nodes. But allocating temporary IPv4 addresses has technical
problems such as limited number of users to existing applications. So they conclude that
there is need of some replacement strategy for IPv4.
Their research work was limited to the inspection of technical issues related to the
depletion of IPv4 address space. It also reviewed the replacement strategies and found
that IPv6 protocol is the most commonly cited replacement strategy for IPv4 protocol.
Their research work was not intended to exclusively support the IPv6 as the one and only
replacement strategy for IPv4, as a matter of fact the lack of implementation of IPv6 may
show that preventing early IPv4 exhaustion is a different viable strategy.
3.7 Security Management in IPv6 using IPsec
McLoone et al. [2002] published their work and according to them a large extent of effort
has been put for creating IPsec, which has been designed to provide interoperable, high
quality, cryptographically-based security for IPv4 and IPv6.
According to Box & Sterling [2001] the set of security services offered includes access
control, connectionless integrity, data origin authentication, protection against replays (a
form of partial sequence integrity), confidentiality (encryption), and limited traffic flow
confidentiality in IPsec. These services are provided at the IP layer, offering protection
for IP and/or upper layer protocols.
Doraswamy et al. [1999] stated that there are different protocols designed to secure the
traffic at various layers in the network. They also emphasized that exactly how this is
done depends on the security requirements of the application and it is up to the user to
decide where in the stack security should be implemented. In their paper they have also
specified that the following basic services have to be provided in IPsec:
• Key management.
• Confidentiality.
• Non-repudiation.
• Integrity/authentication.
• Authorization.
It is possible to provide some or all of the security services mentioned above, it depends
on where in the stack security is implemented. Sometimes, it makes sense to provide
some capabilities on one layer and other capabilities at another.
Sjögren [1999] stated that the Network Layer (the IP Layer in the case of the TCP/IP
stack) is the lowest layer within the layered communications protocol stack model that
can provide end-to-end security using IPsec. He has also specified that the security
protocols in the Network Layer provide connectionless integrity, data origin
authentication, protection against replay attacks, and confidentiality for all upper-layer
application data carried in the payload of an IP datagram, this without requiring
modification of existing applications. The security solutions are based upon the open
framework of IP Security Architecture (IPsec), defined by the IPsec Working Group of
the IETF. It is called a framework because it provides a stable and lasting base for
providing Network Layer security. IPsec can make use of today’s cryptographic
algorithms, but as newer and more powerful algorithms become available these can later
be used. IPv6 implementations are required to support IPsec, and IPv4 implementations
are strongly recommended to do so.