Security Considerations for Intrinsic Monitoring within IPv6 Networks
Intrinsic Monitoring is a method of collecting and disseminating node specific monitoring data throughout an IPv6 network by using the IPv6 extension headers as a carrier medium. The advantages of such a monitoring mechanism can be invaluable to a network operator, offering a wide range of performance and accuracy enhancements over traditional SNMP based or active probing based approaches. This paper discusses previous proposals related to Intrinsic Monitoring and highlights a number of security considerations that must first be resolved for such an approach to be deployable within an operational IP network. The paper offers initial contributions towards addressing these challenges.
KeywordsDestination Node Packet Loss Rate Message Authentication Code Monitor Data IPv6 Address
Unable to display preview. Download preview PDF.
- 1.Toutain, L., Durand, A.: Ipv6 traceroute option, IPv6 Working Group Internet Draft (June 1997)Google Scholar
- 2.Kaufman, C.: Internet Key Exchange (IKEv2) Protocol, RFC 4306 (Proposed Standard), Updated by RFC 5282 (December 2005)Google Scholar
- 3.Kent, S.: IP Authentication Header, RFC 4302 (Proposed Standard) (December 2005)Google Scholar
- 4.kent, S.: IP Encapsulating Security Payload (ESP), RFC 4303 (Proposed Standard) (December 2005)Google Scholar
- 5.Kent, S., Seo, K.: Security Architecture for the Internet Protocol, RFC 4301 (Proposed Standard) (December 2005)Google Scholar
- 6.Kitamura, H.: Connection/link status investigation (csi) for ipv6 hop-by-hop option and icmpv6 messages extension, Internet Draft, Work in Progress (1999)Google Scholar
- 7.Crocker, J.B.M., Lazarou, G., Picone, J.: A bandwidth determination method for ipv6-based networks. International Journal of Computers and Applications (2009)Google Scholar