Security is often cited as a blocking point by organizations to deploy IPv6. Based on several interactions with organizations being at the verge of deploying IPV6 (or being busy deploying it!), I hesitate between two security topics for GogoNET Live. Which one would you prefer? Comments and suggestions are welcome :-)
Topic #1: Security issue with extension headers and fragmentation
Not all network devices can handle extension headers, specially their length or (on purpose) wrong chains or even DoS with the hop-by-hop extension header (whose implementation is still a MUST by the IETF but a AVOID by security people!). Fragmentation is also a serious issue and a big difference between IPv4 and IPv6 as specially fragmented packets can by-pass stateLESS ACL. This presentation explains the issues, presents some solutions and shows what the IETF intends to do (based on current status of IETF working groups)
Topic #2: How to operate securely an IPv6 network?
Organizations run security (cough cough) IPv4 networks for many years... But, how can they operate an IPv6 as securely? The presentation covers control plane protection, telemetry but also forensic in IPv6 network. Things can be different in IPv6: DHCPv6 is not the same as DHCPv4, SNMP MIBs are different, extension headers complexify everything but a careful network operator can still operate an IPv6 network as securely as IPv4, she just need to modify some procedures.
Whichever topic will be presented at GogoNET Live, I am sure that we all have fun and have interesting and fruitful discussion!