Hi Balaji.J For the most part, a VPN gateway uses sufficiently few addresses (hundreds or a few thousands) that IPv6 is not necessary. This is the reason that there was little interest in changing the way IPv6 addresses are assigned in CONFIG payloads.
There's also the idea that with IPv6 there will be sufficient routable addresses to negate the necessity of using CONFIG payloads. Either way, there's an RFC that covers assignment of IPv6 addresses in CFG payloads in a more IPv6-y way. RFC 5739. http://tools.ietf.org/html/rfc5739 Hope this helps Yoav On May 5, 2011, at 2:06 PM, Balaji J wrote: > Hi ppl, > > Could anyone please clarify the following statement in the IKEv2 RFC 5996: > > ****** The Configuration payloads for IPv6 are based on the corresponding > IPv4 payloads, and do not fully follow the "normal IPv6 way of doing things". > In particular, IPv6 stateless autoconfiguration or router > advertisement messages are not used, neither is neighbor discovery.****** > > Does it mean that we should not do Router-Solicitation/Router-Advertisement > messages over the established IPSEC-SA also for Stateless AutoConf? > Even though the IPV6 address is assigned using IKEv2 Configuration Payload, > what stops the node from doing the Stateless AutoConf using > Router Solicitation/Advertisement messages sent over the IPSEC tunnel by > making sure that the same Prefix assigned during IKE-AUTH exchange > is communicated in the Router-Advertisement also? > > Because i believe this makes us compliant to IPV6 way of configuring the > ip-address even though IKEv2 is used. > > Please clarify. > > Thanks, > ...Balaji.J > > <ATT00001..txt> _______________________________________________ IPsec mailing list [email protected] https://www.ietf.org/mailman/listinfo/ipsec
