6winit at IPv6 Concertation Meeting 14/10/02 1 Peter T. Kirstein University College London Dynamic VPN Needs for UCL-CS

6winit at IPv6 Concertation Meeting 14/10/02 2 Project Background Developed VPN technology in RADIOACTIVE and in ANDROID Both had IPv6 as primary goals Both wanted to provide dynamic VPNs Now have RADIOACTIVE and 6NET RADIOACTIVE still same goal –Also must work towards ICB VPN 6NET wants a deployable VPN –Deployable with real technology and apps

6winit at IPv6 Concertation Meeting 14/10/02 3 RADIOACTIVE RADIOACTIVE based first on Xbone –Porting to IPv6 done by UCL –Included Active Server (TAG) for edge devices with traffic limiting Abandoned after DANCE because no support for realistic topology Still require same applications –Would like to use same technology as 6NET

6winit at IPv6 Concertation Meeting 14/10/02 4 Advances in X-Bone Recent changes in X-Bone important –Now have static routing according to a particular topology –IPv6 support is close PERL support now exists –IPv6 version really works only with FreeBSD FreeS/WAN IPsec does not work with IPv6 –Some network management exists Should revisit suitability of X-Bone

6winit at IPv6 Concertation Meeting 14/10/02 5 ANDROID ANDROID now finished –Used proprietary management system from Netcelo –System still available if wanted, requires specific 6WIND PC router –Unnecessary parts of ANDROID software have been removed –ANDROID TAG is being consolidated

6winit at IPv6 Concertation Meeting 14/10/02 6 6NET Project Background UCL is responsible for deployable IPv6- enabled VPNs 6NET has many deployed applications –Even Grid applications under development Has access to latest IPv6 versions of Cisco, 6WIND and Kame routers Has UMU IPv6-enabled VPN manage- ment system and PKI from UMU

6winit at IPv6 Concertation Meeting 14/10/02 7 6NET VPN Requirements VPN Management Security Infrastructure VPN Dynamism Failure Tolerant Distributed Access Control Secure Routing Complete IPv6 Infrastructure

6winit at IPv6 Concertation Meeting 14/10/02 8 Current UCL VPN Status UCL ANDROID work with Netcelo VPN Manager and Active Networking – IPv6 VPN established between 2 UCL Nodes And 1 UMU Node – IPv6 UCL membership of 5-Node ICB Coalition – IPv4

6winit at IPv6 Concertation Meeting 14/10/02 9 UMU IPSec Policy-Based Network Management (UMU-PBNM) VPN Enforcement Tool (VPN ETool) Policy Management Tool (UMU-PMTv6) Completely IPv6 Focussed 6WIND Routers Only Future Cisco Support

6winit at IPv6 Concertation Meeting 14/10/02 10 DVC Coalition Based Solution Highly Distributed PC and Non-PC Based Enforcement Points Currently No IPv6 Support – Only IPv4 Currently No Security Enrolment / Management

6winit at IPv6 Concertation Meeting 14/10/02 11 Netcelo Separate Proprietary VPN Manager IPv6 Focussed 6WIND Routers Only Fully-Meshed

6winit at IPv6 Concertation Meeting 14/10/02 12 Comparison DVC Provides Widest Hardware Requirements Flexibility DVC Provides Distributed Management DVC Localised Interface Is Faster DVC Lacks IPv6 Support DVC Lacks Generic PKI Mechanisms DVC does not give Network Topology and Routability

6winit at IPv6 Concertation Meeting 14/10/02 13 What We Want IPv6-enabled VPN Infrastructure Dynamism and Security of DVC Distributed nature of DVC Wider Deployability of DVC Policy Management of UMU Security Management of UMU Non-Decrypted Routing Over VPN Collaboration with other ICB members

6winit at IPv6 Concertation Meeting 14/10/02 14 Maybe we finally have a joint project