| Skip Navigation Links | |
| Exit Print View | |
|
Configuring and Administering Oracle Solaris 11.1 Networks Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Configuring and Administering Oracle Solaris 11.1 Networks Oracle Solaris 11.1 Information Library |
1. Planning the Network Deployment
2. Considerations When Using IPv6 Addresses
IPv6 Network Topology Scenario
Ensuring Hardware Support for IPv6
Preparing an IPv6 Addressing Plan
Creating the IPv6 Numbering Scheme
Creating an IPv6 Addressing Plan for Nodes
Creating a Numbering Scheme for Subnets
Configuring Network Services to Support IPv6
How to Prepare Network Services for IPv6 Support
How to Prepare DNS for IPv6 Support
Planning for Tunnel Use in the Network
3. Configuring an IPv4 Network
4. Enabling IPv6 on the Network
When you introduce IPv6 into an existing network, you must take care not to compromise the security of the site. Be aware of the following security issues as you phase in your IPv6 implementation:
The same amount of filtering is required for both IPv6 packets and IPv4 packets.
IPv6 packets are often tunneled through a firewall. Therefore, you should implement either of the following scenarios:
Have the firewall do content inspection inside the tunnel.
Put an IPv6 firewall with similar rules at the opposite tunnel endpoint.
Some transition mechanisms exist that use IPv6 over UDP over IPv4 tunnels. These mechanisms might prove dangerous by short-circuiting the firewall.
IPv6 nodes are globally reachable from outside the enterprise network. If your security policy prohibits public access, you must establish stricter rules for the firewall. For example, consider configuring a stateful firewall.
This book includes security features that can be used within an IPv6 implementation.
The IP security architecture (IPsec) feature enables you to provide cryptographic protection for IPv6 packets. For more information, refer to Chapter 6, IP Security Architecture (Overview), in Securing the Network in Oracle Solaris 11.1.
The Internet Key Exchange (IKE) feature enables you to use public key authentication for IPv6 packets. For more information, refer to Chapter 9, Internet Key Exchange (Overview), in Securing the Network in Oracle Solaris 11.1.
|