6Sense: Generating New Possibilities in the New Internet.
Produced by: IPv6 Summit, Inc.

IPv6 - The Path to Secure Converged Networks
Kashif Shaikh, Product Management, Nortel

IPv6 has numerous improvements over IPv4. Future converged networks can also benefit from IPv6 technology - how can IPv6 pave the way for future secure converged networks? IPv6 is designed to allow converged networks. IPv6 also enables greater security to the medium and provide enhanced infrastructure for emerging peer-to-peer applications. It will enable the Internet to continue to grow, accommodating new addresses for users and destinations on the Internet that would otherwise be unavailable with IPv4.

Originally, IPv6 was created because the IPv4 address space was not large enough to support a global network with billions of uniquely addressed devices. While IPv6 has been around for over several years, it has seen limited deployment. This is because the address exhaustion problem has been ameliorated by the design and deployment of ad hoc solutions, e.g., network address translators (NATs). It should be noted that these solutions are often complex, hard to extend when new services are developed and can't support basic Internet functions such as end-to-end IP security (commonly called IPSec).

The explosion of Internet-capable wireless devices, such as cell phones, PDAs, etc. has brought IPv6 to the forefront. Notably, the 3GPP standard (R5) for next generation wireless devices mandates IPv6 support in the Internet Multimedia Subsystem (IM Subsystem) and the UMTS Terrestrial Remote Access Network (UTRAN). IPv6 was selected because it will allow every device to have its own unique IP address. In addition, IPv6 has auto-configuration, integrated security, flow labels for QoS support, mobility, simplified packet handling and improved multicast support.

Nortel technologists have been involved in the design and standardization of IPv6 since the earliest days. In addition, Nortel is active in the IETF and other standards bodies, such as the Third Generation Partnership Project (3GPP), that are using IPv6 as part of the infrastructure for third generation cellular telephone network. Nortel is a pioneer in the implementation of IPv6 in enterprise networks. IPv6 was first implemented in Nortel BayRS product, with initial shipments in 1997.

Nortel views IPv6 as a key enabler of a future robust, converged network capable of providing security, connectivity and failure recovery, balancing normal operations and responsiveness to major events.

IPv6 as a route to secure Convergence
Today's disparate services run across a multitude of separate networks with different addressing schemes. Some vendors and network operators are making the transition to a converged packetized network on which multiple services are supported, using IPv4 addressing with Network Address Translation (NAT).

However, a converged network will ultimately need many more addresses than IPv4 can provide. IPv6 can provide the addresses needed for broadband connections as well as Internet connections for third generation mobile phones and large numbers of sensor devices in the home and industry. In fact, IPv6 satisfies the need for more addresses than there are current telephone numbers!

Current IPv4 networks are primarily optimized for client-server applications. The converged future network needs to be able to support all kinds of services. Using IPv6 restores the transparency of the network by taking NATs out of the network; packets travel unmodified across the network and any-to-any communication becomes much simpler because addresses are once again globally valid. IPv6 is designed to allow a converged network to deliver multimedia services anywhere, to anyone.

Because packets are modified as they pass through NATs, IPv4 networks employing NATs complicate end-to-end security provisioning and provide a focal point for security attacks. In contrast, IPv6 conformance in hosts and routers requires support for IPsec. Taken together with transparency, this is designed to allow a converged network based on IPv6 to deliver secure services end-to-end on whatever path a packet is routed.

Nortel is a leader in converged networks, with expertise in both voice and data networks. The company's robust architecture for converged networks is evidenced by interoperability testing leadership at the U.S. Department of Defense Joint Interoperability Test Command facility. Nortel is the first networking vendor to provide an end-to-end VoIP solution certified by the US Defense Department Joint Interoperability Test Command (JITC). Nortel is also among the first companies to pass 2004 Technology Integration Center (TIC) certification for its Ethernet data products - TIC certification testing included IPv6 Conformance, System and Network Management testing of Nortel Ethernet Routing Switches. IPv6 implementation in Nortel products complements convergence strategies for both commercial and government customer networks.

Nortel is committed to a transition to IPv6. Nortel plans to use a uniform implementation of IPv6 across our products which currently support IPv4 and new products engineered for IPv6 support from their inception.

Nortel is the first networking company at UNH-IOL (the University of New Hampshire InterOperability Laboratory) to successfully complete the latest and most comprehensive testing regimen for IPv6. UNH-IOL is recognized as the industry's leading IPv6 interoperability lab, with an automated suite of over 350 IPv6 tests that verify conformance with the latest IPv6 Ready Phase 2 criteria.

"We are pleased to announce that Nortel is the first vendor at UNH-IOL to pass all the tests for the IPv6 ready Phase-2 logo program," said Erica Williamsen, UNH-IOL IPv6 technical manager. "Successful completion of this comprehensive testing procedure means that Nortel Ethernet Routing Switch 8600 conforms to the IPv6 standards and is interoperable with other, standards-based products in a multi-vendor environment that supports IPv6 functionality."

IPv6 Ready Logo Phase-2 program testing included the IPv6 Ready Phase II Logo Base Conformance and IPv6 Ready Phase II Logo Base Interoperability Test Suites.

In addition to passing the rigorous IPv6 Ready Logo Phase-2 program testing regimen administered by the UNH-IOL, Nortel also participated in the Moonv6 2004 November Test Set.

The Moonv6 network is the world's largest multi-vendor IPv6 network, and represents the most aggressive collaborative IPv6 interoperability and application demonstration event in North America. Nortel demonstrated IPv6 capabilities in a multi-vendor environment, participating in the Moonv6 next-generation Internet network project, conducted by the U.S. Defense Department, Internet2, and the UNH-IOL.

Nortel also participated in the 5th ETSI IPv6 Plugtests interoperability event in France in Oct. 2004. The Plugtests Service of the European Telecommunications Standards Institute (ETSI) provided expert facilities for testing the latest IPv6 implementations at their IPv6 interoperability event.

At Nortel, convergence and security is in our DNA - it is more than voice over IP (VoIP) - it is the secure delivery of voice, video, data, and applications over one network - wired or wireless; it is one of the ways we can help improve businesses and fulfill the objective of Nortel to secure and protect critical information.

For more information please visit www.nortel.com/ipv6

This is the way. This is Nortel, Nortel, the Nortel logo and the Globemark are trademarks of Nortel. The information in this document is subject to change without notice. Nortel assumes no responsibility of any errors that may appear in this document - Date: 26th December 2004.