Overview
ABSTRACT
This paper provides some description of IPv6 deployment strategies in mobile environment taking into account that IPv4-only applications must still be reachable by mobile users. In particular, double stack and IPv6-only strategies are described in-depth.
Then impacts of these strategies on security architectures are considered. These impacts are structured as follows: First, some analysis of main threats is carried out and then some inherent IPv6 protocol vulnerabilities are given.
Finally some first recommendations are provided so that mobile operators can protect their infrastructure and services against main risks conclude this paper.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
David BINET: IP Network Architect – Orange
INTRODUCTION
The services offered on mobile networks are increasingly based on the establishment of IP connections. This is due not only to the explosion in data services, but also to the deployment of LTE/EPC architectures, generally referred to as 4G, which rely solely on a "packet" network core. This evolution in terms of mobile network services and architecture should be seen in the context of a shortage of "public" IPv4 addresses, i.e. those that can be routed on the Internet. This is particularly the case on the American and Asian continents, and even in Europe in the very near future, and less critically in Africa and Latin America. Most of the major operators are therefore working on deploying the new version of the IPv6 protocol, some through commercial rollouts (T-Mobile, Verizon, Orange Poland, to name but a few), others through experimentation and some through contributions to standardization work (IETF, 3GPP, GSMA).
The integration of IPv6 into mobile networks can be based on a number of different strategies, including the choice of offering IPv6 connectivity as a complement to IPv4 connectivity, or providing customers with IPv6-only connectivity. Whichever option is chosen, one of the conditions is of course to maintain a quality of experience that is independent of the type of connectivity, and the operator must in particular ensure that the customer will be able to access all services, including those based on an IPv4-only protocol stack. The integration of IPv6 in mobile networks is naturally based on standardized building blocks, notably from the IETF, but takes into account a number of specificities linked to the mobile environment and in particular to the radio resources to be preserved. This article presents the techniques for introducing the IPv6 protocol into mobile networks, as well as the specifics of using dual-stack or IPv6-only connectivity.
The introduction of IPv6, while impacting the core network, terminals and applications, also means updating security architectures. These "security" impacts will be considered as follows in this article. The main vulnerabilities of mobile networks are described in 3 . These vulnerabilities are based not only on mobile network architectures and, in particular, the various interconnections with other networks, but also on...
Exclusive to subscribers. 97% yet to be discovered!
Already subscribed? Log in!
KEYWORDS
vulnerability | IP/MPLS networks | mobility | risk | | mobile networks | IP networks
CAN BE ALSO FOUND IN:
Introducing IPv6 to mobile networks
About IPv6 in mobile networks
Article included in this offer
"Security of information systems"
(
86 articles
)
Updated and enriched with articles validated by our scientific committees
A set of exclusive tools to complement the resources
Bibliography
Exclusive to subscribers. 97% yet to be discovered!
Already subscribed? Log in!
