Cisco Blogs

Cisco Blog > Security

ICMP and Security in IPv6

In the previous installment of our series of IPv6 posts, we covered some common myths regarding IPv6. In this post, we’ll talk about how the role of ICMP has changed in IPv6 compared to IPv4.

In IPv4, ICMP provides error reporting, flow control and first-hop gateway redirection. This functionality, which is also available in IPv6, is usually not essential to the operation of your network. With IPv6, however, ICMP has gained a much more significant and essential role because of new functionality that is now performed through ICMP. Fragmentation, Neighbor Discovery, and StateLess Address AutoConfiguration (SLAAC) represent essential functionality which is now performed using ICMP messages. Furthermore, many ICMP messages are designed to be sent to multicast addresses instead of only unicast addresses. Therefore, ICMP in IPv6 gains a whole new importance along with a new set of security concerns.

Read More »

Tags: , , ,

IPv6 Myths

In the first installment of our series of IPv6 posts, we covered some basic differences between IPv4 and IPv6. In this post, we’ll talk about some common myths regarding IPv6.

The initial IPv6 standards originated in 1998 with the publication of RFC 2460 – “Internet Protocol, Version 6 (IPv6) Specification.” The main intent behind IPv6 was to solve the issue of the limited address space available in IPv4. Over time, other features such as Stateless Address Autoconfiguration (SLAAC), Network Renumbering, and mandatory IPSec support were also added to IPv6. In reality, however, the main benefit of IPv6 is the expansion of the address space. Over those 10+ years, numerous myths, however, have surfaced, many of which can impact the security of your IPv6 network. Understanding the truth behind these misconceptions is important, especially now, as IPv6 is being deployed on more and more networks.

Read More »

Tags: , ,

IPv6 – What’s New

IPv6 is becoming more widely deployed as the availability of IPv4 addresses continue to decline. In June, Cisco will be participating in World IPv6 Day, a 24-hour global “test drive” of IPv6 that is organized by the Internet Society.

Hopefully this introductory post will give you a basic idea of how IPv6 works and some initial security concerns. In upcoming posts, I will explain in more detail the security impact on your network of various aspects of IPv6. I am willing to address other topics as well if there is interest, just let me know. Currently the upcoming topics will be:

Read More »

Tags: , ,