Research And Promotion On The Key Technologies Of IPv6

IPv6 is one of the core standards in the next generation Internet. As the network manufacturers and developers gradually introduce IPv6 into the different platforms, IPv4 and IPv6 will coexist for a long time. In the transition period from IPv4 to IPv6, there exist IPv4/IPv6 networks and various transition technologies, which put forward an austere challenge to network security defence appeared. Using tunnel transition mechanism, malicious data packets easily evade the import filter detection. When NAT-PT translation transition mechanism is used, NAT-PT gateway device fails to switch data packets. Therefore, in order to achieve a smooth transition from IPv4 to IPv6, solving the security problems is the most important issue in IPv4/IPv6 transition period. This paper analyzes the existing IPSec in detail and discusses on some primary techniques in the transition period in depth, and focuses on analyzing some potential security problems in IPv4/IPv6 transition period.With regard to the potential security problems about NAT-PT transition mechanism, this paper proposes two relevant improvement strategies, both of which improve the original protocols in the aspect of lacking the end-to-end security defects and ensure the security of data packet transmission. The first one is the strategy with Multi-layered security Mechanism. This strategy includes IPSec mechanisms and transport layer security mechanisms. The SSL/TLS security mechanism in transport layer is used to protect user data, while IPSec is used to protect the packet header. The second strategy is the AH Protocol with NAT Related Information, which employs NAT-Notification payloads to record primary IP address and compares to the ICV by replacing modified IP address with the primary IP address in a remote receiver client. In allusion to the second improvement strategy, the modularization design of data packets security transmission via the NAT-PT gateway can be accomplished by combining the Netfilter function frame of Linux and registering the transition function whose action is to process IP packets specially.