Cisco aims for IPv6 firewalls

Attacking one of the key problems early adopters have had with IPv6 (Internet Protocol Version 6), Cisco plans to beef up...

Cisco plans boost security in IPv6 by adding support for stateful packet filtering of IPv6 traffic to its software and hardware firewall products in the first half of next year.

Cisco demonstrated the filtering capability in its IOS (Internetwork Operating System) firewall at the North American IPv6 Global Summit, said Patrick Grossetete, Cisco IOS IPv6 product manager.

IPv6 incorporates many features, including the ability to accommodate a vastly increased number of addresses.

From 1 October, all systems bought or built for the US Department of Defense's Global Information Grid will have to be IPv6 capable as well as supporting IPv4, according to Cisco.

Some who had started to use IPv6 in production networks last year were concerned that not as many security tools, including firewalls, were available for the protocol.

IPv6 could also allow each system to have a unique IP address, a hacker might be able to target an individual system within an enterprise for attack.

The IOS Firewall software, designed to be part of the operating system that runs all Cisco devices, can do stateful inspection of IPv6 traffic, meaning it can examine each packet within the context of other packets that preceded it, an aid in protecting against DoS (denial of service) attacks.

It can handle IPv6 traffic using Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Internet Control Message Protocol (ICMP).

Most of Cisco's existing routers and routing switches now have support for IPv6 routing in hardware as well as software, Grossetete said. Previously, the platforms had to use software for IPv6 routing, which generally is slower.

The proliferation of non-PC devices that need their own IP addresses will be a major driver of demand for IPv6, Grossetete said.

As the protocol is implemented in enterprise and service provider networks it will open the door to direct end-to-end connections across the internet and new collaboration, videoconferencing and grid computing applications, he added.

Cisco is also participating in a three-year project called the 6Net with partners including the European Commission. The demonstration project involves a native IPv6 network of Cisco routers across Europe, which has already been up for 18 months.

The company is also working with French car maker Renault on a mobile IPv6 project in which Cisco 3200 Series Mobile Access Routers in vehicles use IPv6 over IEEE 802.11b wireless Lans and mobile data networks.

Stephen Lawson writes for IDG News Service

Read more on IT suppliers