Securing Anycast Communications in IPv6 Networks by means of IPSec

Joao Veiga, Antonio Costa, Alexandre Santos

Universidade do Minho
Centro Algoritmi
Escola de Engenharia
4710-057 Braga, Portugal

Tel.: +351 253 604430
Fax.: +351 253 604471
E-mail: a48049 (at) alunos.uminho.pt, costa (at) di.uminho.pt, alex (at) di.uminho.pt


Abstract

Anycast is a new communication model, introduced by IPv6, relying in a communication paradigm of one to any. The primary characteristic of this model is tthe information directed to an anycast address is to be received by any node within a set of nodes that share the same address. Anycast communications emerged as a simple paradigm to support server replication and as a simple and efficient alternative to load balancing strategies. On the other hand, although anycast communications are prone to a number of security threats, the conjunction of IPsec with anycast is hard to accomplish.

This paper proposes a solution, using IPSec, able to provide secure communications between a client and a set of servers sharing the same anycast address. After a brief survey of the state of art of Anycast and IPSec technologies, the paper analyses experimental results from testing existing anycast and IPSec implementations, working together in real testbed scenarios. Then, a prototype implementation of the solution is developed, tested and evaluated. The proposed solution is totally based on IPSec and does not imply changes to any technology complying with the standards.


20th International Conference on Software, Telecommunications and Computer Networks (SoftCOM 2012), Split, Croatia, Sep 11-13, 2011
(also in the IEEE Xplore)