Securing anycast communications in IPv6 networks by means of IPSec

Anycast is a new communication model, introduced by IPv6, relying in a communication paradigm of “one to any”. The primary characteristic of this model is that the information directed to an anycast address is to be received by any node within a set of nodes that share the same address. Anycast communications emerged as a simple paradigm to support server replication and as a simple and efficient alternative to load balancing strategies. On the other hand, although anycast communications are prone to a number of security threats, the conjunction of IPsec with anycast is hard to accomplish. This paper proposes a solution, using IPSec, able to provide secure communications between a client and a set of servers sharing the same anycast address. After a brief survey of the state of art of Anycast and IPSec technologies, the paper analyses experimental results from testing existing anycast and IPSec implementations, working together in real testbed scenarios. Then, a prototype implementation of the solution is developed, tested and evaluated. The proposed solution is totally based on IPSec and does not imply changes to any technology complying with the standards.