I believe implementing line rate IPSEC on a CPE requires silicon that accelerates the crypto algorithms, and this may be a good feature but is outside the budget of most consumers who don't need much beyond SSL/TLS embedded in their HTTP client. So making IPSEC optional is more practical to LIRs needing low cost CPE solutions. And to answer the question below, I know one low cost IPv6 CPE vendor on RIPE's CPE Survey who doesn't support IPSEC, but haven't checked them all. -Ahmed -------------------------------------------------- From: "Jan Zorz" <jan@pragma.si> Sent: Thursday, July 21, 2011 12:48 AM To: <ipv6-wg@ripe.net> Subject: Re: [ipv6-wg] RIPE-501 and IPSEC on CPEs
On 7/20/11 8:54 PM, Jan Zorz @ go6.si wrote:
I feel to agree with this statement...
what percentage of CPEs we "throw out" if we make this optional? sorry, mandatory, not optional. typo.
so, what percentage of CPEs we "throw out" if we make this mandatory?
cheers, Jan