The IPSec (Internet Protocol Security) mechanism offers security services (authentication, integrity and confidentiality) in an identical way in IPv4 and IPv6. Their implementation is optional in IPv4 but mandatory in IPv6. Their use is optional.
Security services are offered through the use of AH (Authentication Header) or ESP (Encapsulating Security Payload) extensions of the IPv4 or IPv6 header.
To secure a two-directional communication between two end points, a security association (SA) pair is required. The IKEv2 (Internet Key Exchange version 2) protocol dynamically ensures the creation of the security association.
A security association contains the following parameters:
The IPSec mechanism defines the following three databases: