Analytical Analysis of the Performance Overheads of IPsec in MIPv6 Scenarios Zoltán Faigl, Péter Fazekas, Stefan Lindskog, and Anna Brunstrom 1 Introduction The next generation network (NGN) connects different access networks, such as xDSL, 3G, WiFi, and WiMAX to an IPv6-based core network. One of the requirements of NGN is to support the mobility of services, us- ers, and terminal equipments [6]. The mobile IPv6 protocol (MIPv6) [12] and its extensions, such as hierarchical MIPv6 [20], fast handovers for MIPv6 [15], and network mobility protocol [4], provides one major possi- ble mobility service solution. Other solutions also exist, and a discussion and comparison of the main mobility protocols can be found in [16]. In systems supporting mobility a wide variety of threats exist [2, 18]. Reliable and secure communication of mobility signaling protocols, such as MIPv6 and its extensions, is therefore critical. An important challenge is therefore how to integrate security solutions into the signaling protocols of the NGN. One of the possible choices for security solutions is the use of IPsec [14] with the Internet key exchange protocol version 2 (IKEv2) [13]. MIPv6 recommends the use of IPsec and IKEv2 for the protection of signaling messages, between the mobile node (MN) and the home agent (HA) [1]. However, IPsec and IKEv2 enable a very wide range of configuration pos- sibilities. It is thus an important question for network designers to deter- mine which configuration to apply in a specific situation. An informed de- cision requires that the security levels and costs of the performance overheads of the possible security configurations are known. The decision for the best security configuration can then be made by specifying a trade- off between security and performance. This chapter aims to demonstrate how the performance overheads of the different protection policies of IPsec can be analyzed in a MIPv6 scenario. We highlight two main performance measures in our analysis: the overall