[AusNOG] IPv6 Article on CNN

Kevin Karp ausnog at pps.com.au
Mon May 31 20:16:18 EST 2010


Hi Kurt

 >I may have this wrong, but have you not simply created a VPN using IPv6?

>Could the same thing not achieved using any VPN implementation and an
>suitably large IPv4 allocation?

Well it'd be a VPN on steroids!

Consider these points:

1. Global addressability: What if a parent wants to access a remote student's netbook (especially
    their own child's) and view content the student is making available under Drupal (silly example,
    I know, but you get the point)? You'd have to make the parent part of the VPN. With Studentnet
    the student's netbook can be accessed, peer to peer, by the parent using any IPv6 connection
    that the parent may have. This is all still under the school's network administrator's control.

2. Domain Name support: When the remote student connects to NextMail a DNS entry is dynamically,
    automatically created of the form studentname.schoolname.statename.edu.au. I'm not sure...
    is there a VPN that does that? You might be able to script it on to an existing facility.

3. Permanent address allocation: The students are given their addresses on a permanent basis.
    We know this delivers a present day traceability and auditing benefit. We (or the schools) have
    not thought through all of new facilities that this will permit in the future. In conjunction
    with the permanent allocation of their gmail based school email addresses we are looking into
    future social networking possibilities - especially as the kids will become alumni and then
    parents themselves. Are we, and the schools, thinking 2 or 3 decades in advance? You bet we are.
    I guess a small school maybe able to do that with a VPN for a limited time.

4. MS Windows 7 Direct Access: As far as I know this ONLY works on IPv6. Your VPN would have to be
    an IPv6 VPN to enable this feature - I'm not sure that this is what you meant. BTW, the same
    was true for Meeting Space in Windows Vista.

5. Centralised administration (lower administrative costs): All of the Studentnet schools' addresses
    come out of the one /32 allocation and the one administrative interface leading to economies
    of scale efficiencies. If VPN technology was to be used, administration would be fractured
    across all the individual schools increasing overall cost for each school and/or we'd need to
    be provided privileged access into the school networks to complete our role.

6. Centralised firewall: All of the traffic flows through a single broker and single firewall
    setup that we administer on behalf of the schools. This leads to easier hassle free control
    for the extremely overworked school network admins, again all through a central interface for
    the schools.

>  but this is nothing that could not be achieved with either a large enough allocation from an RIR

Are there any RIR's handing out address allocations large enough to do the above? I don't fancy my
chances with APNIC.

>  or using internal addresses inside a VPN setup.

and then we lose the peer to peer global addressability, and centralised advantages.

I guess if one REALLY tries hard almost everything I've mentioned could be done under IPv4 BUT it
would be much more difficult and convoluted. With IPv6, scale is easy without complexity.

Almost unlimited availability of addresses in IPv6 is a game changing concept. I'm not sure I have a
sufficiently active imagination to realise what it means but I do know it deserves exploration
especially with a view to, where feasible, exploitation for reward.

To dismiss this opportunity as merely the same as what we've got except more, belies this game
changing characteristic.

Hope that lot helped.

Kevin

-- 
STUDENTNET® - Highly Commended: Australian Privacy Awards 2008
    Kevin Karp                            kjk at studentnet.edu.au
    next.studentnet.edu.au                  Tel +61 2 9281 1626
    Suite 1, 89 Jones St
    Ultimo NSW 2007 Australia              Fax +61 2 9281 3047
_____________________________________________________________






More information about the AusNOG mailing list