[AusNOG] IPv6 Article on CNN
Kevin Karp
ausnog at pps.com.au
Mon May 31 20:16:18 EST 2010
Hi Kurt
>I may have this wrong, but have you not simply created a VPN using IPv6?
>Could the same thing not achieved using any VPN implementation and an
>suitably large IPv4 allocation?
Well it'd be a VPN on steroids!
Consider these points:
1. Global addressability: What if a parent wants to access a remote student's netbook (especially
their own child's) and view content the student is making available under Drupal (silly example,
I know, but you get the point)? You'd have to make the parent part of the VPN. With Studentnet
the student's netbook can be accessed, peer to peer, by the parent using any IPv6 connection
that the parent may have. This is all still under the school's network administrator's control.
2. Domain Name support: When the remote student connects to NextMail a DNS entry is dynamically,
automatically created of the form studentname.schoolname.statename.edu.au. I'm not sure...
is there a VPN that does that? You might be able to script it on to an existing facility.
3. Permanent address allocation: The students are given their addresses on a permanent basis.
We know this delivers a present day traceability and auditing benefit. We (or the schools) have
not thought through all of new facilities that this will permit in the future. In conjunction
with the permanent allocation of their gmail based school email addresses we are looking into
future social networking possibilities - especially as the kids will become alumni and then
parents themselves. Are we, and the schools, thinking 2 or 3 decades in advance? You bet we are.
I guess a small school maybe able to do that with a VPN for a limited time.
4. MS Windows 7 Direct Access: As far as I know this ONLY works on IPv6. Your VPN would have to be
an IPv6 VPN to enable this feature - I'm not sure that this is what you meant. BTW, the same
was true for Meeting Space in Windows Vista.
5. Centralised administration (lower administrative costs): All of the Studentnet schools' addresses
come out of the one /32 allocation and the one administrative interface leading to economies
of scale efficiencies. If VPN technology was to be used, administration would be fractured
across all the individual schools increasing overall cost for each school and/or we'd need to
be provided privileged access into the school networks to complete our role.
6. Centralised firewall: All of the traffic flows through a single broker and single firewall
setup that we administer on behalf of the schools. This leads to easier hassle free control
for the extremely overworked school network admins, again all through a central interface for
the schools.
> but this is nothing that could not be achieved with either a large enough allocation from an RIR
Are there any RIR's handing out address allocations large enough to do the above? I don't fancy my
chances with APNIC.
> or using internal addresses inside a VPN setup.
and then we lose the peer to peer global addressability, and centralised advantages.
I guess if one REALLY tries hard almost everything I've mentioned could be done under IPv4 BUT it
would be much more difficult and convoluted. With IPv6, scale is easy without complexity.
Almost unlimited availability of addresses in IPv6 is a game changing concept. I'm not sure I have a
sufficiently active imagination to realise what it means but I do know it deserves exploration
especially with a view to, where feasible, exploitation for reward.
To dismiss this opportunity as merely the same as what we've got except more, belies this game
changing characteristic.
Hope that lot helped.
Kevin
--
STUDENTNET® - Highly Commended: Australian Privacy Awards 2008
Kevin Karp kjk at studentnet.edu.au
next.studentnet.edu.au Tel +61 2 9281 1626
Suite 1, 89 Jones St
Ultimo NSW 2007 Australia Fax +61 2 9281 3047
_____________________________________________________________
More information about the AusNOG
mailing list