Re: IPv6 Tunnels

[Joe St Sauver <JOE () OREGON UOREGON EDU>]

Hi Gary,

#A student run unix server has been set up as an
#IPv6 tunnel for academic experimentation and learning.
#I'm worried about IPv6 tunnels inadvertently
#bypassing border access controls.
#
#Anyone tackled this problem yet? Policy? Technology?
#Setting up a tunnel at the border for the entire
#campus?

My biggest recommendation would be to avoid tunnelling at all, and run
IPv6 native. If you've got Abilene connectivity via Internet2, this is
fairly straightforward to accomplish; nice I2 IPv6 working group pages
at http://ipv6.internet2.edu/

You can see the sites that currently have IPv6 allocations from Abilene
at http://ipv6.internet2.edu/Abilene_Allocations.shtml and there's a map
at www.abilene.iu.edu/images/v6.pdf

If you're not doing IPv6, a growing number of
commodity transit providers may also be able to accomodate a request
for IPv6 transit. For example, just to mention a couple of folks...

-- Sprint has a page at http://www.sprintv6.net/Sprintv6.html
-- Verio ( http://www.nwfusion.com/newsletters/isp/2004/0628isp2.html )

When it comes to IPv6 security issues, perhaps the greatest issue is
that many of the tools that you may routinely have deployed for IPv4
may not be IPv6 aware (e.g., firewalls, IDS, etc.).

Regards,

Joe

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.