• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Recommendation for two networks

Started by microfoundry, October 12, 2010, 09:30:58 PM

Previous topic - Next topic

microfoundry

Greetings - I currently have 2 network segments, each attached to the internet with a IPv4 VPN tunnel between sites utilizing Juniper's SSG-5. In addition, I've built an IPv6 tunnel to HE from the PDC and all is well.

From a design standpoint, what's the recomended config for IPv6 to each site? And between sites?

TIA,

Terry

jimb

#1
If it was my choice and I needed to use HE tunnels, I'd have a separate IPv6 tunnel w/ routed 48s for each site utilizing each site's internet connection.  I'd then connect the two sites directly with a VPN so that site-to-site comms would use that.  You could do this with something like IPSEC encrypted 6in4 or GRE tunnels provided your device(s) support something like this.

Be careful not to simply let HE route your IPv6 traffic between sites unless you don't care whether the inter-site traffic crosses the internet in "plaintext" format.

EDIT: Of course, if your two sites are in one of the data centers where HE is present, you could purchase your IPv4 and IPv6 internet connectivity from HE directly and do native IPv6 w/o the need for tunnels, and connect your two sites with IPv4 and IPv6 native VPNs.  :p