From: BOMB <bo...@gm...> - 2013-12-31 07:29:43
|
Hi, Rick, You are right, the authtication mechanism will be worked on ipv4 layer, just like tunnel broker, actuatlly the total service is the combination of tsp serving for control plain and 6in4 for dataplain, I will use 6bed4 as same. But a obvious fact is that, 6bed4 accually acts a dynamic and automatic tunnel negotiation mechanism for peers, no-authentication is better than authentication, however the authentication must be considered in most of business case, I was thinking this today, roughly there are 2 methods could be used, 1, iptables filter, the chain is working on whilte list, only datagrams for authenticated users can be transmitted. 2, routing table, the system will create a policy routing item for every connection, otherwise will be dropped . but the 2 methods will bring huge computing huge, imagin the item count is over 100k . Do you have better choices for authentication ? BOMB 2013-12-31 发件人: Rick van Rein 发送时间: 2013-12-30 22:00:53 收件人: tun6bed4-devel 抄送: 主题: Re: [6bed4-devel] Testbed for 6bed4 Hello, > I want to setup a free ipv6 service to public […] the only free bunnel broker is CITC tunnel broker Looking it up, I found that it uses TSP. As a predecessor to 6bed4, I have tried to create something I called “Public TSP”, which is still documented here, http://devel.0cpm.org/public-tsp/ although the expired domain name public-tsp.org now appears to be used for hip implants :) I left TSP because the software is not maintained (obvious bugs in the client are not fixed, not even when submitting patches) even when the software is incompatible with its own RFC (!) I did get far in implementing a TSP server in open source though, and it can still be found at http://git.arpa2.org/?p=public-tsp;a=summary Note that this will always lead to scaling problems, especially for free service. My main motivation was to tunnel SIP traffic, to permit end-to-end IPv6 communication. That relieves users from RTP proxy dependency, thus dependency on telco’s and SDP rewriting. SDP is ideally passed with encryption, so it can hold key material for SRTP encryption. The 6bed4 tunnel is perfect for SIP and other peer to peer protocols, in that it will make direct connections whenever possible. This is the only remedy to achieve scalability. The difference with Teredo is… well… that 6bed4 works. Sorry to say this, but the most-deployed IPv6 tunnel in the World is relying on an outdated model of NAT, which assumes a strict classification of types of NAT which has since been established as unreliable. As a result, you could get an IPv6 for your local end but still see 1/3 of remote hosts unreachable over IPv6. And it’s so much more smiple to simply try to send a packet directly and draw warranted conclusions from that ;-) -Rick ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk _______________________________________________ tun6bed4-devel mailing list tun...@li... https://lists.sourceforge.net/lists/listinfo/tun6bed4-devel |