tun6bed4-devel

[6bed4-devel] Testbed for 6bed4

[BOMB <bo...@gm...>]

Hi, 
Do you have the help docs for setup a test bed ?

Assume that:
1, Intranet Peer  -> NAT Router -> Internet -> 6bed4 Tunneling Server
2, General Intranet Peer with RADVD Solicit (not 6bed4) -> NAT Router With RADVD and 6bed4 client -> Internet -> 6bed4 Tunneling Server
 
Thanks,
Bomb




BOMB
2013-12-30

[6bed4-devel] Testbed for 6bed4

[BOMB <bo...@gm...>]

Hi, 
Do you have the help docs for setup a test bed ?

Assume that:
1, Intranet Peer  -> NAT Router -> Internet -> 6bed4 Tunneling Server
2, General Intranet Peer with RADVD Solicit (not 6bed4) -> NAT Router With RADVD and 6bed4 client -> Internet -> 6bed4 Tunneling Server

Thanks,
Bomb

Re: [6bed4-devel] Testbed for 6bed4

[Rick v. R. <ri...@op...>]

Hello Bomisme,

> Do you have the help docs for setup a test bed ?
>    
The basic testing instructions for 6bed4 are here:
http://devel.0cpm.org/6bed4/

If they leave anything open, please ask for what you need to know.

> Assume that:
> 1, Intranet Peer  ->  NAT Router ->  Internet ->  6bed4 Tunneling Server
>    
That is the usual setup of a self-help client.

> 2, General Intranet Peer with RADVD Solicit (not 6bed4) ->  NAT Router With RADVD and 6bed4 client ->  Internet ->  6bed4 Tunneling Server
>    
With radvd, you mean the daemon that supports stateless 
autoconfiguration, right?  The suggested use of 6bed4 is to use the last 
bits in support of DHCPv6.  In 6bed4 v2, which is currently the only 
version available as an implementation, it is not possible to free the 
full /64 for local use, but v3 will probably... alas, see the spec and 
see if it suits you!  http://tools.ietf.org/html/draft-vanrein-6bed4 is 
the latest/v3 spec (since I started with another name, the numbering is 
confusing, due to IETF numbering policy)

Please note that 6bed4 is undergoing a final transition (into a 
textually improved spec and with updated implementation) before I submit 
it to the RFC Editor, and that this has not been implemented in software 
yet -- which is the main reason for the wait.  The new 6bed4 only 
requires a well-known /32 and a fixed UDP port, so it treads much 
lighter on Internet infrastructure.  This is a clear desire in the 
community ;-)

-Rick

Re: [6bed4-devel] Testbed for 6bed4

[BOMB <bo...@gm...>]

Hi, Rick,
Thanks your warm and detailed answers.
I want to setup a free ipv6 service to public, and think the tunnel broker may be a suitable approach, so I researched some transition project,  it seems that most of providers use gogoserver as transition infrestucture, but I have no monty to offer the software, the only free bunnel broker is CITC tunnel broker, they use a python tool as demon broker and a kernel modul ddtb as udp-ipv6 transition, but very awful that the system must create a tunnel interface and set 2 iptables policies and 1 routing for every connection, and due to bind a port, the maximum capacity 2^16 is also a gap, so I continuously search the possible approches and found your RFC proposal, it really a talented and perfect method to resolve NAT traversal, whatever cone or symmetrical, it will bring to complexity and mistake to consider every technical details, your thinking is a perfect compromise for the transition, and in fact 2^6 ipv6 addresses is enough to many units .
So next step, I'll extended the authentication based on your RFC, may be the combination of tb authentication method and your thinking is a very perfect solution to public ipv6 service, I think I will make it online soon .

Thanks,
Bomb





发件人： Rick van Rein
发送时间： 2013-12-30 18:30:17
收件人： tun6bed4-devel
抄送： 
主题： Re: [6bed4-devel] Testbed for 6bed4

Hello Bomisme,
> Do you have the help docs for setup a test bed ?
>    
The basic testing instructions for 6bed4 are here:
http://devel.0cpm.org/6bed4/
If they leave anything open, please ask for what you need to know.
> Assume that:
> 1, Intranet Peer  ->  NAT Router ->  Internet ->  6bed4 Tunneling Server
>    
That is the usual setup of a self-help client.
> 2, General Intranet Peer with RADVD Solicit (not 6bed4) ->  NAT Router With RADVD and 6bed4 client ->  Internet ->  6bed4 Tunneling Server
>    
With radvd, you mean the daemon that supports stateless 
autoconfiguration, right?  The suggested use of 6bed4 is to use the last 
bits in support of DHCPv6.  In 6bed4 v2, which is currently the only 
version available as an implementation, it is not possible to free the 
full /64 for local use, but v3 will probably... alas, see the spec and 
see if it suits you!  http://tools.ietf.org/html/draft-vanrein-6bed4 is 
the latest/v3 spec (since I started with another name, the numbering is 
confusing, due to IETF numbering policy)
Please note that 6bed4 is undergoing a final transition (into a 
textually improved spec and with updated implementation) before I submit 
it to the RFC Editor, and that this has not been implemented in software 
yet -- which is the main reason for the wait.  The new 6bed4 only 
requires a well-known /32 and a fixed UDP port, so it treads much 
lighter on Internet infrastructure.  This is a clear desire in the 
community ;-)
-Rick
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
tun6bed4-devel mailing list
tun...@li...
https://lists.sourceforge.net/lists/listinfo/tun6bed4-devel

Re: [6bed4-devel] Testbed for 6bed4

[Rick v. R. <ri...@op...>]

Hi,

> I want to setup a free ipv6 service to public,

Excellent!  You are aware of RFC 7059 I suppose?  It compares tunnel mechanisms.  (And sorry for advertising my own scribblings!)

> and think the tunnel broker may be a suitable approach, so I researched some transition project,  it seems that most of providers use gogoserver as transition infrestucture,

That infrastructure has rather noticeable scaling issues, because *all* traffic flows through it.  Also, depending on server implementation, it could be possible to hijack a connection from behind the same NAT.

> but I have no monty to offer the software, the only free bunnel broker is CITC tunnel broker, they use a python tool as demon broker and a kernel modul ddtb as udp-ipv6 transition, but very awful that the system must create a tunnel interface and set 2 iptables policies and 1 routing for every connection,

I wondered what the problem was until you said “for every connection” :-)

> and due to bind a port, the maximum capacity 2^16 is also a gap, so I continuously search the possible approches and found your RFC proposal, it really a talented and perfect method to resolve NAT traversal,

*bow* thank you!

> whatever cone or symmetrical, it will bring to complexity and mistake to consider every technical details, your thinking is a perfect compromise for the transition, and in fact 2^6 ipv6 addresses is enough to many units .

…and if not, you can always opt for another 6bed4 lease.

> So next step, I'll extended the authentication based on your RFC, may be the combination of tb authentication method and your thinking is a very perfect solution to public ipv6 service, I think I will make it online soon .

I suppose it is possible to add authentication… the think I had in mind for that is simply setting the IPv4 addresses you can use.  You might use any protocol (“pop before 6bed4”, grinn) to authenticate.  It would be rather disturbing to add it to 6bed4, so I left it out.

I’d love to hear your progress in this matter, so please keep posting any updates you go through!


Cheers,
 -Rick

Re: [6bed4-devel] Testbed for 6bed4

[Rick v. R. <ri...@op...>]

Hello,

> I want to setup a free ipv6 service to public […] the only free bunnel broker is CITC tunnel broker

Looking it up, I found that it uses TSP.

As a predecessor to 6bed4, I have tried to create something I called “Public TSP”, which is still documented here,

http://devel.0cpm.org/public-tsp/

although the expired domain name public-tsp.org now appears to be used for hip implants :)

I left TSP because the software is not maintained (obvious bugs in the client are not fixed, not even when submitting patches) even when the software is incompatible with its own RFC (!)   I did get far in implementing a TSP server in open source though, and it can still be found at

http://git.arpa2.org/?p=public-tsp;a=summary

Note that this will always lead to scaling problems, especially for free service.  My main motivation was to tunnel SIP traffic, to permit end-to-end IPv6 communication.  That relieves users from RTP proxy dependency, thus dependency on telco’s and SDP rewriting.  SDP is ideally passed with encryption, so it can hold key material for SRTP encryption.

The 6bed4 tunnel is perfect for SIP and other peer to peer protocols, in that it will make direct connections whenever possible.  This is the only remedy to achieve scalability.  The difference with Teredo is… well… that 6bed4 works.  Sorry to say this, but the most-deployed IPv6 tunnel in the World is relying on an outdated model of NAT, which assumes a strict classification of types of NAT which has since been established as unreliable.  As a result, you could get an IPv6 for your local end but still see 1/3 of remote hosts unreachable over IPv6.  And it’s so much more smiple to simply try to send a packet directly and draw warranted conclusions from that ;-)

-Rick

Re: [6bed4-devel] Testbed for 6bed4

[BOMB <bo...@gm...>]

Hi, Rick,
Thanks your guide, you had done so many fundamental research in ipv6 traversal, it will greatly promote ipv6 popularize in lots of fields.
I've checked your public tsp router side code, and found you noticed the tspc patch, is it gw6c or gogo6c client? very regret that it was losed with the site, do you have other copy for the client? 

Thanks,
Bomb


发件人： Rick van Rein
发送时间： 2013-12-30 22:00:53
收件人： tun6bed4-devel
抄送： 
主题： Re: [6bed4-devel] Testbed for 6bed4

Hello,
> I want to setup a free ipv6 service to public […] the only free bunnel broker is CITC tunnel broker
Looking it up, I found that it uses TSP.
As a predecessor to 6bed4, I have tried to create something I called “Public TSP”, which is still documented here,
http://devel.0cpm.org/public-tsp/
although the expired domain name public-tsp.org now appears to be used for hip implants :)
I left TSP because the software is not maintained (obvious bugs in the client are not fixed, not even when submitting patches) even when the software is incompatible with its own RFC (!)   I did get far in implementing a TSP server in open source though, and it can still be found at
http://git.arpa2.org/?p=public-tsp;a=summary
Note that this will always lead to scaling problems, especially for free service.  My main motivation was to tunnel SIP traffic, to permit end-to-end IPv6 communication.  That relieves users from RTP proxy dependency, thus dependency on telco’s and SDP rewriting.  SDP is ideally passed with encryption, so it can hold key material for SRTP encryption.
The 6bed4 tunnel is perfect for SIP and other peer to peer protocols, in that it will make direct connections whenever possible.  This is the only remedy to achieve scalability.  The difference with Teredo is… well… that 6bed4 works.  Sorry to say this, but the most-deployed IPv6 tunnel in the World is relying on an outdated model of NAT, which assumes a strict classification of types of NAT which has since been established as unreliable.  As a result, you could get an IPv6 for your local end but still see 1/3 of remote hosts unreachable over IPv6.  And it’s so much more smiple to simply try to send a packet directly and draw warranted conclusions from that ;-)
-Rick
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
tun6bed4-devel mailing list
tun...@li...
https://lists.sourceforge.net/lists/listinfo/tun6bed4-devel

Re: [6bed4-devel] Testbed for 6bed4

[Rick v. R. <ri...@op...>]

Hey,

> Thanks your guide, you had done so many fundamental research in ipv6 traversal, it will greatly promote ipv6 popularize in lots of fields.

Gladly done.  I want SIP to run over IPv6 more than anything else.  Well, and get it secured of course.

> I've checked your public tsp router side code, and found you noticed the tspc patch, is it gw6c or gogo6c client? very regret that it was losed with the site, do you have other copy for the client? 

Fixed the links by not making them point to the non-existent domain anymore.  You should be able to download.  The patch is relative to the TSP client for Debian.  It basically makes tspc work according to the RFC.

-Rick

Re: [6bed4-devel] Testbed for 6bed4

[BOMB <bo...@gm...>]

Hi, Rick,
You are right, the authtication mechanism will be worked on ipv4 layer, just like tunnel broker, actuatlly the total service is the combination of tsp serving for control plain and 6in4 for dataplain, I will use 6bed4 as same.
But a obvious fact is that, 6bed4 accually acts a dynamic and automatic tunnel negotiation mechanism for peers, no-authentication is better than authentication, however the authentication must be considered in most of business case, I was thinking this today, roughly there are 2 methods could be used,
1, iptables filter, the chain is working on whilte list, only datagrams for authenticated users can be transmitted.
2, routing table, the system will create a policy routing item for every connection, otherwise will be dropped .

but the 2 methods will bring huge computing huge, imagin the item count is over 100k .
Do you have better choices for authentication ?

BOMB
2013-12-31



发件人： Rick van Rein
发送时间： 2013-12-30 22:00:53
收件人： tun6bed4-devel
抄送： 
主题： Re: [6bed4-devel] Testbed for 6bed4

Hello,
> I want to setup a free ipv6 service to public […] the only free bunnel broker is CITC tunnel broker
Looking it up, I found that it uses TSP.
As a predecessor to 6bed4, I have tried to create something I called “Public TSP”, which is still documented here,
http://devel.0cpm.org/public-tsp/
although the expired domain name public-tsp.org now appears to be used for hip implants :)
I left TSP because the software is not maintained (obvious bugs in the client are not fixed, not even when submitting patches) even when the software is incompatible with its own RFC (!)   I did get far in implementing a TSP server in open source though, and it can still be found at
http://git.arpa2.org/?p=public-tsp;a=summary
Note that this will always lead to scaling problems, especially for free service.  My main motivation was to tunnel SIP traffic, to permit end-to-end IPv6 communication.  That relieves users from RTP proxy dependency, thus dependency on telco’s and SDP rewriting.  SDP is ideally passed with encryption, so it can hold key material for SRTP encryption.
The 6bed4 tunnel is perfect for SIP and other peer to peer protocols, in that it will make direct connections whenever possible.  This is the only remedy to achieve scalability.  The difference with Teredo is… well… that 6bed4 works.  Sorry to say this, but the most-deployed IPv6 tunnel in the World is relying on an outdated model of NAT, which assumes a strict classification of types of NAT which has since been established as unreliable.  As a result, you could get an IPv6 for your local end but still see 1/3 of remote hosts unreachable over IPv6.  And it’s so much more smiple to simply try to send a packet directly and draw warranted conclusions from that ;-)
-Rick
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
tun6bed4-devel mailing list
tun...@li...
https://lists.sourceforge.net/lists/listinfo/tun6bed4-devel