tunnel
Click on the red underlined text to get to the source
... development of several techniques to manage IPv6 over IPv4 tunnels.
At present most of the 6bone network is built using manually
...
... At present most of the 6bone network is built using manually
configured tunnels over the Internet. The main drawback of this
approach is the overwhelming management ...
... network
administrators, who have to perform extensive manual configuration
for each tunnel. Several attempts to reduce this management overhead
...
... overhead
have already been proposed and each of them presents interesting
advantages but also solves different problems than the Tunnel Broker,
or poses drawbacks not present in the Tunnel Broker:
...
... advantages but also solves different problems than the Tunnel Broker,
or poses drawbacks not present in the Tunnel Broker:
...
... manual configuration. The idea is to
embed IPv4 tunnel addresses into the IPv6 prefixes so that any
...
...
The Tunnel Broker idea is an alternative approach based on the
provision of dedicated servers, called Tunnel Brokers, to
...
... The Tunnel Broker idea is an alternative approach based on the
provision of dedicated servers, called Tunnel Brokers, to
automatically manage tunnel requests coming from the users. This
...
... provision of dedicated servers, called Tunnel Brokers, to
automatically manage tunnel requests coming from the users. This
approach is expected to be useful to stimulate the growth of IPv6
...
...
The main difference between the Tunnel Broker and the 6to4 mechanisms
is that the they serve a different segment ...
... the Tunnel Broker fits well for small isolated IPv6 sites, and
especially isolated IPv6 hosts ...
... This document is intended to present a framework describing the
guidelines for the provision of a Tunnel Broker service within the
Internet ...
... architecture of the proposed approach. It also outlines a set of
viable alternatives for implementing it. Section 2 provides an
overall description of the Tunnel Broker model; Section 3 reports
known limitations to the model; Section 4 briefly outlines other
possible applications of the Tunnel ...
... Tunnel Broker model; Section 3 reports
known limitations to the model; Section 4 briefly outlines other
possible applications of the Tunnel Broker approach; Section 5
addresses security issues ...
... Tunnel Broker Model ...
... IPv4 Internet. In the
emerging IPv6 Internet it is expected that many tunnel brokers will
be available so that the user will just have to pick one. The list
of the tunnel ...
... tunnel brokers will
be available so that the user will just have to pick one. The list
of the tunnel brokers should be referenced on a "well known" web page
(e.g. on http://www.ipv6.org) to allow users to choose the "closest"
...
...
+------+
/|tunnel|
/ |server|
/ | |
...
... Tunnel Broker (TB) ...
... The TB is the place where the user connects to register and activate
tunnels. The TB manages tunnel creation, modification and deletion
on behalf of the user.
...
... register and activate
tunnels. The TB manages tunnel creation, modification and deletion
on behalf of the user.
...
... tunnel broker can share the load of
network side tunnel end-points among several tunnel servers. It
...
... network side tunnel end-points among several tunnel servers. It
sends configuration orders to the relevant tunnel server whenever a
...
... end-points among several tunnel servers. It
sends configuration orders to the relevant tunnel server whenever a
tunnel has to be created ...
... sends configuration orders to the relevant tunnel server whenever a
tunnel has to be created, modified or deleted. The TB may also
...
... creates, modifies or deletes the server side of each tunnel. It
may also maintain usage statistics for every active tunnel ...
... Using the Tunnel Broker ...
... it first designates (e.g., according to some load sharing
criteria defined by the TB administrator) a Tunnel Server to be
used as the actual tunnel end-point ...
... administrator) a Tunnel Server to be
used as the actual tunnel end-point at the network side;
...
... it configures the server side of the tunnel;
...
... router and the selected TS is up and working, thus
allowing the tunnel broker user to get access to the 6bone or any
other IPv6 network the TS ...
...
The IPv6 addresses assigned to both sides of each tunnel must be
global IPv6 addresses belonging to the IPv6 addressing ...
... Tunnel management ...
...
Active tunnels consume precious resources on the tunnel servers in
terms of memory and processing time. For this reason it is advisable
...
... Active tunnels consume precious resources on the tunnel servers in
terms of memory and processing time. For this reason it is advisable
to keep the number of unused tunnels ...
... tunnel servers in
terms of memory and processing time. For this reason it is advisable
to keep the number of unused tunnels as small as possible deploying a
well designed tunnel management ...
... to keep the number of unused tunnels as small as possible deploying a
well designed tunnel management mechanism.
...
... dial-up links). In this case a newly
established tunnel is likely to be used just for a short time and
then never again, in that every time the user reconnects he gets a
new IPv4 address ...
... IPv4 address and is therefore obliged either to set-up a new
tunnel or to update the configuration of the previous one. In such a
situation a more effective tunnel ...
... tunnel or to update the configuration of the previous one. In such a
situation a more effective tunnel management may be achieved by
having the TS ...
... reachability statistics for every active tunnel. In this way, the TB
can enforce a tunnel deletion after a period of inactivity without
...
... active tunnel. In this way, the TB
can enforce a tunnel deletion after a period of inactivity without
waiting for the expiration of the related lifetime which can be
...
...
Another solution may be to implement some kind of tunnel management
protocol or keep-alive mechanism between the client ...
... TS (or
between the client and the TB) so that each tunnel can be immediately
released after the user disconnects (e.g., removing his tunnel ...
... tunnel can be immediately
released after the user disconnects (e.g., removing his tunnel end-
point or tearing down his IPv4 connection ...
...
Moreover, keeping track of the tunnel configuration even after the
user has disconnected from the IPv4 Internet may be worth the extra
...
... IPv4 address, he could just
restart the tunnel by getting in touch with the TB again. The TB
could then order a TS to re-create ...
... could then order a TS to re-create the tunnel using the new IPv4
address of the client but reusing the previously allocated IPv6
addresses ...
... As previously stated, the definition of a specific set of protocols
and procedures to be used for the communication among the various
entities in the Tunnel Broker architecture is outside of the scope of
the present framework document ...
... configuration
information (i.e., the IPv4 address of the client side of the tunnel,
etc.) by just filling up some forms on a Web server running on the
...
... TB. As a result the server could respond with an html page stating
that the server end-point of the tunnel is configured and displaying
all the relevant tunnel information.
...
... configure the client end-point of the tunnel on his own. However, it
should be highly valuable to support a mechanism to automate this
procedure as much as possible.
...
...
Several options may be envisaged to assist the Tunnel Broker user in
the configuration of his dual-stack equipment. The simplest option
...
... achieve easy set-up of the client side tunnel end-point. This
solution is clearly the easiest to implement and operate in that it
...
... MIME (Multipurpose Internet Mail Extension) content-
type (e.g., application/tunnel) [4,5] to be used by the TB to deliver
...
... 4,5] to be used by the TB to deliver
the tunnel parameters to the client. In this case, there must be a
dedicated agent ...
... client to process this information and
actually set-up the tunnel end-point on behalf of the user. This is
a very attractive approach which is worth envisaging. In particular,
...
...
Several options are available also to achieve proper interaction
between the broker and the Tunnel Servers. For example a set of
simple RSH commands over IPsec could be used for this purpose.
...
... AAAA, A6 and PTR records
from the DNS zone reserved for Tunnel Broker users) controlled by the
TB. A simple alternative would be for the TB to use a small set of
RSH commands to dynamically update ...
... databases
on the authoritative DNS server for the Tunnel Broker users zone
(e.g. broker.isp-name.com).
...
... Use of the tunnel broker concept in other areas ...
...
The Tunnel Broker approach might be efficiently exploited also to
automatically set-up and manage any other kind of tunnel ...
... Tunnel Broker approach might be efficiently exploited also to
automatically set-up and manage any other kind of tunnel, such as a
multicast tunnel ...
... tunnel, such as a
multicast tunnel (e.g., used to interconnect multicast islands within
the unicast ...
... the interaction between the TB and the Tunnel Server;
...
... root role. This can be dangerous and should be
considered only for early implementations of the Tunnel Broker
approach. Transferring tunnel configuration parameters in a MIME
type ...
... considered only for early implementations of the Tunnel Broker
approach. Transferring tunnel configuration parameters in a MIME
type over https is a more secure approach.
...
... dial-up
user disconnects from the Internet without tearing down the tunnel
previously established through the TB. In fact, the TS keeps
...
... dial-up ISP. This problem could be solved by implementing
on every tunnel the keep-alive mechanism outlined in section 2.5 thus
allowing the TB to immediately stop IPv6 ...
... Finally TBs must implement protections against denial of service
attacks which may occur whenever a malicious user exhausts all the
resources available on the tunnels server by asking for a lot of
tunnels to be established altogether. A possible protection against ...
... resources available on the tunnels server by asking for a lot of
tunnels to be established altogether. A possible protection against
this attack ...
... this attack could be achieved by administratively limiting the number
of tunnels that a single user is allowed to set-up at the same time.
...
...
Some of the ideas refining the tunnel broker model came from
discussion with Perry Metzger and Marc Blanchet.
...