Tunnel broker

From Wikipedia, the free encyclopedia

A tunnel broker is a service which provides a network tunnel. These tunnels can provide encapsulated connectivity over existing infrastructure to a new infrastructure.

There is a variety of tunnel brokers, though most commonly the term is used to refer to an IPv6 tunnel broker, as defined in RFC:3053. These commonly provide IPv6 tunnels to endusers/endsites using either manual, scripted or automatic configuration. In general tunnel brokers offer so called 'protocol 41' or proto-41 tunnels. These are tunnels where IPv6 is tunneled directly inside IPv4 by having the protocol field set to '41' (IPv6) in the IPv4 packet.

1 Automatic configuration
2 NAT Issues
3 Dynamic Endpoints
4 See also
5 External links

[edit] Automatic configuration

Automatic configuration is usually done using the Tunnel Setup Protocol (TSP), or using Tunnel Information Control protocol (TIC). A single client capable of this is AICCU (Automatic IPv6 Connectivity Client Utility)

[edit] NAT Issues

proto-41 tunnels (direct IPv6 in IPv4) may not operate well with NATs. One way around this is to configure the actual endpoint of the tunnel to be the DMZ on the NAT-box. Another method is to either use AYIYA or Hexago's V6-UDP-V4 tunneling protocol (described in the TSP draft), both of which send IPv6 inside UDP, which is able to cross most NAT setups and even firewalls.

A problem that still might occur is that of the timing out of the state in the NAT machine. As a NAT remembers that a packet went outside to the Internet it allows another packet to come back in from the Internet that is related to the initial proto-41 packet. When this state expires, no other packets from the Internet will be accepted. This therefore breaks the connectivity of the tunnel until the user's host again sends out a packet to the Tunnel Broker.

[edit] Dynamic Endpoints

When the endpoint isn't a static IP address, the user, or a program, has to instruct the tunnel broker to update the endpoint address. This can be done using the tunnel broker's Website or using an automated protocol like Heartbeat as used by AICCU. In the case of a tunnel broker using TSP, restarting the tunnel will have a similar effect as then the tunnel broker is also instructed to update the IP address on the user's side of the tunnel.