i'm trying to understand some of the concepts involved in Hurricane Electric's tunnel service.
i know that the tunnel i create goes from my Internet-connected device (which i'll call a
router) to an HE server. In my case i connect to a server in Chicago:
- tserv9.chi1.ipv6.he.net (209.51.181.2)
The other end of the tunnel is
me; my public IPv4 address (
216.8.130.128) is my end of the tunnel.
That explains two items from the Tunnel Details page:
Server IPv4 Address: 209.51.181.2
Client IPv4 Address: 216.8.130.128
With this tunnel created, i now have a mechanism to transport IPv6 packets to "the internet". i can construct an IPv6 packet, send it into the tunnel, and i know they be received by Hurricane Electric's server, and routed off to its final destination on the Internet.
The next question is:
What IPv6 address does Hurricane Electric give me? i can have many devices (e.g. computers, phones, handhelds, watches, microwaves) all wanting an IPv6 address. i would assume that HE gives me a /64 address block, e.g.:
2001:470:1f10:1178:xx:xx:xx:xxNow i can start handing out IPv6 addresses to all my devices, as long as the first 64-bits start with
2001:470:1f10:1178. e.g.
- 2001:470:1f10:1178:0:0:0:1
- 2001:470:1f10:1178:0:0:0:2
- 2001:470:1f10:1178:0:0:0:3
- 2001:470:1f10:1178:0:0:0:4
- 2001:470:1f10:1178:0:0:0:5
Hurricane Electric knows that if it receives a packet from the wider Internet destined for any address starting with
2001:470:1f10:1178, then it should send it through
my tunnel. Whereas HE's other customers have different leading 64-bits, e.g.:
- 2001:470:1f10:1178:x:x:x:x -> Send down Ian Boyd's tunnel (i.e. me)
- 2001:470:1f10:1179:x:x:x:x -> Send down Matt Albie's tunnel
- 2001:470:1f10:117a:x:x:x:x -> Send down Danny Tripp's tunnel
- 2001:470:1f10:117b:x:x:x:x -> Send down Jordan McDere's tunnel
So this would mean that i can assign all my devices any IPv6 address, as long as they begin with
2001:470:1f10:1178.
But that's not quite what happens. The Tunnel Details page lists two specific addresses (both one on one subnet), and it lists an entirely different subnet:
- 2001:470:1f10:1178:0:0:0:1 /64: Server IPv6 Address
- 2001:470:1f10:1178:0:0:0:2 /64: Client IPv6 Address
- 2001:470:1f11:1178:x:x:x:x /64: Routed /64
i thought the tunnel details page was just trying to be helpful when it listed a "
Client IPv6 Address". i have an
entire /64 subnet to myself, so
of course i can start at
:1. But i'm not starting at
1. The "
server" is 1. It specifically says that i (the client) am
:2.
What is this "server" address i am seeing? At first i thought it was the tunnel's Chicago endpoint's IPv6 address, but that's not it:
C:\Users\Ian> nslookup
> tserv9.chi1.ipv6.he.net
Non-authoritative answer:
Name: tserv9.chi1.ipv6.he.net
Addresses: 2001:470:0:6f::1
209.51.181.2
The "server" ipv6 address is
2001:470:0:6f::1; which is different from the address i'm looking at. Is it possible that the Chicago server has multiple address, one for each tunnel on it?
To sum up, there are two /64 subnets associated with my tunnel:
- 2001:470:1f10:1178 (server/client)
- 2001:470:1f11:1170 (routed /64)
Am i
not allowed to have
any address i want in the "server/client" range? Can only assign addresses in the "routed /64" range? It seems such a waste that the entire
2001:470:1f10:1178 block is allocated to me, but only
:1 and
:2 are allowed to be used.
So that doesn't make sense.
My question is, what is:
- the server ipv6 address?
- the client ipv6 address?
- the client/server /64 range used for?
- the routed /64 range used for?
Bonus chatteri assume that the "routed /48" has the same abilities as the "router /64", except you guys don't want to be handing out /48 ranges willy-nilly. The vast majority of users have no need for a /48 address, so that's why you don't create one by default. And while it's simple to create one, i just have to click the "Assign /48" link, it just stops them from being created when they don't have to be.
postscript:
whew it took a long time to compose that question; formatting and everything