• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

what kind of tunneling hurricane eletric provides?

Started by dudastt, November 25, 2011, 07:42:27 PM

Previous topic - Next topic

dudastt

just curious..

i understand that tunnelbroker.net is a service/server that provides tunneling service for users

the question is what kind of tunneling does it provide?6to4,6over4,ISATAP?or simply a different tunneling mechanism?

broquea


kasperd

6in4, 6to4, 6over4, ISATAP, and 6rd all use protocol 41 to encapsulate IPv6 packets in IPv4 packets. The difference is in how the addresses are decided. When choosing a tunnel provider such as HE, the only one of the four options that makes sense is an explicitly configured 6in4 tunnel.

6to4 and 6over4 are both zero config methods where you just enable it, but don't choose any provider on your own. 6to4 appears to be superior to 6over4. I don't know if anybody is even using 6over4 these days. Though 6to4 is better and more widely deployed it isn't perfect. It relies on third party relays for traffic between 6to4 nodes and the rest of the Internet, you don't have much control over which relays are used, and there is no guarantees about the availability of these relays.

For traffic in one direction you could choose a specific relay instead of relying on anycast. It might even be that HE has some that you could use. But that is not the primary purpose of tunnelbroker.net. And choosing a reliable relay in one direction doesn't solve the problem with traffic in the other direction. Once you start making choices you may as well go all the way and use a fully configured tunnel where your traffic in both directions go through the same tunnel server.

6rd is similar to 6to4, but uses relays provided by your own ISP for traffic in both directions. It makes sense as a method for an ISP to provide IPv6 to its customers. But it is so wasteful with the IPv6 addresses, that HE would need more address space to just provide a /64 to each user than is currently used to provide a /48 to anybody who asks. The main advantage of 6rd over an explicitly configured tunnel is that it doesn't require configuration. But if you are making a choice of provider, you don't even have that advantage.

ISATAP it is similar to 6over4, but is extended with a method for router discovery. It might be feasible for HE to set that up, but I don't see what advantages it provides over the 6in4 setup currently used.

That leaves 6in4 as the only* use of protocol 41 making sense for a tunnel provider. There are of course other options not using protocol 41 at all such as PPTP and AYIYA. HE did a beta with PPTP, but dropped it again due to the PPTP servers being too unstable.

cholzhauer

I thought I remember reading somewhere that 6to4 was deprecated (or would be soon)?

Isn't 6rd the technology comcast is using for their ipv6 rollout?

dudastt

wow,didn't expect to have this much responses,thanks everyone :)

next question,do other tunnel broker providers use 6in4 too for their tunnel?

@kasperd
based on your explanation,is it okay to say 6in4 is the best tunneling mechanism today?

kasperd

I haven't heard anything about 6to4 being deprecated, and currently it is too widely deployed to be ignored. And there isn't any central control over it, so it isn't something that can just be turned off.

What is however the case is that vendors are aware of the drawbacks of 6to4 and trying to avoid it when possible. Some vendors are going a bit too far in that respect and sometimes choose Teredo when given the choice between 6to4 and Teredo.

What is the best choice depends on what the other endpoint is using, and what your ISP is providing.

When communicating with an endpoint using 6to4 it is best to use 6to4 yourself as well. OTOH if the other endpoint is not using 6to4, you are better off using a configured 6in4 tunnel or 6rd. I think most systems can make the proper decision when they need to choose between 6to4 and 6in4, so you'd probably be best off by setting up both.

Of course pay attention to drawbacks of any firewall or NAT between the tunnel endpoint on your router and the IPv4 backbone. If there is a firewall or NAT in between, then 6rd or 6to4 can be problematic to get working. 6in4 has a better chance of working, but won't always work either.

If you have a direct connection to the IPv4 backbone without any obstacles, I think the best choice is to use a combination of 6to4 and one of the others.

If your ISP provides 6rd, then that is probably a better choice than a configured 6in4 tunnel. This is in particular important if your ISP is using CGN and you don't have an IPv4 address of your own.

If you had to choose only one of the above methods and use always, then I'd say the 6in4 tunnel is the one that is most likely going to work. But in some cases there are better choices, and in some cases you can have multiple tunnels enabled simultaneously and rely on your OS to pick the most appropriate one for each connection.

cholzhauer

6to4 is disabled by default in Win7 SP1, maybe that's what I was thinking

snarked

I also haven't heard anything about 6to4 being deprecated.  In fact, it should be enabled on every host on the Internet that has an IPv4 allocation and hasn't a native IPv6 allocation.  There's no excuse for not doing so.

tomherbst

There is discussion of deprecating 6to4 in the IETF v6ops and homenet working groups. Just because an IETF group deprecates something does not mean ISP's turn it off.

The production Comcast rollout is native IPv6 - no tunnels.  6rd was part of the trial for a year, but the 6rd server was taken down a few months ago.