Welcome to Hurricane Electric's Tunnelbroker.net forums!
Started by KiLaHuRtZ, December 10, 2012, 05:16:55 AM
Quote from: snarked on December 10, 2012, 12:03:12 PMPlease explain why a person would need more than 5 tunnels for himself....
Quote from: KiLaHuRtZ on December 10, 2012, 01:08:24 PMI knew that was going to come up. :D I guess one could say I'm not your average user when it comes to this stuff. I'm looking to setup some routers in an isolated lab environment and wish to get them IPv6 connectivity. I've exhausted my five tunnels already for personal home use as well as for my server environment. I have mutiple routers and mutiple IPv4 address on these and wanted each to have it's own dedicated IPv6 gateway to the internet. This is why I am asking permission first before I do anything as I realize this is outside the typical norm for the average user.
Quote from: broquea on December 10, 2012, 01:41:06 PMSure as many accounts as you have unique email addresses
Quote from: broquea on December 10, 2012, 01:41:06 PMand tunnels as you have unique IPv4 addresses that respond to ICMP.
Quote from: broquea on December 10, 2012, 02:50:13 PMFiltering ICMP? Well that isn't even barely security through obscurity: it is pointless. If someone really wants to cause you "security" headaches, they can do a whole lot more without even touching ICMP. Smurf/Ping of Death is so last century.
Quote from: broquea on December 10, 2012, 02:50:13 PMNot so much "limitations in software" as "policy". A change in policy would cause a bit to get flipped, and poof, 29897238492374 tunnels living on a single IP.
Quote from: broquea on December 10, 2012, 02:50:13 PMICMP responding means they know the host is live; would you rather a portscan? (no really, what is a good recommendation for validating that a remote side is "UP" or reachable)
QuoteSomebody might like to have 2 or 3 tunnels for redundancy.
QuoteThere may be multiple people behind a single IPv4 NAT, who need tunnels and cannot get native IPv6.
QuoteA user with a dynamic IPv4 address may get an address which has previously been used by another tunnelbroker.net user, who has forgotten about a configured tunnel.
Quote from: broquea on December 10, 2012, 05:40:22 PMQuoteSomebody might like to have 2 or 3 tunnels for redundancy.Redundancy is an issue, albeit really small for a free service. Each tunnel gets its own IP allocations, and IPv6 RPF is in place upstream, and the IPv6 allocation pools are unique to each tserv. The only free redundant tunnel you can get is a BGP tunnel, which relies on the user having their own allocations. I'm willing to bet, as I have in other threads, the number of users competent of source address routing/selection are fewer than those wanting multiple tunnels per single IP. Sounds like it is reaching paid tunnel time if users want something more resilient. How much are they going/willing to pay for that feature set? Etc. Private-asn you might say? That is a service with a charge for HE colo/transit customers, why should it be free for the broker? They'd just come to the broker, bam no native, no revenue, etc.
Quote from: broquea on December 10, 2012, 05:40:22 PMQuoteThere may be multiple people behind a single IPv4 NAT, who need tunnels and cannot get native IPv6.Agreed, CGN sucks, should vote with wallet on their ISP choice.
Quote from: broquea on December 10, 2012, 05:40:22 PMIf it is the office, and you aren't the neteng/netadmin, tunneling of any kind through the corp firewall tends to be discouraged anyways. If you are, hey whattya know, you can modify the edge.
Quote from: broquea on December 10, 2012, 05:40:22 PMQuoteA user with a dynamic IPv4 address may get an address which has previously been used by another tunnelbroker.net user, who has forgotten about a configured tunnel.This has always been a problem, and there is an internal mechanism in place for claiming that IPv4 endpoint and nuking the old tunnel or having it associated with the account.
Quote from: broquea on December 10, 2012, 05:40:22 PMTunnels aren't supposed to be the preferred method of IPv6 connectivity, native is. I weep for an IPv6 world where ISPs/etc see that their users will just tunnel, and slow progress on native deployment because their users figured out a workaround. I weep even for those stuck behind 6rd because that is how lazy their ISP/etc is.
Quote from: snarked on December 11, 2012, 11:47:02 AMI'm now wondering why he can't set up a machine to be his own tunnel server as an endpoint for a /48, thus having many thousands of /64 individual tunnels split from it.... It appears that some of his tunnelled networks will be at the same physical location.