About non 24/7 tunnelbrokers

Pim van Pelt pim@bfib.ipng.nl
Thu, 22 Mar 2001 20:01:19 +0100 (CET)


Dear ipv6 people,

I would like to bring to your attention the following widely
made TunnelBroker problem. 

If you own or administer an IPv6 tunnelbroker that allows
people to disconnect or not stay online 24/7, please ensure
that your tunnelbroker server does not send traffic to the
downstream IP unless you are absolutely sure that your
user is connected to it.

The following situation occurs (in practice, and more times
than most people dare recognise):

1. Your user dials in on some ISP's dialup pool and gets the
   address 212.26.212.123 for example. He then signs up with
   your (dynamic) broker and creates a tunnel. His address
   is, say, 3ffe:8114:1000::11/127.

2. He now logs off and leaves his tunnel 'open'. The next,
   innocent, user dials up and gets 212.26.212.123 from the
   dialup pool at the ISP.

3. Some user on the (IPv6)Internet sends traffic to 
   3ffe:8114:1000::11. Your tunnelbroker will send this 
   traffic to the user at 212.26.212.123, possibly filling
   his dialup link with bogus (unwanted!) traffic.

Of course, many (perhaps even all) tunnelbrokers that have
the dynamic tunnel 'feature' should be made, so that a user
must authenticate itself at the broker before traffic gets
tunneled to an IP, and also he will have to log off of the
server (or be automatically logged off after being idle
or not responding to pings).

The best approach to this is having some client/server 
application, where the user logs on to the tunnelbroker
via telnet, and issues something like this:
USER <local-user>
PASS <hispassword>
TUNNEL TO 212.26.212.123
TUNNEL UP
..
and then the server will send a PING every 60 seconds or
so, to which the client must respond a PONG or else he
will get disconnected and the tunnel will be set to down
state (thus not sending unwanted traffic to the next user
of the IP).

The user, when finished with his business on 6bone, can 
then simply state he is finished by doing some:
TUNNEL DOWN
QUIT

and log off of the tunnelserver.

I'm wondering who of you have thought of this while designing
your local (dynamic) broker and if any of you are willing
to implement it - if it's not already in your software.

Of course, I'd like to hear from any admin that has a
tunnelbroker, or has a need for one. I have implemented
the above schema on tunnelserver.ipng.nl:6660 (no this is
not IRC)

Kind regards, hope to hear from TB-admins,
Pim van Pelt

-- 
---------- - -    - - -+- - -    - - ----------
Pim van Pelt                 Email: pim@ipng.nl
http://www.ipng.nl/             IPv6 Deployment
-----------------------------------------------