Tunnel broker

from Wikipedia, the free encyclopedia
Protocol 41 in Wireshark

In the field of computer networks, a tunnel broker is a service that provides tunnels that can be used, for example, to transport traffic in a secured manner ( Virtual Private Network ) or in an encapsulated manner in order to e.g. B. to transport IPv6 over an IPv4 network.

Although there are several types of tunnel brokers, they are mostly used to describe brokers that provide tunnels that allow IPv6 packets to be routed over old IPv4 infrastructure ( RFC 3053 ), but there can also be IPv4 tunnel brokers that provide IPv4 packets over IPv6 infrastructure. The tunnels that carry IPv6 over IPv4 use the " Protocol 41" method , which consists of setting the protocol field of the IPv4 packet to 41 (29 hex ) and packing the IPv6 packet as a payload. The other end point of the tunnel then unpacks the IPv6 packet and sends it to the global IPv6 network. The way back is accordingly.

Automatic configuration

Typically, IPv6 tunnels are configured and created using the Tunnel Setup Protocol or Tunnel Information Control protocol. However, very often a tunnel is configured manually.

Problems with network address translation and routers

Protocol 41 tunnels, where IPv6 is packaged directly in IPv4, may no longer work reliably behind NATs . However, there are no problems with many modern routers. Problems that arise can be circumvented by either placing the endpoint in a demilitarized zone or directly on the NAT device; Modern routers for home use that are IPv6-capable now support this. It is also possible to use AYIYA or TSP (Tunnel Setup Protocol), which pack IPv6 packets into UDP packets. These can easily pass through most firewalls (provided there is no prohibiting rule).

A problem that can still occur is that a NAT rule is removed from the table even though the connection is still up. If packets for the tunnel then arrive from outside, the router can no longer forward them and discards them. This interrupts the tunnel connection until the user sends a packet through the tunnel again.

Many, especially older, (home) routers generally do not route any protocol 41 packets.

Dynamic endpoints

If the client end point of the tunnel has a dynamic IP address (as with private customer broadband connections), then the customer must always inform the tunnel broker about the new IP address when there is a change. This is done either manually via the tunnel broker's website or via an automatic protocol such as TSP or Heartbeat.

Other tunnel brokers allow a convenient web-based solution in which a predefined URL is called up containing the user name, password and the host name or ID of the tunnel. The endpoint can be updated via the IP of the caller (the server for this solution is connected via IPv4).

See also

Web links