|
Howto auto configure multiple endpoints
![[gb]](/s/countries/gb.gif) Shadow Hawkins on Wednesday, 05 October 2011 15:16:58
I work for a device management company. I have devices running all over the world, potentially different ISPs.
The problem is that we can't ping the devices using IPv4 because they are behind NAT firewalls (mostly). We can't have long lived TCP connections because the servers can't handle that many simultaneous TCP connections (could be 100000 clients at one time).
I want to be able to send any of them a UDP packet (or TCP connection) to notify them to to start a session with the server (which has a known address/name). The clients would send a packet to the server to register their IP address with it.
This would be easy in an IPv6 native world (or indeed a non NATed v4 world).
I have been scanning these posts to see if I can use a solution from SisXS. I think not, but would be pleased with any suggested solution.
As far as I see it I have several options.
Firstly I could apply for a SixXS tunnel for each device. I think this would be too cumbersome. These are "dumb users" (don't tell them I said that, they don't know!), so the requirement is that we can't get them to fill in any useful information, let alone get them to give out their addresses. We can do any amount of code based configuration, just not interaction. So they can't have their own SixXS accounts.
Secondly I could have a subnet, but that entails setting up a tunnel server endpoint (since the clients won't necessarily have an IPv6 network.) If I did this, I wouldn't actually need a tunnel broker, because the server doesn't actually have to talk to the rest of the Internet, just the clients. The problem with this approach is scalability. There could be hundreds of thousands, so one server wouldn't cut it and if we build a server farm then we don't actually need IPv6, we could just have the clients use a direct TCP connection to the server.
Thirdly, more promising, Teredo. The target platform for the client for the moment is Windows 7. Using a SixXS account on the server (Solaris/Linux) would work, and in theory the Windows7 clients could connect using teredo and tell the server their IPv6 addresses. Problems with this as far as I can see:
1) The IPv6 addresses can change if several clients are behind the same NAT firewall, so the server would not know their addresses at any particular time.
2) I might well have read this wrong, but it looks like I would need my own teredo relay and or server for the sake of routing. This might be perceived as being a bit too complex to maintain. Please correct me if I am wrong here.
3) Most of what I read about teredo is that it doesn't work very well and there are routing issues.
What I need is a way to auto-configure IPv6 hosts in an IPv4 world (like SisXS without any authentication. I can see why that is a non starter).
Any ideas or corrections would be welcome.
Howto auto configure multiple endpoints
Shadow Hawkins on Wednesday, 05 October 2011 18:02:32
Update:
Teredo doesn't work quite like I thought. I don't think I need my own relays or servers. So this might be the solution I am looking for.
I have a Windows 7 machine here and it seems to almost work. I can ping the SixXS endpoint (linux) from my Windows 7 teredo endpoint. Traceroute also works. But when I try to do the reverse I get no response from the windows machine.
xxx@xxx:~$ traceroute6 2001:0:5ef5:79fd:2011:d1d:a9e0:780a
traceroute to 2001:0:5ef5:79fd:2011:d1d:a9e0:780a (2001:0:5ef5:79fd:2011:d1d:a9e0:780a) from 2a01:348:6:4f7::2, 30 hops max, 16 byte packets
1 gw-1272.lon-02.gb.sixxs.net (2a01:348:6:4f7::1) 50.364 ms 49.348 ms 49.561 ms
2 ge-0-0-5-20.cs0.thw.uk.goscomb.net (2a01:348:0:4:0:3:0:1) 52.166 ms 50.227 ms 50.703 ms
3 xe-0-0-0.rt0.the.uk.goscomb.net (2a01:348::27:0:1) 50.079 ms 50.465 ms 52.604 ms
4 cairney-26.gw.goscomb.net (2a01:348:0:4:0:26:1:1) 50.663 ms 51.627 ms 51.462 ms
5 shipworm.lhr.uk.as44980.net (2001:1a08:666:202::210) 51.075 ms 50.923 ms 50.734 ms
6 2001:0:5ef5:79fd:2011:d1d:a9e0:780a (2001:0:5ef5:79fd:2011:d1d:a9e0:780a) 474.185 ms 352.543 ms 203.956 ms
nigel@nigel-desktop:~$ ping6 2001:0:5ef5:79fd:2011:d1d:a9e0:780a
PING 2001:0:5ef5:79fd:2011:d1d:a9e0:780a(2001:0:5ef5:79fd:2011:d1d:a9e0:780a) 56 data bytes
^C
--- 2001:0:5ef5:79fd:2011:d1d:a9e0:780a ping statistics ---
15 packets transmitted, 0 received, 100% packet loss, time 14111ms
xxx@xxx:~$
Howto auto configure multiple endpoints
Shadow Hawkins on Wednesday, 05 October 2011 18:08:08
After a windows reboot
xxx@xxx-desktop:~$ traceroute6 2001:0:5ef5:79fb:7d:3c39:3f57:fd98
traceroute to 2001:0:5ef5:79fb:7d:3c39:3f57:fd98 (2001:0:5ef5:79fb:7d:3c39:3f57:fd98) from 2a01:348:6:4f7::2, 30 hops max, 16 byte packets
1 gw-1272.lon-02.gb.sixxs.net (2a01:348:6:4f7::1) 50.352 ms 50.628 ms 50.228 ms
2 ge-0-0-5-20.cs0.thw.uk.goscomb.net (2a01:348:0:4:0:3:0:1) 50.211 ms 51.414 ms 50.451 ms
3 xe-0-0-0.rt0.the.uk.goscomb.net (2a01:348::27:0:1) 50.932 ms 50.427 ms 49.454 ms
4 cairney-26.gw.goscomb.net (2a01:348:0:4:0:26:1:1) 51.713 ms 56.138 ms 50.952 ms
5 shipworm.lhr.uk.as44980.net (2001:1a08:666:202::210) 51.442 ms 50.43 ms 51.198 ms
6 shipworm.lhr.uk.as44980.net (2001:1a08:666:202::210) 51.58 ms !H 51.156 ms !H 50.977 ms !H
xxx@xxx-desktop:~$ ping6 2001:0:5ef5:79fb:7d:3c39:3f57:fd98
PING 2001:0:5ef5:79fb:7d:3c39:3f57:fd98(2001:0:5ef5:79fb:7d:3c39:3f57:fd98) 56 data bytes
From 2001:1a08:666:202::210 icmp_seq=1 Destination unreachable: Address unreachable
From 2001:1a08:666:202::210 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:1a08:666:202::210 icmp_seq=3 Destination unreachable: Address unreachable
From 2001:1a08:666:202::210 icmp_seq=4 Destination unreachable: Address unreachable
From 2001:1a08:666:202::210 icmp_seq=5 Destination unreachable: Address unreachable
From 2001:1a08:666:202::210 icmp_seq=6 Destination unreachable: Address unreachable
From 2001:1a08:666:202::210 icmp_seq=7 Destination unreachable: Address unreachable
From 2001:1a08:666:202::210 icmp_seq=8 Destination unreachable: Address unreachable
^C
--- 2001:0:5ef5:79fb:7d:3c39:3f57:fd98 ping statistics ---
8 packets transmitted, 0 received, +8 errors, 100% packet loss, time 7010ms
The teredo IP addresses have changed and I have an unreachable error.
I think this probably not a sixxs problem, but any comments would be welcome.
Howto auto configure multiple endpoints
Shadow Hawkins on Thursday, 06 October 2011 15:28:15
Ignore this post - tis a windows/teredo problem - not quite sure what yet.
Howto auto configure multiple endpoints
[..]
connections (could be 100000 clients at one time). [..]
The target platform for the client for the moment is Windows 7.
What is the exact problem that you are trying to solve? Having a listening port on a user's computer 24/7 exposed to the internet is not a good idea.
You are now trying to solve some kind of problem by giving them all open accessed connectivity. This will rarely happen. Tunneling does not resolve the threat that the user is exposed to the Internet.
Thus what is it really that you want to accomplish?
Howto auto configure multiple endpoints
Shadow Hawkins on Monday, 10 October 2011 17:13:07
Hello;
What I want is to have an app listening on multiple machines (ipv6 socket, could be UDP or TCP). When the server wants to initiate a session, it sends the client a message and the client starts a session.
My original assumption was that I would need a SisXS account for each. However, since readin up a bit I see that Windows 7 has a built in IPv6 interface that uses a teredo tunnel.
So, this thread is no longer relevant. I do have other issues, but will post in a different thread.
Cheers
Howto auto configure multiple endpoints
You are describing what you want (listening socket, a message being sent, 1 million end clients, 1 server), but not what the end result should be. Do you want to be able to send messages all the time, should this be instantaneous etc, there are a lot of factors that can cause decisions to be made.
You should also heavily realize that people will firewall away their programs.
Even though IPv6 has the promise of End-2-End communications, and there will likely be at least one global IPv6 address per device, that does not mean a firewall in the middle will screw up connections just like NAT does today.
Howto auto configure multiple endpoints
Shadow Hawkins on Monday, 10 October 2011 20:18:10
The server will connect to devices one at a time very infrequently. Yes, I am familiar with the security issues, but to manage a device you have to be able to contact it in some way. It is quite possible to insert a firewall rule to allow whatever on a managed device.
Long term the server will start an HTTP session to the managed device (look at OMA DM specifications for details). Initially the server will just send a notification to the device and it will connect back, mostly because this is what the existing code will do.
Anyway, as I pointed out, I don't need multiple sixxs accounts because Windows 7 comes with teredo, which should give me the connectivity I need. The question for me now is https://www.sixxs.net/forum/?msg=setup-5706466 .
Many thanks for your help.
|
![[ch]](/s/countries/ch.gif)
on Friday, 07 October 2011 14:16:59
Posting is only allowed when you are