INTERNET-DRAFT                                         

Marc Blanchet
Régis Desmeules
Annie Morin
Florent Parent
Viagenie inc.


            IPv6 tunnel service

* Abstract

This document proposes a service to minimize the configuration
required for end-users to get connected on IPv6 networks.  The
mechanisms described use already defined protocols and transition
mechanisms.   

The goal is to provide a tool to give end-users a simple tool to get
connected on an IPv6 network, such as the 6Bone.  This tool is
presented as a web page and form.  The end-user only needs to provide
minimal information, such as the IPv4 address of his/her dual stack
host, the operating system type and a nicname that will be used to
register the end-node in the DNS.

* Introduction

What is proposed is to used existing protocols and transition
mechanisms to provide a service to allow a end user node to connect to
a distant IPv6 network.  This service uses dual-stack hosts and
routers as well as tunnelling IPv6 in IPv4.

The goal is to connect the client dual stack end-node to IPv6
network(s).  The server providing this service will be a dual stack
router running a web server and DNS service.


      +--------+                +-------------+
      | Client | <------------> |   Server    |<-----> 6Bone
      |end node|   IPv6 tunnel  | IPv6 router |
      +--------+                | WWW server  |<-----> IPv6 network
                                +-------------+

* Tunnel Service

This service is available as a web page with a few cgi scripts to make
the actual work.

The end-user is presented a page where pointers to different IPv6
stack implementation are available (pre-requisites).  From there, the
end-user selects the configuration page for his/her OS:

      +--------+                +-------------+
      | Client | <------------> |   Server    |
      |end node|     http       | IPv6 router |
      +--------+                | WWW server  |
                                +-------------+
      HTML FORM
      IPv4 client: (pre-filled)
      Nicname:
      Country:

The IPv4 client address is pre-filled by the generating cgi script.
In the case where the client is behind a NAT or a proxy server, this
information will be incorrect.

** Server 

1- Sanity checks: validate client IPv4 address
	client already has tunnel ?
	Is client reachable ?
2- Scan database to find a free tunnel interface
3- Finds free IPv6 address pair for tunnel endpoints
4- Updates database
5- Creates a script (batch file or Perl program) to be executed on
client
6- Sends script and instructions to client

  +--------+                +-------------+
  | Client | -------------> |   Server    |
  |end node|  (http POST)   | IPv6 router |
  +--------+   -IPv4 client | WWW server  |<--> CGI <--> DB: active
tunnels
               -Nicname     +-------------+                : new tunnels
               -Country
               -OS



  +--------+                +-------------+
  | Client | <------------- |   Server    |
  |end node|     (http)     | IPv6 router |
  +--------+  -script file  | WWW server  |
              -instructions +-------------+


** Tunnel monitor

1- Scan database for existing tunnels
2- Reachability tests (ICMPv6 echo/reply)
3- Increase "unreachable" field by one if no reply
4- If "unreachable threshold" exceeded:
	take interface down
	remove entry from database
	remove entry from DNS
5- Scan database for new tunnels
6- For each new tunnels:
	create interface
	change entry in database
	add entry in DNS (nicname.country.freenet6.net)

  +--------+                +-------------+
  | Client |                |   Server    |
  |end node| <------------> | IPv6 router |<+
  +--------+   IPv6 tunnel  | WWW server  |  \           DB: active
tunnels
                            +-------------+   \            : new tunnels
  Client executes                              \                   ^
  script                               Creates  \                  |
                                       tunnel    \                 v
                                       interface  --------   Tunnel
monitor
                                                            /
                                                           / Update DNS
						   DNS  <-+





** DNS

The DNS AAAA and PTR records are kept up to date by the tunnel monitor
daemon.  A short TTL should be used.

** Database format

The following information is kept in the database:

IPv4client:    The client IPv4 address
IPv6client:    The client IPv6 address (tunnel endpoint)
IPv6server:    The server IPv6 address (tunnel endpoint)
device:        Interface name to the tunnel device (server)
nicname:       nicname registered in DNS
creation_time: time of creation
unreachable:   -1 = new tunnel to be created
                0 = tunnel active and end-node responded to last 
                    ICMPv6 echo
              x>0 = tunnel active, end-node didn't respond for the 
                    last x ICMPv6 echo requests

* Implementation

http://www.freenet6.net


* Security Considerations

Tunnel monitor must run as root on server
Client script must run as root on end-node

* References

http://freenet6.viagenie.qc.ca

* Acknowledgments

The original idea is from Alain Durand@imag. Some other ideas came from
IPv6 meetings at Orlando IETF meeting in december 1998.