IPv6 Box
From Catholicpenguin
To make it easy for home users to get IPv6 connectivity for very little effort and cost.
Contents |
Overview
In addition to the as of yet not materialized new applications IPv6 is supposed to enable, as an ardent supporter of IPv6 and amature networking guru, I see many existing Internet applications which could greatly benefit from pervasive IPv6 content. Popular new applications, primarily VoIP and videoconferencing, but also file sharing (BitTorrent) and remote access become orders of magnitude easier to program when end-to-end connectivity is restored.
Convincing everyone to upgrade is a difficult task, however. Microsoft is taking one approach of building support for tunneling protocols directly into the operating system, and I applaud them for doing so. However, with less than stellar adoption of Windows Vista, the percentage of users who can be relied upon to use Vista, and hence obtain it's automatic IPv6 connectivity is low. Almost all other operating systems have support for IPv6, but generally speaking do not auto-configure tunnels.
Router manufacturers could alieviate this situation by including 6to4 tunneling, but aside from Apple, none do.
Therefore, we need a solution that users can cheaply purchase, easily install, and does not require complicated network configuration on all of their computers. Thankfully, many wireless routers today are compatible with the open source Linux distribution OpenWRT. Furthermore, a particularly small and cost effective box has emerged, the La Fonera.
In addition to this, Hexago provides a UDP-behind-NAT capable tunnel service for free that does not require registration.
These two technologies coupled together mean we can offer people a $40 box which they simply plug into their wireless router via Ethernet, or join to the network via wireless, and instantly their home network has IPv6 connectivity, with no configuration on their part what-soever. Furthermore, this connectivity will automatically be recognized by Mac and Linux machines (Windows XP sadly requires a simple step of installation first, but this could easily be hidden in an installer for desirable software (aka bittorrent))
User Interface
If the user can be required to plug the box straight into the router, no configuration is required at all; OpenWRT simply obtains a DHCP lease, connects the tunnel, then starts broadcasting via radvd.
Underlying Software
The underlying software is composed of basically "off the shelf" components: OpenWRT, radvd, tsp (for setting up the Hexago tunnel), udhcpd, etc. Most of the configuration proposed here is well documented in the OpenWRT documentation, and can be setup with only config files.
However, for added robustness, some extra work should be undertaken. In particular, we would want to handle the following situations gracefully:
DHCP server not available for a while
As in, the user forgets to plug the box into the router, etc. Currently, I'm not sure what udhcpc does, but I'm pretty sure it's not quick about recoving from this, if it does at all. We'd like the system to resume operation within a minute of the link coming back up (and that probably means sensing if the link is up at all, if possible)
Tunnel broker / route to them goes down
One of the big problems with much of the IPv6 connectivity out there today is it is badly configured, often such that it doesn't route at all. Badly configured IPv6 is worse then none, so the box would need to continously monitor the state of the tunnel and outbound routing, and stop annoucing IPv6 route prefixes if the link goes down. It seems there could be two ways to do this: 1. Advertise very short Router Advertisements (1 minute), then shutdown radvd when the link goes out, causing the machines to loose their IPv6 addresses. 2. Leave radvd running, but remove the routes to the global internet from the box when the link goes down, such that hosts receive ICMP Unreachable messages.
Either of these seems like it would work.
Firewall
Not as much a problem now that IPv6 is just beginning, but since all hosts will be globally routable again, a firewall will become important. On the other hand, program security arguably has improved, and one of the goals of these boxes will to be to restore connectivity for new and unforseen applications. A very hardend firewall will not be much of an improvement over NAT. So a compromised will need to be reached. I'm not sure of UPnP or some such works for V6, but perhaps it could be employed.
