GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → massar → sixxsd

massar / sixxsd

Licence: BSD-3-Clause license
sixxsd - The SixXS Daemon - IPv6 Tunnel & Routing Engine

Programming Languages

c
50402 projects - #5 most used programming language
Makefile
30231 projects
python
139335 projects - #7 most used programming language

Labels

tunnelipv6routingtunnel-serversixxstunnelbrokerayiya

Projects that are alternatives of or similar to sixxsd

6in4
IPv6-in-IPv4 Tunnel Server
Stars: ✭ 133 (+600%)
Mutual labels:  tunnel, ipv6
geoip
🌚 🌍 🌝 GeoIP 规则文件加强版,同时支持定制 V2Ray dat 格式路由规则文件 geoip.dat 和 MaxMind mmdb 格式文件 Country.mmdb。Enhanced edition of GeoIP files for V2Ray, Xray-core, Trojan-Go, Clash and Leaf, with replaced CN IPv4 CIDR available from ipip.net, appended CIDR lists and more.
Stars: ✭ 524 (+2657.89%)
Mutual labels:  ipv6, routing
Corerad
CoreRAD is an extensible and observable IPv6 Neighbor Discovery Protocol router advertisement daemon. Apache 2.0 Licensed.
Stars: ✭ 82 (+331.58%)
Mutual labels:  ipv6, routing
anytunnel
内网穿透,内网穿透代理服务器,商用内网穿透代理系统,内网穿透平台,内网穿透多用户会员系统。
Stars: ✭ 115 (+505.26%)
Mutual labels:  tunnel, tunnel-server
tunman
Comprehensive solution for SSH tunnels - respawning, healthchecking/monitoring
Stars: ✭ 43 (+126.32%)
Mutual labels:  tunnel, routing
pocketinternet
A Pocket Internet for teaching how the Internet really works.
Stars: ✭ 28 (+47.37%)
Mutual labels:  ipv6, routing
nat-tunnel
NAT Tunnel: to effortlessly serve from behind NAT
Stars: ✭ 75 (+294.74%)
Mutual labels:  tunnel, tunnel-server
pim6sd
PIM for IPv6 sparse mode daemon
Stars: ✭ 15 (-21.05%)
Mutual labels:  ipv6, routing
WendzelNNTPd
A usable and IPv6-ready Usenet-server (NNTP daemon). It is portable (Linux/*BSD/*nix), supports AUTHINFO authentication, contains ACL as well as role based ACL and provides "invisible" newsgroups. It can run on MySQL and SQLite backends.
Stars: ✭ 43 (+126.32%)
Mutual labels:  ipv6
dperf
dperf is a DPDK based 100Gbps network performance and load testing software.
Stars: ✭ 1,320 (+6847.37%)
Mutual labels:  ipv6
SixIndicator
SixIndicator is a WebExtension Plugin which indicates via an icon, if you are viewing the website with IPv6 or IPv4.
Stars: ✭ 17 (-10.53%)
Mutual labels:  ipv6
ipv6-dhclient-script
IPv6 w/ dhclient configuration script (Debian/RedHat-based distros)
Stars: ✭ 68 (+257.89%)
Mutual labels:  ipv6
notes
CCIE routing and switching notes and references, with a general directory and specific topic directories.
Stars: ✭ 23 (+21.05%)
Mutual labels:  routing
valve-matchmaking-ip-ranges
Lists of locations & IP addresses of Valve servers
Stars: ✭ 69 (+263.16%)
Mutual labels:  routing
ertuo
Ertuo: quick routing for PHP
Stars: ✭ 29 (+52.63%)
Mutual labels:  routing
TFTPServer
Managed TFTP server implementation, written in C#. Features: IPv4 and IPv6, blocksize, single port mode, windowed mode, unlimited transfers, MIT licensed
Stars: ✭ 28 (+47.37%)
Mutual labels:  ipv6
Feliz.Router
A router component for React and Elmish that is focused, powerful and extremely easy to use.
Stars: ✭ 66 (+247.37%)
Mutual labels:  routing
frontroute
front-end router library for single-page applications built with Scala.js, with an API inspired by Akka HTTP
Stars: ✭ 22 (+15.79%)
Mutual labels:  routing
horse-messaging
Open Source Messaging Framework. Queues, Channels, Events, Transactions, Distributed Cache
Stars: ✭ 65 (+242.11%)
Mutual labels:  routing
docker-dns
DNS server for your docker containers. Allowing you to access them with a domain name, without exposing ANY port. Allowing access from you linux, mac or windows browser!
Stars: ✭ 75 (+294.74%)
Mutual labels:  routing
View All Similar Projects ➔

sixxsd

"sixxsd" is the SixXS Daemon, it is the software that used to run on the SixXS PoPs and that handled the server-side of proto-41, heartbeat and AYIYA tunnels.

sixxsd was designed and implemented by Jeroen Massar.

SixXS was sunset on 2017-06-06 after 17 years of operation as a free IPv6 Tunnel Broker service for users worldwide.

sixxsd ran on the PoPs from 2004 till 2017, serving an active daily 50.000 tunnels spread over 50 PoPs (with some PoPs being small <100 tunnels, others having >3000 tunnels per host). Before sixxsd existed several bash scripts would reconfigure the kernel's gif interfaces.

Important Historic Notice

THIS CODE IS HISTORIC AND INTENDED FOR REFERENCE ONLY

sixxsd is provided for HISTORIC purposes, to show an insight into how SixXS handled provisioning massive amounts of tunnels on many PoPs around the world.

SixXS shut down as IPv6 and deploying it is happening for 20+ years... Thus, please, finally, get native IPv6!!!!!

If you need a tunneling solution fit for 2017 and beyond: use Wireguard! Do not send plaintext traffic over the Internet as is the case with proto-41, heartbeat and AYIYA tunnels.

Please also note that because of the cleartext various attacks are actually possible that can affect operation of such tunnels. MD5 used by heartbeat is easily fakeable, AYIYA uses good old SHA1 as a hash signature.

As such, we repeat again: sixxsd is intended for historic insight, do not operate anymore on the public Internet.

Operation

In effect sixxsd is SixXS's own routing platform as the complete process of en/decapsulation of tunneled packets and passing it to the proper location is handled by it.

sixxsd also takes care of the latency tests and traffic statistic collection. Various statistics can be seen, when logged in, in real-time from the user home under tunnel details, e.g. the current location of an endpoint of a tunnel.

sixxsd exists as the Linux kernel has/was not been designed to handle thousands of network interfaces: every packet was walking over a linked list. Adding/removing/reconfiguring interfaces was also prone to disconnects between what the system thought happened and what the actual configuration was. Next to that a lot of tuning due to routing table size was needed and various other issues we ran into over time.

The model that sixxsd uses is that of a single tun/tap interface exposed by the kernel where one or more /40's are routed into. This releases the kernel from any of the management of this address space and all the interfaces that are located there. sixxsd effectively runs 'statically', nothing changes (no memory allocations etc) after it has been started. Elements for configuration have all been pre-allocated, thus avoiding out of memory issues or memory fragmentation issues. As we know the address-space layout, sixxsd is optimized for that, which avoids the need for table lookups or linked lists for routing packets.

This model also means that sixxsd sees all the packets and thus is able to provide accurate counters for performance monitoring.

Features

A short summary of features of sixxsd:

  • Handles the full IPv6 Routing process
  • En/Decapsulation of protocol-41 (6in4/RFC3056) and AYIYA (IPv4 in IPv6-UDP and IPv6 in IPv4-UDP)
  • Very high performance (during tests easily forwarded 4 Gbit/s of mixed AYIYA/proto-41 traffic)
  • IPv6 Tunnel Heartbeat support
  • Latency testing of active endpoints
  • Per-tunnel remote debugging option showing per-packet decisions being made
  • Per-tunnel statistics and error information
  • Per-tunnel default routed /64 towards tunnel endpoint

Configuration

The sixxsd binary starts by reading a sixxsd.conf this instructs it which prefixes it handles and which it routes to the tunnel device. It uses a standard tun/tap device as provided by most Unix-alike kernels.

The SixXS backend, which can get updated by users using the webinterface, re-pushes the full configuration to the PoP. This directly updates the state for all the interfaces and routes.

The pop saveconfig command atomically saves the sixxsd.conf running configuration to disk. Thus allowing a restart of the PoP to resume with that state of configuration till a configuration push updates the configuration again.

Stability

As SixXS only deployed minimal kernels the PoPs where sixxsd ran where extremely stable and ran for multiple years at a time.

Some details from when we shutdown all the PoPs:

Daemon uptime:
nlams05.sixxs.net: 901 days 01:41:44
usanc01.sixxs.net: 826 days 00:32:10
nlede01.sixxs.net: 826 days 01:02:11
fihel01.sixxs.net: 826 days 00:27:25
usbos01.sixxs.net: 821 days 18:36:37
deham02.sixxs.net: 821 days 18:39:21
deham01.sixxs.net: 821 days 18:39:25
ausyd01.sixxs.net: 821 days 18:40:08
aubne01.sixxs.net: 821 days 18:45:04
deleo01.sixxs.net: 802 days 23:07:44

Server uptime:
deham02.sixxs.net: 1893 days 00:05:17
usbos01.sixxs.net: 1876 days 06:59:03
deham01.sixxs.net: 1610 days 17:44:19
fihel01.sixxs.net: 1581 days 15:17:46
nlede01.sixxs.net: 1260 days 01:49:58
ausyd01.sixxs.net: 1082 days 06:05:18
aubne01.sixxs.net: 1082 days 06:00:58
nlams05.sixxs.net: 1064 days 10:04:58
usanc01.sixxs.net: 879 days 23:33:28
deleo01.sixxs.net: 802 days 23:09:10

That demonstrates an uptime of about 2,5 years of active running indicating how stable it ran. Especially considering when one realises how many packets these daemons where forwarding, while being reconfigured every 10 minutes from the central server and also by heartbeat and AYIYA clients.

Platforms

sixxsd was primarily run on minimal Debian GNU/Linux systems, but also ran on FreeBSD and OpenBSD based PoPs. In addition, for development, MacOS also functions, but primarily for development, not for actual operation.

Support / Status

The code is provided as-as, primarily for historical purposes as various people have requested insight into what actually drove the SixXS PoPs.

Due to the state of IPv6 deployment, we hope that this code is not needed anymore anywhere: please finally get native IPv6, it has been more than 20 years...

If one wants to create a VPN-alike service, we heavily suggest looking at Wireguard and/or OpenVPN instead as these provide secure (read: cryptography involved) tunnels which disallow snooping along. All protocols implemented by sixxsd are insecure: no cryptography involved.

See also above the historic notice.

Security

As one will notice, no TLS or even SSL is included in this code, the SixXS PoPs where reconfigured over SSH tunneled TCP connections.

Any current modern tunneling solution will use proper cryptography, hence, please look at Wireguard.

  • proto-41, heartbeat and AYIYA are all cleartext
  • The heartbeat protocol uses good old MD5
  • The AYIYA protocol uses good old SHA-1

All of these do not make a secure system.

Monitoring

The check_sixxsd.py script was used for monitoring sixxsd instances.

This was quite useful, as we monitored active tunnels, if they dropped below a certain level we would know that something was wrong on our side. Figuring out then what, was the fun exercise.

License

The license for sixxsd is the [LICENSE](BSD 3-clause license).

In case one uses/references this, don't hesitate to give a shout out to the author, it is much appreciated.

Author

The designer and implementor of sixxsd is Jeroen Massar.

Contact

Jeroen can be reached by email: [email protected].

The previous email SixXS addresses. ([email protected] and [email protected]) have been deactived when the project sunset.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].