Did You Realize Apple’s “Back To My Mac” MobileMe Service Uses IPv6?
Did you know that Apple’s “Back To My Mac” service uses IPv6? Or that it sets up its encrypted tunnels using IPSEC and uses dynamic DNS?
Those are just a few of the fascinating pieces of info in an Internet-Draft that just recently (March 10) issued a new version:
As the abstract notes:
This document describes the implementation of Apple Inc.’s Back to My Mac (BTMM) service. BTMM provides network connectivity between devices so that a user can perform file sharing and screen sharing among multiple computers at home, at work, or on the road. The implementation of BTMM addresses the issues of single sign-on authentication, secure data communication, service discovery and end- to-end connectivity in face of Network Address Translators (NAT) and mobility of devices.
The introduction of the document gives an overview of what is inside:
Apple Inc.’s Back to My Mac (BTMM) service was first shipped with MAC OS X 10.5 release in October 2007, since then it has been widely used. BTMM provides an integrated solution to host mobility support, NAT traversal, and secure end-to-end data delivery through a combination of several existing protocols and software tools instead of designing new protocols. Note that we generally refer to Network Address Port Translation (NAPT) as NAT in this document. This document describes the implementation of BTMM and we hope the reader find it informative.
BTMM provides secure transport connections among a set of devices that may be located over a dynamic and heterogeneous network environment. Independent from whether a user is traveling and accessing the Internet via airport WiFi, or staying at home behind a NAT, BTMM allows the user to connect to any of Mac hosts with a click, after which the user can share files with remote computers or control the remote host through screen sharing. When a user moves around and changes locations and hence the IP address of his computer (e.g. roaming around with a laptop and receiving dynamically allocated IP address), BTMM provides a means for the roaming host to update its reachability information to keep it reachable by the user’s other Mac devices. BTMM maintains end-to-end transport connections in the face of host IP address changes through the use of unique host identifiers. It also provides a means to reach devices behind a NAT.
BTMM achieves the above functions mainly by integrating a set of existing protocols and software tools. It uses DNS-based Service Discovery [DNS-SD] to announce host reachability information, dynamic DNS update [RFC 2136] to refresh the DNS resource records (RRs) when a host detects network changes, and DNS Long-lived Queries (LLQ) [DNS-LLQ] to notify hosts immediately when the answers to their earlier DNS queries have changed. BTMM uses IPv6 Unique Local Address(ULA) [RFC 4193] as the host identifier, and employs the NAT Port Mapping Protocol (PMP) [NAT-PMP] to assist NAT traversal. It uses Kerberos [RFC 4120] for end-to-end authentication, and uses IPsec [RFC 4301] to secure data communications between two end hosts.
What I immediately found fascinating was the usage of IPv6 Unique Local Addresses (ULA – defined in RFC 4193). Think of the IPv6 ULA space as essentially like the IPv4 RFC1918 private address space (10.x, 192.168.x, etc.). A big block of IP addresses that are not publicly routable. They are designed to be used inside of a site or private network.
In effect, that’s what Apple is doing… creating a secure, encrypted IPv6 tunneled network between your devices and Apple’s servers. The document dives into great detail about how the Back To My Mac (BTMM) service works using tunneling, dynamic DNS, NAT traversal, IPSEC and more.
If you’re an Apple user or are just interested in network technologies and/or IPv6, the document is definitely worth a read!
Kudos to the team involved for all the work they put into creating this truly fascinating document.
Originally from Voxeo Blogs
Leave a Reply