SixXS::Sunset 2017-06-06

FAQ : AICCU, TIC, Heartbeat & AYIYA : What about TIC?

Other FAQ sections

  • FAQ Item
  • What is TIC?
  • Which TIC server should I use?
  • I have a firewall, what ports does TIC use?
  • I am blocked from TIC!
  • Is the TIC protocol documented?

What about TIC?

What is TIC?

TIC is the Tunnel Information and Control protocol. It provides information about tunnels and the ability to control the details of a tunnel to TIC clients (eg AICCU or AVM's Fritz!Box and various others). This way a user only has to supply their username, password and optionally a Tunnel ID and all the tunnel configuration details can be retrieved by the TIC client so that it can configure the tunnel. This thus makes configuring IPv6 tunnels a lot easier as no technical details need to be known by the user.

Which TIC server should I use?

The default is tic.sixxs.net which is the TIC server for SixXS, thus for all the PoPs. In most cases you do not have to change the server parameter in the AICCU configuration as the default for AICCU is tic.sixxs.net. PoPs themselves do not provide a TIC service.

The only reason why you might have to change this is when you are using a different Tunnel Broker than SixXS.

Like most SixXS services tic.sixxs.net is distributed, there are thus multiple IPs in DNS that one can connect to. AICCU will try every IP in order, as returned from the resolver, automatically. Thus if in that set one of the servers is actually not available, the next one will be tried. Normally offline servers will be taken out of the DNS set thus one should never hit an offline server. As these IP addresses can change based on availability/stability/load, do not hard-code the IP address of the TIC server and thus solely use tic.sixxs.net unless using a different broker.

I have a firewall, what ports does TIC use?

TIC uses TCP port 3874. Also see FAQ: I have a firewall, what ports/protocols are used?.

I am blocked from TIC!

Due to some people seeing a need for quering the TIC server every couple of seconds, as they most likely put AICCU or another TIC client in some sort of looping construct, eg by using daemontools/launchd/scripting/cron/etc, we have configured a ratelimit on the service to avoid it from being overburdened by misconfigured clients.

If a client connects too frequently it will be blocked by the TIC server and a 500 error will be given pointing to this FAQ. If the client keeps on attempting to contact the TIC server even though it has been told that it is blocked, the block will be extended for a longer period of time. If we are able to determine the user causing this we will of course notify the user that this happened. It seems though that people even though informed rarely fix the problem and just keep on hammering.

As in general you will not have to connect more than once this should not pose a problem to normal clients.

To make it clear: do not run AICCU in a automatic restarting manner.

If AICCU stops working there is a reason why it did that. Check the logs and the output of the program to check why and report problems to SixXS Staff or ask the forums on how to solve a problem.

Both AYIYA and heartbeat have been designed for a variety of scenarios, eg frequently changing IP addresses there is thus no need to restart AICCU. Even if you have a mobile client you do not have to restart AICCU.

Is the TIC protocol documented?

For technical details, see the Tunnel Information and Control protocol (TIC) page.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker