17/10/031 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo

17/10/032 Peer to Peer Applications and NATs NATs break end to end End to end communications would be useful in a P2P context… Private IPv4 (DSL…) NAT Public IPv4 NAT Private IPv4 (DSL…) P2P

17/10/033 First type of solution Use an intermediate server Complex solution to design Operation of the server is not free Private IPv4 (DSL…) NAT Public IPv4 NAT Private IPv4 (DSL…) P2P Server

17/10/034 IPv6 based solutions Simpler solution Application is cheaper to design No server required, but one can be used if needed… Customer IPv6 (DSL…) Public IPv6 Customer IPv6 (DSL…) P2P

17/10/035 Microsoft ThreeDegrees 3° is a P2P software that connects small groups of users who know and trust one another. Currently a beta test application on Windows XP SP1 several downloads (10 000) First feed-backs are positive Use IPv6 only (No IPv4), because the application is easier to design.

17/10/036 Three Degrees and IPv6 IPv6 is not available everywhere: It first appears as isolated islands in the IPv4 Internet Several migration techniques exist: Dual stack Automatic tunneling: 6to4 and Teredo Configured tunnels, tunnel broker Translation Application level gateways Transition mechanisms bring additional complexity Only needed during transition. Most of the complexity is in the OS, not in the application. The cost for the infrastructure is low.

17/10/037 Dual Stack Deploy native IPv6 in addition to IPv4 everywhere: Routers Servers: DNS, Radius… Hosts Slow deployment => not present everywhere Should be a long term goal

17/10/038 6to4 Goals: Allow the interconnection of IPv6 sites through a service provider network that only support IPv4. Connection of IPv6 sites to the IPv6 Internet through a service provider network that only support IPv4. Does not require the provision of IPv6 prefixes by the ISP Use of a global IPv6 prefix for each site derived from the site’s IPv4 global address.

17/10/039 6to4 – Interconnection of IPv6 sites

17/10/0310 6to4 – Access to the IPv6 Internet

17/10/0311 6to4 - Limitations 6to4 relays can be vulnerable to denial of service attacks Filtering is needed in relays! The entity that operates the 6to4 relay has little means in order to control who is using the service. NATs break 6to4, if they are not co-located!

17/10/0312 TEREDO Goals: Provide IPv6 connectivity across one or several NATs Tunneling IPv6 packets over UDPv4 through the NAT Client/server/relay architecture Use of a new address format

17/10/0313 Teredo IPv6 Private IPv4 NAT Teredo tunnel: IPv6 in UDPv4 Public IPv4

17/10/0314 Client / relay / server Private IPv4 NAT Client Public IPv4 Server Relay Public IPv6

17/10/0315 Teredo address format Teredo IPv6 prefix IPv4 address: global address of the server Flags: Cone or Symmetric NAT Port: port number to be used with the IPv4 address The “client IPv4 field” contains the global address of the NAT Teredo prefix 32 bits 32 bits Flags 16 bits Client IPv4 32 bits Port 16 bits

17/10/0316 Teredo limitations Not well known yet, but probably similar to 6to4 Vulnerability to DoS attacks on relay, The entity that operates the 6to4 relay has little means in order to control who is using the service Some NATs are not supported Teredo relays are not deployed! Lack of implementation in routers Teredo prefix is not advertised in the IPv6 Internet

17/10/0317 Three Degrees and IPv6 transition Three Degrees processes as follow: If a native IPv6 address is available on the host, use it, Else If IPv4 addresses are public addresses, then use 6to4 NATs are not supposed to be in the way If IPv4 addresses are private addresses, then use Teredo NAT is likely in the way.

17/10/0318 Typical deployment IPv4 Internet IPv6 + IPv4 Internet NAT Teredo server Teredo relay 6to4 relay Native IPv6 6to4 tunnel Teredo tunnel