17/10/031 Euronetlab – Implementation of Teredo

17/10/032 Summary Peer to peer applications and IPv6 Microsoft Three-Degrees IPv6 transition mechanisms used by Three- Degrees: 6to4 Teredo Teredo implementation Next steps

17/10/033 Peer to Peer Applications and NATs NATs break end to end End to end communications would be useful in a P2P context… Private IPv4 (DSL…) NAT Public IPv4 NAT Private IPv4 (DSL…) P2P

17/10/034 First type of solution Use an intermediate server Complex solution to design Operation of the server is not free Private IPv4 (DSL…) NAT Public IPv4 NAT Private IPv4 (DSL…) P2P Server

17/10/035 IPv6 based solutions Simpler solution Application is cheaper to design No server required, but one can be used if needed… Customer IPv6 (DSL…) Public IPv6 Customer IPv6 (DSL…) P2P

17/10/036 Microsoft ThreeDegrees 3° is a P2P software that connects small groups of users who know and trust one another. Currently a beta test application on Windows XP SP1 several downloads (10 000) First feed-backs are correct Use IPv6 only (No IPv4), because the application is easier to design.

17/10/037 Three Degrees and IPv6 IPv6 is not available everywhere: It first appears as isolated islands in the IPv4 Internet Several migration techniques exist: Dual stack Automatic tunneling: 6to4 and Teredo Configured tunnels, tunnel broker Translation Application level gateways Transition mechanisms bring additional complexity Only needed during transition. Most of the complexity is in the OS, not in the application. The cost for the infrastructure is low.

17/10/038 Dual Stack Deploy native IPv6 in addition to IPv4 everywhere: Routers Servers: DNS, Radius… Hosts Slow deployment => not present everywhere Should be a long term goal

17/10/039 6to4 Goals: Allow the interconnection of IPv6 sites through a service provider network that only support IPv4. Connection of IPv6 sites to the IPv6 Internet through a service provider network that only support IPv4. Does not require the provision of IPv6 prefixes by the ISP Use of a global IPv6 prefix for each site derived from the site’s IPv4 global address.

17/10/0310 6to4 – Interconnection of IPv6 sites

17/10/0311 6to4 – Access to the IPv6 Internet

17/10/0312 6to4 - Limitations 6to4 relays can be vulnerable to denial of service attacks Filtering is needed in relays! The entity that operates the 6to4 relay has little means in order to control who is using the service. NATs break 6to4, if they are not co-located!

17/10/0313 TEREDO Goals: Provide IPv6 connectivity across one or several NATs Tunneling IPv6 packets over UDPv4 through the NAT Client/server/relay architecture Use of a new address format

17/10/0314 Teredo IPv6 Private IPv4 NAT Teredo tunnel: IPv6 in UDPv4 Public IPv4

17/10/0315 Client / relay / server Private IPv4 NAT Client Public IPv4 Server Relay Public IPv6

17/10/0316 Teredo address format Teredo IPv6 prefix IPv4 address: global address of the server Flags: Cone or Symmetric NAT Port: port number to be used with the IPv4 address The “client IPv4 field” contains the global address of the NAT Teredo prefix 32 bits 32 bits Flags 16 bits Client IPv4 32 bits Port 16 bits

17/10/0317 Teredo limitations Not well known yet, but probably similar to 6to4 Vulnerability to DoS attacks on relay, The entity that operates the 6to4 relay has little means in order to control who is using the service Some NATs are not supported Teredo relays are not deployed! Lack of implementation in routers Teredo prefix is not advertised in the IPv6 Internet

17/10/0318 Three Degrees and IPv6 transition Three Degrees processes as follow: If a native IPv6 address is available on the host, use it, Else If IPv4 addresses are public addresses, then use 6to4 NATs are not supposed to be in the way If IPv4 addresses are private addresses, then use Teredo NAT is likely in the way.

17/10/0319 Typical deployment IPv4 Internet IPv6 + IPv4 Internet NAT Teredo server Teredo relay 6to4 relay Native IPv6 6to4 tunnel Teredo tunnel

17/10/0320 Euronetlab contribution We implemented a Teredo Relay Server implementation available on FreeBSD as a freeware: Being reviewed before committing in the FreeBSD repository. We implemented an extension to the Ethereal traffic analyzer. It has been committed and current version of Ethereal has it. We performed small scale tests LIP6, 6WIND France and 6WIND Singapore

17/10/0321 FreeBSD implementation Relay and Server support draft-huitema-v6ops-teredo-00.txt Based on the Netgraph technology: node ng_teredo reuses two nodes ng_ksocket that provides the UDP layer and ng_iface that provides the IPv6 routability. Routing is based on a route via a Teredo interface that can be announced into the IGP or EGP: route 3ffe:831f::/32 via ng0 ng_iface (ng0) IPv6 stack ng_teredo (relay or server) upstream hook inet6 hook ng_ksocket UDP/3544 Primary Address IPv4 stack Secondary Address IPv4 stack downstream hook secondary hook inet/dgram/udp hook

17/10/0322 Tests 6WIND France NAT Windows XP Public IPv Relay/Server Public IPv6 6WIND Singapore NAT LIP6 NAT XP LIP6 Relay/Server teredo.ipv6.6wind.com WEBv6 3°

17/10/0323

17/10/0324 Next steps Take into account feed-back from users Organize larger scale tests Deploy in ISP networks Is security adequate for ISP networks? Propose evolutions if required Client implementation? Euronetlab communication actions?