Re: Microsoft: Give Xbox One users IPv6 connectivity
On 2013-10-10 00:02, Christopher Palmer wrote: John and Lorenzo beat me to it J. Example: Samantha has native IPv6 and Teredo. Albert has Teredo only. But what do you do with the more and more common case[1] where one gets native IPv6 and IPv4-over-DSlite; especially considering the high rate of connection problem over that IPv4 path? This as the dslite gateways are heavily overloaded as most destinations (read: http/bittorrent) are IPv4 only. Will then Teredo be used which is broken or the perfectly working IPv6 native path? Getting out over native IPv6 in that specific scenario will be the better thing to do. From that perspective, applying the Apple-variant of Happy Eyeballs will be beneficial. It will mean that one will have to expose all the possible IPv4 and IPv6 addresses amongst peers so that they can try out the variant combinations. SCTP or MP-TCP might be a good fit there too. [1] German ISPs like Unitymedia, which is part of UPC/LibertyGlobal and thus it is expected when that trial pans out that all other countries where UPC is located will be following down that rabbit hole too
Re: Microsoft: Give Xbox One users IPv6 connectivity
On 10-10-2013 14:01, Brzozowski, John Jason wrote: Chris can you share details of the brokenness check? What variables are considered? Perhaps native IPv6 on the client with firewall rules that do not permit inbound traffic. A legit issue that can be expected to pop up. Also, is there any active work on the uPNP extensions for IPv6 that allow hole punching in the firewall rules? (for native IPv6). * Would this method also apply to the Xbox 360 in the coming years? Kind regards, Seth On Thu, Oct 10, 2013 at 12:02 AM, Christopher Palmer christopher.pal...@microsoft.com mailto:christopher.pal...@microsoft.com wrote: John and Lorenzo beat me to it J. __ __ Example: Samantha has native IPv6 and Teredo. Albert has Teredo only. __ __ Albert, in destination address selection, will chose Samantha’s Teredo address. Samantha, in source address selection, will use her Teredo address. This will avoid relay traversal. __ __ Xbox P2P policy is a bit more sophisticated than RFC 6724, but I note that the avoidance of Teredo relays is also part of Windows behavior. Windows address selection is a fairly clean implementation of RFC 6724. In RFC 6724 terms, Teredo - Teredo is a label match (Rule 5), Teredo - Native IPv6 is not. The biggest difference between us and the standard is the brokenness check. This does complicate the dream. In order for a set of peers to use native IPv6 – BOTH peers have to have native available. In the pathological case, if half of the world has IPv6 and connects only to the other half that only has Teredo, and no one actually uses native IPv6. __ __ Realistically, matchmaking is going to prefer users “close to you” (and a bunch of other things, like their gamer behavior and stuff). Naively I expect IPv6 traffic to start as local pockets, Albert playing against his neighbor, both with the same ISP. As IPv6 penetration grows hopefully we’ll see significant P2P traffic across the Internet use native IPv6 transport. __ __ __ __ *From:*ipv6-ops-bounces+christopher.palmer=microsoft@lists.cluenet.de mailto:microsoft@lists.cluenet.de [mailto:ipv6-ops-bounces+christopher.palmer mailto:ipv6-ops-bounces%2Bchristopher.palmer=microsoft@lists.cluenet.de mailto:microsoft@lists.cluenet.de] *On Behalf Of *Lorenzo Colitti *Sent:* Wednesday, October 9, 2013 8:26 PM *To:* Geoff Huston *Cc:* IPv6 Ops list; Christopher Palmer *Subject:* Re: Microsoft: Give Xbox One users IPv6 connectivity __ __ On Thu, Oct 10, 2013 at 12:19 PM, Geoff Huston g...@apnic.net mailto:g...@apnic.net wrote: But I've thought about your response, and if I'm allowed to dream (!), and in that dream where the efforts of COmcast, Google etc with IPv6 bear fruit, and I'm allowed to contemplate a world of, say, 33% IPv6 and 66% V4, then wouldn't we then see the remaining Teredo folk having 33% of their peer sessions head into Teredo relays to get to those 33% who are using unicast IPv6? And wouldn't that require these Teredo relays that we all know have been such a performance headache? __ __ Can't you fix that by telling the app if all you have is Teredo, prefer Teredo even if the peer has native IPv6 as well? __ __ Of course this breaks down when IPv4 goes away, once IPv4 starts going away then there's really way to do peer-to-peer without relays, right? (Also, IPv4 going away is relatively far away at this point.)
Windows IPv6 connectivity check
Hi, when using OpenVPN dualstack tunnels, I notice that Windows doesn't realize that it has working IPv6 connectivity for a long time so it won't use the newly established IPv6 connectivity until re-checking. Is there any way to manually trigger Windows to re-check IPv6 connectivity? Best regards, Daniel
Re: Microsoft: Give Xbox One users IPv6 connectivity
On Oct 9, 2013, at 11:19 PM, Geoff Huston g...@apnic.net wrote: I applaud what you guys are doing, really, but from my perspective it looks like the reliance on Teredo is really quite scary given what we see out there about how it behaves, and I'm kinda wondering what I'm missing here that you obviously must've thought through in justifying this product decision! Geoff, I've noticed some interesting behavior of the home-user CPE devices in recent years. They continue to push into the application aware department, and bring with them the defects of that. We're also seeing an increasing number of folks using carrier provided CPE in the states (eg: if you have ATT UVerse, you must use their device, including the software defects and lack of knobs that come with it). These devices have many benefits of providing a consistent set of access, but also a consistent set of defects. It seems Microsoft is just using Teredo as their own VPN gateway to allow the relevant communication to be possible. No different than an enterprise that provides an office router for the teleworker to connect to IT resources which might be behind a VPN. I've seen the internet continuing to shift in this direction with services, either all tunneled over http/https because that isn't blocked. They are just leveraging it to VPN out to avoid having a centralized server aggregate and relay as necessary. This should be applauded as you mention above, as it preserves the e2e aspects while working around devices that are incapable of providing this type of service. I for one anxiously await the update for the 360 devices to take advantage of the same technology ;) It should resolve a significant number of IPv4 issues and if that were to come out, I suspect it would be a significant killer app driving adoption of IPv6 and upgrade of CPE/Cable Modems/whatnot. - Jared
Re: Microsoft: Give Xbox One users IPv6 connectivity
On Oct 10, 2013, at 4:56 PM, Geoff Huston wrote: I have not gathered data on Teredo-to-Teredo reliability. The connection failure numbers quoted above make use of a Teredo Relay. But this teredo-to-teredo connection failure rate in the Internet appears to be a critical assumption here for this form of connection architecture. This does sound like something you could do with your measurement architecture. Just a little tweak here and there. Any chance of that? - Mark Geoff
Re: Microsoft: Give Xbox One users IPv6 connectivity
FYI, after I put up a blog post[1] about this topic this morning, there are some interesting conversations happening on Hacker News and Reddit: https://news.ycombinator.com/item?id=6526943 http://www.reddit.com/r/ipv6/comments/1o4zuk/microsoft_the_best_xbox_one_ga ming_experience/ In my post, too, I pointed people to this mailing list, so hopefully we may see some more subscribers interested in IPv6 operations. Regards, Dan [1] http://www.internetsociety.org/deploy360/blog/2013/10/microsoft-the-best-xb ox-one-gaming-experience-will-be-over-ipv6/ -- Dan York Senior Content Strategist, Internet Society y...@isoc.org mailto:y...@isoc.org +1-802-735-1624 Jabber: y...@jabber.isoc.org mailto:y...@jabber.isoc.org Skype: danyork http://twitter.com/danyork http://www.internetsociety.org/deploy360/
Re: Microsoft: Give Xbox One users IPv6 connectivity
* Mark Townsley On Oct 10, 2013, at 4:56 PM, Geoff Huston wrote: I have not gathered data on Teredo-to-Teredo reliability. The connection failure numbers quoted above make use of a Teredo Relay. But this teredo-to-teredo connection failure rate in the Internet appears to be a critical assumption here for this form of connection architecture. This does sound like something you could do with your measurement architecture. Just a little tweak here and there. Any chance of that? I'm actually not so sure about that. p2p is a very different thing than a controlled measurement of client connectivity to a known good web server - even if that web server is on a Teredo address. In this p2p case both ends may well be behind a stack of NATs each with their own unique set of limitations and peculiarities. The whole environment is anything but controlled. So the question isn't whether or not Teredo is reliable per se, it's more interesting to ask if it is more or less reliable than the current STUN stuff in the Xbox 360 - and whether or not *that* is reliable to begin with. https://www.google.no/search?q=xbox+360+nat+type+moderate+strict seems to answer that with not at all... I doubt Teredo is a whole lot better, but I suspect it's as good as it gets on the IPv4 internet today. Tore
Re: Microsoft: Give Xbox One users IPv6 connectivity
On Oct 10, 2013, at 10:56 AM, Geoff Huston g...@apnic.net wrote: My concern about Teredo's robustness however still remains. We've been polling users with IPv6 tests embedded in a Google Ad campaign for some years now. We were interested in teredo, so we thought that if one of the presented URLs as part of the test was http://[ipv6 address] then we'd bypass the DNS and activate teredo on all those windows platforms out there. Which is effectively what happened. Yes, i'm aware of your measurements and results, including the ones mentioned at the mic. (btw, thanks for doing these!) Lots of folks do weird crap. I was at a friends house earlier this week and used his internet access and he has all sorts of stuff blocked outbound, including IMAP/SSL, SMTP-Submission, and I had to open up about 4 new ports just to get my outbound VPN working. He would be someone where it might try to activate but then fail in some spectacular fashion. I've never seen a consumer device with such restrictions in place. At least it didn't try to proxy my DNS queries then fail with anything requiring EDNS0. I found lots of passive results from weekly DNS scans that turned up *very* interesting data about device and resolver behavior. I've not fully scripted the sifting, nor tried repeating with EDNS0 enabled scans, but interesting nonetheless. I for one welcome the xbox revolution to push the killer-app success of IPv6 out to the consumer networks further. I predict we will be around 13-15% in 12 months as a result. (via the google measurement) - Jared
Re: Microsoft: Give Xbox One users IPv6 connectivity
On 11/10/2013, at 2:02 AM, Mark Townsley m...@townsley.net wrote: On Oct 10, 2013, at 4:56 PM, Geoff Huston wrote: I have not gathered data on Teredo-to-Teredo reliability. The connection failure numbers quoted above make use of a Teredo Relay. But this teredo-to-teredo connection failure rate in the Internet appears to be a critical assumption here for this form of connection architecture. This does sound like something you could do with your measurement architecture. Just a little tweak here and there. Any chance of that? heh - yes, every chance of that happening. Geoff
RE: Microsoft: Give Xbox One users IPv6 connectivity
On the native side, it's important to note that the traffic is IPsec protected, so the protocol and port information may be obfuscated and is in general is not predictable. IKEv2 traffic is predictable, but we won't be using UPnP on the IPv6 side to enable in-bound IKEv2. Hopefully people follow the IETF recommendation and allow inbound IPsec/IKE to simply work. If not, it'll further encourage usage of traditional P2P mechanisms like Teredo, and we (as an industry) will have to put more energy into UPnP or PCP. That would be highly regrettable. The thing about protocols like UPnP - the vendors who would ignore an IETF recommendation are likely to be the same vendors to skip out on making an adequate UPnP stack. Most people today do NOT have home routers that support UPnP. -Original Message- From: ipv6-ops-bounces+christopher.palmer=microsoft@lists.cluenet.de [mailto:ipv6-ops-bounces+christopher.palmer=microsoft@lists.cluenet.de] On Behalf Of Seth Mos Sent: Thursday, October 10, 2013 6:01 AM To: ipv6-ops@lists.cluenet.de Subject: Re: Microsoft: Give Xbox One users IPv6 connectivity On 10-10-2013 14:01, Brzozowski, John Jason wrote: Chris can you share details of the brokenness check? What variables are considered? Perhaps native IPv6 on the client with firewall rules that do not permit inbound traffic. A legit issue that can be expected to pop up. Also, is there any active work on the uPNP extensions for IPv6 that allow hole punching in the firewall rules? (for native IPv6). * Would this method also apply to the Xbox 360 in the coming years? Kind regards, Seth On Thu, Oct 10, 2013 at 12:02 AM, Christopher Palmer christopher.pal...@microsoft.com mailto:christopher.pal...@microsoft.com wrote: John and Lorenzo beat me to it J. __ __ Example: Samantha has native IPv6 and Teredo. Albert has Teredo only. __ __ Albert, in destination address selection, will chose Samantha's Teredo address. Samantha, in source address selection, will use her Teredo address. This will avoid relay traversal. __ __ Xbox P2P policy is a bit more sophisticated than RFC 6724, but I note that the avoidance of Teredo relays is also part of Windows behavior. Windows address selection is a fairly clean implementation of RFC 6724. In RFC 6724 terms, Teredo - Teredo is a label match (Rule 5), Teredo - Native IPv6 is not. The biggest difference between us and the standard is the brokenness check. This does complicate the dream. In order for a set of peers to use native IPv6 - BOTH peers have to have native available. In the pathological case, if half of the world has IPv6 and connects only to the other half that only has Teredo, and no one actually uses native IPv6. __ __ Realistically, matchmaking is going to prefer users close to you (and a bunch of other things, like their gamer behavior and stuff). Naively I expect IPv6 traffic to start as local pockets, Albert playing against his neighbor, both with the same ISP. As IPv6 penetration grows hopefully we'll see significant P2P traffic across the Internet use native IPv6 transport. __ __ __ __ *From:*ipv6-ops-bounces+christopher.palmer=microsoft@lists.cluenet.de mailto:microsoft@lists.cluenet.de [mailto:ipv6-ops-bounces+christopher.palmer mailto:ipv6-ops-bounces%2Bchristopher.palmer=microsoft@lists.cluenet.de mailto:microsoft@lists.cluenet.de] *On Behalf Of *Lorenzo Colitti *Sent:* Wednesday, October 9, 2013 8:26 PM *To:* Geoff Huston *Cc:* IPv6 Ops list; Christopher Palmer *Subject:* Re: Microsoft: Give Xbox One users IPv6 connectivity __ __ On Thu, Oct 10, 2013 at 12:19 PM, Geoff Huston g...@apnic.net mailto:g...@apnic.net wrote: But I've thought about your response, and if I'm allowed to dream (!), and in that dream where the efforts of COmcast, Google etc with IPv6 bear fruit, and I'm allowed to contemplate a world of, say, 33% IPv6 and 66% V4, then wouldn't we then see the remaining Teredo folk having 33% of their peer sessions head into Teredo relays to get to those 33% who are using unicast IPv6? And wouldn't that require these Teredo relays that we all know have been such a performance headache? __ __ Can't you fix that by telling the app if all you have is Teredo, prefer Teredo even if the peer has native IPv6 as well? __ __ Of course this breaks down when IPv4 goes away, once IPv4 starts going away then there's really way to do peer-to-peer without relays, right? (Also, IPv4 going away is relatively far away at this point.)
Issue with ibgp and IPv6
Hi all, I wonder if you could point me towards the right direction here... 2 Debian boxes running Quagga, connected to 2 different transit providers, both receiving a full v4 tables and working fine. iBGP fine etc. I've started to add v6 to our transits (sorry, a little behind!). I have (so far) got one of our transit providers peering v6, and the BGP is working fine (router1) I have then configured router1 to talk to BGP to router2. Router2 does NOT yet have v6 transit, just v4. I am expecting router2 to 'see' all the v6 routes are via router1 and just forward all traffic. However the rate at which router2 is learning routes from router1 is SO slow. Router 1: r1# show ipv6 bgp summary BGP router identifier x.x.x.x, local AS number RIB entries 27004, using 2532 KiB of memory Peers 4, using 18 KiB of memory NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2001:::8e6::1 4 186002 19073000 01w6d06h14085 2606:::64::3 4 276399 304443000 00:14:580 Total number of neighbors 2 So the top entry is the full 14085 routes from our transit, nothing from the 2nd peer, router2 as that has no v6 transit (yet), so expected behaviour. But on router2: r2# sh ipv6 bgp summary BGP router identifier xx.xx.xx.xx, local AS number RIB entries 5, using 480 bytes of memory Peers 3, using 13 KiB of memory NeighborVAS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2606:::64::2 4 46130 89859 69214000 00:18:112 Total number of neighbors 1 It has only received 2 routes from router1! Could it be router2 is only receiving updates from router1 and not the whole table? I would expect / want to see all 14085. I have disabled any ingress filters (just for testing!)stuck...help? Hope I haven't unwittingly broken a any list etiquette! Thanks Jonty -- All postal correspondence to: The Positive Internet Company, 24 Ganton Street, London. W1F 7QY *Follow us on Twitter* @posipeople The Positive Internet Company Limited is registered in England and Wales. Registered company number: 3673639. VAT no: 726 7072 28. Registered office: Northside House, Mount Pleasant, Barnet, Herts, EN4 9EE.
RE: Microsoft: Give Xbox One users IPv6 connectivity
On Thu, 10 Oct 2013, Christopher Palmer wrote: The thing about protocols like UPnP - the vendors who would ignore an IETF recommendation are likely to be the same vendors to skip out on making an adequate UPnP stack. Most people today do NOT have home routers that support UPnP. Do you have numbers on this? My belief has been that most people today who care about anything more than web surfing would have a decently new gateway (less than 3-5 years old) and that this would support UPnP. I don't have any numbers so I would like to know more :) -- Mikael Abrahamssonemail: swm...@swm.pp.se