Re: teredo.ipv6.microsoft.com off?
On 18/lug/2013, at 22:09, Brian E Carpenter brian.e.carpen...@gmail.com wrote: Wait... I had the impression that iff there was no other IPv6 connectivity, Teredo was used in older Windows because of the generic prefer IPv6 rule. The default RFC 3484 table covers 6to4 but not Teredo. Recent Windows deprefs Teredo of course. Brian Right. The policy table in RFC 3484 has no specific entry for prefix 2001::/32. This is corrected in the table of RFC 6724: PrefixPrecedence Label ::1/128 50 0 ::/0 40 1 :::0:0/96 35 4 2002::/16 30 2 2001::/32 5 5 fc00::/7 313 ::/96 1 3 fec0::/10 111 3ffe::/16 112 -- Marco Sommani Consiglio Nazionale delle Ricerche Istituto di Informatica e Telematica Via Giuseppe Moruzzi 1 56124 Pisa - Italia work: +390506212127 mobile: +393487981019 fax: +390503158327 mailto:marco.somm...@iit.cnr.it smime.p7s Description: S/MIME cryptographic signature
Re: teredo.ipv6.microsoft.com off?
On 19 jul 2013, at 11:30, Marco Sommani marco.somm...@iit.cnr.it wrote: On 18/lug/2013, at 22:09, Brian E Carpenter brian.e.carpen...@gmail.com wrote: Wait... I had the impression that iff there was no other IPv6 connectivity, Teredo was used in older Windows because of the generic prefer IPv6 rule. The default RFC 3484 table covers 6to4 but not Teredo. Recent Windows deprefs Teredo of course. Brian Right. The policy table in RFC 3484 has no specific entry for prefix 2001::/32. This is corrected in the table of RFC 6724: PrefixPrecedence Label ::1/128 50 0 ::/0 40 1 :::0:0/96 35 4 2002::/16 30 2 2001::/32 5 5 fc00::/7 313 ::/96 1 3 fec0::/10 111 3ffe::/16 112 From what I recall from MS representatives, gethostbyname() etc does not send queries, if nothing better is configured. Would this be controlled by the table above (6724)? /Martin - (native v6 FTW)
Re: teredo.ipv6.microsoft.com off?
On 19/lug/2013, at 10:50, Martin Millnert mar...@millnert.se wrote: On 19 jul 2013, at 11:30, Marco Sommani marco.somm...@iit.cnr.it wrote: On 18/lug/2013, at 22:09, Brian E Carpenter brian.e.carpen...@gmail.com wrote: Wait... I had the impression that iff there was no other IPv6 connectivity, Teredo was used in older Windows because of the generic prefer IPv6 rule. The default RFC 3484 table covers 6to4 but not Teredo. Recent Windows deprefs Teredo of course. Brian Right. The policy table in RFC 3484 has no specific entry for prefix 2001::/32. This is corrected in the table of RFC 6724: PrefixPrecedence Label ::1/128 50 0 ::/0 40 1 :::0:0/96 35 4 2002::/16 30 2 2001::/32 5 5 fc00::/7 313 ::/96 1 3 fec0::/10 111 3ffe::/16 112 From what I recall from MS representatives, gethostbyname() etc does not send queries, if nothing better is configured. Would this be controlled by the table above (6724)? /Martin - (native v6 FTW) If I understand the RFC correctly, queries are sent anyway, but, if in the end the choice is between using the IPv4 source address or the Teredo source address, the IPv4 source is preferred, because its entry in the table (prefix :::0:0/96) has a greater precedence (35) than the Teredo prefix (5). The choice of the IPv4 source address has, as a consequence, tha fact that the destination address must be IPv4 too, so the record is ignored, even if it was returned by the DNS query. -- Marco Sommani Consiglio Nazionale delle Ricerche Istituto di Informatica e Telematica Via Giuseppe Moruzzi 1 56124 Pisa - Italia work: +390506212127 mobile: +393487981019 fax: +390503158327 mailto:marco.somm...@iit.cnr.it smime.p7s Description: S/MIME cryptographic signature
Re: teredo.ipv6.microsoft.com off?
On 07/18/2013 09:09 PM, Brian E Carpenter wrote: Wait... I had the impression that iff there was no other IPv6 connectivity, Teredo was used in older Windows because of the generic prefer IPv6 rule. The default RFC 3484 table covers 6to4 but not Teredo. AFAIK, every version of windows (i.e. Vista, 7, 8) that comes with Teredo also comes with a de-pref rule for it, not just recent versions. Put another way, Teredo should never be preferred over IPv4, because all versions of Windows with Teredo use extended RFC 3484 rules. Most of the Teredo activity we see is when IP addresses are used directly (i.e. no getaddrinfo). For example, BitTorrent connections where peers were looked up in DHT/PEX. In these cases, an IPv6 address will be connected to over Teredo if there's no other connectivity.
Re: teredo.ipv6.microsoft.com off?
On 19 Jul 2013, at 10:34, Phil Mayers p.may...@imperial.ac.uk wrote: On 07/18/2013 09:09 PM, Brian E Carpenter wrote: Wait... I had the impression that iff there was no other IPv6 connectivity, Teredo was used in older Windows because of the generic prefer IPv6 rule. The default RFC 3484 table covers 6to4 but not Teredo. AFAIK, every version of windows (i.e. Vista, 7, 8) that comes with Teredo also comes with a de-pref rule for it, not just recent versions. Put another way, Teredo should never be preferred over IPv4, because all versions of Windows with Teredo use extended RFC 3484 rules. Most of the Teredo activity we see is when IP addresses are used directly (i.e. no getaddrinfo). For example, BitTorrent connections where peers were looked up in DHT/PEX. In these cases, an IPv6 address will be connected to over Teredo if there's no other connectivity. Again, my understanding is the same as Phil's here. Many vendors/implementors started adding rules that ultimately appeared in RFC6724 long before RFC6724 was published. It took 6 years(!) for that update to be completed through the IETF. There are however some platforms stuck on 3484 or that don't follow such rules (Mac OSX is an interesting one...) Tim
Re: teredo.ipv6.microsoft.com off?
On 19/07/2013 22:15, Tim Chown wrote: On 19 Jul 2013, at 10:34, Phil Mayers p.may...@imperial.ac.uk wrote: On 07/18/2013 09:09 PM, Brian E Carpenter wrote: Wait... I had the impression that iff there was no other IPv6 connectivity, Teredo was used in older Windows because of the generic prefer IPv6 rule. The default RFC 3484 table covers 6to4 but not Teredo. AFAIK, every version of windows (i.e. Vista, 7, 8) that comes with Teredo also comes with a de-pref rule for it, not just recent versions. Put another way, Teredo should never be preferred over IPv4, because all versions of Windows with Teredo use extended RFC 3484 rules. Most of the Teredo activity we see is when IP addresses are used directly (i.e. no getaddrinfo). For example, BitTorrent connections where peers were looked up in DHT/PEX. In these cases, an IPv6 address will be connected to over Teredo if there's no other connectivity. Again, my understanding is the same as Phil's here. I think my recollection is of Teredo with Windows XP SP2. But I could be wrong, of course. In any case, the case for phasing out Teredo is strong, like the case for disabling client-side 6to4. Brian Many vendors/implementors started adding rules that ultimately appeared in RFC6724 long before RFC6724 was published. It took 6 years(!) for that update to be completed through the IETF. There are however some platforms stuck on 3484 or that don't follow such rules (Mac OSX is an interesting one...) Tim
Re: teredo.ipv6.microsoft.com off?
On 17 jul 2013, at 23:09, Brian E Carpenter brian.e.carpen...@gmail.com wrote: On 17/07/2013 19:13, Ignatios Souvatzis wrote: ... Let me ask one thing... a couple of years ago, when I read the specification of Teredo, I was quite impressed by the details (If you accept the premise that you have to work around being jailed behind an IPv4 NAT) put into the protocol. One detail was that it is supposed to be lowest priority and so go automatically away (from the client end) as soon as some configued IPv6 is available on the link. Isn't that how it's implemented? Yes, but the result is that the host tries to use Teredo preferentially even if the IPv4 path is better; and if the Teredo path is broken the result is user pain (as with 6to4). I think the idea of deprecating Teredo is that now that native IPv6 is a serious option, the costs of Teredo outweigh the benefits,on average. (Unfortunately nobody ever wrote the Teredo equivalent of RFC6343.) Brian When connecting to IPv6 literals, it will use IPv6, yes. It wont resolve s for IPv6 connection using Teredo. This used to be the facts and big difference between Teredo and 6to4 and I would be surprised if that has changed. martin
Re: teredo.ipv6.microsoft.com off?
On 17/07/13 21:09, Brian E Carpenter wrote: On 17/07/2013 19:13, Ignatios Souvatzis wrote: ... Let me ask one thing... a couple of years ago, when I read the specification of Teredo, I was quite impressed by the details (If you accept the premise that you have to work around being jailed behind an IPv4 NAT) put into the protocol. One detail was that it is supposed to be lowest priority and so go automatically away (from the client end) as soon as some configued IPv6 is available on the link. Isn't that how it's implemented? Yes, but the result is that the host tries to use Teredo preferentially even if the IPv4 path is better; and if the Teredo path is broken That is the opposite of how it's supposed to work. Teredo addresses should be de-pref'd below everything else, and would thus only be used for connection to IPv6-only hosts if the host lacked other IPv6 connectivity. As someone else has pointed out, maybe it gets used for IPv6 literals, but not hostnames - the RFC 3484 table on windows ensures this.
Re: teredo.ipv6.microsoft.com off?
On 18 Jul 2013, at 11:29, Phil Mayers p.may...@imperial.ac.uk wrote: On 17/07/13 21:09, Brian E Carpenter wrote: On 17/07/2013 19:13, Ignatios Souvatzis wrote: ... Let me ask one thing... a couple of years ago, when I read the specification of Teredo, I was quite impressed by the details (If you accept the premise that you have to work around being jailed behind an IPv4 NAT) put into the protocol. One detail was that it is supposed to be lowest priority and so go automatically away (from the client end) as soon as some configued IPv6 is available on the link. Isn't that how it's implemented? Yes, but the result is that the host tries to use Teredo preferentially even if the IPv4 path is better; and if the Teredo path is broken That is the opposite of how it's supposed to work. Teredo addresses should be de-pref'd below everything else, and would thus only be used for connection to IPv6-only hosts if the host lacked other IPv6 connectivity. As someone else has pointed out, maybe it gets used for IPv6 literals, but not hostnames - the RFC 3484 table on windows ensures this. Indeed; that's how it *should* be. Tim
Re: teredo.ipv6.microsoft.com off?
Hello, On Tue, Jul 16, 2013 at 09:27:54PM +, Christopher Palmer wrote: I am acking this thread. If there is feedback on the ongoing experiment or our consideration of sunsetting Teredo, do let me know. So far people have been quite enthusiastic. Let me ask one thing... a couple of years ago, when I read the specification of Teredo, I was quite impressed by the details (If you accept the premise that you have to work around being jailed behind an IPv4 NAT) put into the protocol. One detail was that it is supposed to be lowest priority and so go automatically away (from the client end) as soon as some configued IPv6 is available on the link. Isn't that how it's implemented? Regards, -is
Re: teredo.ipv6.microsoft.com off?
On 2013-07-17 15:09 , Ron Broersma wrote: On Jul 16, 2013, at 10:40 PM, Mikael Abrahamsson wrote: On Tue, 16 Jul 2013, Christopher Palmer wrote: If there is feedback on the ongoing experiment or our consideration of sunsetting Teredo, do let me know. So far people have been quite enthusiastic. I am too. I would really like to see 6to4 and teredo be default off everywhere, and people who want it can manually turn it on. If teredo went away completely, that would also be a good thing. Strongly concur here as well. One less thing I have to disable on all my systems in enterprise nets. Windows boxes that are in an Active Domain (which should match your 'enterprise net') have Teredo and 6to4 disabled per default. Next to that one can enforce that of course through AD policies. Greets, Jeroen
Re: teredo.ipv6.microsoft.com off?
Jeroen Massar jer...@massar.ch writes: Windows boxes that are in an Active Domain (which should match your 'enterprise net') have Teredo and 6to4 disabled per default. Sure about that? IIRC this depends on the Windows version. And I think I have seen Win 2008R2 Servers within an AD, with at least 6to4 enable. Right now I'm not sure about Teredo. Next to that one can enforce that of course through AD policies. Okay, not a group policies, but for reference: http://lists.cluenet.de/pipermail/ipv6-ops/2010-March/003267.html Where are the Windows people on this list? ;-) Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | -
Re: teredo.ipv6.microsoft.com off?
Ron, I am too. I would really like to see 6to4 and teredo be default off everywhere, and people who want it can manually turn it on. If teredo went away completely, that would also be a good thing. Strongly concur here as well. One less thing I have to disable on all my systems in enterprise nets. Windows boxes that are in an Active Domain (which should match your 'enterprise net') have Teredo and 6to4 disabled per default. Next to that one can enforce that of course through AD policies. A number of my enterprise nets support many OSs and are not AD-centric. That's why I qualified my enterprise nets as heterogeneous. But yes, if you are homogeneous on Windows and everything is in AD, you can disable those things through GPO. For me, we have to tell each of our users to disable teredo, disable 6to4, disable privacy/temporary addresses, etc., and in many cases beg them to upgrade to OSs that support DHCPv6. what if they use Android based systems? is there support for DHCPv6 in the interim? best Enno -- Enno Rey ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 174 3082474 PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1 Handelsregister Mannheim: HRB 337135 Geschaeftsfuehrer: Enno Rey Troopers 2013 Videos online: http://www.youtube.com/user/TROOPERScon?feature=watch === Blog: www.insinuator.net || Conference: www.troopers.de ===
Re: teredo.ipv6.microsoft.com off?
Hi, off the top of my head it's roughly as follows: a) 6to4 Win7/Server 2008 generation and before: if IPv4 address = Non-RFC 1918 address, automatically enable 6to4 and try to resolve 6to4.ipv6.microsoft.com to get 'nearest relay'. no idea as for Win8/Server 2012. b) Teredo Vista: enable by default. Win7/Server 2008: perform the following decision logic: 1) if $SYSTEM member of AD domain, assume that $SYSTEM is well managed = no need for SOHO tech called Teredo, hence disable it. 2) if $SYSTEM does _not_ have local firewall enabled, assume that $SYSTEM in poor security state and it might be too risky to use Teredo, hence disable it. 3) if both above conditions _not_ met (read: not member of AD domain, but local firewall enabled), then put Teredo into 'dormant' state and try to reach teredo.ipv6.microsoft.com every 30 seconds to check if Teredo usable if needed. once $APPLICATION asks for that, move from 'dormant' into 'qualified' state and thereby 'enable' Teredo. again, no idea as for Win8/Server 2012. I can't support the above statements by any links, right now. Maybe Chris Palmer can help with that... Furthermore there's different ways of getting rid of Teredo (and the other tunnel techs): - there's a registry parameter 'DisabledComponents' that allows disabling (native|tunnel|all) IPv6, based on a certain bit mask. see KB929852. - (presumably) this parameter can be controlled by GPOs. - the tunnel interfaces can be disabled individually by netsh int $TUNNEL_INT set state disabled on individual systems (persistently, so setting stays after reboot). There's quite some debate which approach to use due to operational practices and MS telling people not to 'fully' disable IPv6 as you might lose support for $SYSTEM. I've never been able to find any 'official source' for the latter statement but heard it in pretty much all enterprise environments (our Windows people tell us we can't do that as the MS engineers tell them they will lose support then). best Enno On Wed, Jul 17, 2013 at 03:36:00PM +0200, Jens Link wrote: Jeroen Massar jer...@massar.ch writes: Windows boxes that are in an Active Domain (which should match your 'enterprise net') have Teredo and 6to4 disabled per default. Sure about that? IIRC this depends on the Windows version. And I think I have seen Win 2008R2 Servers within an AD, with at least 6to4 enable. Right now I'm not sure about Teredo. Next to that one can enforce that of course through AD policies. Okay, not a group policies, but for reference: http://lists.cluenet.de/pipermail/ipv6-ops/2010-March/003267.html Where are the Windows people on this list? ;-) Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | - -- Enno Rey ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 174 3082474 PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1 Handelsregister Mannheim: HRB 337135 Geschaeftsfuehrer: Enno Rey Troopers 2013 Videos online: http://www.youtube.com/user/TROOPERScon?feature=watch === Blog: www.insinuator.net || Conference: www.troopers.de ===
RE: teredo.ipv6.microsoft.com off?
Jeroen AFAIK, only Teredo is disabled when the Windows host detects AD -éric -Original Message- From: ipv6-ops-bounces+evyncke=cisco@lists.cluenet.de [mailto:ipv6-ops- bounces+evyncke=cisco@lists.cluenet.de] On Behalf Of Jeroen Massar Sent: mercredi 17 juillet 2013 15:20 To: Ron Broersma Cc: Christopher Palmer; ipv6-ops@lists.cluenet.de; Mikael Abrahamsson Subject: Re: teredo.ipv6.microsoft.com off? On 2013-07-17 15:09 , Ron Broersma wrote: On Jul 16, 2013, at 10:40 PM, Mikael Abrahamsson wrote: On Tue, 16 Jul 2013, Christopher Palmer wrote: If there is feedback on the ongoing experiment or our consideration of sunsetting Teredo, do let me know. So far people have been quite enthusiastic. I am too. I would really like to see 6to4 and teredo be default off everywhere, and people who want it can manually turn it on. If teredo went away completely, that would also be a good thing. Strongly concur here as well. One less thing I have to disable on all my systems in enterprise nets. Windows boxes that are in an Active Domain (which should match your 'enterprise net') have Teredo and 6to4 disabled per default. Next to that one can enforce that of course through AD policies. Greets, Jeroen
Re: teredo.ipv6.microsoft.com off?
On Jul 17, 2013, at 6:20 AM, Jeroen Massar wrote: On 2013-07-17 15:09 , Ron Broersma wrote: On Jul 16, 2013, at 10:40 PM, Mikael Abrahamsson wrote: On Tue, 16 Jul 2013, Christopher Palmer wrote: If there is feedback on the ongoing experiment or our consideration of sunsetting Teredo, do let me know. So far people have been quite enthusiastic. I am too. I would really like to see 6to4 and teredo be default off everywhere, and people who want it can manually turn it on. If teredo went away completely, that would also be a good thing. Strongly concur here as well. One less thing I have to disable on all my systems in enterprise nets. Windows boxes that are in an Active Domain (which should match your 'enterprise net') have Teredo and 6to4 disabled per default. Next to that one can enforce that of course through AD policies. A number of my enterprise nets support many OSs and are not AD-centric. That's why I qualified my enterprise nets as heterogeneous. But yes, if you are homogeneous on Windows and everything is in AD, you can disable those things through GPO. For me, we have to tell each of our users to disable teredo, disable 6to4, disable privacy/temporary addresses, etc., and in many cases beg them to upgrade to OSs that support DHCPv6. smime.p7s Description: S/MIME cryptographic signature
Re: teredo.ipv6.microsoft.com off?
Jens Link li...@quux.de writes: as I like to talk to myself There's quite some debate which approach to use due to operational practices and MS telling people not to 'fully' disable IPv6 as you might lose support for $SYSTEM. I'm still looking for a source too. http://technet.microsoft.com/en-us/network/cc987595.aspx (Q. What are Microsoft's recommendations about disabling IPv6?) I'm not sure if that is official enough or not. Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | -
Re: teredo.ipv6.microsoft.com off?
There's quite some debate which approach to use due to operational practices and MS telling people not to 'fully' disable IPv6 as you might lose support for $SYSTEM. I'm still looking for a source too. Rumors have it that the Windows 7 roll out here (large enterprise customer) will be with IPv6 disabled. I guess that why they hired me to do the IPv6 planing (on the network side). Most of the talks that I've seen from Sean Siler (IPv6 guy at Microsoft) have a slide on best practices, where his point #1 is Leave Windows in the default configuration (IPv6 enabled), and he describes how disabling IPv6 comes with risk because you will be operating the OS in an untested configuration. We translate that into a security issue, and therefore make is a security violation to disable IPv6 in Windows7 and later. I know that is somewhat inconsistent with the DoD STIG, but IMHO the STIG is wrong. smime.p7s Description: S/MIME cryptographic signature
Re: teredo.ipv6.microsoft.com off?
Enno Rey e...@ernw.de writes: Hi, There's quite some debate which approach to use due to operational practices and MS telling people not to 'fully' disable IPv6 as you might lose support for $SYSTEM. I'm still looking for a source too. Rumors have it that the Windows 7 roll out here (large enterprise customer) will be with IPv6 disabled. I guess that why they hired me to do the IPv6 planing (on the network side). Disabling IPv6 will lead to some problems: http://support.microsoft.com/kb/2549656 (DNS Server service randomly cannot resolve external names and returns a Server Failure error if IPv6 is disabled in Windows Server 2008 and Windows Server 2008 R2) This is an actual problem for a customer where I helped implementing IPv6 last year. They dont use Windows but they are running a large dual stacked website. Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | -
Re: teredo.ipv6.microsoft.com off?
Hi, thanks for that link. big questions is: what means disabling IPv6 in those contexts? unchecking IPv6 in GUI based interface properties? setting DisabledComponents to 0xfff? using some netsh-based approach? from what I hear: as long as you can successfully ping ::1, IPv6 is considered enabled and MS regards this as a 'supported configuration'. best Enno On Wed, Jul 17, 2013 at 04:45:58PM +0200, Jens Link wrote: Enno Rey e...@ernw.de writes: Hi, There's quite some debate which approach to use due to operational practices and MS telling people not to 'fully' disable IPv6 as you might lose support for $SYSTEM. I'm still looking for a source too. Rumors have it that the Windows 7 roll out here (large enterprise customer) will be with IPv6 disabled. I guess that why they hired me to do the IPv6 planing (on the network side). Disabling IPv6 will lead to some problems: http://support.microsoft.com/kb/2549656 (DNS Server service randomly cannot resolve external names and returns a Server Failure error if IPv6 is disabled in Windows Server 2008 and Windows Server 2008 R2) This is an actual problem for a customer where I helped implementing IPv6 last year. They dont use Windows but they are running a large dual stacked website. Jens -- - | Foelderichstr. 40 | 13595 Berlin, Germany| +49-151-18721264 | | http://blog.quux.de | jabber: jensl...@guug.de | --- | - -- Enno Rey ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 174 3082474 PGP FP 055F B3F3 FE9D 71DD C0D5 444E C611 033E 3296 1CC1 Handelsregister Mannheim: HRB 337135 Geschaeftsfuehrer: Enno Rey Troopers 2013 Videos online: http://www.youtube.com/user/TROOPERScon?feature=watch === Blog: www.insinuator.net || Conference: www.troopers.de ===
Re: teredo.ipv6.microsoft.com off?
On 17/07/2013 19:13, Ignatios Souvatzis wrote: ... Let me ask one thing... a couple of years ago, when I read the specification of Teredo, I was quite impressed by the details (If you accept the premise that you have to work around being jailed behind an IPv4 NAT) put into the protocol. One detail was that it is supposed to be lowest priority and so go automatically away (from the client end) as soon as some configued IPv6 is available on the link. Isn't that how it's implemented? Yes, but the result is that the host tries to use Teredo preferentially even if the IPv4 path is better; and if the Teredo path is broken the result is user pain (as with 6to4). I think the idea of deprecating Teredo is that now that native IPv6 is a serious option, the costs of Teredo outweigh the benefits,on average. (Unfortunately nobody ever wrote the Teredo equivalent of RFC6343.) Brian
RE: teredo.ipv6.microsoft.com off?
I am acking this thread. If there is feedback on the ongoing experiment or our consideration of sunsetting Teredo, do let me know. So far people have been quite enthusiastic. - christopher.pal...@microsoft.com Windows Networking Core - Program Manager Core Client Connectivity and Protocols -Original Message- From: ipv6-ops-bounces+christopher.palmer=microsoft@lists.cluenet.de [mailto:ipv6-ops-bounces+christopher.palmer=microsoft@lists.cluenet.de] On Behalf Of Ignatios Souvatzis Sent: Sunday, July 14, 2013 11:52 PM To: ipv6-ops@lists.cluenet.de Subject: Re: teredo.ipv6.microsoft.com off? On Sat, Jul 13, 2013 at 10:39:12PM +0300, Tassos Chatzithomaoglou wrote: At the same time, i'm thinking out loud... Why would a windows application send an a request to an IPv6 DNS server over native IPv6 in order to find the IPv4 address of a server and get IPv6 over IPv4 connectivity? Why not? Thinking in order to is wrong... it's just a database lookup. It just happens that in this case, asking over IPv6 can't work. But this should be no problem as the database lookup will be repeated over other transports until it succeeds. In the general case, you don't know whether connectivity to address X of type Y is possible until you try it, and unfortunately, sometimes only after a time-out period has passed without answer. Regards, -is
RE: teredo.ipv6.microsoft.com off?
On Tue, 16 Jul 2013, Christopher Palmer wrote: If there is feedback on the ongoing experiment or our consideration of sunsetting Teredo, do let me know. So far people have been quite enthusiastic. I am too. I would really like to see 6to4 and teredo be default off everywhere, and people who want it can manually turn it on. If teredo went away completely, that would also be a good thing. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: teredo.ipv6.microsoft.com off?
On Sat, Jul 13, 2013 at 10:39:12PM +0300, Tassos Chatzithomaoglou wrote: At the same time, i'm thinking out loud... Why would a windows application send an a request to an IPv6 DNS server over native IPv6 in order to find the IPv4 address of a server and get IPv6 over IPv4 connectivity? Why not? Thinking in order to is wrong... it's just a database lookup. It just happens that in this case, asking over IPv6 can't work. But this should be no problem as the database lookup will be repeated over other transports until it succeeds. In the general case, you don't know whether connectivity to address X of type Y is possible until you try it, and unfortunately, sometimes only after a time-out period has passed without answer. Regards, -is
Re: teredo.ipv6.microsoft.com off?
Hi, Anyone found out what happened with teredo.ipv6.microsoft.com ? http://translate.google.com/translate?hl=ensl=deu=http://www.heise.de/netze/meldung/IPv6-Tunnel-Microsofts-Teredo-Server-nicht-erreichbar-1915972.htmlprev=/search%3Fq%3Dteredo%2Bmicrosoft%2Bipv6%26safe%3Doff%26sa%3DX%26biw%3D1303%26bih%3D803%26tbs%3Dqdr:w Since yesterday we have quite an increase of NXDOMAIN in relevant dns requests. Has Microsoft made the big step? Almost :-) This is what is happening now: As an attempt to measure the impact of this sunsetting, we would like to switch off the service for a few days. Resultant feedback and telemetry will help us inform the future of the Teredo service and its default configuration on Windows. We intend to conduct this experiment from approximately July 9 0:0:00 UTC, to July 15 0:0:00 UTC. So it will come back, but it *is* the start of the sunsetting process. Cheers, Sander
