[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Operational experience with 3 degrees

To: "'Pekka Savola'" <pekkas@netcore.fi>,"'Christian Huitema'" <huitema@windows.microsoft.com>
Subject: RE: Operational experience with 3 degrees
From: "Jeroen Massar" <jeroen@unfix.org>
Date: Fri, 21 Mar 2003 00:10:24 +0100
Cc: "'Bob Fink'" <bob@thefinks.com>, <v6ops@ops.ietf.org>
In-reply-to: <Pine.LNX.4.44.0303201825100.360-100000@netcore.fi>
Organization: Unfix

Pekka Savola wrote:

> Commeting on the last issues.
> 
> On Wed, 19 Mar 2003, Christian Huitema wrote:
> > The third issue was not really a surprise. In our deployment, the
only
> > way for users located behind NAT to get IPv6 connectivity is to use
> > Teredo, and Teredo only works through about 90% of the NAT available
on
> > the market; the others are "symmetric" NAT. Since users buying NATs
have
> > no clue whether their NAT is symmetric or not, this results in
> > complaints such as "the application does not work behind a NAT of
brand
> > X". After the feedback from the beta, we better know the size of the
> > problem, and we are making sure that several solutions will be
> > available, to be used as appropriate. 
> 
> This has been one of my objections to Teredo: even if it 
> works on more or less 90% of NAT boxes, and fails on the rest,
> the 10% is still a large amount of appliances, and..

Can someone enlighten me with the reasons why there is no defacto
IPv6-over-IPv4-TCP standard. Or is it too common to use a tinc/vtund
tunnel to establish those connections. I have been thinking about
implementing such a scheme for tunneling to the SixXS systems.
Thus allowing connections to be made from behind most firewalls
especially if we combinate it with the fact that we could use
port 143 to connect to, or even better use a real ssl tunnel
or httpproxy to get across it. In most ways I think that a TCP
connection has more chance of crossing in&out a NAT and even
a firewall than any UDP packet.

Ofcourse the big 'disadvantage' here is that it requires
configured tunnels.

PS: I've even take some of my spare time to fix myself up with
a /dev/tun for Win2k/XP which acts like a network card, using
a small netcat alike tool it simply acts like a native IPv6
link, without IPv4 over it :) Though it is experimental and
really needs to be implemented correctly using tinc/vtund or
a similar tool. (And yes I was annoyed by the fact that I
couldn't do IPv6 from behind some firewalled places.
And as I have some handy boxes that are only accessible
over v6 I do find it quite handy to be able to access them
from everywhere ;)

Greets,
 Jeroen

References:
- Re: Operational experience with 3 degrees
  - From: Pekka Savola <pekkas@netcore.fi>

Prev by Date: RE: Operational experience with 3 degrees
Next by Date: Re: Operational experience with 3 degrees
Previous by thread: Re: Operational experience with 3 degrees
Next by thread: Re: Operational experience with 3 degrees
Index(es):
- Date
- Thread