Teredo and symmetric NAT traversal

["Christian Huitema" <huitema@windows.microsoft.com>]

There have been many comments lately about the fact that Teredo does not
enable the traversal of symmetric NAT.

As Pekka pointed out, the traversal of symmetric NAT could easily be
added to Teredo. It was in fact supported in the early drafts. It was
removed later in an effort to avoid overload on the servers, in a
deployment scenario where there are just a few Teredo servers for the
entire Internet. The part of the Teredo draft that prevents traversal of
symmetric NAT is the recommendation that servers should drop packets
that are not either Teredo bubbles or ICMP messages. This provision
prevents relaying of data by the servers, and suppresses incentives for
free-loaders to use the servers as relays.

It would be relatively easy to bring that capability back in Teredo, so
that ISP could choose to deploy Teredo "relay servers" and serve those
of their clients located behind symmetric NAT. In fact, we would only
need four relatively small changes to the protocol:

1) In the qualification procedure, add a possibility for the server to
signal that it is willing to relay regular IPv6 packets, not just
bubbles and ICMP messages.

2) In the address format, add a "symmetric NAT" flag, to inform that
this particular client is located behind a symmetric NAT.

3) Modify the transmission procedure so that in the absence of a
successful bubble exchange packets sent to "symmetric Teredo clients"
are relayed through the server. 

4) Relax the checks of the source port number in the incoming packets
and incoming bubbles when the "symmetric NAT" flag is set in the source
IPv6 packet.

-- Christian Huitema