17/10/03 1

SummarySummary

• Peer to peer applications and IPv6• Microsoft Three-Degrees • IPv6 transition mechanisms used by Three-

Degrees:6to4Teredo

17/10/03 2

Peer to Peer Applications and NATs Peer to Peer Applications and NATs

• NATs break end to end• End to end communications would be useful in

a P2P context…

Private IPv4(DSL…)

NAT

Public IPv4

NAT

Private IPv4(DSL…)

P2PP2P

17/10/03 3

First type of solutionFirst type of solution

• Use an intermediate server• Complex solution to design• Operation of the server is not free

Private IPv4(DSL…)

NAT

Public IPv4

NAT

Private IPv4(DSL…)

P2PP2P

Server

17/10/03 4

IPv6 based solutionsIPv6 based solutions

• Simpler solution• Application is cheaper to design • No server required, but one can be used if

needed…

Customer IPv6(DSL…)

Public IPv6Customer IPv6

(DSL…)

P2PP2P

17/10/03 5

Microsoft ThreeDegreesMicrosoft ThreeDegrees

• 3° is a P2P software that connects small groups of users who know and trust one another.

• Currently a beta test application on Windows XP SP1 several downloads (10 000) First feed-backs are positive

• Use IPv6 only (No IPv4), because the application is easier to design.

• http://www.threedegrees.com

17/10/03 6

Three Degrees and IPv6Three Degrees and IPv6• IPv6 is not available everywhere:

It first appears as isolated islands in the IPv4 Internet Several migration techniques exist:

Dual stack Automatic tunneling: 6to4 and Teredo Configured tunnels, tunnel broker Translation Application level gateways

• Transition mechanisms bring additional complexity Only needed during transition. Most of the complexity is in the OS, not in the application. The cost for the infrastructure is low.

17/10/03 7

Dual StackDual Stack

• Deploy native IPv6 in addition to IPv4 everywhere:RoutersServers: DNS, Radius…Hosts

• Slow deployment => not present everywhere• Should be a long term goal

17/10/03 8

6to46to4

• Goals:Allow the interconnection of IPv6 sites through a service

provider network that only support IPv4. Connection of IPv6 sites to the IPv6 Internet through a

service provider network that only support IPv4.

• Does not require the provision of IPv6 prefixes by the ISP Use of a global IPv6 prefix for each site derived from the

site’s IPv4 global address.

17/10/03 9

6to4 – Interconnection of IPv6 sites 6to4 – Interconnection of IPv6 sites

Wide Area IPv4

Network IPv6 site B

2002:9fe:fdfc::0/48 IPv6 site A

2002:c001:203::0/48

6to4 router

6to4 router

IPv4 public address : 192.1.2.3

IPv4 public address :

9.254.253.252 6to4 tunnel

IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6

IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6

IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6

IPv4 header : Src: 192.1.2.3 Dst: 9.254.253.252

Corresponds to IPv4 address : 192.1.2.3

Corresponds to IPv4 address : 9.254.253.252

17/10/03 10

6to4 – Access to the IPv6 Internet6to4 – Access to the IPv6 Internet

IPv6 site B 2002:9fe:fdfc::0/48

Wide Area IPv4

Network

IPv6

Internet IPv6 site A 2002:c001:203::0/48

6to4 router

6to4 relay

IPv4 public address : 192.1.2.3

IPv4 public address :

9.254.253.252 6to4 tunnel

IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6

IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6

IPv6 packet : Src : 2002:c001:203::5 Dst : 2002:9fe:fdfc::6

IPv4 header : Src: 192.1.2.3 Dst: 9.254.253.252

Corresponds to IPv4 address : 192.1.2.3

Corresponds to IPv4 address : 9.254.253.252

Standard IPv6 router

17/10/03 11

6to4 - Limitations6to4 - Limitations

• 6to4 relays can be vulnerable to denial of service attacksFiltering is needed in relays!

• The entity that operates the 6to4 relay has little means in order to control who is using the service.

• NATs break 6to4, if they are not co-located!

17/10/03 12

TEREDOTEREDO

• Goals:Provide IPv6 connectivity across one or several NATsTunneling IPv6 packets over UDPv4 through the NAT

• Client/server/relay architecture• Use of a new address format

17/10/03 13

TeredoTeredo

IPv6Private IPv4

NAT

Teredo tunnel: IPv6 in UDPv4

Public IPv4

17/10/03 14

Client / relay / serverClient / relay / server

Private IPv4

NAT

Client

Public IPv4

Server

Relay

6

3

2

1

4

5Public IPv6

17/10/03 15

Teredo address formatTeredo address format

• Teredo IPv6 prefix• IPv4 address: global address of the server• Flags: Cone or Symmetric NAT• Port: port number to be used with the IPv4 address• The “client IPv4 field” contains the global address of

the NAT

Teredo prefix

32 bits

IPv4 @

32 bits

Flags

16 bits

Client IPv4

32 bits

Port

16 bits

17/10/03 16

Teredo limitationsTeredo limitations

• Not well known yet, but probably similar to 6to4Vulnerability to DoS attacks on relay,The entity that operates the 6to4 relay has little means in

order to control who is using the serviceSome NATs are not supported

• Teredo relays are not deployed!Lack of implementation in routersTeredo prefix is not advertised in the IPv6 Internet

17/10/03 17

Three Degrees and IPv6 transitionThree Degrees and IPv6 transition

• Three Degrees processes as follow: If a native IPv6 address is available on the host, use it,Else

If IPv4 addresses are public addresses, then use 6to4 NATs are not supposed to be in the way

If IPv4 addresses are private addresses, then use Teredo NAT is likely in the way.

17/10/03 18

Typical deploymentTypical deployment

IPv4 Internet

IPv6 + IPv4 Internet

NAT

NAT

Teredoserver

Teredorelay

6to4relay

Native IPv6

6to4 tunnel

Teredo tunnel