Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Michael Surkan: Introduction to IPV6

Download

Right click “Save as…”

  • MP3 (Audio only)
  • WMV (WMV Video)
Ever wonder what the advent of IPV6 really means? Why does it matter, really? What about Toredo Server? What does it do and why? Well, wonder no more.

Meet Michael Surkan, Program Manager in the Networking group. From security to performance, Mike explains how IPV6 represents the future of the Internet even though it's been around for a while. Did you know that Windows Vista has native support for IPV6? Tune in and learn a lot more about this important networking construct.

Tag:

Follow the Discussion

  • JohnFJohnF No stout about it!
    This is good, it would be great if channel9 done a series about deploying some of the new technologys, spotlights on these kind of technologys.
  • Awesome stuff.

    But Chess Titans, and all the Windows games now have no support for playing over a network.  Gotta be on the local machine.
  • CharlesCharles Welcome Change
    daSmirnov wrote:
    Awesome stuff.

    But Chess Titans, and all the Windows games now have no support for playing over a network.  Gotta be on the local machine.


    You are correct. I wonder how long that will be the case? Wink
  • CharlesCharles Welcome Change
    JohnF wrote:
    This is good, it would be great if channel9 done a series about deploying some of the new technologys, spotlights on these kind of technologys.


    We will be covering more IPV6 soon. For example, today I am interviewing a dev and PM on the networking team for a Going Deep on how to develop protocol agnostic code for Winsock and .NET.

    For most technologies we cover on C9, we seldom only visit them once...
    C
  • So, will IPv4 eventually be deprecated on a future version of Windows?  Not that I would expect that anytime soon, but it seems at some point there will be a benefit of not trying to work with both versions.
  • Bernard_Marx wrote:
    So, will IPv4 eventually be deprecated on a future version of Windows?


    There are no plans to deprecate IPv4 in Windows right now. I expect that IPv4 will be needed by most people for at least the next 10 years. We may well see the majority of traffic taking place over IPv6 5 years from now. However, there will still be hosts and systems people wish to reach that only have IPv4.
  • It's a very cool step forward..but in user land there needs to be a much better understanding of how all this works.

    Right now you can run under IPV4 behind a NAT pretty much without firewall and antivirus software and survive to tell the tale.  Even if you have all sorts of random services running on the local machine.

    My (limited?) understanding of IPV6 is that if you have these random services running and you set the network traversal flag in the windows firewall by accident or otherwise, the world and his dog can get access.  It will be like living in a network DMZ today.

    In other words, while NATs have a serious effect on limiting connectivity we have all become comfortable with them providing an inherent degree of protection at a hardware level. 

    In Vista (and once NATs become IPV6 compliant) the level of protection provided is purely through that network traversal flag...a software switch...nothing more.

    It's all good, but there are going to be people who trip up on this...no wonder Michael was a bit twitchy about network shares over IPV6 Wink

  • bitJunkie wrote:
    My (limited?) understanding of IPV6 is that if you have these random services running and you set the network traversal flag in the windows firewall by accident or otherwise, the world and his dog can get access.  It will be like living in a network DMZ today.


    Keep in mind that this Edge Traversal flag must be set for EACH application or service that wants to recieve traffic over Teredo. Just having the flag set for one service won't mean that other services become accessible over the Internet via Teredo.

    Still, it is true that Vista now gives users (and developers) the ability to easily have direct access to the Internet by doing nothing more than setting the Edge Traversal flag. This is a lot of power by enabling scenarios that were impossible before, but can certainly lead to grief if users (and applications) just start setting the Edge Traversal flag on every firewall exception as a matter of course.

    You should only use Edge Traversal when you KNOW you want that particular appliation or service to be directly hosted on the Internet.

    I suppose everyone would be safer if cars were banned and everyone had to ride the bus. Yes, giving people the ability to do new things opens the possibility for abuse, and problems. But that doesn't mean we should just never empower people (and developers) in the first place.

    Also, let's keep this in perspective. Existing peer-to-peer applications make themselves directly reachable on the Internet today as it is (i.e. by sending keep-alive packets locking open holes in NATs). An application that uses the Edge Traversal flag in Vista is no more insecure than if that application had implemented it's own NAT traversal keep-alive architecture.
  • Thanks for the clarification there.  I don't mean to flame the work you've done at all - it's all sterling stuff.

    I just intended to say that some people can live in a state of ignorant bliss with IPV4 NATs...not needing to be aware of how exposed the machine they are working on is.

    You have to admit that NATs are a double edged sword at the moment..they do provide a large degree of protection - the burden of which is going to be passed on to the Windows firewall on the local machine once IPV6 becomes the de facto protocol.

    I'm guessing at some point there's going to be a nice wizard that presents your internet footprint and vulnerabilities (built in to routers?) and accessible through Windows™ once you can make your white goods, your automatic curtain control and probably your toilet visible on the net via an IPV6 addresses.

  • SecretSoftwareSecret​Software Code to live, but Live to code.
    Very cool video.

    So in a nutshell, IPv6 protocol is identical to IPv4 (interms of packets), but IPv6 allows more addresses, because now you have large number of permutations with alpha-numerical strings.



    What about the security of the new networking stack. With NATs , you were able to protect yourself from worm attacks, because NAT will drop malicious packets, and its as if you have a good hardware firewall.

    With Windows Vista, you have the Windows Firewall replacing NATs in software, but still software is not like hardware, as its error prone.


    So, now if we can get a demo of how to program in .NET and unmanaged code (C++?) against IPv6, and what if any, is new in terms of programmability.

    Does IPv6, and this tunneling technology, help lower costs of bandwidth for companies?

    Will we be able to use secure protocols by default in our every day communications? Have every windows machine send encrypted packets using something like the SSL protcol, so the whole internet would become secure? I think public key crypto is good. (Every machine that wants to talk to me, would get my randomally generated public key and send me a private message, and vice versa.) This would prevent packet sniffing and explit trials.

    But very good video. Keep it up Charles, always bring us the cool stuff Smiley.

    Thanks
  • SecretSoftware wrote:
    What about the security of the new networking stack. With NATs , you were able to protect yourself from worm attacks, because NAT will drop malicious packets, and its as if you have a good hardware firewall.

    With Windows Vista, you have the Windows Firewall replacing NATs in software, but still software is not like hardware, as its error prone.


    Let's be clear here: IPv6 will not arbitrarily start punching holes, like swiss cheese, through NATs. Applications and/or users will have to make explicit decisions they want to traverse the NATs in the first place (hence the need for the new Edge Traversal option in the Windows Firewall). Further, it is innacurate to think of this NAT traversal capability as really being an "IPv6" thing. NAT traversal is done ROUTINELY by peer-to-peer software today. If you run an instant messaging, file sharing, or voice/video application, it is making use of keep-alive packets to lock a hole open (for itself) in your NAT.

    The only real difference with what Teredo offers (over today's NAT traversal) is that application developers don't have to create their own NAT traversal infrastructures anymore. In this way, there is a level playing field for ANY application to take advantage of NAT traversal, even if it is written by a developer in her garage who doesn't have the capital to host special rendezvous servers and so forth.

    SecretSoftware wrote:
    Does IPv6, and this tunneling technology, help lower costs of bandwidth for companies?


    Teredo (and IPv6 tunneling) should have a negligable effect on bandwidth costs, one way or the other. The biggest impact of Teredo will be to increase the usage of peer-to-peer type scenarios. Thus, a larger number of PCs could start acting as hosts/servers. Networks that are archticted around the principals of unequal traffic flows (i.e. clients recieve much more data from remote hosts than then ever upload), could find these assumptions flawed.

    Instead of a world where masses of clients recieve data from a relative handful of massive servers, we are moving towards a system where traffic can be much more evenly distributed, with all systems acting as both hosts and clients.

    SecretSoftware wrote:
    Will we be able to use secure protocols by default in our every day communications?


    Actually, a lot of improvements have been made to IPSec in Vista that make it pretty simple to create policies that will encrypt, and/or, authenticate traffic. For example, it is pretty easy to create a policy that will opportunistically encrypt all traffic with anyone other system that has a similar policy (even if that remote system doesn't have a special credential).

    But I will leave it to the IPSec team to get into details as to how people can create their own policies.


  • SecretSoftwareSecret​Software Code to live, but Live to code.
    I wished if Windows Firewall would have preset rules, for known applications based on application signatures downloaded from Windwos Updates. This way a user would not need to configure the firewall, but rather windows would apply the trusted settings from microsoft for the given application. So if malicious impersonating software somehow gets into the machine, its unable to connect to the internet because of the proactive defense of the windows firewall.

    How many users know how to configure the NAT or the Windows Firewall? I bet not many even know how to get to it in their machines.

    Secondly, given that Vista's networking stack is virgin, how can we assume that its secure before its tested in the wild for some months and years?
  • William Staceystaceyw Before C# there was darkness...
    "Let's be clear here: IPv6 will not arbitrarily start punching holes, like swiss cheese, through NATs. Applications and/or users will have to make explicit decisions they want to traverse the NATs in the first place (hence the need for the new Edge Traversal option in the Windows Firewall). Further, it is innacurate to think of this NAT traversal capability as really being an "IPv6" thing. NAT traversal is done ROUTINELY by peer-to-peer software today. If you run an instant messaging, file sharing, or voice/video application, it is making use of keep-alive packets to lock a hole open (for itself) in your NAT."

    GotoMyPC is another example that does much the same thing.  I would guess those voice-over-ip software does same too.

    Good stuff!!
  • William Staceystaceyw Before C# there was darkness...
    "What about the security of the new networking stack. With NATs , you were able to protect yourself from worm attacks, because NAT will drop malicious packets, and its as if you have a good hardware firewall."

    Your still keeping your NAT so it functions the same way.  Every time you make an outgoing connection, you open up the ability for a bogus reply coming back in via the NAT - so this is not really any more vulnerable in that regard.  The big difference is your keeping the hole open longer and making it ~public knowledge.  But is still just the 1 port - not every port on your system.  GotoMyPC does same kinda thing.


    "With Windows Vista, you have the Windows Firewall replacing NATs in software, but still software is not like hardware, as its error prone."

    How so?  It is not replacing NATs.  IPv6 removes the major need, but will need them until ISPs start giving out IPv6 addresses.  Also, these hw devices (i.e. Linksys, NetGear, etc) need sw to make them run.  I have had many Linksys that had many bugs and still do.  They are just small PCs and are no less vulnerable to sw errors.
  • William Staceystaceyw Before C# there was darkness...

    Charles, could you post that link for Developer guidelines on IPv6 support?  TIA

  • William Staceystaceyw Before C# there was darkness...
    staceyw wrote:
    

    Charles, could you post that link for Developer guidelines on IPv6 support?  TIA



    Here is one:
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winsock/winsock/ipv6_guide_for_windows_sockets_applications_2.asp
  • fivestrokesfivestrokes brrrrm! brrrrm!
    Michael, thank you for the info. I needed many of the answers you gave in the video. I have a question. You mentioned that there are multiple ways to stop the teredo service from being used e.g. block allowing full access to UDP ports, registrey key etc.

    The one you mentioned that was more interesting to me was to block access to the domain teredo.ipv6.microsoft.com in the firewall. Teredo will not work if it cannot resolve this domain. I prefer this method. Is it likely that teredo could use additional domains or is this the only domain it uses exclusively?

    Many thanks.
  • Wayne TaylorKryptos Backup People!

    Just watching the video and I looked on the dlink website to see if there newest routers support IPv6 and they don't, downloaded manual and had a look.

    So how long will this take to filter thru to the SoHo Space? He answered this question arounf 35:30. Big Smile Early 07

  • fivestrokes wrote:
    The one you mentioned that was more interesting to me was to block access to the domain teredo.ipv6.microsoft.com in the firewall. Teredo will not work if it cannot resolve this domain. I prefer this method. Is it likely that teredo could use additional domains or is this the only domain it uses exclusively?


    Yes, this is the only domain Teredo tries to resolve to. However, it is possible to manually configure the client to point to a specific Teredo server if the user wishes. So, preventing resolution of teredo.ipv6.microsoft.com would certainly stop most people from using Teredo, but it is still possible for a power user to redirect the client to a different server if they wish.

    Of course, there would have to be some other Teredo server hosted in this case.
  • I see a lot of talk about IPv6 `fixing` NAT issues, with NATS existing only because of an address shortage.

    There are a lot of people, who want the layer of seperation provided by NATS, and in fact I plan to run an IPV6 NAT. Anyone find this a strange suggestion that NAT's are just something to fix a simple problem, and not what I think many people use them for?




  • mpcm wrote:
    There are a lot of people, who want the layer of seperation provided by NATS, and in fact I plan to run an IPV6 NAT. Anyone find this a strange suggestion that NAT's are just something to fix a simple problem, and not what I think many people use them for?


    I completely agree that there is value in having some sort of edge security on a network. To that end, all the IPv6 equipped home routers that I know about (to be on the market in 2007) all have IPv6 firewalls. This will ensure that all inbound traffic is blocked unless there was an outbound request first.

    I don't think that simply obscuring the IP address of your PC with a NAT really offers all that much protection. Someone could still spoof packets to get back in through the NAT. The only thing that a NAT does, beyond some simple firewall-like functionality, is to make legitimate peer-to-peer connectivity difficult.

    I suppose one could argue that peer-to-peer services just aren't used that much today due to all the NAT issues, and that IPv6 could be making things more "insecure" by the mere virtue of enabling more peer-to-peer scenarios. But by this logic we could say that shark attacks would decrease if people just stayed out of the ocean.

    IPv6 doesn't make you more insecure than with a NAT, but it does make it possible for you to do more things on the network that were otherwise impossible, and some of these new capabilities might create new vulnerabilities. But this is a seperate discussion.
  • If this is so easy and so great, I would really like to see Live Messenger use this. Getting voip to work with it is much harder than their competators. Yahoo, Google Talk, and Skype work with 0 ports opening up. I challenge people to try to consistantly get Voip to work with Live messenger with two parties behind restrictive nats, I myself have trouble, and just simply do not use it. Also file transfers are SLOW with it. Someone from Microsoft should go talk to that team, and implement an IPv6 capable client asap.
  • intelman wrote:
    If this is so easy and so great, I would really like to see Live Messenger use this.


    Actually, the new 8.1 beta of Live Messenger does support IPv6 for file transfers, and sets the Edge Traversal flag when installed on Vista, so it can work with Teredo. However, there are still a couple issues with timing that prevent all messenger file transfers from using Teredo all the time. In particular, Messenger doesn't wait very long for Teredo to start up before it resorts to a slower speed relay link (i.e. if Teredo was already working this won't be a problem, but if it is the first time it was used then it's a problem). This will hopefully be solved in the next messenger release.

    Unfortunately, the only part of messenger that supports IPv6 today is the file transfers. We are talking with them about their VOIP features.

    We are also talking with other peer-to-peer vendors about Teredo and IPv6, but I haven't heard firm plans from these vendors for supporting IPv6 yet.

    I should be careful to set expectations appropriately here. Teredo is not some panacea that solves ALL NAT connectivity issues. In fact, Teredo is just implementing many of the tricks that messenger (and other peer-to-peer applications) have already employed. The big difference with Teredo is that it is open for any application to use it, and there is no need for developers to create their own NAT traversal infrastructures.

    The one glaring hole in NAT traversal that Teredo doesn't cover is with Symmetric NATs. About 18% of NATs have Symmetric behaviour, and Teredo doesn't work well with them (or any other peer-to-peer software). If you extrapolate the numbers this is a big issue, since there is a high chance of failure if just one of the parties in a connection is behind a Symmetric NAT. What really annoying about this is that NAT vendors never specify which classification of device they are (e.g. CONE, restricted, Symmetric, etc). This makes it impossible for users to even make educated decisions as to which NATs to buy.

    Fortunately, there is a Vista router logo program that will go to NATs that pass a series of tests the Windows networking team has created, and NO Symmetric NAT will pass these tests. In early 2007 you will start to see NATs sold with the Vista logo. Additionally, some of my colleagues are working on a downloadable NAT testing tool that will tell what classification of NAT you have, and how well it works with Vista. This makes it possible for anyone to test their own NATs. This NAT evaulation tool will be released someone in the next few months.
  • I think it would have been good if you mentioned how to turn on ipv6 in xp etc.

     

    In case some people wanted to switch.

  • philsbbs wrote:
    I think it would have been good if you mentioned how to turn on ipv6 in xp etc. In case some people wanted to switch.


    You can find instructions for turning on IPv6 on Windows XP in the IPv6 FAQ here:

    http://www.microsoft.com/technet/itsolutions/network/ipv6/ipv6faq.mspx

    However, keep in mind that very little of the operating system in Windows XP supports IPv6. For example, the Remote Assistance tool in Windows XP doesn't work with IPv6. Also, Teredo can't be configured with an Edge Firewall traversal option as there is in Vista (i.e. only applications themselves can invoke Teredo on XP by calling a specific Windows Socket option).

    In short, IPv6 on XP is fine if you are writing your own protocol agnostic application, or wish to experiment with pinging, etc.
  • Michael Surkan wrote:
    
    Also, Teredo can't be configured with an Edge Firewall traversal option as there is in Vista (i.e. only applications themselves can invoke Teredo on XP by calling a specific Windows Socket option).
    In short, IPv6 on XP is fine if you are writing your own protocol agnostic application, or wish to experiment with pinging, etc.


    So can an application be developed on XP, using the Teredo framework,  that will work with both IPv4 and IPv6, using the same code, but having a address config setting that can be entered in either format?

    Also, do you have an idea of how quickly the backbone will become IPv6 aware, and support both types of traffic.  And will systems such as IM and Windows Messenger become the new DNS system of sorts.  Of course web browsing will continue to use DNS, and I'm sure the DNS system as a whole will incorporate IPv6 along with the rest of the Internet community.

    An idea??:
    Maybe in the future you won't be concerned of hitting a web server at  name.ispserver.backbone.com:port, but rather just connect to  name@live.com, or name@gmail.com, and emails will now be configured on a person's machine (possibly through the IM software), as being a personal domain name if you will?
    What do channel 9ers think? or Michael Surkan?
  • tranbonium wrote:

    So can an application be developed on XP, using the Teredo framework,  that will work with both IPv4 and IPv6, using the same code, but having a address config setting that can be entered in either format?

    Also, do you have an idea of how quickly the backbone will become IPv6 aware, and support both types of traffic.  And will systems such as IM and Windows Messenger become the new DNS system of sorts.  Of course web browsing will continue to use DNS, and I'm sure the DNS system as a whole will incorporate IPv6 along with the rest of the Internet community.


    Yes, applications can be developed for XP that are capable of working with Teredo. However, the app would have to have different case handling for Vista and XP since the way to activate Teredo on XP is different than in Vista. Also, since IPv6 is off by default on XP, the application would either have to turn it on, or recommend users do so if it really wanted to rely on Teredo. This can create some usability issues since a reboot is required with installing and uninstalling IPv6 on XP (i.e. some users don't like having to do a reboot when installing an app).

    As far as IPv6 backbone adoption goes, I suspect that it will occur as the percentage of tunnelled IPv6 traffic increases. ISPs don't like tunnelled traffic, and if 50% or better of all their traffic was in Teredo or 6to4 tunnels, they would likely want to start provisioning v6 natively.

    We do see some ISPs moving towards IPv6 already. In Asia some ISPs are moving there right now (some ISPs provision IPv6 in Japan). Interestingly, some of the motivation for IPv6 we are hearing from some large North American ISPs is due to a lack of IPv4 address space for managing all the devices on their networks. A large ISPs with 20 million users or so might need 4 or 5 IP addresses per customer just to manage set-top boxes, IP phones, cable modems, etc. There simply isn't any extra contiguous IPv4 address spaces available to handle those kinds of needs. One large American ISP has told us they have aggressive plans to have IPv6 deployed on their networks by 2008. However, they still plan on provisioning their Internet customers with IPv4 addresses, but all the other devices their customers have would be managed with IPv6. This means this ISP would only have to use one IPv4 address per customer.
  • IPv6 is a subject, that really get-s me mad for over 10 years now.

    Pushing IPv6, getting rid of NAT that would be really great.

    Will it happen? I doubt it for many years to come.

    I even start to doubt 'evolution' as a mechanism in nature, since CIOs/roots/admins all are too comfortable with a NAT/FW-type of 'lame-duck'-construction of their networks. And the ISPs and Telcos, while using IPv6 internally, don-t really propagate it.

    I know numerous stories of troubles/problems and countless man-hours, dealing with traffic-problems. Yet, I write this on a LAN-pc behind NAT/FW. Sharing one ISP-address with 200+ others. I assure you. Bittorrents are finding their way through, no matter what. So does maleware...

    Still I don-t like the (typical) Microsoft-idea to host the "Teredo"-Servers, which is another word for 'Trackers' and logging all traffic that goes through. I know, I know, but that-s typical for you: good intentions - bad execution.

    It is also funny to see one dev-department trying to make Vista as secure as possible, while the other dev tries to find ways to break it, to allow communication. Hen and egg-dilemma, all over again. Unsolvable IMHO.
  • BuckyBit wrote:
    Will it happen? I doubt it for many years to come.

    Still I don-t like the (typical) Microsoft-idea to host the "Teredo"-Servers, which is another word for 'Trackers' and logging all traffic that goes through.


    I agree that IPv6 likely won't completely supplant IPv4 for a decade or more. However, I am really quite amazed at the recent progress being made towards supporting it. 2 years ago major software vendors didn't want to give me the time of day when asking about IPv6 plans. Now, however, I am being constantly blind-sided by yet another major software developer asking for advice on working with IPv6.

    True, much of this developer interest in IPv6 stems from the US government requirements for requiring IPv6 support in 2008, but the impact this is having on the software industry is quite pronounced.

    Enterprise-class hardware vendors have almost completely migrated their products to supporting IPv6 now. This is a MAJOR change from just 2004 when these same router vendors would get in big arguments as to whether the market really
    "wanted" IPv6.

    Further, I am seeing so many prototype home routers, and SOHO networking, devices coming out with IPv6 support that my breath is just taken away with this. Almost all the major NAT vendors have 6to4 versions under works for sale early in 2007 (just one of the major vendors is a bit behind, with plans for mid-2007). The primary driver for this is the advent of Vista. But we are also having ISPs tacitly support Microsoft's requests for home router IPv6 support too. At a recent home router plug-fest we had at the Microsoft Redmond campus, a major US ISP stood up and told all the router vendors that they wanted IPv6 support by 2008.

    Yes, the slow adoption of IPv6 has been frustrating (to say the least), but we are finally seeing real traction now.

    As far as Microsoft's hosting of Teredo servers goes, I would like to point out that the Teredo servers have no idea what traffic is going through them. The only thing the Teredo servers know is the IP addresses of the systems using them. This isn't really much different from what a DNS host sees. Also, I should add that Microsoft really doesn't want to host Teredo servers (due to the expense) and is really pushing the adoption of 6to4 (hence the demands on home router vendors to support 6to4) so that Teredo isn't necessary for IPv6 traffic.
     
    There is also nothing to prevent anyone from hosting their own Teredo servers (it's an RFC after all, with implementations on multiple platforms), and we encourage it. Unfortunately, there doesn't seem to be a great business model that makes it attractive for people to host Teredo servers right now. You can't restrict who uses your Teredo server so anyone hosting one is just doing it for "the good of the community". Nevertheless, Microsoft is talking with ISPs to see if they are interested in hosting Teredo servers themselves. We will see what becomes of this...
  • Michael Surkan,
    will new DNS Servers support IPv6 (or maybe they already support), so we could assign IPv6 address to simple name like www.domain.com ?

    Thanks,
    Roma

  • aspnix wrote:
    will new DNS Servers support IPv6 (or maybe they already support), so we could assign IPv6 address to simple name like www.domain.com ?


    Yes, existing DNS hosts support IPv6, and you can have a standard domain name point to an IPv6 address.
  • Michael;

    I cannot quite tell what the default Teredo behavior is in Vista RTM.  For client-server archtiecture applications - say the Vista client user goes to an IPv6 website.  Is Teredo enabled by default?  Is any overt action required by the user to enable Teredo (like manually setting the Teredo server)?  Is there an autodiscovery mechanism for the Teredo server (like "isatap.domainname" for ISATAP)?  If the DNS resolver returns an IPv4 and an IPv6 address, will Vista use Teredo preferentially over IPv4?

    Is the Edge Traversal feature for "outbound" traffic, as well as for "inbound" (server) traffic?  Or just if Vista is acting as a server (or peer)?

    If this is clearly documented somewhere a link would be great.

    Thanks so much for your help.
  • I wish Microsoft would include support for IPV6 in the PPPoE interface on windows xp.  That would give me an easy way to provide ipv6 connectivity to my customers.   I understand that Vista is supposed to have that by default, but that doesnt't do me much good as 99.9% of my customers have older computers. Oh, and While you're at it,  why not upgrade ICS to support v6 routing. that way I dont have to wait for soho hardware vendors to make an ipv6 capable router. 

    -Michael
  • JohnSpence wrote:
    I cannot quite tell what the default Teredo behavior is in Vista RTM. Is Teredo enabled by default?  Is any overt action required by the user to enable Teredo? If the DNS resolver returns an IPv4 and an IPv6 address, will Vista use Teredo preferentially over IPv4?

    Is the Edge Traversal feature for "outbound" traffic, as well as for "inbound" (server) traffic?  Or just if Vista is acting as a server (or peer)?


    Teredo is on by default in Vista, so long as 1) the edge device allows ALL outbound UDP traffic and 2) an application or service authorized to use Teredo is sending or recieving IPv6 traffic.

    Most applications/services that want to use Teredo automatically enable the "Edge Traversal" option in the Windows Firewall exceptions (e.g. Live Messenger 8, Remote Assistance). However, if you want to make services like web hosting, ping, or file sharing accessible over Teredo you will have to manually set the "Edge Traversal" option in the Windows Firewall MMC snap-in Exception for that application/service (of course, this is only useful for applications that are IPv6 compatible, edge traversal won't have any impact on IPv4 only apps).

    Vista will prefer any IPv6 address it gets through DNS, even if it is a Teredo address. However, as a precaution to prevent overloading of DNS hosts Vista will NOT automatically register Teredo addresses with DNS. Also, if the only IPv6 interface on your system is a Teredo one, Vista will NOT do IPv6 DNS lookups (again to prevent overloading DNS hosts on the Internet).

    I think it is important to clarify the role of Teredo. Teredo is primarily useful in Peer-to-Peer communications with other systems that also have Teredo or 6to4 addresses. There are no supported Teredo relays on the Internet that would carry traffic between the general IPv6 Internet and Teredo.
     
    In short, Teredo is a great tool to improve Peer-to-Peer connectivity to other systems using Teredo, but it is not a good vehicle for gaining broader IPv6 connectivity. For this 6to4 is highly recommended, which does have supported relays on the Internet (Microsoft even hosts one).

    Technically, there is no reason that Teredo relays can't exist on the Internet (implementations have already been made). It's just that no one is hosting one for general use due to the cost issues (i.e. you can't make people pay for using it). Every once in a while a Teredo relay shows up on the Internet, but they are quickly taken down again when the owners realize that all Teredo traffic starts to be routed through them.
  • Michael Surkan wrote:
    In early 2007 you will start to see NATs sold with the Vista logo. Additionally, some of my colleagues are working on a downloadable NAT testing tool that will tell what classification of NAT you have, and how well it works with Vista. This makes it possible for anyone to test their own NATs. This NAT evaulation tool will be released someone in the next few months.

    It's March already. In germany there is only 2 routers available with Vista Logo. And they cost about 300€. Not very home friendly Sad

    Is this testing tool already available for download?
  • nesher wrote:
    Is this testing tool already available for download?


    Yes, the IGD (Internet Gateway Device) test tool is now available for end-users.

    http://www.microsoft.com/windows/using/tools/igd/default.mspx

    This tools is great for checking for many common IGD issues. Unfortunately, this version of the test tool doesn't check for IPv6 support.
  • Sorry If this was already covered.  What about the issue of 2 queries being made, both ipv4 and ipv6 at the same time on vista.  This could almost double the internet load from windows users who switch to vista.  This could have a tremendous problem on the already lagged ns's.

    Will there be a future patch to disable this by default?  Like a service pack that users are forced to download. Because we all know if its an options the average user will never download it.  And if you notify them, most people Don't register there copies of windows, Or read emails from ms.  Well I don't nor know any one who does.  So contacting them would be another issue.  And even then they probably would not care.


  • vortek wrote:
    What about the issue of 2 queries being made, both ipv4 and ipv6 at the same time on vista.  This could almost double the internet load from windows users who switch to vista.  This could have a tremendous problem on the already lagged ns's.


    Initially, the impact of additional v6 DNS queries should be minimal since Vista will not do an IPv6 name query unless the client system has a native IPv6 address (i.e. not Teredo). Since very few networks provide v6 addresses, there will be a small number of v6 lookups. Eventually, there will be a pick-up in v6 queries as more 6to4 routers, and native v6 networks, are deployed. However, this should give network providers plenty of time to increase their name server capacity to handle the additional traffic.

    Here are details on how Vista IPv6 DNS queries work.

    http://www.microsoft.com/technet/network/ipv6/vista_dns.mspx
  • 1. By any chance you will list all the points that needs to be looked into while moving an application from IPV4 to IPV6
    2. Any tool that we can use, to see if the application is IPV6 compatible
    3. Case study in terms of performance of IPV4 to IPV6 conversion would be appreciated, this is one thing which I think MS team lacks a lot Smiley

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.