Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Comments

Michael Surkan Michael Surkan
  • Michael Surkan: Introduction to IPV6

    vortek wrote:
    What about the issue of 2 queries being made, both ipv4 and ipv6 at the same time on vista.  This could almost double the internet load from windows users who switch to vista.  This could have a tremendous problem on the already lagged ns's.


    Initially, the impact of additional v6 DNS queries should be minimal since Vista will not do an IPv6 name query unless the client system has a native IPv6 address (i.e. not Teredo). Since very few networks provide v6 addresses, there will be a small number of v6 lookups. Eventually, there will be a pick-up in v6 queries as more 6to4 routers, and native v6 networks, are deployed. However, this should give network providers plenty of time to increase their name server capacity to handle the additional traffic.

    Here are details on how Vista IPv6 DNS queries work.

    http://www.microsoft.com/technet/network/ipv6/vista_dns.mspx
  • Michael Surkan: Introduction to IPV6

    nesher wrote:
    Is this testing tool already available for download?


    Yes, the IGD (Internet Gateway Device) test tool is now available for end-users.

    http://www.microsoft.com/windows/using/tools/igd/default.mspx

    This tools is great for checking for many common IGD issues. Unfortunately, this version of the test tool doesn't check for IPv6 support.
  • Michael Surkan: Introduction to IPV6

    JohnSpence wrote:
    I cannot quite tell what the default Teredo behavior is in Vista RTM. Is Teredo enabled by default?  Is any overt action required by the user to enable Teredo? If the DNS resolver returns an IPv4 and an IPv6 address, will Vista use Teredo preferentially over IPv4?

    Is the Edge Traversal feature for "outbound" traffic, as well as for "inbound" (server) traffic?  Or just if Vista is acting as a server (or peer)?


    Teredo is on by default in Vista, so long as 1) the edge device allows ALL outbound UDP traffic and 2) an application or service authorized to use Teredo is sending or recieving IPv6 traffic.

    Most applications/services that want to use Teredo automatically enable the "Edge Traversal" option in the Windows Firewall exceptions (e.g. Live Messenger 8, Remote Assistance). However, if you want to make services like web hosting, ping, or file sharing accessible over Teredo you will have to manually set the "Edge Traversal" option in the Windows Firewall MMC snap-in Exception for that application/service (of course, this is only useful for applications that are IPv6 compatible, edge traversal won't have any impact on IPv4 only apps).

    Vista will prefer any IPv6 address it gets through DNS, even if it is a Teredo address. However, as a precaution to prevent overloading of DNS hosts Vista will NOT automatically register Teredo addresses with DNS. Also, if the only IPv6 interface on your system is a Teredo one, Vista will NOT do IPv6 DNS lookups (again to prevent overloading DNS hosts on the Internet).

    I think it is important to clarify the role of Teredo. Teredo is primarily useful in Peer-to-Peer communications with other systems that also have Teredo or 6to4 addresses. There are no supported Teredo relays on the Internet that would carry traffic between the general IPv6 Internet and Teredo.
     
    In short, Teredo is a great tool to improve Peer-to-Peer connectivity to other systems using Teredo, but it is not a good vehicle for gaining broader IPv6 connectivity. For this 6to4 is highly recommended, which does have supported relays on the Internet (Microsoft even hosts one).

    Technically, there is no reason that Teredo relays can't exist on the Internet (implementations have already been made). It's just that no one is hosting one for general use due to the cost issues (i.e. you can't make people pay for using it). Every once in a while a Teredo relay shows up on the Internet, but they are quickly taken down again when the owners realize that all Teredo traffic starts to be routed through them.
  • Michael Surkan: Introduction to IPV6

    aspnix wrote:
    will new DNS Servers support IPv6 (or maybe they already support), so we could assign IPv6 address to simple name like www.domain.com ?


    Yes, existing DNS hosts support IPv6, and you can have a standard domain name point to an IPv6 address.
  • Michael Surkan: Introduction to IPV6

    BuckyBit wrote:
    Will it happen? I doubt it for many years to come.

    Still I don-t like the (typical) Microsoft-idea to host the "Teredo"-Servers, which is another word for 'Trackers' and logging all traffic that goes through.


    I agree that IPv6 likely won't completely supplant IPv4 for a decade or more. However, I am really quite amazed at the recent progress being made towards supporting it. 2 years ago major software vendors didn't want to give me the time of day when asking about IPv6 plans. Now, however, I am being constantly blind-sided by yet another major software developer asking for advice on working with IPv6.

    True, much of this developer interest in IPv6 stems from the US government requirements for requiring IPv6 support in 2008, but the impact this is having on the software industry is quite pronounced.

    Enterprise-class hardware vendors have almost completely migrated their products to supporting IPv6 now. This is a MAJOR change from just 2004 when these same router vendors would get in big arguments as to whether the market really
    "wanted" IPv6.

    Further, I am seeing so many prototype home routers, and SOHO networking, devices coming out with IPv6 support that my breath is just taken away with this. Almost all the major NAT vendors have 6to4 versions under works for sale early in 2007 (just one of the major vendors is a bit behind, with plans for mid-2007). The primary driver for this is the advent of Vista. But we are also having ISPs tacitly support Microsoft's requests for home router IPv6 support too. At a recent home router plug-fest we had at the Microsoft Redmond campus, a major US ISP stood up and told all the router vendors that they wanted IPv6 support by 2008.

    Yes, the slow adoption of IPv6 has been frustrating (to say the least), but we are finally seeing real traction now.

    As far as Microsoft's hosting of Teredo servers goes, I would like to point out that the Teredo servers have no idea what traffic is going through them. The only thing the Teredo servers know is the IP addresses of the systems using them. This isn't really much different from what a DNS host sees. Also, I should add that Microsoft really doesn't want to host Teredo servers (due to the expense) and is really pushing the adoption of 6to4 (hence the demands on home router vendors to support 6to4) so that Teredo isn't necessary for IPv6 traffic.
     
    There is also nothing to prevent anyone from hosting their own Teredo servers (it's an RFC after all, with implementations on multiple platforms), and we encourage it. Unfortunately, there doesn't seem to be a great business model that makes it attractive for people to host Teredo servers right now. You can't restrict who uses your Teredo server so anyone hosting one is just doing it for "the good of the community". Nevertheless, Microsoft is talking with ISPs to see if they are interested in hosting Teredo servers themselves. We will see what becomes of this...
  • Michael Surkan: Introduction to IPV6

    tranbonium wrote:

    So can an application be developed on XP, using the Teredo framework,  that will work with both IPv4 and IPv6, using the same code, but having a address config setting that can be entered in either format?

    Also, do you have an idea of how quickly the backbone will become IPv6 aware, and support both types of traffic.  And will systems such as IM and Windows Messenger become the new DNS system of sorts.  Of course web browsing will continue to use DNS, and I'm sure the DNS system as a whole will incorporate IPv6 along with the rest of the Internet community.


    Yes, applications can be developed for XP that are capable of working with Teredo. However, the app would have to have different case handling for Vista and XP since the way to activate Teredo on XP is different than in Vista. Also, since IPv6 is off by default on XP, the application would either have to turn it on, or recommend users do so if it really wanted to rely on Teredo. This can create some usability issues since a reboot is required with installing and uninstalling IPv6 on XP (i.e. some users don't like having to do a reboot when installing an app).

    As far as IPv6 backbone adoption goes, I suspect that it will occur as the percentage of tunnelled IPv6 traffic increases. ISPs don't like tunnelled traffic, and if 50% or better of all their traffic was in Teredo or 6to4 tunnels, they would likely want to start provisioning v6 natively.

    We do see some ISPs moving towards IPv6 already. In Asia some ISPs are moving there right now (some ISPs provision IPv6 in Japan). Interestingly, some of the motivation for IPv6 we are hearing from some large North American ISPs is due to a lack of IPv4 address space for managing all the devices on their networks. A large ISPs with 20 million users or so might need 4 or 5 IP addresses per customer just to manage set-top boxes, IP phones, cable modems, etc. There simply isn't any extra contiguous IPv4 address spaces available to handle those kinds of needs. One large American ISP has told us they have aggressive plans to have IPv6 deployed on their networks by 2008. However, they still plan on provisioning their Internet customers with IPv4 addresses, but all the other devices their customers have would be managed with IPv6. This means this ISP would only have to use one IPv4 address per customer.
  • Michael Surkan: Introduction to IPV6

    philsbbs wrote:
    I think it would have been good if you mentioned how to turn on ipv6 in xp etc. In case some people wanted to switch.


    You can find instructions for turning on IPv6 on Windows XP in the IPv6 FAQ here:

    http://www.microsoft.com/technet/itsolutions/network/ipv6/ipv6faq.mspx

    However, keep in mind that very little of the operating system in Windows XP supports IPv6. For example, the Remote Assistance tool in Windows XP doesn't work with IPv6. Also, Teredo can't be configured with an Edge Firewall traversal option as there is in Vista (i.e. only applications themselves can invoke Teredo on XP by calling a specific Windows Socket option).

    In short, IPv6 on XP is fine if you are writing your own protocol agnostic application, or wish to experiment with pinging, etc.
  • Michael Surkan: Introduction to IPV6

    intelman wrote:
    If this is so easy and so great, I would really like to see Live Messenger use this.


    Actually, the new 8.1 beta of Live Messenger does support IPv6 for file transfers, and sets the Edge Traversal flag when installed on Vista, so it can work with Teredo. However, there are still a couple issues with timing that prevent all messenger file transfers from using Teredo all the time. In particular, Messenger doesn't wait very long for Teredo to start up before it resorts to a slower speed relay link (i.e. if Teredo was already working this won't be a problem, but if it is the first time it was used then it's a problem). This will hopefully be solved in the next messenger release.

    Unfortunately, the only part of messenger that supports IPv6 today is the file transfers. We are talking with them about their VOIP features.

    We are also talking with other peer-to-peer vendors about Teredo and IPv6, but I haven't heard firm plans from these vendors for supporting IPv6 yet.

    I should be careful to set expectations appropriately here. Teredo is not some panacea that solves ALL NAT connectivity issues. In fact, Teredo is just implementing many of the tricks that messenger (and other peer-to-peer applications) have already employed. The big difference with Teredo is that it is open for any application to use it, and there is no need for developers to create their own NAT traversal infrastructures.

    The one glaring hole in NAT traversal that Teredo doesn't cover is with Symmetric NATs. About 18% of NATs have Symmetric behaviour, and Teredo doesn't work well with them (or any other peer-to-peer software). If you extrapolate the numbers this is a big issue, since there is a high chance of failure if just one of the parties in a connection is behind a Symmetric NAT. What really annoying about this is that NAT vendors never specify which classification of device they are (e.g. CONE, restricted, Symmetric, etc). This makes it impossible for users to even make educated decisions as to which NATs to buy.

    Fortunately, there is a Vista router logo program that will go to NATs that pass a series of tests the Windows networking team has created, and NO Symmetric NAT will pass these tests. In early 2007 you will start to see NATs sold with the Vista logo. Additionally, some of my colleagues are working on a downloadable NAT testing tool that will tell what classification of NAT you have, and how well it works with Vista. This makes it possible for anyone to test their own NATs. This NAT evaulation tool will be released someone in the next few months.
  • Michael Surkan: Introduction to IPV6

    mpcm wrote:
    There are a lot of people, who want the layer of seperation provided by NATS, and in fact I plan to run an IPV6 NAT. Anyone find this a strange suggestion that NAT's are just something to fix a simple problem, and not what I think many people use them for?


    I completely agree that there is value in having some sort of edge security on a network. To that end, all the IPv6 equipped home routers that I know about (to be on the market in 2007) all have IPv6 firewalls. This will ensure that all inbound traffic is blocked unless there was an outbound request first.

    I don't think that simply obscuring the IP address of your PC with a NAT really offers all that much protection. Someone could still spoof packets to get back in through the NAT. The only thing that a NAT does, beyond some simple firewall-like functionality, is to make legitimate peer-to-peer connectivity difficult.

    I suppose one could argue that peer-to-peer services just aren't used that much today due to all the NAT issues, and that IPv6 could be making things more "insecure" by the mere virtue of enabling more peer-to-peer scenarios. But by this logic we could say that shark attacks would decrease if people just stayed out of the ocean.

    IPv6 doesn't make you more insecure than with a NAT, but it does make it possible for you to do more things on the network that were otherwise impossible, and some of these new capabilities might create new vulnerabilities. But this is a seperate discussion.
  • Michael Surkan: Introduction to IPV6

    fivestrokes wrote:
    The one you mentioned that was more interesting to me was to block access to the domain teredo.ipv6.microsoft.com in the firewall. Teredo will not work if it cannot resolve this domain. I prefer this method. Is it likely that teredo could use additional domains or is this the only domain it uses exclusively?


    Yes, this is the only domain Teredo tries to resolve to. However, it is possible to manually configure the client to point to a specific Teredo server if the user wishes. So, preventing resolution of teredo.ipv6.microsoft.com would certainly stop most people from using Teredo, but it is still possible for a power user to redirect the client to a different server if they wish.

    Of course, there would have to be some other Teredo server hosted in this case.