Mailing List Archive

So Xbox One is actually the first (at least well-known) device/network/service/etc that uses IPv6 the way it was supposed to be, with IPSec?

--
Tassos

Tore Anderson wrote on 9/10/2013 23:54:
> http://www.nanog.org/sites/default/files/wed.general.palmer.xbox_.47.pdf
>
> Quoting from slide 2:
>
> «Network operators that want to provide the best possible user
> experience for Xbox One Users:
> * Provide IPv6 Connectivity»
>
> Gamers tend to be a demanding bunch. I can tell from a ton of forum
> posts and such that a common problem of theirs is that the Xbox (360)
> reports the «NAT Type» as being «Moderate» or even «Strict». If word
> gets around in those communities that a reliable remedy for such
> problems is to switch to an ISP that supports IPv6...
>
> Kudos to Chris and Microsoft!
>
> Anyone have any information on the PS4?
>
> Tore
>

Agree kudos to Chris, however, I understand that Teredo still could be
preferred over native IPv6? :(

I am curious how might one participate in early adopter testing?

Also Comcast launched residential native IPv6 in WA state it might be
interesting to get some details around how testing is going?

John


On Wed, Oct 9, 2013 at 4:54 PM, Tore Anderson <tore@fud.no> wrote:

> http://www.nanog.org/sites/default/files/wed.general.palmer.xbox_.47.pdf
>
> Quoting from slide 2:
>
> «Network operators that want to provide the best possible user
> experience for Xbox One Users:
> * Provide IPv6 Connectivity»
>
> Gamers tend to be a demanding bunch. I can tell from a ton of forum
> posts and such that a common problem of theirs is that the Xbox (360)
> reports the «NAT Type» as being «Moderate» or even «Strict». If word
> gets around in those communities that a reliable remedy for such
> problems is to switch to an ISP that supports IPv6...
>
> Kudos to Chris and Microsoft!
>
> Anyone have any information on the PS4?
>
> Tore
>

On Oct 9, 2013, at 1:54 PM, Tore Anderson <tore@fud.no> wrote:

> http://www.nanog.org/sites/default/files/wed.general.palmer.xbox_.47.pdf
>
> Quoting from slide 2:
>
> «Network operators that want to provide the best possible user
> experience for Xbox One Users:
> * Provide IPv6 Connectivity»
>
> Gamers tend to be a demanding bunch. I can tell from a ton of forum
> posts and such that a common problem of theirs is that the Xbox (360)
> reports the «NAT Type» as being «Moderate» or even «Strict». If word
> gets around in those communities that a reliable remedy for such
> problems is to switch to an ISP that supports IPv6...
>
> Kudos to Chris and Microsoft!

Yes, kudos.

Slide 6 could be summarized as "follow 'Simple Security in IPv6 Gateway CPE' RFC6092", I think?

-d



>
> Anyone have any information on the PS4?
>
> Tore

On Oct 9, 2013, at 2:55 PM, Tassos Chatzithomaoglou <achatz@forthnetgroup.gr> wrote:

> So Xbox One is actually the first (at least well-known) device/network/service/etc that uses IPv6 the way it was supposed to be, with IPSec?

Apple's Back to my Mac (documented in RFC6281) and Microsoft's DirectAccess both run over IPv6 (tunneling over IPv4 when necessary) and both use IPsec.

-d


>
> --
> Tassos
>
> Tore Anderson wrote on 9/10/2013 23:54:
>> http://www.nanog.org/sites/default/files/wed.general.palmer.xbox_.47.pdf
>>
>> Quoting from slide 2:
>>
>> «Network operators that want to provide the best possible user
>> experience for Xbox One Users:
>> * Provide IPv6 Connectivity»
>>
>> Gamers tend to be a demanding bunch. I can tell from a ton of forum
>> posts and such that a common problem of theirs is that the Xbox (360)
>> reports the «NAT Type» as being «Moderate» or even «Strict». If word
>> gets around in those communities that a reliable remedy for such
>> problems is to switch to an ISP that supports IPv6...
>>
>> Kudos to Chris and Microsoft!
>>
>> Anyone have any information on the PS4?
>>
>> Tore
>>
>

I appreciate the enthusiasm :).

As a general principal, providing native IPv6 to the end-user device will reduce the support cost to a network operator - because gamers do call their ISP if they can't get things working.

There are some network effects that complicate the story. Inevitably we have to use Teredo for lots of P2P, because IPv6 is so rare. You might have IPv6, but if your peer doesn't - alas. Also, address selection is sensitive to policy that we'll be tuning as the Xbox One launch progresses.

Separate from the reliability, complexity, and troubleshooting costs of IPv4 P2P - native IPv6 gives you a significant increase in effective bandwidth if utilized, because we drop the IPv4 and UDP header for Teredo.

We're really hoping to see more network operators follow the lead of Comcast, Free, Google Fiber, others - and push IPv6 into the residential market.

More technical details, (but less pictures) are at

http://download.microsoft.com/download/A/C/4/AC4484B8-AA16-446F-86F8-BDFC498F8732/Xbox%20One%20Technical%20Details.docx


-----Original Message-----
From: ipv6-ops-bounces+christopher.palmer=microsoft.com@lists.cluenet.de [mailto:ipv6-ops-bounces+christopher.palmer=microsoft.com@lists.cluenet.de] On Behalf Of Dan Wing
Sent: Wednesday, October 9, 2013 6:00 PM
To: Tassos Chatzithomaoglou
Cc: Tore Anderson; ipv6-ops@lists.cluenet.de
Subject: Re: Microsoft: Give Xbox One users IPv6 connectivity


On Oct 9, 2013, at 2:55 PM, Tassos Chatzithomaoglou <achatz@forthnetgroup.gr> wrote:

> So Xbox One is actually the first (at least well-known) device/network/service/etc that uses IPv6 the way it was supposed to be, with IPSec?

Apple's Back to my Mac (documented in RFC6281) and Microsoft's DirectAccess both run over IPv6 (tunneling over IPv4 when necessary) and both use IPsec.

-d


>
> --
> Tassos
>
> Tore Anderson wrote on 9/10/2013 23:54:
>> http://www.nanog.org/sites/default/files/wed.general.palmer.xbox_.47.
>> pdf
>>
>> Quoting from slide 2:
>>
>> <Network operators that want to provide the best possible user
>> experience for Xbox One Users:
>> * Provide IPv6 Connectivity>
>>
>> Gamers tend to be a demanding bunch. I can tell from a ton of forum
>> posts and such that a common problem of theirs is that the Xbox (360)
>> reports the <NAT Type> as being <Moderate> or even <Strict>. If word
>> gets around in those communities that a reliable remedy for such
>> problems is to switch to an ISP that supports IPv6...
>>
>> Kudos to Chris and Microsoft!
>>
>> Anyone have any information on the PS4?
>>
>> Tore
>>
>

Hi Chris,

On 10/10/2013, at 12:22 PM, Christopher Palmer <Christopher.Palmer@microsoft.com> wrote:

> I appreciate the enthusiasm :).
>
> As a general principal, providing native IPv6 to the end-user device will reduce the support cost to a network operator - because gamers do call their ISP if they can't get things working.
>
> There are some network effects that complicate the story. Inevitably we have to use Teredo for lots of P2P, because IPv6 is so rare. You might have IPv6, but if your peer doesn't - alas. Also, address selection is sensitive to policy that we'll be tuning as the Xbox One launch progresses.
>
> Separate from the reliability, complexity, and troubleshooting costs of IPv4 P2P - native IPv6 gives you a significant increase in effective bandwidth if utilized, because we drop the IPv4 and UDP header for Teredo.
>
> We're really hoping to see more network operators follow the lead of Comcast, Free, Google Fiber, others - and push IPv6 into the residential market.
>
> More technical details, (but less pictures) are at
>
> http://download.microsoft.com/download/A/C/4/AC4484B8-AA16-446F-86F8-BDFC498F8732/Xbox%20One%20Technical%20Details.docx

In considering the currently observed 35% Teredo connection establishment failure rate that we discussed at NANOG this afternoon, you also pointed out that it would all be teredo peer to peer, and yes, when its all teredo to teredo it becomes V4 to V4 peer to peer and the factor of Teredo relays is less prominent.

But I've thought about your response, and if I'm allowed to dream (!), and in that dream where the efforts of COmcast, Google etc with IPv6 bear fruit, and I'm allowed to contemplate a world of, say, 33% IPv6 and 66% V4, then wouldn't we then see the remaining Teredo folk having 33% of their peer sessions head into Teredo relays to get to those 33% who are using unicast IPv6? And wouldn't that require these Teredo relays that we all know have been such a performance headache?

I applaud what you guys are doing, really, but from my perspective it looks like the reliance on Teredo is really quite scary given what we see out there about how it behaves, and I'm kinda wondering what I'm missing here that you obviously must've thought through in justifying this product decision!

cheers,

Geoff

On Thu, Oct 10, 2013 at 12:19 PM, Geoff Huston <gih@apnic.net> wrote:

> But I've thought about your response, and if I'm allowed to dream (!), and
> in that dream where the efforts of COmcast, Google etc with IPv6 bear
> fruit, and I'm allowed to contemplate a world of, say, 33% IPv6 and 66% V4,
> then wouldn't we then see the remaining Teredo folk having 33% of their
> peer sessions head into Teredo relays to get to those 33% who are using
> unicast IPv6? And wouldn't that require these Teredo relays that we all
> know have been such a performance headache?
>

Can't you fix that by telling the app "if all you have is Teredo, prefer
Teredo even if the peer has native IPv6 as well"?

Of course this breaks down when IPv4 goes away, once IPv4 starts going away
then there's really way to do peer-to-peer without relays, right? (Also,
IPv4 going away is relatively far away at this point.)

Hi,

On 10 October 2013 14:25, Lorenzo Colitti <lorenzo@google.com> wrote:

> On Thu, Oct 10, 2013 at 12:19 PM, Geoff Huston <gih@apnic.net> wrote:
>
>> But I've thought about your response, and if I'm allowed to dream (!),
>> and in that dream where the efforts of COmcast, Google etc with IPv6 bear
>> fruit, and I'm allowed to contemplate a world of, say, 33% IPv6 and 66% V4,
>> then wouldn't we then see the remaining Teredo folk having 33% of their
>> peer sessions head into Teredo relays to get to those 33% who are using
>> unicast IPv6? And wouldn't that require these Teredo relays that we all
>> know have been such a performance headache?
>>
>
> Can't you fix that by telling the app "if all you have is Teredo, prefer
> Teredo even if the peer has native IPv6 as well"?
>
> Of course this breaks down when IPv4 goes away, once IPv4 starts going
> away then there's really way to do peer-to-peer without relays, right?
> (Also, IPv4 going away is relatively far away at this point.)
>

These issues are discussed in the document:
---
Even for users that *do have native IPv6 – Teredo will be used to interact
with IPv4-only peers*, or in cases where IPv6 connectivity between peers is
not functioning. In general, Xbox One will dynamically assess and use the
best available connectivity method (Native IPv6, Teredo, and even IPv4).
The implementation is similar in sprit to RFC
6555<http://tools.ietf.org/html/rfc6555>
.

For that reason, it is important for all interested network operators to
understand Teredo operating requirements. Xbox One *does not support
operating on an IPv6-only* network because of the need to reliably
interoperate with nodes on IPv4-only networks.
---

John

John and Lorenzo beat me to it :).

Example:
Samantha has native IPv6 and Teredo.
Albert has Teredo only.

Albert, in destination address selection, will chose Samantha's Teredo address. Samantha, in source address selection, will use her Teredo address. This will avoid relay traversal.

Xbox P2P policy is a bit more sophisticated than RFC 6724, but I note that the avoidance of Teredo relays is also part of Windows behavior. Windows address selection is a fairly clean implementation of RFC 6724. In RFC 6724 terms, Teredo -> Teredo is a label match (Rule 5), Teredo -> Native IPv6 is not. The biggest difference between us and the standard is the brokenness check.
This does complicate the dream. In order for a set of peers to use native IPv6 - BOTH peers have to have native available. In the pathological case, if half of the world has IPv6 and connects only to the other half that only has Teredo, and no one actually uses native IPv6.

Realistically, matchmaking is going to prefer users "close to you" (and a bunch of other things, like their gamer behavior and stuff). Naively I expect IPv6 traffic to start as local pockets, Albert playing against his neighbor, both with the same ISP. As IPv6 penetration grows hopefully we'll see significant P2P traffic across the Internet use native IPv6 transport.


From: ipv6-ops-bounces+christopher.palmer=microsoft.com@lists.cluenet.de [mailto:ipv6-ops-bounces+christopher.palmer=microsoft.com@lists.cluenet.de] On Behalf Of Lorenzo Colitti
Sent: Wednesday, October 9, 2013 8:26 PM
To: Geoff Huston
Cc: IPv6 Ops list; Christopher Palmer
Subject: Re: Microsoft: Give Xbox One users IPv6 connectivity

On Thu, Oct 10, 2013 at 12:19 PM, Geoff Huston <gih@apnic.net<mailto:gih@apnic.net>> wrote:
But I've thought about your response, and if I'm allowed to dream (!), and in that dream where the efforts of COmcast, Google etc with IPv6 bear fruit, and I'm allowed to contemplate a world of, say, 33% IPv6 and 66% V4, then wouldn't we then see the remaining Teredo folk having 33% of their peer sessions head into Teredo relays to get to those 33% who are using unicast IPv6? And wouldn't that require these Teredo relays that we all know have been such a performance headache?

Can't you fix that by telling the app "if all you have is Teredo, prefer Teredo even if the peer has native IPv6 as well"?

Of course this breaks down when IPv4 goes away, once IPv4 starts going away then there's really way to do peer-to-peer without relays, right? (Also, IPv4 going away is relatively far away at this point.)

* John Mann

> ---
> Even for users that *do have native IPv6 – Teredo will be used to
> interact with IPv4-only peers*, or in cases where IPv6 connectivity
> between peers is not functioning. In general, Xbox One will dynamically
> assess and use the best available connectivity method (Native IPv6,
> Teredo, and even IPv4). The implementation is similar in sprit to RFC
> 6555 <http://tools.ietf.org/html/rfc6555>.
>
> For that reason, it is important for all interested network operators to
> understand Teredo operating requirements. Xbox One *does not support
> operating on an IPv6-only* network because of the need to reliably
> interoperate with nodes on IPv4-only networks.
> ---

Perhaps you can fill in some details here, Chris...

Q1) Does the above requirement for IPv4 only apply for multiplayer/p2p?
In other words: Will the XB1 be able to connect to an IPv6-only [W]LAN
and allow the user to play single-player games while unlocking
achievements, downloading software updates, streaming Netflix, etc.?

Q2) If yes to Q1, will the presence of a NAT64+DNS64 style CGN allow
Teredo to work and thus enable multiplayer/p2p with IPv4-only peers?

Tore

Chris can you share details of the brokenness check? What variables are
considered?


On Thu, Oct 10, 2013 at 12:02 AM, Christopher Palmer <
Christopher.Palmer@microsoft.com> wrote:

> John and Lorenzo beat me to it J.****
>
> ** **
>
> Example:****
>
> Samantha has native IPv6 and Teredo.****
>
> Albert has Teredo only.****
>
> ** **
>
> Albert, in destination address selection, will chose Samantha’s Teredo
> address. Samantha, in source address selection, will use her Teredo
> address. This will avoid relay traversal.****
>
> ** **
>
> Xbox P2P policy is a bit more sophisticated than RFC 6724, but I note that
> the avoidance of Teredo relays is also part of Windows behavior. Windows
> address selection is a fairly clean implementation of RFC 6724. In RFC 6724
> terms, Teredo -> Teredo is a label match (Rule 5), Teredo -> Native IPv6 is
> not. The biggest difference between us and the standard is the brokenness
> check.****
>
> ****
>
> This does complicate the dream. In order for a set of peers to use native
> IPv6 – BOTH peers have to have native available. In the pathological case,
> if half of the world has IPv6 and connects only to the other half that only
> has Teredo, and no one actually uses native IPv6.****
>
> ** **
>
> Realistically, matchmaking is going to prefer users “close to you” (and a
> bunch of other things, like their gamer behavior and stuff). Naively I
> expect IPv6 traffic to start as local pockets, Albert playing against his
> neighbor, both with the same ISP. As IPv6 penetration grows hopefully we’ll
> see significant P2P traffic across the Internet use native IPv6 transport.
> ****
>
> ** **
>
> ** **
>
> *From:* ipv6-ops-bounces+christopher.palmer=microsoft.com@lists.cluenet.de[mailto:
> ipv6-ops-bounces+christopher.palmer=microsoft.com@lists.cluenet.de] *On
> Behalf Of *Lorenzo Colitti
> *Sent:* Wednesday, October 9, 2013 8:26 PM
> *To:* Geoff Huston
> *Cc:* IPv6 Ops list; Christopher Palmer
>
> *Subject:* Re: Microsoft: Give Xbox One users IPv6 connectivity****
>
> ** **
>
> On Thu, Oct 10, 2013 at 12:19 PM, Geoff Huston <gih@apnic.net> wrote:****
>
> But I've thought about your response, and if I'm allowed to dream (!), and
> in that dream where the efforts of COmcast, Google etc with IPv6 bear
> fruit, and I'm allowed to contemplate a world of, say, 33% IPv6 and 66% V4,
> then wouldn't we then see the remaining Teredo folk having 33% of their
> peer sessions head into Teredo relays to get to those 33% who are using
> unicast IPv6? And wouldn't that require these Teredo relays that we all
> know have been such a performance headache?****
>
> ** **
>
> Can't you fix that by telling the app "if all you have is Teredo, prefer
> Teredo even if the peer has native IPv6 as well"?****
>
> ** **
>
> Of course this breaks down when IPv4 goes away, once IPv4 starts going
> away then there's really way to do peer-to-peer without relays, right?
> (Also, IPv4 going away is relatively far away at this point.)****
>

On 2013-10-10 00:02, Christopher Palmer wrote:
> John and Lorenzo beat me to it J.
>
>
>
> Example:
>
> Samantha has native IPv6 and Teredo.
>
> Albert has Teredo only.

But what do you do with the more and more common case[1] where one gets
native IPv6 and IPv4-over-DSlite; especially considering the high rate
of connection problem over that IPv4 path? This as the dslite gateways
are heavily overloaded as most destinations (read: http/bittorrent) are
IPv4 only. Will then Teredo be used which is broken or the perfectly
working IPv6 native path?

Getting out over native IPv6 in that specific scenario will be the
better thing to do.

>From that perspective, applying the Apple-variant of Happy Eyeballs will
be beneficial. It will mean that one will have to expose all the
possible IPv4 and IPv6 addresses amongst peers so that they can try out
the variant combinations. SCTP or MP-TCP might be a good fit there too.


[1] German ISPs like Unitymedia, which is part of UPC/LibertyGlobal and
thus it is expected when that trial pans out that all other countries
where UPC is located will be following down that rabbit hole too....

On 10-10-2013 14:01, Brzozowski, John Jason wrote:
> Chris can you share details of the brokenness check? What variables are
> considered?

Perhaps native IPv6 on the client with firewall rules that do not permit
inbound traffic. A legit issue that can be expected to pop up.

Also, is there any active work on the uPNP extensions for IPv6 that
allow hole punching in the firewall rules? (for native IPv6).

* Would this method also apply to the Xbox 360 in the coming years?

Kind regards,

Seth
>
>
> On Thu, Oct 10, 2013 at 12:02 AM, Christopher Palmer
> <Christopher.Palmer@microsoft.com
> <mailto:Christopher.Palmer@microsoft.com>> wrote:
>
> John and Lorenzo beat me to it J.____
>
> __ __
>
> Example:____
>
> Samantha has native IPv6 and Teredo.____
>
> Albert has Teredo only.____
>
> __ __
>
> Albert, in destination address selection, will chose Samantha’s
> Teredo address. Samantha, in source address selection, will use her
> Teredo address. This will avoid relay traversal.____
>
> __ __
>
> Xbox P2P policy is a bit more sophisticated than RFC 6724, but I
> note that the avoidance of Teredo relays is also part of Windows
> behavior. Windows address selection is a fairly clean implementation
> of RFC 6724. In RFC 6724 terms, Teredo -> Teredo is a label match
> (Rule 5), Teredo -> Native IPv6 is not. The biggest difference
> between us and the standard is the brokenness check.____
>
> ____
>
> This does complicate the dream. In order for a set of peers to use
> native IPv6 – BOTH peers have to have native available. In the
> pathological case, if half of the world has IPv6 and connects only
> to the other half that only has Teredo, and no one actually uses
> native IPv6.____
>
> __ __
>
> Realistically, matchmaking is going to prefer users “close to you”
> (and a bunch of other things, like their gamer behavior and stuff).
> Naively I expect IPv6 traffic to start as local pockets, Albert
> playing against his neighbor, both with the same ISP. As IPv6
> penetration grows hopefully we’ll see significant P2P traffic
> across the Internet use native IPv6 transport.____
>
> __ __
>
> __ __
>
> *From:*ipv6-ops-bounces+christopher.palmer=microsoft.com@lists.cluenet.de
> <mailto:microsoft.com@lists.cluenet.de>
> [mailto:ipv6-ops-bounces+christopher.palmer
> <mailto:ipv6-ops-bounces%2Bchristopher.palmer>=microsoft.com@lists.cluenet.de
> <mailto:microsoft.com@lists.cluenet.de>] *On Behalf Of *Lorenzo Colitti
> *Sent:* Wednesday, October 9, 2013 8:26 PM
> *To:* Geoff Huston
> *Cc:* IPv6 Ops list; Christopher Palmer
>
>
> *Subject:* Re: Microsoft: Give Xbox One users IPv6 connectivity____
>
> __ __
>
> On Thu, Oct 10, 2013 at 12:19 PM, Geoff Huston <gih@apnic.net
> <mailto:gih@apnic.net>> wrote:____
>
> But I've thought about your response, and if I'm allowed to
> dream (!), and in that dream where the efforts of COmcast,
> Google etc with IPv6 bear fruit, and I'm allowed to contemplate
> a world of, say, 33% IPv6 and 66% V4, then wouldn't we then see
> the remaining Teredo folk having 33% of their peer sessions head
> into Teredo relays to get to those 33% who are using unicast
> IPv6? And wouldn't that require these Teredo relays that we all
> know have been such a performance headache?____
>
> __ __
>
> Can't you fix that by telling the app "if all you have is Teredo,
> prefer Teredo even if the peer has native IPv6 as well"?____
>
> __ __
>
> Of course this breaks down when IPv4 goes away, once IPv4 starts
> going away then there's really way to do peer-to-peer without
> relays, right? (Also, IPv4 going away is relatively far away at this
> point.)____
>
>

On Oct 9, 2013, at 11:19 PM, Geoff Huston <gih@apnic.net> wrote:

> I applaud what you guys are doing, really, but from my perspective it looks like the reliance on Teredo is really quite scary given what we see out there about how it behaves, and I'm kinda wondering what I'm missing here that you obviously must've thought through in justifying this product decision!

Geoff,

I've noticed some interesting behavior of the home-user CPE devices in recent years. They continue to push into the "application aware" department, and bring with them the defects of that. We're also seeing an increasing number of folks using carrier provided CPE in the states (eg: if you have ATT UVerse, you must use their device, including the software defects and lack of knobs that come with it).

These devices have many benefits of providing a consistent set of access, but also a consistent set of defects. It seems Microsoft is just using Teredo as their own "VPN" gateway to allow the relevant communication to be possible. No different than an enterprise that provides an "office router" for the teleworker to connect to IT resources which might be behind a VPN.

I've seen the internet continuing to shift in this direction with services, either all tunneled over http/https because that isn't blocked. They are just leveraging it to VPN out to avoid having a centralized server aggregate and relay as necessary.

This should be applauded as you mention above, as it preserves the e2e aspects while working around devices that are incapable of providing this type of service.

I for one anxiously await the update for the 360 devices to take advantage of the same technology ;)

It should resolve a significant number of IPv4 issues and if that were to come out, I suspect it would be a significant "killer app" driving adoption of IPv6 and upgrade of CPE/Cable Modems/whatnot.

- Jared

On 11/10/2013, at 1:35 AM, Jared Mauch <jared@puck.nether.net> wrote:

>
> On Oct 9, 2013, at 11:19 PM, Geoff Huston <gih@apnic.net> wrote:
>
>> I applaud what you guys are doing, really, but from my perspective it looks like the reliance on Teredo is really quite scary given what we see out there about how it behaves, and I'm kinda wondering what I'm missing here that you obviously must've thought through in justifying this product decision!
>
> Geoff,
>
> I've noticed some interesting behavior of the home-user CPE devices in recent years. They continue to push into the "application aware" department, and bring with them the defects of that. We're also seeing an increasing number of folks using carrier provided CPE in the states (eg: if you have ATT UVerse, you must use their device, including the software defects and lack of knobs that come with it).
>
> These devices have many benefits of providing a consistent set of access, but also a consistent set of defects. It seems Microsoft is just using Teredo as their own "VPN" gateway to allow the relevant communication to be possible. No different than an enterprise that provides an "office router" for the teleworker to connect to IT resources which might be behind a VPN.
>
> I've seen the internet continuing to shift in this direction with services, either all tunneled over http/https because that isn't blocked. They are just leveraging it to VPN out to avoid having a centralized server aggregate and relay as necessary.
>
> This should be applauded as you mention above, as it preserves the e2e aspects while working around devices that are incapable of providing this type of service.
>
> I for one anxiously await the update for the 360 devices to take advantage of the same technology ;)
>
> It should resolve a significant number of IPv4 issues and if that were to come out, I suspect it would be a significant "killer app" driving adoption of IPv6 and upgrade of CPE/Cable Modems/whatnot.
>
> - Jared

Agreed completely Jared.

My concern about Teredo's robustness however still remains.

We've been polling users with IPv6 tests embedded in a Google Ad campaign for some years now. We were interested in teredo, so we thought that if one of the presented URLs as part of the test was http://[<ipv6 address>] then we'd bypass the DNS and activate teredo on all those windows platforms out there. Which is effectively what happened.

However it was not all joy and happiness. In around 20 - 25% of cases we would see the initial part of the Teredo "handshake" which is the ICMP echo request, and the server responds with the echo responds, but then no more thereafter. No connection was made and the user's browser failed to load the URL.

Of those that succeeded with the ICMP exchange we also observer some 10% - 12% of cases would send us a SYN using the Teredo "channel", we would respond with a SYN+ACK, but there was nothing more from the remote end. It appeared that this was some kind of local filtering issue close to the client.

The result of this was that the Teredo connection failure rate was around 1 in 3. Which is not a viable outcome for many services (apart from torrents, but thats another story)

Chris has pointed out that in P2P the Teredo unit is trying to reach another Teredo unit, and even when the box is dual stacked, when the unit wants to speak to a remote teredo address it will also use teredo. So the theory says that there is no relay - to quote from http://technet.microsoft.com/en-us/library/bb457011.aspx

----
For packets destined for another Teredo host in a different site, the Teredo tunneling interface uses bubble packets as the substitute for the address resolution process of Neighbor Discovery when both Teredo hosts are across restricted NATs. The exchange of bubble packets creates address and port-specific mappings in both restricted NATs so that the two Teredo clients can send packets directly to each other. For more information, see "Initial communication between Teredo clients in different sites" in this article.
----

I have not gathered data on Teredo-to-Teredo reliability. The connection failure numbers quoted above make use of a Teredo Relay. But this teredo-to-teredo connection failure rate in the Internet appears to be a critical assumption here for this form of connection architecture.


Geoff

On Oct 10, 2013, at 4:56 PM, Geoff Huston wrote:
>
> I have not gathered data on Teredo-to-Teredo reliability. The connection failure numbers quoted above make use of a Teredo Relay. But this teredo-to-teredo connection failure rate in the Internet appears to be a critical assumption here for this form of connection architecture.

This does sound like something you could do with your measurement architecture. Just a little tweak here and there. Any chance of that?

- Mark

>
>
> Geoff
>

FYI, after I put up a blog post[1] about this topic this morning, there
are some interesting conversations happening on Hacker News and Reddit:

https://news.ycombinator.com/item?id=6526943


http://www.reddit.com/r/ipv6/comments/1o4zuk/microsoft_the_best_xbox_one_ga
ming_experience/


In my post, too, I pointed people to this mailing list, so hopefully we
may see some more subscribers interested in IPv6 operations.

Regards,
Dan

[1]
http://www.internetsociety.org/deploy360/blog/2013/10/microsoft-the-best-xb
ox-one-gaming-experience-will-be-over-ipv6/

--
Dan York
Senior Content Strategist, Internet Society
york@isoc.org <mailto:york@isoc.org> +1-802-735-1624
Jabber: york@jabber.isoc.org <mailto:york@jabber.isoc.org>
Skype: danyork http://twitter.com/danyork

http://www.internetsociety.org/deploy360/

* Mark Townsley

> On Oct 10, 2013, at 4:56 PM, Geoff Huston wrote:
>>
>> I have not gathered data on Teredo-to-Teredo reliability. The
>> connection failure numbers quoted above make use of a Teredo Relay.
>> But this teredo-to-teredo connection failure rate in the Internet
>> appears to be a critical assumption here for this form of connection
>> architecture.
>
> This does sound like something you could do with your measurement
> architecture. Just a little tweak here and there. Any chance of that?

I'm actually not so sure about that. p2p is a very different thing than
a controlled measurement of client connectivity to a known good web
server - even if that web server is on a Teredo address.

In this p2p case both ends may well be behind a stack of NATs each with
their own unique set of limitations and peculiarities. The whole
environment is anything but controlled.

So the question isn't whether or not Teredo is reliable per se, it's
more interesting to ask if it is more or less reliable than the current
STUN stuff in the Xbox 360 - and whether or not *that* is reliable to
begin with.
https://www.google.no/search?q=xbox+360+nat+type+moderate+strict seems
to answer that with "not at all"... I doubt Teredo is a whole lot
better, but I suspect it's as good as it gets on the IPv4 internet today.

Tore

On Oct 10, 2013, at 10:56 AM, Geoff Huston <gih@apnic.net> wrote:

> My concern about Teredo's robustness however still remains.
>
> We've been polling users with IPv6 tests embedded in a Google Ad campaign for some years now. We were interested in teredo, so we thought that if one of the presented URLs as part of the test was http://[<ipv6 address>] then we'd bypass the DNS and activate teredo on all those windows platforms out there. Which is effectively what happened.

Yes, i'm aware of your measurements and results, including the ones mentioned at the mic. (btw, thanks for doing these!)

Lots of folks do weird crap. I was at a friends house earlier this week and used his internet access and he has all sorts of stuff blocked outbound, including IMAP/SSL, SMTP-Submission, and I had to open up about 4 new ports just to get my outbound VPN working.

He would be someone where it might try to activate but then fail in some spectacular fashion. I've never seen a consumer device with such restrictions in place. At least it didn't try to proxy my DNS queries then fail with anything requiring EDNS0. I found lots of passive results from weekly DNS scans that turned up *very* interesting data about device and resolver behavior. I've not fully scripted the sifting, nor tried repeating with EDNS0 enabled scans, but interesting nonetheless.

I for one welcome the xbox revolution to push the killer-app success of IPv6 out to the consumer networks further. I predict we will be around 13-15% in 12 months as a result. (via the google measurement)

- Jared

On 11/10/2013, at 2:02 AM, Mark Townsley <mark@townsley.net> wrote:

>
> On Oct 10, 2013, at 4:56 PM, Geoff Huston wrote:
>>
>> I have not gathered data on Teredo-to-Teredo reliability. The connection failure numbers quoted above make use of a Teredo Relay. But this teredo-to-teredo connection failure rate in the Internet appears to be a critical assumption here for this form of connection architecture.
>
> This does sound like something you could do with your measurement architecture. Just a little tweak here and there. Any chance of that?

heh - yes, every chance of that happening.

Geoff

Geoff,

On 10/10/13 12:07 PM, "Geoff Huston" <gih@apnic.net> wrote:


>
>On 11/10/2013, at 2:02 AM, Mark Townsley <mark@townsley.net> wrote:
>
>>
>> On Oct 10, 2013, at 4:56 PM, Geoff Huston wrote:
>>>
>>> I have not gathered data on Teredo-to-Teredo reliability. The
>>>connection failure numbers quoted above make use of a Teredo Relay. But
>>>this teredo-to-teredo connection failure rate in the Internet appears
>>>to be a critical assumption here for this form of connection
>>>architecture.
>>
>> This does sound like something you could do with your measurement
>>architecture. Just a little tweak here and there. Any chance of that?
>
>heh - yes, every chance of that happening.

Excellent! Many thanks for all the great work you do with measurements -
I'll look forward to reading another article about this when you've had a
chance to analyze it all. :-)

Thanks,
Dan

--
Dan York
Senior Content Strategist, Internet Society
york@isoc.org <mailto:york@isoc.org> +1-802-735-1624
Jabber: york@jabber.isoc.org <mailto:york@jabber.isoc.org>
Skype: danyork http://twitter.com/danyork

http://www.internetsociety.org/deploy360/

On the native side, it's important to note that the traffic is IPsec protected, so the protocol and port information may be obfuscated and is in general is not predictable.

IKEv2 traffic is predictable, but we won't be using UPnP on the IPv6 side to enable in-bound IKEv2. Hopefully people follow the IETF recommendation and allow inbound IPsec/IKE to simply work. If not, it'll further encourage usage of traditional P2P mechanisms like Teredo, and we (as an industry) will have to put more energy into UPnP or PCP. That would be highly regrettable.

The thing about protocols like UPnP - the vendors who would ignore an IETF recommendation are likely to be the same vendors to skip out on making an adequate UPnP stack. Most people today do NOT have home routers that support UPnP.

-----Original Message-----
From: ipv6-ops-bounces+christopher.palmer=microsoft.com@lists.cluenet.de [mailto:ipv6-ops-bounces+christopher.palmer=microsoft.com@lists.cluenet.de] On Behalf Of Seth Mos
Sent: Thursday, October 10, 2013 6:01 AM
To: ipv6-ops@lists.cluenet.de
Subject: Re: Microsoft: Give Xbox One users IPv6 connectivity

On 10-10-2013 14:01, Brzozowski, John Jason wrote:
> Chris can you share details of the brokenness check? What variables
> are considered?

Perhaps native IPv6 on the client with firewall rules that do not permit inbound traffic. A legit issue that can be expected to pop up.

Also, is there any active work on the uPNP extensions for IPv6 that allow hole punching in the firewall rules? (for native IPv6).

* Would this method also apply to the Xbox 360 in the coming years?

Kind regards,

Seth
>
>
> On Thu, Oct 10, 2013 at 12:02 AM, Christopher Palmer
> <Christopher.Palmer@microsoft.com
> <mailto:Christopher.Palmer@microsoft.com>> wrote:
>
> John and Lorenzo beat me to it J.____
>
> __ __
>
> Example:____
>
> Samantha has native IPv6 and Teredo.____
>
> Albert has Teredo only.____
>
> __ __
>
> Albert, in destination address selection, will chose Samantha's
> Teredo address. Samantha, in source address selection, will use her
> Teredo address. This will avoid relay traversal.____
>
> __ __
>
> Xbox P2P policy is a bit more sophisticated than RFC 6724, but I
> note that the avoidance of Teredo relays is also part of Windows
> behavior. Windows address selection is a fairly clean implementation
> of RFC 6724. In RFC 6724 terms, Teredo -> Teredo is a label match
> (Rule 5), Teredo -> Native IPv6 is not. The biggest difference
> between us and the standard is the brokenness check.____
>
> ____
>
> This does complicate the dream. In order for a set of peers to use
> native IPv6 - BOTH peers have to have native available. In the
> pathological case, if half of the world has IPv6 and connects only
> to the other half that only has Teredo, and no one actually uses
> native IPv6.____
>
> __ __
>
> Realistically, matchmaking is going to prefer users "close to you"
> (and a bunch of other things, like their gamer behavior and stuff).
> Naively I expect IPv6 traffic to start as local pockets, Albert
> playing against his neighbor, both with the same ISP. As IPv6
> penetration grows hopefully we'll see significant P2P traffic
> across the Internet use native IPv6 transport.____
>
> __ __
>
> __ __
>
> *From:*ipv6-ops-bounces+christopher.palmer=microsoft.com@lists.cluenet.de
> <mailto:microsoft.com@lists.cluenet.de>
> [mailto:ipv6-ops-bounces+christopher.palmer
> <mailto:ipv6-ops-bounces%2Bchristopher.palmer>=microsoft.com@lists.cluenet.de
> <mailto:microsoft.com@lists.cluenet.de>] *On Behalf Of *Lorenzo Colitti
> *Sent:* Wednesday, October 9, 2013 8:26 PM
> *To:* Geoff Huston
> *Cc:* IPv6 Ops list; Christopher Palmer
>
>
> *Subject:* Re: Microsoft: Give Xbox One users IPv6
> connectivity____
>
> __ __
>
> On Thu, Oct 10, 2013 at 12:19 PM, Geoff Huston <gih@apnic.net
> <mailto:gih@apnic.net>> wrote:____
>
> But I've thought about your response, and if I'm allowed to
> dream (!), and in that dream where the efforts of COmcast,
> Google etc with IPv6 bear fruit, and I'm allowed to contemplate
> a world of, say, 33% IPv6 and 66% V4, then wouldn't we then see
> the remaining Teredo folk having 33% of their peer sessions head
> into Teredo relays to get to those 33% who are using unicast
> IPv6? And wouldn't that require these Teredo relays that we all
> know have been such a performance headache?____
>
> __ __
>
> Can't you fix that by telling the app "if all you have is Teredo,
> prefer Teredo even if the peer has native IPv6 as well"?____
>
> __ __
>
> Of course this breaks down when IPv4 goes away, once IPv4 starts
> going away then there's really way to do peer-to-peer without
> relays, right? (Also, IPv4 going away is relatively far away at this
> point.)____
>
>

On Thu, 10 Oct 2013, Christopher Palmer wrote:

> The thing about protocols like UPnP - the vendors who would ignore an
> IETF recommendation are likely to be the same vendors to skip out on
> making an adequate UPnP stack. Most people today do NOT have home
> routers that support UPnP.

Do you have numbers on this? My belief has been that most people today who
care about anything more than web surfing would have a decently new
gateway (less than 3-5 years old) and that this would support UPnP.

I don't have any numbers so I would like to know more :)

--
Mikael Abrahamsson email: swmike@swm.pp.se

I don't have numbers for other markets, but in Norway I would say more than 80% have UPnP enabled gateways. At least the ISP I work for have provided customers with UPnP enabled gateways the last 7+ years. Most devices I can see in the Norwegian market (online and physical stores) have support for UPnP.

But not to derail the discussion to much. Even with UPnP enabled, there are apparently very different ways to enterpete how to use UPnP. Some clients fail misserably if they dont get the port they seek, some release the port as soon as it has been granted (older version of microsoft messenger did this, caused a lot of cpu usage on the gateways). Some clients do not understand that they have a port, and proceede to the next port and then use up all ports on the gateway.

-Erik Taraldsen
Telenor

________________________________________
Fra: ipv6-ops-bounces+erik.taraldsen=telenor.com@lists.cluenet.de [ipv6-ops-bounces+erik.taraldsen=telenor.com@lists.cluenet.de] p&#229; vegne av Mikael Abrahamsson [swmike@swm.pp.se]
Sendt: 11. oktober 2013 06:50
To: Christopher Palmer
Cc: ipv6-ops@lists.cluenet.de
Emne: RE: Microsoft: Give Xbox One users IPv6 connectivity

On Thu, 10 Oct 2013, Christopher Palmer wrote:

> The thing about protocols like UPnP - the vendors who would ignore an
> IETF recommendation are likely to be the same vendors to skip out on
> making an adequate UPnP stack. Most people today do NOT have home
> routers that support UPnP.

Do you have numbers on this? My belief has been that most people today who
care about anything more than web surfing would have a decently new
gateway (less than 3-5 years old) and that this would support UPnP.

I don't have any numbers so I would like to know more :)

--
Mikael Abrahamsson email: swmike@swm.pp.se