Re: Comcast enables 6to4 relays

[Mikael Abrahamsson <swmike () swm pp se>]

On Tue, 31 Aug 2010, Jack Bates wrote:

> Teredo usage isn't common enough on our network to warrant the work. 
> Very few apps will activate it is my guess.

<http://ipv6.tele2.net/teredo_stats.php>

As I stated, either your users are using your Teredo server, or they're 
using someone elses. Not running one yourself doesn't mean your users 
aren't running Teredo.

> A customer is more likely (not always) to know when teredo has been 
> activated. I've considered putting it in, but it is not friendly in many 
> ways. 6to4 is usually running on routers in various pops. Teredo, I'd 
> have to back feed to a server farm. This doesn't make for ideal traffic 
> patterns even with bandwidth being so low.

Then the traffic is going to someone elses, how is that more optimal?

> Then there is the "customer is unaware" fact. If the customer is unaware 
> that their NAT is being pierced for IPv6 communication, then we have 
> contributed to decreasing their security. For this reason, it might not 
> be completely unwarranted for an ISP to block teredo all together. 6to4 
> doesn't suffer from this as there is no NAT traversal.

Blocking Teredo completely is a whole other discussion.

Also, some NAT gateways will support a single device behind it doing Proto 
41, so saying 6to4 has no NAT traversal and thus won't work beind NAT 
isn't true in all cases.

--
Mikael Abrahamsson    email: swmike () swm pp se