[129266] in North American Network Operators' Group
Re: Comcast enables 6to4 relays
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Tue Aug 31 10:54:19 2010
Date: Tue, 31 Aug 2010 16:54:08 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: Jack Bates <jbates@brightok.net>
In-Reply-To: <4C7CFEF2.2000505@brightok.net>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Tue, 31 Aug 2010, Jack Bates wrote:
> Teredo usage isn't common enough on our network to warrant the work.
> Very few apps will activate it is my guess.
<http://ipv6.tele2.net/teredo_stats.php>
As I stated, either your users are using your Teredo server, or they're
using someone elses. Not running one yourself doesn't mean your users
aren't running Teredo.
> A customer is more likely (not always) to know when teredo has been
> activated. I've considered putting it in, but it is not friendly in many
> ways. 6to4 is usually running on routers in various pops. Teredo, I'd
> have to back feed to a server farm. This doesn't make for ideal traffic
> patterns even with bandwidth being so low.
Then the traffic is going to someone elses, how is that more optimal?
> Then there is the "customer is unaware" fact. If the customer is unaware
> that their NAT is being pierced for IPv6 communication, then we have
> contributed to decreasing their security. For this reason, it might not
> be completely unwarranted for an ISP to block teredo all together. 6to4
> doesn't suffer from this as there is no NAT traversal.
Blocking Teredo completely is a whole other discussion.
Also, some NAT gateways will support a single device behind it doing Proto
41, so saying 6to4 has no NAT traversal and thus won't work beind NAT
isn't true in all cases.
--
Mikael Abrahamsson email: swmike@swm.pp.se
