Teredo sunset - did it happen?

Jeroen Massar jeroen at massar.ch
Mon Nov 17 17:23:18 CET 2014 

On 2014-11-17 17:08, Phil Mayers wrote:
> On 17/11/2014 15:59, Jeroen Massar wrote:
> 
>> Did you update your Windows edition to the latest service
>> pack/fixes/updates?
> 
> It's a completely stock Win 7 SP1 machine, which patches itself
> according to Microsoft default behaviour. I don't even notice it
> patching usually, but I think once a week?
> 
>>
>>> No traffic flows however - the Teredo "direct connect" tests are all
>>> failing (no reply to the ICMPv6 echo). So I've got a broken IPv6
>>> tunnel :o/
>>
>> You likely are picking a broken relay or something in your network is
>> breaking it on purpose.
>>
>> But like 6to4, as that stuff is anycasted, bit hard to determine where
>> what breaks.
>>
>> Why are you attempting to bother with Teredo? There are a lot of much
>> better and more importantly more reliable alternatives.
> 
> You have failed to understand my question, almost completely ;o)
> 
> I don't want to use Teredo. I want Microsoft to sunset it, as they said
> they were going to, by removing the "teredo.ipv6.microsoft.com" DNS name
> or otherwise stopping it.
> 
> This hasn't happened. I'm asking if anyone knows why and observing what
> I see.

That is just normal Teredo brokeness.


As for when that label goes away, maybe check:

http://www.ietf.org/proceedings/87/slides/slides-87-v6ops-5.pdf

which also has:
8<-----------
Next step is to set the date teredo.ipv6.microsoft.com will shut down
• Send feedback to teredo at microsoft.com
------------->8

>> As you are in *.ac.uk JANET has been providing native IPv6 to their
>> network for a decade already. Hence, what is the problem you are trying
>> to solve?
> 
> Well, the meta-problem here is apparently making myself understood :o/
> 
> The actual problem is I'd like to unblock the Teredo port so that the
> XBox One platform Teredo - which is not normal Teredo, and is basically
> used for IPv4 peers in place of NAT traversal - can work.

What are you trying to achieve by blocking that port?

> Before I unblock that port, I'd like to be sure that it won't cause our
> unmanaged windows clients to change behaviour, so I'd like Microsoft to
> disable it as per their plan.

Those clients will have other kinds of VPN tools too that you won't like.

But if you are that worried about those:
 - either spoof the DNS label for teredo.ipv6.microsoft.com to NXDOMAIN
 - or route the address it maps to normally to /dev/null.

That won't break Xbox One as that does not use the same one.

> See the list archives for more info on the XB1 stuff, or this link:
> 
> http://www.ietf.org/proceedings/88/slides/slides-88-v6ops-0.pdf

I am well aware of the Xbox One usage and also about the fact that even
though PS4 is FreeBSD based it does not do IPv6... silly for a product
launched in 2013. But they could bolt it on later, the base has support
for it.

>>> Any ideas what's going on? Microsoft, anyone care to comment?
>>
>> Does anybody care about it? :)
>>
>> Teredo connections are depreffed by all getaddrinfo-alike
>> implementations, thus you won't use it for connections anyway
> 
> You won't use it *for connections which use DNS to resolve peers*. For
> other stuff - for example, BitTorrent which has peer discovery based on
> non-DNS methods - you'll definitely see Teredo traffic in some cases.
> 
> BitTorrent and other filesharing are actually a major concern for us. I
> definitely don't want hundreds of student PCs to suddenly start doing
> BitTorrent over Teredo...

You won't stop them from doing Bittorrent, they will find other ways to
do that.

You also won't be easily able to differentiate those clients from Xbox
One's trying to do updates.

Also, wasn't your Teredo broken? :)

Greets,
 Jeroen

More information about the ipv6-ops mailing list