Say "Thank you" to Bill...
Bernhard Schmidt
berni at birkenwald.de
Wed Mar 28 22:49:34 CEST 2007
Max Tulyev wrote:
> Remi Denis-Courmont wrote:
>>> I understand well Bill's and TheBigBrother's(tm) main idea: to mak
>>> traffic flow through their servers at least part, at least for a while.
>> What?!?
> Yep! Is is exactly as I said:
> teredo.ipv6.microsoft.com. 3600 IN A 65.54.227.136
Please have a look how Teredo _servers_ (which is what Microsoft^WBill
is offering) are involved in the communication.
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/teredo.mspx
http://www.ietf.org/rfc/rfc4380.txt
Hint: Teredo Server != Teredo Relay, the latter are operated by a number
of people, but not Microsoft.
> This is because of IPv6 enabled hosting can't be used as production
> service for now.
We have enabled IPv6 on our webfarm, so far no complaints. I think we
are one of the few users of the IPv6 Gateway thing on F5 BigIP
loadbalancers. But of course, we have decent upstream for that. I reach
you through
M-net -> Verio -> ISC -> NetAssist
or, in terms of geographical region
Western Europe -> US West Coast -> Central/Eastern Europe
15 2a01:d0::11:1 (2a01:d0::11:1) 438.775 ms 440.089 ms 452.822 ms
I would not dare to run any "interactive services" (I consider
webbrowsing interactive) on that either.
> We are getting a lot of complaints like "Our clients can't see our
> site", and investigation shows that Teredo traffic is just filtered out
> there.
I still cannot believe that this is actually a problem of the end-site
client. Opposed to 6to4, where you indeed crash into firewalls all the
time, Teredo has a qualification mechanism. If you don't reach the
Teredo server, you won't get an address, and Teredo won't be used. It
can still be broken, but it is hard to break real Teredo traffic
unintentionally when Teredo qualification worked.
Regards,
Bernhard
More information about the ipv6-ops
mailing list