Microsoft: Give Xbox One users IPv6 connectivity

David Farmer farmer at umn.edu
Fri Mar 14 01:17:16 CET 2014


On 3/13/14, 15:46 , Gert Doering wrote:
> Hi
>
> On Thu, Mar 13, 2014 at 07:12:54PM +0000, Eric Vyncke (evyncke) wrote:
>> What annoys me more if the fact that AVM (and they are not the only one --
>> see Technicolor & others) naively believes that NAT44 offered some
>> security by preventing inbound connections... This means that there is NO
>> open connectivity between two X/Box behind a closed AVM CPE... Hence X/Box
>> has no choice and is smart enough to fall back in the legacy NAT44 mode
>> with a TURN (or in this case Teredo) to bypass NAT. A very nice
>> opportunity to run man-in-the-middle attack on a foreign ground.
>
> I'm not sure what NAT44 has to do with it.
>
> The point is that there is *native* IPv6 and the XBox insists on preferring
> Teredo - and the AVM box blocks Teredo if it has native IPv6, because there
> is no real use in permitting an "tunnel IPv6 around the IPv4-only router!"
> protocol when there *is* a perfectly good IPv6-capable router around...

They prefer native IPv6, but only if all the peer-to-peer participants 
also have native IPv6.  So, if all your gamer buddies have native IPv6, 
then native IPv6 is preferred.  They do not want to use Teredo Gateways. 
  So, they do not allow Native IPv6 to Teredo communications, and prefer 
Teredo if any of the participants needs Teredo to do IPv6.  Then they 
fall back to IPv4 after Teredo, again all participants doing IPv4.

If I remember correctly what was said at NANOG last fall.


-- 
================================================
David Farmer               Email: farmer at umn.edu
Office of Information Technology
University of Minnesota
2218 University Ave SE     Phone: 1-612-626-0815
Minneapolis, MN 55414-3029  Cell: 1-612-812-9952
================================================



More information about the ipv6-ops mailing list