Microsoft: Give Xbox One users IPv6 connectivity
Tore Anderson
tore at fud.no
Fri Mar 14 12:47:28 CET 2014
* Jakob Hirsch
> On 13.03.2014 20:12, Eric Vyncke (evyncke) wrote:
>> Christopher and others => you are RIGHT! Do not change your mind
>
> Right abouth _what_? You provided not a single reason for the described
> behaviour, i.e. the missing fallback to native IPv6.
According to Microsoft, there should never be a "fallback to native
IPv6", as IPv6 should be the preferred protocol. Teredo should be the
fallback, for those situations where end-to-end IPv6 isn't available.
Can you confirm that this is the case that all the XB1s involved have
native IPv6 connectivity, and that Teredo is used in spite of that? (If
not all of the XB1s communicating have native IPv6, fallback to Teredo
is the expected behaviour.)
Note also that AVM, by default, blocks IPSEC over IPv6 (in blatant
violation of RFC 6092 section 3.2.4). This means that if all the
involved XB1s are behind AVM HGWs, any IPv6 connectivity is broken and
thus useless. That may well be the reason why the XB1 is trying to fall
back on Teredo in the first place, a fact that makes the claims in the
KB article you linked to earlier somewhat amusing reading:
«The Xbox's behavior contradicts the Teredo standard (RFC 4380 Section
5.5)». --> No, it doesn't, because the XB1 *doesn't* have IPv6
connectivity, because the AVM broke it. (Besides which, RFC 4380 section
5.5 is meant for Teredo implementers, not for HGW manufacturers.)
«Thus, the FRITZ!Box complies with standardized recommendations for home
network devices (RFC 6169 Section 3.1.3).» --> Too bad AVM chose to
ignore RFC 6092 section 3.2.4 (and also REC-49), otherwise this mess
might have been avoided entirely.
Finally, the KB article says «there is a risk that using Teredo could
allow the security functions of the FRITZ!Box to be circumvented». I
cannot see how the presence of IPv6 makes this any worse. If AVM had
blocked Teredo always, regardless of the availability of IPv6, then at
least their position would have been consistent - but what it seems
they're saying here «Teredo is safe as long as there's no IPv6, but the
moment there is IPv6 there as well, Teredo becomes scary and we must
block it» makes no sense to me.
Nobody gave AVM a licence to be the «Teredo Sunsetting Police». I
believe they must take the blame here for gratuitously assuming this
role. +1 to what Eric said.
Tore
More information about the ipv6-ops
mailing list