On the native side, it's important to note that the traffic is IPsec protected, so the protocol and port information may be obfuscated and is in general is not predictable.
IKEv2 traffic is predictable, but we won't be using UPnP on the IPv6 side to enable in-bound IKEv2. Hopefully people follow the IETF recommendation and allow inbound IPsec/IKE to simply work. If not, it'll further encourage usage of traditional P2P mechanisms like Teredo, and we (as an industry) will have to put more energy into UPnP or PCP. That would be highly regrettable. The thing about protocols like UPnP - the vendors who would ignore an IETF recommendation are likely to be the same vendors to skip out on making an adequate UPnP stack. Most people today do NOT have home routers that support UPnP. -----Original Message----- From: ipv6-ops-bounces+christopher.palmer=microsoft....@lists.cluenet.de [mailto:ipv6-ops-bounces+christopher.palmer=microsoft....@lists.cluenet.de] On Behalf Of Seth Mos Sent: Thursday, October 10, 2013 6:01 AM To: ipv6-ops@lists.cluenet.de Subject: Re: Microsoft: Give Xbox One users IPv6 connectivity On 10-10-2013 14:01, Brzozowski, John Jason wrote: > Chris can you share details of the brokenness check? What variables > are considered? Perhaps native IPv6 on the client with firewall rules that do not permit inbound traffic. A legit issue that can be expected to pop up. Also, is there any active work on the uPNP extensions for IPv6 that allow hole punching in the firewall rules? (for native IPv6). * Would this method also apply to the Xbox 360 in the coming years? Kind regards, Seth > > > On Thu, Oct 10, 2013 at 12:02 AM, Christopher Palmer > <christopher.pal...@microsoft.com > <mailto:christopher.pal...@microsoft.com>> wrote: > > John and Lorenzo beat me to it J.____ > > __ __ > > Example:____ > > Samantha has native IPv6 and Teredo.____ > > Albert has Teredo only.____ > > __ __ > > Albert, in destination address selection, will chose Samantha's > Teredo address. Samantha, in source address selection, will use her > Teredo address. This will avoid relay traversal.____ > > __ __ > > Xbox P2P policy is a bit more sophisticated than RFC 6724, but I > note that the avoidance of Teredo relays is also part of Windows > behavior. Windows address selection is a fairly clean implementation > of RFC 6724. In RFC 6724 terms, Teredo -> Teredo is a label match > (Rule 5), Teredo -> Native IPv6 is not. The biggest difference > between us and the standard is the brokenness check.____ > > ____ > > This does complicate the dream. In order for a set of peers to use > native IPv6 - BOTH peers have to have native available. In the > pathological case, if half of the world has IPv6 and connects only > to the other half that only has Teredo, and no one actually uses > native IPv6.____ > > __ __ > > Realistically, matchmaking is going to prefer users "close to you" > (and a bunch of other things, like their gamer behavior and stuff). > Naively I expect IPv6 traffic to start as local pockets, Albert > playing against his neighbor, both with the same ISP. As IPv6 > penetration grows hopefully we'll see significant P2P traffic > across the Internet use native IPv6 transport.____ > > __ __ > > __ __ > > *From:*ipv6-ops-bounces+christopher.palmer=microsoft....@lists.cluenet.de > <mailto:microsoft....@lists.cluenet.de> > [mailto:ipv6-ops-bounces+christopher.palmer > > <mailto:ipv6-ops-bounces%2Bchristopher.palmer>=microsoft....@lists.cluenet.de > <mailto:microsoft....@lists.cluenet.de>] *On Behalf Of *Lorenzo Colitti > *Sent:* Wednesday, October 9, 2013 8:26 PM > *To:* Geoff Huston > *Cc:* IPv6 Ops list; Christopher Palmer > > > *Subject:* Re: Microsoft: Give Xbox One users IPv6 > connectivity____ > > __ __ > > On Thu, Oct 10, 2013 at 12:19 PM, Geoff Huston <g...@apnic.net > <mailto:g...@apnic.net>> wrote:____ > > But I've thought about your response, and if I'm allowed to > dream (!), and in that dream where the efforts of COmcast, > Google etc with IPv6 bear fruit, and I'm allowed to contemplate > a world of, say, 33% IPv6 and 66% V4, then wouldn't we then see > the remaining Teredo folk having 33% of their peer sessions head > into Teredo relays to get to those 33% who are using unicast > IPv6? And wouldn't that require these Teredo relays that we all > know have been such a performance headache?____ > > __ __ > > Can't you fix that by telling the app "if all you have is Teredo, > prefer Teredo even if the peer has native IPv6 as well"?____ > > __ __ > > Of course this breaks down when IPv4 goes away, once IPv4 starts > going away then there's really way to do peer-to-peer without > relays, right? (Also, IPv4 going away is relatively far away at this > point.)____ > >
