IETF Logo Mail Archive

Re: [Hipsec] Teredo compatibility

Ari Keranen <ari.keranen@nomadiclab.com> Mon, 21 December 2009 07:55 UTC

Return-Path: <ari.keranen@nomadiclab.com>
X-Original-To: hipsec@core3.amsl.com
Delivered-To: hipsec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B9903A699C for <hipsec@core3.amsl.com>; Sun, 20 Dec 2009 23:55:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l6Dl3P46N6b4 for <hipsec@core3.amsl.com>; Sun, 20 Dec 2009 23:55:38 -0800 (PST)
Received: from n2.nomadiclab.com (n2.nomadiclab.com [IPv6:2001:14b8:400:101::2]) by core3.amsl.com (Postfix) with ESMTP id 42DD43A6860 for <hipsec@ietf.org>; Sun, 20 Dec 2009 23:55:38 -0800 (PST)
Received: from localhost (unknown [127.0.0.1]) by n2.nomadiclab.com (Postfix) with ESMTP id 5E9601EF12F; Mon, 21 Dec 2009 09:55:21 +0200 (EET)
X-Virus-Scanned: amavisd-new at nomadiclab.com
Received: from n2.nomadiclab.com ([127.0.0.1]) by localhost (inside.nomadiclab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mxrMHl8aXGhl; Mon, 21 Dec 2009 09:55:20 +0200 (EET)
Received: from [IPv6:2001:14b8:400:101:21c:23ff:fe45:a6c1] (unknown [IPv6:2001:14b8:400:101:21c:23ff:fe45:a6c1]) by n2.nomadiclab.com (Postfix) with ESMTP id E217E1EF12E; Mon, 21 Dec 2009 09:55:20 +0200 (EET)
Message-ID: <4B2F29E8.8010805@nomadiclab.com>
Date: Mon, 21 Dec 2009 09:55:20 +0200
From: Ari Keranen <ari.keranen@nomadiclab.com>
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
MIME-Version: 1.0
To: miika.komu@hiit.fi
References: <4B2231E6.4020706@hiit.fi> <42A3E98A-50DE-448C-9C71-C6BA6752ED74@indranet.co.nz> <4B2234EC.3070102@hiit.fi> <A14CB7E0-56F2-4CA0-AE64-B3EA9511B3C1@indranet.co.nz> <4B2B3EB9.3090601@ericsson.com> <4B2E3757.3080408@hiit.fi>
In-Reply-To: <4B2E3757.3080408@hiit.fi>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: HIP <hipsec@ietf.org>
Subject: Re: [Hipsec] Teredo compatibility
X-BeenThere: hipsec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the official IETF Mailing List for the HIP Working Group." <hipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hipsec>
List-Post: <mailto:hipsec@ietf.org>
List-Help: <mailto:hipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hipsec>, <mailto:hipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Dec 2009 07:55:39 -0000

Hi Miika,

I think trying to predict the success of NAT traversal is not a good 
idea if you can't get close to 100% accuracy. You should rather test 
what works and act accordingly; and that's exactly what ICE does.

And if you do ICE and include the Teredo address as the highest 
prioritized ICE candidate, you'll end up doing connectivity checks only 
for that candidate before selecting it for use, so there's hardly any 
overkill. And if the Teredo candidate fails you'll end up using 
something else that works.


Cheers,
Ari

Miika Komu wrote:
> Gonzalo Camarillo wrote:
> 
> Hi,
> 
> running ICE over Teredo works but is potentially a big overkill due to 
> redundant functionality. Some of the results can be predicted as 
> depicted below (and even incorporated in the ICE module if needed).
> 
>> Hi,
>>
>> as Andrew indicates, the whole point of ICE is that it sends probes to 
>> see what works and what does not. We should not go off and specify 
>> stuff that will be discovered anyway at run time.
>>
>> Cheers,
>>
>> Gonzalo
>>
>> Andrew McGregor wrote:
>>> Ok, but in any case, candidate address probing deals with those issues.
>>>
>>> Andrew
>>>
>>> On 12/12/2009, at 1:02 AM, Miika Komu wrote:
>>>
>>>> Andrew McGregor wrote:
>>>>
>>>> Hi,
>>>>
>>>> it should be short section then, right?)
>>>>
>>>> I basically agree with you. Based on our experimentation, it works 
>>>> but there are some caveats regarding to pairing of addressing. So, 
>>>> sending of packets from src->dst:
>>>>
>>>> Teredo->Teredo: works
>>>> Teredo->IPv6: does not work without a (commercial) relay service
>>>> IPv6->Teredo: works
>>>> IPv6->IPv6: (works :)
>>>>
>>>> Samu, please comment if I got the two middle ones in wrong order.
>>>>
>>>> Also, at least the miredo implementation on linux is good, but not 
>>>> perfect. Some performance-related issues and sometimes HIP packets 
>>>> just don't go through (usually restarting of miredo works).
>>>>
>>>>> Why?  It just works, if Teredo is available it's just another IPv6 
>>>>> address.
>>>>> Andrew
>>>>> On 12/12/2009, at 12:49 AM, Miika Komu wrote:
>>>>>> Hi,
>>>>>>
>>>>>> we've done some concrete work on NAT traversal with ICE, but what 
>>>>>> about Teredo? I think RFC5201 and RFC5206 should have some 
>>>>>> statements about Teredo-based addresses?

v2.23.0 | Report a Bug | By Email