Presentation is loading. Please wait.

Presentation is loading. Please wait.

Company Confidential 1 ICMPv6 Echo Replies for Teredo Clients draft-denis-icmpv6-generation-for-teredo-00 behave, IETF#75 Stockholm Teemu Savolainen.

Published byEgbert Hunt Modified over 9 years ago

Similar presentations

Presentation on theme: "Company Confidential 1 ICMPv6 Echo Replies for Teredo Clients draft-denis-icmpv6-generation-for-teredo-00 behave, IETF#75 Stockholm Teemu Savolainen."— Presentation transcript:

1 Company Confidential 1 ICMPv6 Echo Replies for Teredo Clients draft-denis-icmpv6-generation-for-teredo-00 behave, v6ops @ IETF#75 Stockholm Teemu Savolainen / Nokia Rémi Denis-Courmont / Nokia

2 2 Teredo and ICMPv6 Teredo, as per RFC4380, uses return routing and ICMPv6 to discover the closest Teredo relay corresponding to any given peer Unanswered ICMPv6 Echo Requests make connection creation fail as Teredo client assumes peer is unreachable ICMPv6 Echo Request/Reply is assumed to work through Internet, if a peer is reachable

3 3 When ICMPv6 Echo Reply may be missing Two scenarios are identified when ICMPv6 Echo Replies may be missing 1.Protocol translation ICMPv4 is routinely firewalled, even if the host (server) is otherwise reachable. It is assumed that ICMPv6 is firewalled less, especially between Teredo client and protocol translator A protocol translator translates ICMPv6 into ICMPv4 – from less firewalled into more firewalled domain - and by so doing contributes to problem creation 2.IPv6 Firewall IPv6 firewall may be configured to block ICMPv6 messages, thus blocking reachability tests and making Teredo client assume peer is unreachable This can be the case even if IPv6 firewall would let UDP/TCP through

4 4 Illustration of related network setups 1.Protocol translator translating between two domains: IPv6 Internet or network Teredo relay NAT64 IPv4 Internet or network Host using Teredo over IPv4 Peer not replying to ICMPv4 2.IPv6 firewall blocking ICMPv6: IPv6 Internet or network Teredo relay IPv6 Firewall IPv6 Internet or network Host using Teredo over IPv4 Peer FW blocking ICMPv6

5 5 Possible remedies Host address selection rule: If destination has both A and AAAA records (and especially if AAAA is synthesized!), prefer (private) IPv4 source addresses over Teredo Host Teredo implementation change: Modify Teredo host to continue connecting even in case of missing ICMPv6 Echo Reply – but a new route discovery mechanism would be needed Middlebox change: 1.Protocol Translator: Generate ICMPv6 Echo Replies if it is detected that ICMPv6 Echo Replies are not received for Teredo-originated (2001:0000::/32) ICMPv6 Echo Requests 2.IPv6 firewall: Generate ICMPv6 Echo Replies for Teredo originated requests, if by policy firewall would allow other (TCP/UDP) traffic flow trough, or simply let ICMPv6 pass Note! Assuming middlebox is on the reverse path as well

6 6 Questions Are the made assumptions valid? Is the problem real (even if corner-case)? Should there be a fix specified? How to proceed with I-D (Informational, PS, include in NAT64 work, in behave WG, individual submission)?

Download ppt "Company Confidential 1 ICMPv6 Echo Replies for Teredo Clients draft-denis-icmpv6-generation-for-teredo-00 behave, IETF#75 Stockholm Teemu Savolainen."

Similar presentations

Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.

Future Directions For IP Architectures Ipv6 Cs686 Sadik Gokhan Caglar.
IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
IP Mobility Support Basic idea of IP mobility management

IP Mobility Support Basic idea of IP mobility management
IPv6 Privacy Hannes Tschofenig, Tara Whalen. Agenda Privacy Threats Layering Addressing Policy Questionnaire.

IPv6 Privacy Hannes Tschofenig, Tara Whalen. Agenda Privacy Threats Layering Addressing Policy Questionnaire.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Network Address Translation for IPv4  Connecting.
Implementing IPv6 Module B 8: Implementing IPv6

Implementing IPv6 Module B 8: Implementing IPv6
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Lecture15: Network Address Translation for IPv4 Connecting Networks.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the.

Limited address space The most visible and urgent problem with using IPv4 on the modern Internet is the rapid depletion of public addresses. Due to the.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 25 Introduction to Computer Networks.

CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 25 Introduction to Computer Networks.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
NAT/Firewall Traversal April 2009. NAT revisited – “port-translating NAT”

NAT/Firewall Traversal April NAT revisited – “port-translating NAT”
1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.

1 Improved DNS Server Selection for Multi-Homed Nodes draft-savolainen-mif-dns-server-selection-04 Teemu Savolainen (Nokia) Jun-ya Kato (NTT) MIF WG meeting.
1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.
NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.

NAT (Network Address Translator) Atif Karamat In the name of God the most merciful and the most compassionate.
1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.

1 CCNA 2 v3.1 Module 8. 2 TCP/IP Suite Error and Control Messages CCNA 2 Module 8.
Internet Command Message Protocol (ICMP) CS-431 Dick Steflik.

Internet Command Message Protocol (ICMP) CS-431 Dick Steflik.
IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker 2008-11-17.

IP/ICMP Translation Algorithm (IIT) Xing Li, Congxiao Bao, Fred Baker
Controlling Traffic Offloading Using Neighbor Discovery Protocol IETF#80 Mif WG, 28-March-2011 draft-korhonen-mif-ra-offload-01 Jouni Korhonen Teemu Savolainen.

Controlling Traffic Offloading Using Neighbor Discovery Protocol IETF#80 Mif WG, 28-March-2011 draft-korhonen-mif-ra-offload-01 Jouni Korhonen Teemu Savolainen.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

Similar presentations

Ads by Google