[v6test] Test methodology

Thorsten Behrens sbehrens at gmx.li
Fri Jan 18 13:50:42 UTC 2008 

Hi Matthias!

Muenchen, neat, that's the town I grew up near and lived in for quite a 
bit. Moved to Mass about 6 years ago.

Thanks for that sms.an.wimmer.es host. I've done some testing, and here 
are the results.

This is about Teredo connectivity for users that don't want to set up a 
tunnel broker.

XP SP2

- Teredo needs to be enabled, "netsh interface ipv6 set teredo client 
teredo.ipv6.microsoft.com". There are other public Teredo servers around 
the world, about 4 more, see 
__http://www.ipv6tf.org/index.php?page=using/connectivity/teredo_
- Teredo does not support "PAT" aka "Hide-NAT". This means that an XP 
machine that is behind a home router won't work with Teredo, unless, 
possibly, the router is set to treat the machine is in a "DMZ", which 
sets up a one-to-one static NAT to that machine.
- Machines that are either directly on a public network or static-NATed 
will resolve IPv6 addresses through Teredo, and will be able to connect 
to IPv6 hosts
- In a corporate domain environment, Teredo is disabled, but can be 
enabled with "_netsh interface ipv6 set teredo enterpriseclient"
- The command to see Teredo data is "netsh int ipv6 show teredo", and 
the message indicating that a user is behind PAT is 
"Error                   : client behind symmetric NAT"

Vista

- Teredo is enabled by default
- Teredo does support PAT
- A machine that has only link-local and Teredo addresses will not 
resolve AAAA records, ever, even for sites that have no A record like 
sms.an.wimmer.es
- Vista can be forced to use Teredo for browsing and other system 
activities, thusly:
  Add a 2002:: IPv4 to IPv6 address to your LAN interface, see 
http://member.dnsstuff.com/pages/ipv6tools.php. Do not add a default 
gateway for this address. As this can be anything, we could even 
instruct people to add "2002:81a8:102::/48" always, which is 
192.168.1.2. It won't be used anyway.
  Add a ::/0 route pointing to the Teredo interface. Say ipconfig /all 
shows the Teredo interface to be "Local Area Connection* 10", then the 
command would be "netsh interface ipv6 add route ::/0 "Local Area 
Connection* 10"" . This has to be run from a cmd prompt that has been 
run as "Administrator".
  After these changes, Vista now sees that we have more than just 
link-local and Teredo, and will start doing AAAA lookups. The ::/0 route 
through the Teredo interface forces those lookups to use Teredo. This 
worked well on my machine here with your sms.an.wimmer.es address.

For the IPv6 experiment, this means that even Vista users won't be able 
to get to the IPv6 site "out of the box". They do, however, have the 
easiest way of getting onto IPv6, regardless of what type of NAT they 
are behind.
XP SP2 users have the option to use Teredo if they are either not behind 
a home router / firewall or they have instructed their home router to 
place their box into the "DMZ". This would also mean they'd have to set 
a static address on their home machine, or force the home router's DHCP 
to give their MAC address the same IP always.

More information about the V6test mailing list