Sorry, I know you replied off list but you're not the first person to talk about these sorts of things with me so I'm replying on list so more people benefit. On 22/02/2010, at 11:04 PM, Joel Wiramu Pauling wrote:

...

No. Teredo servers are using for essentially control traffic. Teredo relays move data to/from the native IPv6 network (non-Teredo).

Unless you really really know what you're doing, don't run a Teredo server. Run a Teredo *relay*.

Sure, but you might want to do both so you can both:

a) Grab the control traffic so it does not leave the network for instances where it's impracticle to specify a teredo server to edge clients. b) Tell it to use your relay -> Feed into your native v6 infrastructure and benefit from not having potentially long inefficent routes. c) This would work where you have v6 but for whatever reason can't get it out to the edge. And don't want to push a tunnel client etc out. (not ideal but, it's just another option in the whole transition ecosystem).

No, that won't work. 1) Your customer sends an ICMPv6 echo request to a web server, through your Teredo server (but they really mean to sent it elsewhere) 2) You send it to some server of yours that is configured to respond to every ICMPv6 echo request, with the source address set to the destination address of the request. 3) ICMPv6 echo reply goes through your Teredo relay, and then to the customer. 4) Customer's Teredo stack detects your relay's IPv4 and UDP port. 5) Customer sends a TCP SYN to the web server, through your relay. 6) Your relay decapsulates it, and sends it on to the IPv6 network, probably over a longer path than it would take than an automatically discovered relay would use. 7) No worry though, because the SYN+ACK will come back through the better relay. 8) Your customer will detect the IPv4 address and UDP port of the new, better relay. Don't try to shoe horn Teredo in to doing these things, it's designed to be hard for ISPs to control, quite intentionally. Install a relay when you roll out your native IPv6 network and move on.

It's essentially your TUI box idea, with dns hacks. ;-)

Not really, the only thing that the Tui boxes do with Teredo is relay. They aren't Teredo servers. You could probably configure one to be because they just have Miredo inside, but that's not what they're for. The Tui boxes are also 6to4 relays, and they build a peering mesh over IPv4 best-paths between other Tui boxes. The only similarities between what you're proposing, and Tui, is that they both implement parts of Teredo. -- Nathan Ward