Chapter 14 Teredo |
347 |
To send an initial communication packet from the Teredo host-specific relay to the Teredo client, the following process is used:
1.The Teredo host-specific relay sends a bubble packet to the Teredo client via the Teredo server over the IPv4 Internet.
2.The Teredo server receives the bubble packet from the Teredo host-specific relay. The Teredo server forwards the bubble to the Teredo client, with an Origin indicator that contains the IPv4 address and UDP port number of the Teredo host-specific relay.
Because a source-specific mapping for Teredo traffic from the Teredo server exists in the NAT, the bubble packet is forwarded to the Teredo client.
3.The Teredo client determines the IPv4 address and UDP port of the Teredo host-specific relay from the Origin indicator of the received bubble packet. To establish a sourcespecific mapping for Teredo traffic from the Teredo relay, the Teredo client sends a bubble packet to the Teredo host-specific relay.
4.Based on the receipt of the bubble packet that corresponds to a packet that is queued for forwarding (the packet from the Teredo host-specific relay), the Teredo host-specific relay determines that a source-specific NAT mapping now exists in the restricted NAT of the Teredo client. The Teredo host-specific relay sends the initial communication packet to the Teredo client.
To ensure that the IPv6 address of the initial communication packet has not been spoofed and corresponds to the Teredo host-specific relay, the Teredo client performs an ICMPv6 Echo Request/Echo Reply message exchange with the Teredo host-specific relay using steps 1 through 6 of the “Initial Communication from a Teredo Client to a Teredo Host-Specific Relay” (for a restricted NAT) section of this chapter. After this exchange is complete, the Teredo client sends the response to the initial communication packet to the Teredo host-specific relay.
Initial Communication from a Teredo Client to an IPv6-Only Host
Initial communication from a Teredo client to an IPv6-only host depends on whether the Teredo client is behind a cone NAT or restricted NAT.
Cone NAT
Figure 14-20 shows the initial communication from a Teredo client to an IPv6-only host when the Teredo client is located behind a cone NAT.
To send an initial communication packet from Teredo client to the IPv6-only host, the following process is used:
1.To send an initial communication packet to the IPv6-only host, the Teredo client must first determine the IPv4 address and UDP port of the Teredo relay that is nearest to the IPv6-only host. The Teredo client sends an ICMPv6 Echo Request message to the IPv6-only host via its own Teredo server.
348 Understanding IPv6, Second Edition
Cone
NAT
|
|
|
IPv6-Only Host |
|
Teredo Server |
|
|
|
|
2 |
3 |
IPv4 Internet |
|
6 |
IPv6 Internet |
|
|
|
|
|
4 |
Teredo |
|
|
Relay |
|
|
|
|
|
|
1 |
1. |
Echo Request to IPv6-Only Host |
|
|
|||
|
2. |
Forwarded Echo Request to IPv6-Only Host |
|
|
3. |
Echo Reply to the Teredo Client |
|
5 |
4. |
Forwarded Echo Reply to the Teredo Client |
|
|
5. |
Packet to IPv6-Only Host |
|
|
6. |
Forwarded Packet to IPv6-Only Host |
|
Teredo Client
IPv6 Tunneled As an IPv4 UDP Message
Native IPv6 Traffic
Figure 14-20 Initial communication from a Teredo client to an IPv6-only host with a cone NAT
2.The Teredo server receives the ICMPv6 Echo Request message and forwards it to the IPv6-only host over the IPv6 Internet.
3.The IPv6-only host responds with an ICMPv6 Echo Reply sent to Teredo Client A’s Teredo address. Because of the routing infrastructure of the IPv6 Internet, the Teredo addressed packet is forwarded to the nearest Teredo relay.
4.The Teredo relay encapsulates the ICMPv6 Echo Reply message and sends it directly to the Teredo client. Because the NAT is a cone NAT, the packet from the Teredo relay is forwarded to the Teredo client.
5.The Teredo client determines the IPv4 address of the Teredo relay closest to the IPv6-only host from the source IPv4 address and UDP port of the ICMPv6 Echo Reply message. An initial communication packet is sent from the Teredo client to the IPv4 address and UDP port of the Teredo relay.
6.The Teredo relay removes the IPv4 and UDP headers and forwards the packet to the IPv6-only host.
All subsequent packets sent between the Teredo client and the IPv6-only host take this path via the Teredo relay.
Chapter 14 Teredo |
349 |
Restricted NAT
Figure 14-21 shows the initial communication from a Teredo client to an IPv6-only host when the Teredo client is located behind a restricted NAT.
|
|
IPv6-Only Host |
Teredo Server |
|
|
|
2 |
3 |
|
|
|
5 |
|
|
IPv4 Internet |
9 |
IPv6 Internet |
4 |
|
|
|
|
|
|
Teredo |
|
7 |
Relay |
|
Restricted |
|
|
NAT |
|
|
1 |
1. Echo Request to IPv6-Only Host |
|
|
2. Forwarded Echo Request to IPv6-Only Host |
|
63. Echo Reply to Teredo Client A
4. Bubble to Teredo Client A via Teredo Server
|
8 |
5. |
Bubble with Origin Indicator to Teredo Client A |
||||
|
|
||||||
|
|
6. |
Bubble to Teredo Relay |
||||
|
|
7. |
Forwarded Echo Reply to Teredo Client A |
||||
Teredo Client |
|
8. |
Initial Packet to IPv6-Only Host |
||||
|
9. |
Forwarded Initial Packet to IPv6-Only Host |
|||||
|
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|
|
|
IPv6 Tunneled As an IPv4 UDP Message |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Native IPv6 Traffic |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Figure 14-21 Initial communication from a Teredo client to an IPv6-only host with a restricted NAT
To send an initial communication packet from the Teredo client to the IPv6-only host, the following process is used:
1.To send an initial communication packet to the IPv6-only host, the Teredo client must first determine the IPv4 address of the Teredo relay that is nearest to the IPv6-only host. Teredo Client A sends an ICMPv6 Echo Request message to the IPv6-only host via its own Teredo server.
2.The Teredo server receives the ICMPv6 Echo Request message and forwards it to the IPv6-only host over the IPv6 Internet.
3.The IPv6-only host responds with an ICMPv6 Echo Reply sent to Teredo Client A’s Teredo address. Because of the routing infrastructure of the IPv6 Internet, the Teredo addressed packet is forwarded to the nearest Teredo relay.
4.The Teredo relay determines that the Teredo client is behind a restricted NAT. If the Teredo relay were to send the ICMPv6 Echo Request message to the Teredo client, the
350 Understanding IPv6, Second Edition
NAT would silently discard it because there is no source-specific mapping for Teredo traffic from the Teredo relay. Therefore, the Teredo relay sends a bubble packet to the Teredo client via the Teredo server over the IPv4 Internet.
5.The Teredo server receives the bubble packet from the Teredo relay. The Teredo server forwards the bubble packet to the Teredo client, with an Origin indicator that contains the IPv4 address and UDP port number of the Teredo relay. Because a source-specific mapping for Teredo traffic from the Teredo server exists in the NAT, the bubble packet is forwarded to the Teredo client.
6.The Teredo client determines the IPv4 address of the Teredo relay closest to the IPv6-only host from the Origin indicator of the received bubble packet. To establish a source-specific mapping for Teredo traffic from the Teredo relay, the Teredo client sends a bubble packet to the Teredo relay.
7.Based on the receipt of the bubble packet that corresponds to a packet that is queued for forwarding (the ICMPv6 Echo Reply message), the Teredo relay determines that a source-specific NAT mapping now exists in the restricted NAT of the Teredo client. The Teredo relay forwards the ICMPv6 Echo Reply message to the Teredo client.
8.An initial communication packet is sent from the Teredo client to the IPv4 address and UDP port of the Teredo relay.
9.The Teredo relay removes the IPv4 and UDP headers and forwards the packet to the IPv6-only host.
All subsequent packets sent between the Teredo client and the IPv6-only host takes this path via the Teredo relay.
Initial Communication from an IPv6-Only Host to a Teredo Client
Initial communication from an IPv6-only host to a Teredo client depends on whether the Teredo client is behind a cone NAT or restricted NAT.
Cone NAT
Figure 14-22 shows the initial communication from an IPv6-only host to a Teredo client when the Teredo client is located behind a cone NAT.
To send an initial communication packet from the IPv6-only host to the Teredo client, the following process is used:
1.The IPv6-only host sends an initial communication packet to the Teredo client. Because of the routing infrastructure of the IPv6 Internet, the Teredo-addressed packet is forwarded to the nearest Teredo relay.
2.The Teredo relay determines that the Teredo client is behind a cone NAT. Therefore, it forwards the packet from the IPv6-only host, encapsulated with IPv4 and UDP headers, to the Teredo client.
Chapter 14 Teredo |
351 |
IPv6-Only Host
|
Teredo Server |
|
1 |
IPv4 Internet |
IPv6 Internet |
2 Teredo
Cone 
Relay
NAT
1. Initial Packet to Teredo Client A
2. Forwarded Initial Packet to Teredo Client A
IPv6 Tunneled As an IPv4 UDP Message
Native IPv6 Traffic
Teredo Client
Figure 14-22 Initial communication from an IPv6-only host to a Teredo client with a cone NAT
Upon receipt of this packet, the Teredo client stores the IPv4 address and UDP port corresponding to the Teredo relay so that response packets can be forwarded to the Teredo relay, which receives them, removes the IPv4 and UDP headers, and forwards the IPv6 packet to the IPv6-only host.
To ensure that the IPv6 address of the initial communication packet has not been spoofed and corresponds to the IPv6-only host, the Teredo client performs an ICMPv6 Echo Request/ Echo Reply message exchange with the IPv6-only host using steps 1 through 4 of the “Initial Communication from a Teredo Client to an IPv6-Only Host” (for a cone NAT) section of this chapter. After this exchange is complete, the Teredo client sends the response to the initial communication packet to the IPv6-only host.
Restricted NAT
Figure 14-23 shows the initial communication from an IPv6-only host to a Teredo client when the Teredo client is located behind a restricted NAT.
To send an initial communication packet from the IPv6-only host to the Teredo client, the following process is used:
1.The IPv6-only host sends a packet to the Teredo client. Because of the routing infrastructure of the IPv6 Internet, the Teredo-addressed packet is forwarded to the nearest Teredo relay.
