Discussion:
IPv6 and compact tracker response
Paulo S Silva Jr
2005-02-13 23:57:36 UTC
Permalink
Greetings Programs,

A few days ago, I read about the problem that is sending an IPv6
address in a compact form. I've made some digging and I think I
found a way to send an IPv6 address in a compact manner.

According to RFC 2553 the IPv6 address is an unique 16 bytes address.

So if we create an "peers_ipv6" only in conjunction with a "compact"
request that would have all the IPv6 peers addresses in the same way
we use "peers" in IPv4.

Further more, we could use the same "peers_ipv6" as the same RPF
2553 states how an IPv4 address sould be represented as an IPv6
address.

An example:

assuming the ficticious IPv6 address
1002:1035:4527:3546:7854:1237:3247:3217 and port 6881 we'd have
a "peers_ipv6" with 18 bytes length value of "0x10 0x02 0x10 0x35
0x45 0x27 0x35 0x46 0x78 0x54 0x12 0x37 0x32 0x47 0x32 0x17 0x1A
0xE1"

The IPv4 10.10.10.5 in this sintax is represented with the prefix
0:0:0:0:0:FFFF thus the address will be 0:0:0:0:0:FFFF:0A0A:0A05.
And represented likely in the "peers_ipv6"

Comments?

Paulo






Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Konstantin 'Kosta' Welke
2005-02-14 01:06:31 UTC
Permalink
Post by Paulo S Silva Jr
So if we create an "peers_ipv6" only in conjunction with a "compact"
request that would have all the IPv6 peers addresses in the same way
we use "peers" in IPv4.
That was proposed and I guess everyone agreed, yes.
Post by Paulo S Silva Jr
Further more, we could use the same "peers_ipv6" as the same RPF
2553 states how an IPv4 address sould be represented as an IPv6
address.
Sounds practicable.
Post by Paulo S Silva Jr
The IPv4 10.10.10.5 in this sintax is represented with the prefix
0:0:0:0:0:FFFF thus the address will be 0:0:0:0:0:FFFF:0A0A:0A05.
And represented likely in the "peers_ipv6"
I'm no really sure, but isnt ::0A0A:0A05 what you mean?

Kosta



Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Paulo S Silva Jr
2005-02-14 18:22:58 UTC
Permalink
On Sun, 13 Feb 2005 23:57:36 -0000, Paulo S Silva Jr
Post by Paulo S Silva Jr
The IPv4 10.10.10.5 in this sintax is represented with the prefix
0:0:0:0:0:FFFF thus the address will be 0:0:0:0:0:FFFF:0A0A:0A05.
And represented likely in the "peers_ipv6"
I'm no really sure, but isnt ::0A0A:0A05 what you mean?
Kosta
Well the human representation of the IPv4 as IPv6 is
indeed ::0A0A:0A05 yes. But on a network level (and that's what
really counts isn't it?) it is still prefixed as stated on RFC 2553.

Paulo






Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Mike Ravkine
2005-02-14 02:08:48 UTC
Permalink
Compact IPv6 is a good idea. Using the same key for IPv4 addresses,
however, is a bad idea.

The whole purpose of compact is to save bandwidth. Prefixing every IPv4
address with 12 useless bytes goes directly against this.

--kRYPT
Post by Paulo S Silva Jr
Greetings Programs,
A few days ago, I read about the problem that is sending an IPv6
address in a compact form. I've made some digging and I think I
found a way to send an IPv6 address in a compact manner.
According to RFC 2553 the IPv6 address is an unique 16 bytes address.
So if we create an "peers_ipv6" only in conjunction with a "compact"
request that would have all the IPv6 peers addresses in the same way
we use "peers" in IPv4.
Further more, we could use the same "peers_ipv6" as the same RPF
2553 states how an IPv4 address sould be represented as an IPv6
address.
assuming the ficticious IPv6 address
1002:1035:4527:3546:7854:1237:3247:3217 and port 6881 we'd have
a "peers_ipv6" with 18 bytes length value of "0x10 0x02 0x10 0x35
0x45 0x27 0x35 0x46 0x78 0x54 0x12 0x37 0x32 0x47 0x32 0x17 0x1A
0xE1"
The IPv4 10.10.10.5 in this sintax is represented with the prefix
0:0:0:0:0:FFFF thus the address will be 0:0:0:0:0:FFFF:0A0A:0A05.
And represented likely in the "peers_ipv6"
Comments?
Paulo
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Bill Cox
2005-02-14 10:24:08 UTC
Permalink
From what I can tell, enabling UPnP on NAT enabled gateway is not
currently a good idea. There are too many computers with spy-ware and
worse, and allowing those applications to open ports through your fire-
wall is risky.

The problem this causes is that P2P enabled applications like BitTorrent
aren't able to contact peers behind NATs unless the users are computer-
savvy enough to forward a BitTorrent port.

Is this a long-term problem, or is there some solution out there? IPv6
wont do it: we don't use NATs just to save IP address space, we use NATs
for security.

Bill





Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Olaf van der Spek
2005-02-14 12:10:56 UTC
Permalink
Post by Bill Cox
From what I can tell, enabling UPnP on NAT enabled gateway is not
currently a good idea. There are too many computers with spy-ware and
worse, and allowing those applications to open ports through your fire-
wall is risky.
I hope you don't consider a computer with spyware safe and secure. NAT
or no NAT.
Post by Bill Cox
The problem this causes is that P2P enabled applications like BitTorrent
aren't able to contact peers behind NATs unless the users are computer-
savvy enough to forward a BitTorrent port.
Is this a long-term problem, or is there some solution out there? IPv6
wont do it: we don't use NATs just to save IP address space, we use NATs
for security.
Bill
Yahoo! Groups Links
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Justin Cormack
2005-02-14 13:10:30 UTC
Permalink
Post by Olaf van der Spek
Post by Bill Cox
From what I can tell, enabling UPnP on NAT enabled gateway is not
currently a good idea. There are too many computers with spy-ware and
worse, and allowing those applications to open ports through your fire-
wall is risky.
I hope you don't consider a computer with spyware safe and secure. NAT
or no NAT.
Agree here. If someone can install spyware or get you to, its too late to
worry about security, you are already gone.
Post by Olaf van der Spek
Post by Bill Cox
The problem this causes is that P2P enabled applications like BitTorrent
aren't able to contact peers behind NATs unless the users are computer-
savvy enough to forward a BitTorrent port.
Is this a long-term problem, or is there some solution out there? IPv6
wont do it: we don't use NATs just to save IP address space, we use NATs
for security.
IPv6 is part of the solution, at least machines are addressable. You can still
filter just as much as you like on the firewall.

Clearly there is no solution that works with NAT, if the firewall is setup
in any way sensibly.

The same problem is there with voip, its a real pain configuring phones when
there is nat. The one I got tried to use STUN but it simply doesnt work,
yo have to forward ports manually.

I think P2P, VOIP and mobile phones will be what forces adoption of ipv6.



Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Bill Cox
2005-02-14 14:45:48 UTC
Permalink
Post by Justin Cormack
IPv6 is part of the solution, at least machines are addressable. You can still
filter just as much as you like on the firewall.
Clearly there is no solution that works with NAT, if the firewall is setup
in any way sensibly.
The same problem is there with voip, its a real pain configuring phones when
there is nat. The one I got tried to use STUN but it simply doesn't work,
yo have to forward ports manually.
I think P2P, VOIP and mobile phones will be what forces adoption of ipv6.
I think the lack of IP addresses will drive IPv6 adoption, and that
problem will be exacerbated by the popularity of things like VOIP
enabled phones and other P2P devices, so I agree with you there.

However, I'm no longer convinced that IPv6 will help solve the NAT
problem. I suspect that Cisco will continue shipping NAT enabled
residential gateway/routers long after IPv6 is established, possibly for
many decades. What you and I think wont change what Cisco does, so
there's no use arguing about what's right. Note that they ship their
LinkSys routers with UPnP disabled today. UPnP otherwise would have
solved the NAT problem.

I suspect that this situation will continue unless there's some new
solution for NAT enabled gateways that can block unauthorized incoming
connections yet allow legitimate ones through. But how can a router
know the difference?

Bill





Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Olaf van der Spek
2005-02-14 14:49:43 UTC
Permalink
Post by Bill Cox
However, I'm no longer convinced that IPv6 will help solve the NAT
problem. I suspect that Cisco will continue shipping NAT enabled
residential gateway/routers long after IPv6 is established, possibly for
many decades. What you and I think wont change what Cisco does, so
You don't need NAT for stateful filtering.
Post by Bill Cox
there's no use arguing about what's right. Note that they ship their
LinkSys routers with UPnP disabled today. UPnP otherwise would have
solved the NAT problem.
I suspect that this situation will continue unless there's some new
solution for NAT enabled gateways that can block unauthorized incoming
connections yet allow legitimate ones through. But how can a router
know the difference?
Authentication?



Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Bill Cox
2005-02-14 15:27:45 UTC
Permalink
Post by Olaf van der Spek
Post by Bill Cox
I suspect that this situation will continue unless there's some new
solution for NAT enabled gateways that can block unauthorized incoming
connections yet allow legitimate ones through. But how can a router
know the difference?
Authentication?
Authentication would be good. How does a LinkSys style gateway do it
without requiring a user to configure it?

I'm assuming that users will continue to mostly be unaware of how to
modify their routers settings, as they are today. A reasonable answer
is better education, which may happen over the long term.

Bill





Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Olaf van der Spek
2005-02-14 15:33:30 UTC
Permalink
Post by Bill Cox
Post by Olaf van der Spek
Post by Bill Cox
I suspect that this situation will continue unless there's some new
solution for NAT enabled gateways that can block unauthorized incoming
connections yet allow legitimate ones through. But how can a router
know the difference?
Authentication?
Authentication would be good. How does a LinkSys style gateway do it
without requiring a user to configure it?
I'm not sure if UPnP supports authentication.

But IMO a stateful router is not the answer to network security.



Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Bill Cox
2005-02-14 14:30:17 UTC
Permalink
Post by Olaf van der Spek
Post by Bill Cox
From what I can tell, enabling UPnP on NAT enabled gateway is not
currently a good idea. There are too many computers with spy-ware and
worse, and allowing those applications to open ports through your fire-
wall is risky.
I hope you don't consider a computer with spyware safe and secure. NAT
or no NAT.
No, I don't. However, the stuff is everywhere, and in particular behind
many (most?) NATs. A friend of mine had her computer cleaned up by a
networking guy yesterday. She had > 800 infected registery records, and
over 30 spyware apps.

There are simple schemes to allow a spy-ware program to hide it's
capabilities, but still communicate now and then with the outside world,
thus enabling a hacker to control the infected machine. However, the
NAT keeps hackers from taking over whenever they want. They have to
wait for the spy-ware to contact them. UPnP enabled NAT gateways defeat
that protection, as weak as it is.

Whether or not UPnP is a significant security risk, I suspect that NAT
enabled gateways will continue to be shipped with UPnP turned off by
default (like my new LinkSys router). The same guys out there who don't
know how to route BT traffic through their firewall will probably not
enable UPnP.

Bill





Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Olaf van der Spek
2005-02-14 14:43:31 UTC
Permalink
Post by Bill Cox
There are simple schemes to allow a spy-ware program to hide it's
capabilities, but still communicate now and then with the outside world,
thus enabling a hacker to control the infected machine. However, the
NAT keeps hackers from taking over whenever they want. They have to
No, NAT doesn't. It just makes it a bit harder.



Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Yejun Yang
2005-02-15 21:06:02 UTC
Permalink
Even without UPnP, penetrating NAT is still possible.
Currently MS Torendo IPv6 server protocal can let 2 peers both behind
NAT to communicate with each other directly without server relay.
Post by Bill Cox
From what I can tell, enabling UPnP on NAT enabled gateway is not
currently a good idea. There are too many computers with spy-ware and
worse, and allowing those applications to open ports through your fire-
wall is risky.
The problem this causes is that P2P enabled applications like BitTorrent
aren't able to contact peers behind NATs unless the users are computer-
savvy enough to forward a BitTorrent port.
Is this a long-term problem, or is there some solution out there? IPv6
wont do it: we don't use NATs just to save IP address space, we use NATs
for security.
Bill
Yahoo! Groups Links
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Justin Cormack
2005-02-15 21:24:31 UTC
Permalink
Post by Yejun Yang
Even without UPnP, penetrating NAT is still possible.
Currently MS Torendo IPv6 server protocal can let 2 peers both behind
NAT to communicate with each other directly without server relay.
Well thats just one method of applying IPv6 by the backdoor. Running it over
UDP has the disadvantage that many routers NAT UDP badly and drop connections
(as it is stateless).

Has anyone got a summary of how Toredo works? How are the ipv6 addresses
assigned? Has anyone got it running, can you connect to ipv6 torrents?
Post by Yejun Yang
Post by Bill Cox
From what I can tell, enabling UPnP on NAT enabled gateway is not
currently a good idea. There are too many computers with spy-ware and
worse, and allowing those applications to open ports through your fire-
wall is risky.
The problem this causes is that P2P enabled applications like BitTorrent
aren't able to contact peers behind NATs unless the users are computer-
savvy enough to forward a BitTorrent port.
Is this a long-term problem, or is there some solution out there? IPv6
wont do it: we don't use NATs just to save IP address space, we use NATs
for security.
Bill
Yahoo! Groups Links
Yahoo! Groups Links
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Konstantin 'Kosta' Welke
2005-02-15 22:24:56 UTC
Permalink
Post by Yejun Yang
Currently MS Torendo IPv6 server protocal can let 2 peers both behind
NAT to communicate with each other directly without server relay.
Can you post an URL or something? I did not find anything on
this subject.

Kosta



Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Justin Cormack
2005-02-15 21:56:36 UTC
Permalink
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/teredo.mspx
Post by Konstantin 'Kosta' Welke
Post by Yejun Yang
Currently MS Torendo IPv6 server protocal can let 2 peers both behind
NAT to communicate with each other directly without server relay.
Can you post an URL or something? I did not find anything on
this subject.
Kosta
Yahoo! Groups Links
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Bill Cox
2005-02-16 04:51:49 UTC
Permalink
Post by Justin Cormack
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/teredo.mspx
Post by Konstantin 'Kosta' Welke
Post by Yejun Yang
Currently MS Torendo IPv6 server protocal can let 2 peers both behind
NAT to communicate with each other directly without server relay.
Can you post an URL or something? I did not find anything on
this subject.
Kosta
This seems to only document IPv6 tunneling through NATs and IPv4
routers, much the way we do it today with plain IPv4. The goal seems to
be to help aid the transition to IPv6.

I didn't seen any recommended solution to the problem of two peers, both
behind NATs, that want to talk. From my understanding of simple NATs, I
don't see how it's possible without configuring the NATs to forward
ports, or support UPnP.

Basically, if I'm behind a NAT, and so are you, and either we don't have
the gateway passwords, or we're not computer savvy, we can't talk
directly.

Bill





Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Justin Cormack
2005-02-16 11:17:40 UTC
Permalink
Post by Bill Cox
Post by Justin Cormack
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/teredo.mspx
Post by Konstantin 'Kosta' Welke
Post by Yejun Yang
Currently MS Torendo IPv6 server protocal can let 2 peers both behind
NAT to communicate with each other directly without server relay.
Can you post an URL or something? I did not find anything on
this subject.
Kosta
This seems to only document IPv6 tunneling through NATs and IPv4
routers, much the way we do it today with plain IPv4. The goal seems to
be to help aid the transition to IPv6.
I didn't seen any recommended solution to the problem of two peers, both
behind NATs, that want to talk. From my understanding of simple NATs, I
don't see how it's possible without configuring the NATs to forward
ports, or support UPnP.
Basically, if I'm behind a NAT, and so are you, and either we don't have
the gateway passwords, or we're not computer savvy, we can't talk
directly.
Bill
See the section entitled

Initial communication between Teredo clients in different sites

It relies on the fact that many NATs (not what they call symmetric NATs
which includes Linux) set up dumb mappings so incoming packets for a port
that has a mapping already set up in the NAT get forwarded by that rule
whichever external host they come from. Because UDP doesnt have sequence
numbers that means anyone can send you packets if they know the external
IP address of the NAT box and the port that you are keeping as a natted
connection. You need a server (actually 2) available that you can send
packets to to keep the mapping alive and for other machines to find out
what your mapping is (from your ipv6 address) and to assign ipv6 addresses.

In some situations it relies on sending packets that it knows will be discarded
to set up NAT mappings, again relying on the server to store the mappings.

Its what STUN uses.

My VOIP phone tried to use STUN and it didnt work at all, but then I use
Linux to do my NAT.
Post by Bill Cox
Yahoo! Groups Links
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Bill Cox
2005-02-16 12:50:36 UTC
Permalink
Post by Justin Cormack
See the section entitled
Initial communication between Teredo clients in different sites
Thanks for the clarification. I get it now. Do you happen to know if
modern LinkSys routers forward data to any open port without checking
the source IP?

Thanks,
Bill





Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Justin Cormack
2005-02-16 13:01:07 UTC
Permalink
Post by Bill Cox
Post by Justin Cormack
See the section entitled
Initial communication between Teredo clients in different sites
Thanks for the clarification. I get it now. Do you happen to know if
modern LinkSys routers forward data to any open port without checking
the source IP?
Generally (google for STUN linksys or similar) it looks like Linksys
mostly dont work...

Different terminology from MS, but most comprehensive (if hard to read)
is http://bgp.lcs.mit.edu/~dga/view.cgi
Post by Bill Cox
Thanks,
Bill
Yahoo! Groups Links
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Karst Bjorgson
2005-02-17 04:55:13 UTC
Permalink
Post by Justin Cormack
Generally (google for STUN linksys or similar) it
looks like Linksys
mostly dont work...
Actually, Teredo does work through a Linksys box. I
know, I tried it using WIndows XP/SP2. The Linksys
router falls in what Teredo or STUN call the "address
restricted cone NAT" category. There is a lot of
pressure on router makers to make Teredo, STUN and
other similar schemes work, and in practice it does
work in 90%+ of modern routers.
Post by Justin Cormack
Different terminology from MS, but most
comprehensive (if hard to read)
is http://bgp.lcs.mit.edu/~dga/view.cgi
The spec for teredo is available at
http://www.ietf.org/internet-drafts/draft-huitema-v6ops-teredo-04.txt.

Cullen Jennings wrote an analysis of currently
deployed NAT in
http://www.ietf.org/internet-drafts/draft-jennings-behave-test-results-00.txt.

-- Karst

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com



Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Justin Cormack
2005-02-15 22:22:47 UTC
Permalink
Post by Yejun Yang
Even without UPnP, penetrating NAT is still possible.
Currently MS Torendo IPv6 server protocal can let 2 peers both behind
NAT to communicate with each other directly without server relay.
Reading the docs, I see it basically works in those situations under
which STUN works ie sometimes, mostly if you have a really dumb NAT
box (not a Unix machine).

Also if you want to talk to real IPv6 hosts all traffic has to pass through
a server. (just using it for NAT traversal you can talk directly if it
works at all - no one has decided to procide open NAT relay servers). I
suspect that this part of the infrastructure wont last long unless core
ipv6 routers decide to support it.

Who is providing the servers?

Can anyone behind NAT ping me (bream.specialbusservice.com - ipv6 name only)?
Post by Yejun Yang
Post by Bill Cox
From what I can tell, enabling UPnP on NAT enabled gateway is not
currently a good idea. There are too many computers with spy-ware and
worse, and allowing those applications to open ports through your fire-
wall is risky.
The problem this causes is that P2P enabled applications like BitTorrent
aren't able to contact peers behind NATs unless the users are computer-
savvy enough to forward a BitTorrent port.
Is this a long-term problem, or is there some solution out there? IPv6
wont do it: we don't use NATs just to save IP address space, we use NATs
for security.
Bill
Yahoo! Groups Links
Yahoo! Groups Links
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
jaxe02
2005-02-16 08:50:33 UTC
Permalink
Post by Justin Cormack
Reading the docs, I see it basically works in those situations under
which STUN works ie sometimes, mostly if you have a really dumb NAT
box (not a Unix machine).
Some years ago (when the mechanism was still known as shipworm) I read
the whole specs
(http://www.rfc-editor.org/cgi-bin/iddoctype.pl?letsgo=draft-huitema-v6ops-teredo-04),
and they claimed to work with most NATs - never tested anyway to see
if it's true ;-)
Post by Justin Cormack
Also if you want to talk to real IPv6 hosts all traffic has to pass through
a server. (just using it for NAT traversal you can talk directly if it
works at all - no one has decided to procide open NAT relay servers). I
suspect that this part of the infrastructure wont last long unless core
ipv6 routers decide to support it.
Definitely yes (just like 6to4) - of course this is a sort of bandaid,
as long as native IPv6 is not so widespread: I don't think it is
expected to scale very well if it should be used by too many users...
Post by Justin Cormack
Who is providing the servers?
For example Microsoft themselves, or Consulintel:
6to4.autotrans.consulintel.com
teredo.autotrans.consulintel.com
(see http://www.mail-archive.com/***@ipv6.org/msg01819.html)

Cheers,
LF






Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Nick Johnson
2005-02-14 11:01:14 UTC
Permalink
Post by Paulo S Silva Jr
The IPv4 10.10.10.5 in this sintax is represented with the prefix
0:0:0:0:0:FFFF thus the address will be 0:0:0:0:0:FFFF:0A0A:0A05.
And represented likely in the "peers_ipv6"
According to Wikipedia, at least, the ::ffff:0:0/96 notation is
deprecated - ::/96 should be used to represent IPv4 addresses instead.

-Nick Johnson



Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
jaxe02
2005-02-14 16:54:02 UTC
Permalink
Post by Paulo S Silva Jr
Greetings Programs,
...
Post by Paulo S Silva Jr
Further more, we could use the same "peers_ipv6" as the same RPF
2553 states how an IPv4 address sould be represented as an IPv6
address.
assuming the ficticious IPv6 address
1002:1035:4527:3546:7854:1237:3247:3217 and port 6881 we'd have
a "peers_ipv6" with 18 bytes length value of "0x10 0x02 0x10 0x35
0x45 0x27 0x35 0x46 0x78 0x54 0x12 0x37 0x32 0x47 0x32 0x17 0x1A
0xE1"
The IPv4 10.10.10.5 in this sintax is represented with the prefix
0:0:0:0:0:FFFF thus the address will be 0:0:0:0:0:FFFF:0A0A:0A05.
And represented likely in the "peers_ipv6"
While the "peers_ipv6" idea seems imho reasonable, I've got a few
comments on the last part of your proposal:
-RFC2553 is now obsoleted by RFC3493;
-IPv4-mapped addresses (the ones like ::FFFF:x.y.w.z) should never go
on the wire: they are used for internal representation only, to handle
an IPv4 address in the IPv6 stack;
-IPv4-compatible addresses (another class of IPv6 addresses with
embedded IPv4 addresses, which look like ::x.y.w.z) are used for the
automatic tunneling mechanism (which is going to be deprecated), so I
don't think they are ok for the use you suggest either.

So I would not use the "peers_ipv6" key to convey IPv4 peer
information - besides, from my point of view, we could simply go on
using the "peers" key to announce peers with IPv6 addresses too,
leaving to the client the task of discriminating between IPv4 and IPv6
addresses they receive.

My 2 cents...
LF






Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Paulo S Silva Jr
2005-02-16 01:41:16 UTC
Permalink
Greetings Programs,
Post by jaxe02
While the "peers_ipv6" idea seems imho reasonable, I've got a few
-RFC2553 is now obsoleted by RFC3493;
Thanks. I had not seen the obsolescence of RFC2553 (it's not listed
as obsolete at http://www.faqs.org/rfcs/rfc-obsolete.html).
Post by jaxe02
-IPv4-mapped addresses (the ones like ::FFFF:x.y.w.z) should never go
on the wire: they are used for internal representation only, to handle
an IPv4 address in the IPv6 stack;
-IPv4-compatible addresses (another class of IPv6 addresses with
embedded IPv4 addresses, which look like ::x.y.w.z) are used for the
automatic tunneling mechanism (which is going to be deprecated), so I
don't think they are ok for the use you suggest either.
So I would not use the "peers_ipv6" key to convey IPv4 peer
information - besides, from my point of view, we could simply go on
using the "peers" key to announce peers with IPv6 addresses too,
leaving to the client the task of discriminating between IPv4 and IPv6
addresses they receive.
OK... let's try to wrap it up for good:
- "peers" : List of IPv4 addresses ONLY ( 6 bytes each)
- "peers_ipv6" : List of IPv6 addresses ONLY (14 bytes each)
Post by jaxe02
My 2 cents...
LF
Regards,
Paulo

PS: I've posted an explanation of the tracker protocol at
http://wiki.theory.org/BitTorrentTrackerProtocol and would
appreciate very much your commets.






Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Paulo S Silva Jr
2005-02-16 01:44:44 UTC
Permalink
Post by Paulo S Silva Jr
Greetings Programs,
Post by jaxe02
While the "peers_ipv6" idea seems imho reasonable, I've got a few
-RFC2553 is now obsoleted by RFC3493;
Thanks. I had not seen the obsolescence of RFC2553 (it's not
listed
Post by Paulo S Silva Jr
as obsolete at http://www.faqs.org/rfcs/rfc-obsolete.html).
Post by jaxe02
-IPv4-mapped addresses (the ones like ::FFFF:x.y.w.z) should
never
Post by Paulo S Silva Jr
go
Post by jaxe02
on the wire: they are used for internal representation only, to
handle
Post by jaxe02
an IPv4 address in the IPv6 stack;
-IPv4-compatible addresses (another class of IPv6 addresses with
embedded IPv4 addresses, which look like ::x.y.w.z) are used for
the
Post by jaxe02
automatic tunneling mechanism (which is going to be deprecated),
so I
Post by jaxe02
don't think they are ok for the use you suggest either.
So I would not use the "peers_ipv6" key to convey IPv4 peer
information - besides, from my point of view, we could simply go on
using the "peers" key to announce peers with IPv6 addresses too,
leaving to the client the task of discriminating between IPv4
and
Post by Paulo S Silva Jr
IPv6
Post by jaxe02
addresses they receive.
- "peers" : List of IPv4 addresses ONLY ( 6 bytes each)
- "peers_ipv6" : List of IPv6 addresses ONLY (14 bytes each)
sorry peersipv6 has 18 bytes each
Post by Paulo S Silva Jr
Post by jaxe02
My 2 cents...
LF
Regards,
Paulo
PS: I've posted an explanation of the tracker protocol at
http://wiki.theory.org/BitTorrentTrackerProtocol and would
appreciate very much your commets.
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Justin Cormack
2005-02-16 01:59:11 UTC
Permalink
If a peer connects on ipv4 it means (modulo buggy dns or explicit use of
ipv4 IP address) that either the tracker or the peer doesnt have an ipv6
address, so there wont be any point returning ipv6 clients.

If a peer connects on ipv6, the situation is less clear, but it might not
have an ipv4 address, so be unable to connect to ipv4 clients.

So the best result is only to return results in the same address family.

(A client can get around this if it really wants).

j
Post by Paulo S Silva Jr
Post by Paulo S Silva Jr
Greetings Programs,
Post by jaxe02
While the "peers_ipv6" idea seems imho reasonable, I've got a few
-RFC2553 is now obsoleted by RFC3493;
Thanks. I had not seen the obsolescence of RFC2553 (it's not
listed
Post by Paulo S Silva Jr
as obsolete at http://www.faqs.org/rfcs/rfc-obsolete.html).
Post by jaxe02
-IPv4-mapped addresses (the ones like ::FFFF:x.y.w.z) should
never
Post by Paulo S Silva Jr
go
Post by jaxe02
on the wire: they are used for internal representation only, to
handle
Post by jaxe02
an IPv4 address in the IPv6 stack;
-IPv4-compatible addresses (another class of IPv6 addresses with
embedded IPv4 addresses, which look like ::x.y.w.z) are used for
the
Post by jaxe02
automatic tunneling mechanism (which is going to be deprecated),
so I
Post by jaxe02
don't think they are ok for the use you suggest either.
So I would not use the "peers_ipv6" key to convey IPv4 peer
information - besides, from my point of view, we could simply go
on
Post by Paulo S Silva Jr
Post by jaxe02
using the "peers" key to announce peers with IPv6 addresses too,
leaving to the client the task of discriminating between IPv4
and
Post by Paulo S Silva Jr
IPv6
Post by jaxe02
addresses they receive.
- "peers" : List of IPv4 addresses ONLY ( 6 bytes each)
- "peers_ipv6" : List of IPv6 addresses ONLY (14 bytes each)
sorry peersipv6 has 18 bytes each
Post by Paulo S Silva Jr
Post by jaxe02
My 2 cents...
LF
Regards,
Paulo
PS: I've posted an explanation of the tracker protocol at
http://wiki.theory.org/BitTorrentTrackerProtocol and would
appreciate very much your commets.
Yahoo! Groups Links
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
jaxe02
2005-02-25 14:43:15 UTC
Permalink
Post by Justin Cormack
If a peer connects on ipv4 it means (modulo buggy dns or explicit use of
ipv4 IP address) that either the tracker or the peer doesnt have an ipv6
address, so there wont be any point returning ipv6 clients.
If a peer connects on ipv6, the situation is less clear, but it might not
have an ipv4 address, so be unable to connect to ipv4 clients.
So the best result is only to return results in the same address family.
(A client can get around this if it really wants).
j
I've applied the "send peer addresses belonging to the same address
family as the client connection" tracker policy to the old snark
(http://klomp.org/snark/) client - the modified version, with GUI too,
is here if anyone wants to play with it:
http://www.geocities.com/jaxe02/SnarkGUI/snark.html

Cheers,
LF






Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/

jaxe02
2005-02-16 11:19:30 UTC
Permalink
Hi Paulo,
Post by Paulo S Silva Jr
Greetings Programs,
...
Post by Paulo S Silva Jr
- "peers" : List of IPv4 addresses ONLY ( 6 bytes each)
- "peers_ipv6" : List of IPv6 addresses ONLY (14 bytes each)
OK seems reasonable to me (of course, this should be valid only in
compact mode - I think that when compact mode is not used, "peers"
could also covey IPv6 addresses in literal form, or DNS names)
Post by Paulo S Silva Jr
PS: I've posted an explanation of the tracker protocol at
http://wiki.theory.org/BitTorrentTrackerProtocol and would
appreciate very much your commets.
I'm having a look at it, thanks.

Cheers,
LF






Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/BitTorrent/

<*> To unsubscribe from this group, send an email to:
BitTorrent-***@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
Loading...