Microsoft Teredo is a no-go area for IPv6.

I’ve talked before about Microsoft Teredo protocol for IPv6 to IPv4 tunneling and called it a bag of crap. Geoff Huston puts some solid information down about Teredo and why it should not be considered. My gut feeling : Teredo = NetBIOS (and we all know how that worked out)

Microsoft continues to develop it’s own standards for Teredo, however:

But there are serious security concerns, and again. However Microsoft continues to flog the dead horse with Teredo Security Updates – http://tools.ietf.org/html/rfc5991 (Notably, the co-authors of this standard are companies dependent on Microsoft’s goodwill to survive).

Geof Huston from APNIC in his post Testing Teredo on his blog:

Teredo in Perspective We’ve learned a number of axioms of networking in the decades we’re been working with packet switched networks and the Internet in particular. Among them I would offer the following three: Tunnelling is really never a good answer. Stateful devices in the data path are invariably problematic. NATs are strange! Teredo exercises all three of these, and it could be said that it is an achievement that it works at all! Expecting it to work reliably in all cases is perhaps just asking too much. The default behaviour of Windows clients, who will avoid the use of Teredo in any form of communication that is initiated through a DNS name resolution appears to be a reasonable approach. On the other hand the data presented here makes a strong case that Teredo is perhaps best shipped “off” by default.

Here’s the deal in summary: Teredo is crap.

  • Teredo doesn’t have HA termination for tunnel gateways ( Microsoft loves their customers !! NOT.)
  • Teredo appears poorly implemented, using large amounts of CPU and memory.
  • Teredo runs slow, and their sequencing choices for protocol selection are poor.
  • Compared to 6RD or other migration technologies, Teredo is really poorly done.
  • It’s riddled with insecure design and been challenged several times in IETF with multiple drafts to fix the problems. Microsft != secure design.

Don’t use it, don’t think about it. And lets pray to the IT $god?s that someone in Microsoft gets some sense and gives up on it. I don’t want to be screwed by another Microsoft “invented” protocol. I’ve had that too many times already.

Postscript

By the way, NetBIOS wasn’t a bad concept or design. But Microsoft implementation was stunningly bad. I note that Teredo isn’t a bad idea, but the implementation appears to be shockingly bad. Continuing the theme that Microsoft doesn’t learn from it’s mistakes, it just repeats them.

  • Pingback: How To Disable Teredo IPv6 Tunneling in Microsoft Windows ó The Lone Sysadmin()

  • Brannen

    I’ve always thought that Microsoft != networking.

    • http://etherealmind.com Greg Ferro

      Sadly, that’s true. You’d think that Microsoft would try to improve their customer focus, but it’s still not happening.

  • http://profiles.google.com/martivanlin Marti van Lin

    Hi Etherealmind ;-) Thank you so much  for this article. Today I installed an app called UPnP Router Control (just to see if it possibly could be a useful tool). To my surprise there was some obscure service called “Teredo” running WTF? Never heard of it, so googled and came across an interesting Wikipedia article. Learning it was written by a Microsoft Employee (with their Fine Vendor-lock-in® “Standards”) made me even more suspicious. On top of that Microsoft decided to disable IP Flood Detection, without my knowledge. Thanks to your article, it didn’t took me long to switch the junk off.