• Home
  • Archive
  • Disclosure
    • Disclaimer
    • Comment Policy
    • Privacy Policy
  • Just Three
  • Contact
    • Who Am I ?
    • What does Ethereal Mind mean ?

EtherealMind

Software Defined & Intent Based Networking

You are here: Home / Blog / Opinion / Microsoft Teredo is a no-go area for IPv6.

Microsoft Teredo is a no-go area for IPv6.

25th April 2011 By Greg Ferro Filed Under: Opinion

I’ve talked before about Microsoft Teredo protocol for IPv6 to IPv4 tunneling and called it a bag of crap. Geoff Huston puts some solid information down about Teredo and why it should not be considered. My gut feeling : Teredo = NetBIOS (and we all know how that worked out)

Microsoft continues to develop it’s own standards for Teredo, however:

But there are serious security concerns, and again. However Microsoft continues to flog the dead horse with Teredo Security Updates – http://tools.ietf.org/html/rfc5991 (Notably, the co-authors of this standard are companies dependent on Microsoft’s goodwill to survive).

Geof Huston from APNIC in his post Testing Teredo on his blog:

Teredo in Perspective We’ve learned a number of axioms of networking in the decades we’re been working with packet switched networks and the Internet in particular. Among them I would offer the following three: Tunnelling is really never a good answer. Stateful devices in the data path are invariably problematic. NATs are strange! Teredo exercises all three of these, and it could be said that it is an achievement that it works at all! Expecting it to work reliably in all cases is perhaps just asking too much. The default behaviour of Windows clients, who will avoid the use of Teredo in any form of communication that is initiated through a DNS name resolution appears to be a reasonable approach. On the other hand the data presented here makes a strong case that Teredo is perhaps best shipped “off” by default.

Here’s the deal in summary: Teredo is crap.

  • Teredo doesn’t have HA termination for tunnel gateways ( Microsoft loves their customers !! NOT.)
  • Teredo appears poorly implemented, using large amounts of CPU and memory.
  • Teredo runs slow, and their sequencing choices for protocol selection are poor.
  • Compared to 6RD or other migration technologies, Teredo is really poorly done.
  • It’s riddled with insecure design and been challenged several times in IETF with multiple drafts to fix the problems. Microsft != secure design.

Don’t use it, don’t think about it. And lets pray to the IT $god?s that someone in Microsoft gets some sense and gives up on it. I don’t want to be screwed by another Microsoft “invented” protocol. I’ve had that too many times already.

Postscript

By the way, NetBIOS wasn’t a bad concept or design. But Microsoft implementation was stunningly bad. I note that Teredo isn’t a bad idea, but the implementation appears to be shockingly bad. Continuing the theme that Microsoft doesn’t learn from it’s mistakes, it just repeats them.

About Greg Ferro

Human Infrastructure for Data Networks. 25 year survivor of Corporate IT in many verticals, tens of employers working on a wide range of networking solutions and products.

Host of the Packet Pushers Podcast on data networking at http://packetpushers.net- now the largest networking podcast on the Internet.

My personal blog at http://gregferro.com

Comments

  1. Brannen says

    28th April 2011 at 18:27 +0000

    I’ve always thought that Microsoft != networking.

    • Greg Ferro says

      29th April 2011 at 16:58 +0000

      Sadly, that’s true. You’d think that Microsoft would try to improve their customer focus, but it’s still not happening.

  2. Marti van Lin says

    20th May 2012 at 05:46 +0000

    Hi Etherealmind 😉 Thank you so much  for this article. Today I installed an app called UPnP Router Control (just to see if it possibly could be a useful tool). To my surprise there was some obscure service called “Teredo” running WTF? Never heard of it, so googled and came across an interesting Wikipedia article. Learning it was written by a Microsoft Employee (with their Fine Vendor-lock-in® “Standards”) made me even more suspicious. On top of that Microsoft decided to disable IP Flood Detection, without my knowledge. Thanks to your article, it didn’t took me long to switch the junk off.

Network Break Podcast

Network Break is round table podcast on news, views and industry events. Join Ethan, Drew and myself as we talk about what happened this week in networking. In the time it takes to have a coffee.

Packet Pushers Weekly

A podcast on Data Networking where we talk nerdy about technology, recent events, conduct interviews and more. We look at technology, the industry and our daily work lives every week.

Our motto: Too Much Networking Would Never Be Enough!

Find Me on Social Media

  • LinkedIn
  • RSS
  • Twitter
  • YouTube

Return to top of page

Copyright Greg Ferro 2008-2019 - Thanks for reading my site, it's been good to have you here.

Opinions, Views and Ideas expressed here are my own and do not represent any employer, vendor or sponsor.Full disclosure