Editing Teredo tunneling (section)

== Overview ==
The Teredo protocol performs several functions:
# Diagnoses UDP over IPv4 (UDPv4) connectivity and discovers the kind of NAT present (using a simplified replacement to the [[STUN]] protocol)
# Assigns a globally routable unique IPv6 address to each host using it
# Encapsulates IPv6 packets inside UDPv4 datagrams for transmission over an IPv4 network (this includes [[NAT traversal]])
# Routes traffic between Teredo hosts and native (or otherwise non-Teredo) IPv6 hosts

=== Node types ===
Teredo defines several different kinds of nodes:<ref>{{Cite journal|last1=Sharma|first1=Vishal|last2=Kumar|first2=Rajesh|date=2017|title=Teredo tunneling-based secure transmission between UAVs and ground ad hoc networks|journal=International Journal of Communication Systems|language=en|volume=30|issue=7|pages=e3144|doi=10.1002/dac.3144|s2cid=5263153 |issn=1099-1131}}</ref>

; Teredo client: A host that has IPv4 connectivity to the Internet from behind a NAT and uses the Teredo tunneling protocol to access the IPv6 Internet. Teredo clients are assigned an IPv6 address that starts with the Teredo prefix (<code>2001::/32</code>).<ref>{{cite web|title=Teredo Addresses (Windows)|url=http://msdn.microsoft.com/en-us/library/windows/desktop/cc136764(v=vs.85).aspx|website=msdn.microsoft.com|language=en|access-date=2014-12-02|archive-date=2016-12-23|archive-url=https://web.archive.org/web/20161223065016/https://msdn.microsoft.com/en-us/library/windows/desktop/cc136764(v=vs.85).aspx|url-status=live}}</ref>

; Teredo server: A well-known host used for initial configuration of a Teredo tunnel. A Teredo server never forwards any traffic for the client (apart from IPv6 pings), and has therefore  modest bandwidth requirements (a few hundred bits per second per client at most),{{Citation needed|date=March 2009}} which means a single server can support many clients. Additionally, a Teredo server can be implemented in a fully [[stateless protocol|stateless]] manner, thus using the same amount of memory regardless of how many clients it supports.

; Teredo relay: The remote end of a Teredo tunnel. A Teredo relay must forward all of the data on behalf of the Teredo clients it serves, with the exception of direct Teredo client to Teredo client exchanges. Therefore, a relay requires a lot of bandwidth and can only support a limited number of simultaneous clients. Each Teredo relay serves a range of IPv6 hosts (e.g. a single campus or company, an [[Internet service provider|ISP]] or a whole operator network, or even the whole [[IPv6 Internet]]); it forwards traffic between any Teredo clients and any host within said range.

; Teredo host-specific relay: A Teredo relay whose range of service is limited to the very host it runs on. As such, it has no particular bandwidth or routing requirements. A computer with a host-specific relay uses Teredo to communicate with Teredo clients, but sticks to its main IPv6 connectivity provider to reach the rest of the IPv6 Internet.

=== IPv6 addressing ===
Each Teredo client is assigned a public [[IPv6 address]], which is constructed as follows (the higher order bit is numbered 0):
* Bits 0 to 31 hold the Teredo prefix (2001::/32).
* Bits 32 to 63 embed the primary IPv4 address of the Teredo server that is used.
* Bits 64 to 79 hold some flags and other bits; the format for these 16 bits, MSB first, is "CRAAAAUG AAAAAAAA".  The "C" bit was set to 1 if the Teredo client is located behind a [[Network address translation#Methods of translation|cone NAT]], 0 otherwise, but RFC 5991 changed it to always be 0 to avoid revealing this fact to strangers. The "R" bit is currently unassigned and should be sent as 0.  The "U" and "G" bits are set to 0 to emulate the "Universal/local" and "Group/individual" bits in [[MAC address]]es.  The 12 "A" bits were 0 in the original RFC 4380 specification, but were changed to random bits chosen by the Teredo client in RFC 5991 to provide the Teredo node with additional protection against IPv6-based scanning attacks.
* Bits 80 to 95 contain the ''obfuscated'' UDP port number. This is the port number that the NAT maps to the Teredo client, with all bits inverted.
* Bits 96 to 127 contain the ''obfuscated'' IPv4 address. This is the public IPv4 address of the NAT with all bits inverted.

{{center|''Teredo IPv6 addressing table''}}
{| class="wikitable" style="margin-right:auto; margin-left:auto;"
|-
! Bits || 0 - 31 || 32 - 63 || 64 - 79 || 80 - 95 || 96 - 127
|-
| Length || 32 bits || 32 bits || 16 bits || 16 bits || 32 bits
|-
| Description || Prefix || Teredo<br />server IPv4 || Flags || Obfuscated<br />UDP port || Obfuscated Client<br />public IPv4
|}

As an example, the IPv6 address 2001:0000:4136:e378:8000:63bf:3fff:fdd2 refers to a Teredo client that:
* Uses Teredo server at address 65.54.227.120 (4136e378 in [[hexadecimal]])
* Is behind a cone NAT and client is not fully compliant with RFC 5991 (bit 64 is set)
* Is probably (99.98%) not compliant with RFC 5991 (the 12 random bits are all 0, which happens less than 0.025% of the time)
* Uses UDP mapped port 40000 on its NAT (in hexadecimal [[Bitwise NOT|not]] 63bf equals 9c40, or decimal number 40000)
* Has a NAT public IPv4 address of 192.0.2.45 (not 3ffffdd2 equals c000022d, which is to say, 192.0.2.45)

{{center|''Teredo IPv6 example table''}}
{| class="wikitable" style="margin-right:auto; margin-left:auto;"
|-
! Bits || 0 - 31 || 32 - 63 || 64 - 79 || 80 - 95 || 96 - 127
|-
| Length || 32 bits || 32 bits || 16 bits || 16 bits || 32 bits
|-
| Description || Prefix || Teredo<br />server IPv4 || Flags || Obfuscated<br />UDP port || Obfuscated Client<br />public IPv4
|-
| Part || 2001:0000 || 4136:e378 || 8000 || 63bf || 3fff:fdd2
|-
| Decoded || || 65.54.227.120 || cone NAT || 40000 || 192.0.2.45
|}

=== Servers ===
Teredo clients use Teredo servers to autodetect the kind of NAT they are behind (if any), through a simplified STUN-like ''qualification procedure''. Teredo clients also maintain a binding on their NAT toward their Teredo server by sending a UDP packet at regular intervals. That ensures that the server can always contact any of its clients—which is required for [[NAT hole punching]] to work properly.

If a Teredo relay (or another Teredo client) must send an IPv6 packet to a Teredo client, it first sends a ''Teredo bubble'' packet to the client's Teredo server, whose IP address it infers from the Teredo IPv6 address of the Teredo client. The server then forwards the ''bubble'' to the client, so the Teredo client software knows it must do hole punching toward the Teredo relay.

Teredo servers can also transmit ICMPv6 packet from Teredo clients toward the IPv6 Internet. In practice, when a Teredo client wants to contact a native IPv6 node, it must locate the corresponding Teredo relay, ''i.e.'', to which public IPv4 and UDP port number to send encapsulated IPv6 packets. To do that, the client crafts an ICMPv6 Echo Request (''ping'') toward the IPv6 node, and sends it through its configured Teredo server. The Teredo server de-capsulates the ping onto the IPv6 Internet, so that the ping should eventually reach the IPv6 node. The IPv6 node should then reply with an ICMPv6 Echo Reply, as mandated by RFC 2460. This reply packet is routed to the ''closest'' Teredo relay, which&nbsp;— finally&nbsp;— tries to contact the Teredo client.

Maintaining a Teredo server requires little bandwidth, because they are not involved in actual transmission and reception of IPv6 traffic packets. Also, it does not involve any access to the Internet routing protocols. The only requirements for a Teredo server are:
* The ability to emit ICMPv6 packets with a source address belonging to the Teredo prefix
* Two distinct public IPv4 addresses.  Though not written down in the official specification, Microsoft Windows clients expect both addresses to be consecutive&nbsp;— the second IPv4 address is for NAT detection

Public Teredo servers:
* teredo.trex.fi (Finland)

Former public Teredo servers:
* teredo.remlab.net / teredo-debian.remlab.net (Germany), now redirects to teredo.trex.fi<ref>{{cite web|url=https://www.remlab.net/miredo/news.shtml.en|title=Miredo : News|author=Rémi Denis-Courmont|date=5 June 2021|access-date=2022-07-17|quote=For the time being, teredo.remlab.net will alias the public Teredo server provided by the TREX regional exchange in the Finnish city of Tampere.|archive-date=2022-07-17|archive-url=https://web.archive.org/web/20220717233659/https://www.remlab.net/miredo/news.shtml.en|url-status=live}}</ref>

=== Relays ===
A Teredo relay potentially requires much network bandwidth. Also, it must export (''advertise'') a route toward the Teredo IPv6 prefix (2001::/32) to other IPv6 hosts. That way, the Teredo relay receives traffic from the IPv6 hosts addressed to any Teredo client, and forwards it over UDP/IPv4. Symmetrically, it receives packets from Teredo clients addressed to native IPv6 hosts over UDP/IPv4 and injects those into the native IPv6 network.

In practice, network administrators can set up a private Teredo relay for their company or campus. This provides a short path between their IPv6 network and any Teredo client. However, setting up a Teredo relay on a scale beyond that of a single network requires the ability to export [[BGP]] IPv6 routes to the other [[autonomous system (Internet)|autonomous systems]] (AS's).

Unlike [[6to4]], where the two halves of a connection can use different relays, traffic between a native IPv6 host and a Teredo client uses the same Teredo relay, namely the one closest to the native IPv6 host network-wise. The Teredo client cannot localize a relay by itself (since it cannot send IPv6 packets by itself). If it needs to initiate a connection to a native IPv6 host, it sends the first packet through the Teredo server, which sends a packet to the native IPv6 host using the client's Teredo IPv6 address. The native IPv6 host then responds as usual to the client's Teredo IPv6 address, which eventually causes the packet to find a Teredo relay, which initiates a connection to the client (possibly using the Teredo server for [[NAT traversal|NAT piercing]]). The Teredo Client and native IPv6 host then use the relay for communication as long as they need to. This design means that neither the Teredo server nor client needs to know the IPv4 address of any Teredo relays. They find a suitable one automatically via the global IPv6 routing table, since all Teredo relays advertise the network 2001::/32.

On March 30, 2006, Italian ISP ITGate<ref>{{cite web |url=https://www.itgate.it/index.php/en/ |title=IT.Gate &#124; Technology Services - IT.Gate |website=itgate.it |access-date=September 22, 2019 |archive-date=June 14, 2021 |archive-url=https://web.archive.org/web/20210614043955/https://www.itgate.it/index.php/en/ |url-status=live }}</ref> was the first AS to start advertising a route toward 2001::/32 on the IPv6 Internet, so that RFC 4380-compliant Teredo implementations would be fully usable. As of 16 February 2007, it is no longer functional.

In Q1 2009, IPv6 backbone [[Hurricane Electric]] enabled 14 Teredo relays<ref>{{cite web | url=http://lacnic.net/documentos/lacnicxii/presentaciones/flip6/08_Martin_Levy.pdf | title=Hurricane Electric's experience in deploying Teredo and 6to4 relays | author=Levy, Martin | date=May 28, 2009 | publisher=LACNIC-XII/FLIP6 2009 Conference, Panama City, Panama | access-date=December 29, 2012 | archive-date=April 11, 2015 | archive-url=https://web.archive.org/web/20150411153631/http://lacnic.net/documentos/lacnicxii/presentaciones/flip6/08_Martin_Levy.pdf | url-status=live }}</ref> in an [[anycast]] implementation and advertising 2001::/32 globally. The relays were located in [[Seattle]], [[Fremont, California|Fremont]], [[Los Angeles]], [[Chicago]], [[Dallas]], [[Toronto]], [[New York City|New York]], [[Ashburn, Virginia|Ashburn]], [[Miami]], [[London]], [[Paris]], [[Amsterdam]], [[Frankfurt]], and [[Hong Kong]].

It is expected that large network operators will maintain Teredo relays. As with 6to4, it remains unclear how well the Teredo service will scale up if a large proportion of Internet hosts start using IPv6 through Teredo in addition to IPv4. While Microsoft has operated a set of Teredo servers since they released the first Teredo pseudo-tunnel for Windows XP, they have never provided a Teredo relay service for the IPv6 Internet as a whole.

===Clients===
Officially, this mechanism was created for Microsoft Windows XP and onwards PCs to provide IPv6 connectivity to IPv4 clients by connecting to '''ipv6.microsoft.com''' and works in conjunction with '''IP Helper''' service and '''Teredo Tunneling Adapter Interface''' driver. The service also opens a [[UPNP]] port on the router for relaying.