We have previously covered briefly how an IPv4 network can communicate with an IPv6 network. One of the methods is via an IPv6 tunnel. The 2 types of commonly used tunnels are 6to4 and Teredo. In this article, we’ll discuss more about Teredo which is an IPv6 tunneling mechanism. By using Teredo, IPv6 packets can be transmitted over an IPv4 network even if the client is behind a NAT.
How does Teredo work?
For the Teredo tunneling mechanism to work, there are a few key components required.
- The Teredo server to enable the Teredo client to detect what type of NAT they are behind as part of the initial configuration.
- The Teredo relay which does the actual work of advertising the route for the Teredo IPv6 prefix (2001::/32) to other IPv6 hosts. It also does the encapsulation/decapsulation of the data between the Teredo clients and other IPv6 hosts.
- The Teredo IPv6 address.
What is embedded inside the Teredo IPv6 address?
First of all, we’ll take a look at what’s inside the Teredo IPv6 address. You can always tell whenever you’re looking at a Teredo IPv6 address because the first 16 bits is always 2001 in hexadecimal (as specified in RFC 4380).
For example, you have 2001:0000:4136:e378:8000:63bf:3fff:fdd2 as your Teredo IPv6 address. The 4136:e378 part refers to the Teredo server IPv4 address. Once converted into dotted decimal, you’ll get 22.214.171.124 (4136e378 in hexadecimal). The last 48 bits inverted is split into 2 parts. The first 16 bits (in hexadecimal inverting 63bf equals 9c40, or decimal number 40000) indicates the UDP port on the NAT which maps to the Teredo client and remaining 32 bits (inverting 3ffffdd2 equals c000022d, meaning 192.0.2.45) contains the IPv4 address of the NAT.
Role of the Teredo server
The main purpose of the Teredo server is to enable a Teredo client behind a NAT to know whenever a Teredo relay server or another Teredo client is sending it an IPv6 packet. Once the recipient Teredo client is informed that it has a packet incoming, it has to reach out to the Teredo relay server to get that packet. In addition, a Teredo server also serves as a proxy for the Teredo client to send an ICMPv6 packet to ping the IPv6 internet.
Role of the Teredo relay server
The relay server is the one doing the actual routing of packets between IPv6 and IPv4. To do this job, the relay server will advertise the Teredo IPv6 prefix (2001::/32) so that other IPv6 hosts can send data to the Teredo clients via the relay. When data is sent to the Teredo IPv6 prefix addresses, it is encapsulated inside an IPv4 UDP packet and forwarded to the Teredo client. The reverse process just goes in the other direction.
While there are still IPv4 hosts out there, there will still be a need for transition mechanisms like the Teredo tunneling especially for IPv4 network hosts behind a NAT. This is why it’s important to learn about Teredo tunneling.