locked
Teredo vs IP-HTTPS vs 6TO4 RRS feed

  • Question

  • I was wondering a few things about this, 

    1: how fast are each of these, like whats the throughput on each one?

    2: does windows try all at once, is it some kind of order, like https first, teredo second?

    3:  if there is an order is there anyway to set the order or preference, aside from disabling the adapter of course lol ^_^

    oh and i did netsh int vpv6 show and noticed my 6to4 adapter is always disconnected, is that normal o_O

     

    Thanks in advance :)

    Friday, June 3, 2011 2:40 AM

All replies

  • Q1:

    It's hard to say exactly how the different versions will perform in your environment and if your users will notice the difference.
    The big question is what your users will do when connected with DirectAccess..
    Browsing fileshares, editing documents, browsing internal websites?


    Basically, IPHTTPS packages the data in an HTTPS tunnel, Teredo in UDP, 6to4 in an extra IP header.

    A good url to read: http://technet.microsoft.com/en-us/library/ee844161%28v=ws.10%29.aspx

    I found the link below with some numbers comparing IPHTTPS/Teredo/6to4 and regular SSL VPN, I suggest you do your own testing though and see if you can notice when connected through one technique or another :)

    http://blogs.catapultsystems.com/IT/archive/2010/08/19/microsoft-directaccess-and-uag.aspx

     

    Q2:

    6to4 will be used/tried when your client has a public IPv4 address.
    Teredo will be used/tried when your client has a NAT'ed IPv4 address.
    IPHTTPS will be tried regardless of the IPv4 address.

    Step 1 is to try 6to4/Teredo first and then fall back to IPHTTPS.
    There may be times when you will se both Teredo and IPHTTPS active though, in these cases IPHTTPS will be used.

    Read http://blogs.technet.com/b/tomshinder/archive/2010/08/24/why-are-both-the-teredo-and-ip-https-interfaces-active.aspx for how this happens.

     

    Q3:

    The only way I know of is disabling the techniques you dont want to use.

    (6to4 should always be disconnected if you're connected with a NAT IPv4 address yes)

    //Jonas Blom

     

    Friday, June 3, 2011 8:09 AM
  • In terms of performance, it will be 6to4 then Teredo, then IPHTTPS. 6to4 and Teredo have the same priority, but it is address dependent as explained by Jonas.

    In general, IPHTTPS is designed as a fallback method and will normally only be used if 6to4 or Teredo fail. You can enforce the relative states using Group Policy though if for some reason you want to disable one type of transition technology or enforce another.

    This may help: http://technet.microsoft.com/en-us/library/gg315307.aspx

    In my experience, it is quite common place to disable 6to4, force Teredo to use EnterpriseClient mode and leave IPHTTPS enabled as a fallback option...

    http://blogs.technet.com/b/tomshinder/archive/2010/05/27/directaccess-and-teredo-adapter-behavior.aspx

    http://social.technet.microsoft.com/wiki/contents/articles/solving-a-directaccess-client-blocked-6to4-connection.aspx

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk



    Friday, June 3, 2011 12:04 PM
  • Cool, thanks guys :)
    Monday, June 6, 2011 2:26 PM