MicroSoft Technology and Servers and Tricks.: How Direct Access Works. ?

How Direct-Access Works -IPv6 Addressing

IPv6 allows every computer to have a globally-unique IPv6 address. This is how Direct-Access computers find each other.

IPv6 addresses are 128 bits long, and written in 8 blocks of 16 bits, separated by colons.

                2006:1601:b60a:c7d8:0000:0000:0000:0178

                2006:1601:b60a:c7d8::178

We can use transition technologies to tunnel IPv6 content inside of IPv4 traffic. There are four transition technologies at play in DirectAccess.
6to4 tunnels IPv6 traffic inside of IPv4 packets. It uses IPsec protocol #41.
Traffic can go directly to other 6to4 computers or pass through a 6to4 relay.
6to4 is available to computers with a public IPv4 address. The IPv6 address format is:

Teredo sends IPv6 traffic inside IPv4 UDP/3544
The teredo client can be behind a NAT
Teredo addresses start with 2001:0000:, and include the teredo server address, the client’s NATed address, and other details

NAT detection uses bubble packets sent to/from a teredo server
Once connection is established, traffic passes through a teredo relay
IP-HTTPS is a new protocol for Win7/2008R2. It encapsulates IPv6 inside of https using IPv4 TCP/443. It works like normal SSL traffic.
IP-HTTPS will come up only if 6to4 and teredo do not (e.g. behind a NAT that blocks UDP/3544)
IP-HTTPS addresses start with 2002: and in a default setup contain the IP-HTTPS server address

Traffic is routed through the IP-HTTPS server
ISATAP is like 6to4, uses IPv4 protocol 41
It is mostly used for intranets
Addresses are formed based on routing information requested from an ISATAP router. They start with 2001: or 2002: and end with :5efe: and the client’s IPv4 address

· Clients find the ISATAP router by resolving the DNS name isatap.<mydomain>

MicroSoft Technology and Servers and Tricks.