Friday Morning Links → Re: You can finally preorder your Nintendo Switch Online...

I do find it funny when a big corporation uses P2P connections to save money. Also, shout-out to Nintendo wanting you to let the Switch allow incoming UDP connections on literally all outside ports, through UPnP and/or by port-forwarding, for reliable online play (»en-americas-support.nint ··· -console). This is necessary when you are selected as the hosting console for a Splatoon 2 match, for example.

I'm hoping the big plan here is to invest their admittedly modest service charge toward infrastructure.

WTF, all the ports? That is insane, no?

quote:

---

I do find it funny when a big corporation uses P2P connections to save money.

---

Just emulating citizens *saving money*.

Thats BS they don't have any business with more than 100 ports max and even that's pushing it.

They really should be able to handle just fine with ONE port.

That is how you set up an ACL for upnp though. They're telling you to allow on all ports but it's only going to set up the one or two ports it needs. I would allow upnp but not a DMZ, port forwarding, or anything else that open. Xbox does the same thing, except they tell you the specific assigned port. However, if you block that port or have another Xbox using it, it will grab a different random one from the range using upnp.

No. UPnP is a check box on most routers and is entirely automatic.
What nintendo is doing is having all incoming connections on UDP forwarded to their device as a static rule for all ports.

It's effectively being set as the DMZ for incoming UDP connections except it doesn't share.

It should still work if you enable UPnP, instead (though I have heard otherwise, possibly because of router implementations), but that is indeed what Nintendo wants if you are doing manual port-forwarding.

I agree that in this case, adding a UPnP ACL roughly around 45000 to 65535, is the best solution. Packet logging shows that the Switch uses that range in practice, despite Nintendo's even crazier suggestion. However, I dislike being pushed to use UPnP, or allowing such really large port ranges in general. Packet logging has also shown that it uses multiple UDP sockets at a time for P2P.

What you described for Xbox is more reasonable, especially if I can just set the port manually in the event of conflicts.

In my opinion, yes. It is worth noting that people have been studying the Switch's actual behavior and have found that in practice, it uses higher-numbered ports around the ephemeral port range (»www.reddit.com/r/Nintend ··· orts_to/).

If you use UPnP nothing needs to be set it's automatic as long as it is enabled the device or application or at least that's how it works on other console systems.
nintendo either neglected to mention that their console supports UPnP or CBA to add support.

Yes, I at least have seen no mention of UPnP in Nintendo's documentation, and many are led to believe it is unsupported because of it. All discussion about it has been by end users.

I would just try and see if it works with just UPnP enabled, most stuff does and most stuff just expects it to be there with the exception of smaller and more or less homebrew applications.

Out of curiosity are any of the consoles making attempts at IPv6 or are they all still IPv4 only?

Xbox One uses IPv6 extensively.

Sorta..

The "Xbox Live" service uses IPv6 over IPv4 via teredo, even if you have native IPv6.

Also note not all games use the Xbox Live service for communications so the individual game developers service may or may not use IPv6 for thier client/server/p2p communications of the console has native IPv6.

This goes for other apps on the system as well, they have access to the systems native IPv6 if its avaible.

I was referring to Xbox 360 since I had an issue with multiple 360s conflicting so I had to block the default port to force them to pick different ports. Xbox One does similar things, but handles it more gracefully when there is a conflict. If the default ports are blocked, it will use UPNP to grab another port avoiding the conflict of using the same default port.

The advantage to an ACL is that you could specifically limit UPNP to the console IP or IP range only along with limiting the ports. Of course that doesn't fix any of the UPNP exploits issues if your router isn't updated with a version that has those all fixed or if it has unsecure aspects of UPNP enabled. I have an Edgerouter though which tends to get the newest least vulnerable version of things. Secure mode also blocks devices from opening ports except for themselves. I disabled NAT-PMP since it is old and exploitable. I'm sure there is some spoofing way around those protections. At the least, it is the most secure way to handle the otherwise unsecure action of letting a device you can't specifically control open ports versus just doing a DMZ or port forwarding everything.