dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2564
share rss forum feed


rogersmogers

@start.ca
reply to paul248

Re: Status of ipv6 with Canadian ISP

said by paul248:

said by Last Parade:

Why you would actively want an IPv6 address is beyond me.

On the contrary, why would you want to actively restrict yourself from accessing the entire Internet? I just don't understand IPv6 luddism. It's like saying "my car still has gas in the tank, so I don't care if nobody is selling the Mr. Fusion here."

IPv6 moves us from a world where numbers are a scarce, expensive commodity, to a world of boundless plenty. How could you possibly be opposed to that, unless you have a vested interest in profiting from the scarcity?

What part of the internet can you not access?

34764170

join:2007-09-06
Etobicoke, ON

1 recommendation

reply to random

said by random :

They are not mutually exclusive from a technical point of view, but are on a for-profit/expenses point of view. In an ideal (dream) world, multiple solutions would be offered.

Well ya, that's why you'll see v6 rolled out for most providers before CGN. But CGN will come eventually too even for the largest of carriers.

said by random :

Why would large telecom corporations that control 90+% of the market who are keep on maximizing their profit and skim on expanding their networks spend extra money to serve the 5% for the more technical users? It is diminishing returns for their quarterly earnings.

That's something the smaller guys might offer. They aren't likely to use CGNAT in the first place.

Even the largest of carriers with a lot of v4 resources are looking at CGN. Why "waste" v4 address space on consumer connections when it isn't necessary? (I don't agree with this but a lot of clueless seem to think so too). Take away the v4 address space for the residential connections and use it for business customers or even pay for a v4 address. Would you really be surprised by that?

Bill C

join:2013-02-17
Vancouver, BC

1 recommendation

reply to spock

TSI may be similar to Skyway West, we assign a /48 to each customer with multiple sites and a /64 to each network segment/site. From our perspective, a /64 is the new /24 (also know as a class C).


34764170

join:2007-09-06
Etobicoke, ON

1 recommendation

said by Bill C:

TSI may be similar to Skyway West, we assign a /48 to each customer with multiple sites and a /64 to each network segment/site. From our perspective, a /64 is the new /24 (also know as a class C).

You should allow a customer to request a /60. Trying to compare v4 to v6 doesn't make any sense, especially for consumer connections. Only providing a /64 for a business customer is ridiculously stingy and will just piss off those customers.


elwoodblues
Elwood Blues
Premium
join:2006-08-30
Somewhere in
kudos:2
Reviews:
·VMedia
reply to 34764170

said by 34764170:

said by paul248:

We would still be having this discussion; it would just be a few months later. You listed eight class A networks, but prior to the global IPv4 pool depletion in January 2011, we were burning through twenty class As per year!

See the graphs here:
»en.wikipedia.org/wiki/IPv4_addre···haustion

"The greatest shortcoming of the human race is our inability to understand the exponential function."
- Albert A. Bartlett, physicist

Worrying about clawing back v4 space is so ridiculously short sighted. Even under the best circumstances that might buy no more than a year.. gimme a break.

Nope. Internet is closed. You're going to have to close up shop.

I think we'd get more then a year out of it. Does every single device need a public IP? I know even if I had a whole mess of ip6's available to me, I wouldn't expose my devices.

While i can see the advantage to that, these days, no way in hell.
--
No, I didn't. Honest... I ran out of gas. I... I had a flat tire. I didn't have enough money for cab fare. My tux didn't come back from the cleaners. An old friend came in from out of town. Someone stole my car. There was an earthquake.......


random

@teksavvy.com
reply to 34764170

>Why "waste" v4 address space on consumer connections when it isn't necessary?

Especially in the ever changing contracts for the large telecom corporations, the residential customers are forbidden to have "servers". They hate torrents and VoIp cutting into their content and phone business. No servers means no need to have an routable external IP. This is one way of them (en)forcing that.

Chances are that IPv6 would be offered to their business customers while the residential would be in a walled garden with CGN. They might bump the small residential users to their higher tiers service just for the luxury of being able to be reach from the outside world.


34764170

join:2007-09-06
Etobicoke, ON

1 recommendation

reply to elwoodblues

said by elwoodblues:

I think we'd get more then a year out of it.

Too bad you're wrong.

said by elwoodblues:

Does every single device need a public IP? I know even if I had a whole mess of ip6's available to me, I wouldn't expose my devices.

While i can see the advantage to that, these days, no way in hell.

No one said you have to "expose" your devices but you're given the option of doing so as you please. Lots of people want that option of being able to do so.

Only people that know what they're doing should do so.

CPE will not do so by default unless the user has changed the settings.

34764170

join:2007-09-06
Etobicoke, ON

1 recommendation

reply to random

said by random :

Chances are that IPv6 would be offered to their business customers while the residential would be in a walled garden with CGN. They might bump the small residential users to their higher tiers service just for the luxury of being able to be reach from the outside world.

That will be the exception not the norm. But that's a good way of pissing off a lot of your customers and having them move elsewhere.


spock

join:2012-07-08

1 recommendation

reply to paul248

I live in the west so the ipv6 beta for teksavvy is quite a bit different than in Ontario. No /56

I will look into 6rd

Thanks


paul248

join:2001-09-04

1 recommendation

said by spock:

I will look into 6rd

I mentioned 6relayd. 6rd is "IPv6 rapid deployment", a tunneling technology which is almost but not entirely unrelated to this discussion.

InvalidError

join:2008-02-03
kudos:5

1 recommendation

reply to spock

said by spock:

Unfortunately my ISP will only give me a single ip from the same /64 it gives everyone else. This means only one device in my network will have ipv6 connectivity.

If your ISP is really doing it this way then they are breaking the IPv6 standard which calls for a WHOLE /64 for each subscriber. The cheapest ARIN allocation for IPv6 is $2500/year for any size from /40 to /32 so it makes no sense for ISPs to order anything smaller than /32, which is enough to give a /64 to as many as 4 billion endpoints.

Your router is supposed to pick up its /64 subnet either through DHCP or route advertisement and then either assign addresses to LAN devices using DHCP or advertise the IPv6 route on the LAN and let devices self-configure the remaining 64 bits of the address field using SLAAC. Either way, the ISP should not be managing the 64 LSBs.


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
reply to Guspaz

said by Guspaz:

IPv6 remains completely useless and unnecessary at this point. Despite paul248 See Profile claiming that lack of IPv6 support somehow "restricts [you] from accessing the entire internet", that's garbage. Show me one instance of a service that can't be accessed by IPv4 that isn't a case of somebody with an agenda purposefully limiting a feature or service to IPv6 to help convince the public of its utility? And I define that as "if the organization has IPv4 addresses, their IPv6-only services are part of their IPv6 agenda and not legitimately restricted".

#1 I heard/read from »www22.verizon.com/Support/Reside···8742.htm

that
quote:
Today (2012) the industry has very few sites that are IPv6-only and would require you to change your equipment (less than 1%).

#2 I looked around to verify / backup that claim and the only thing that I found so far was

»networking.vutbr.cz/live-statistics/
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

1 recommendation

reply to elwoodblues

said by elwoodblues:

We wouldn't be having this discussion if the ARIN would grow a pair and start taking back the Class A addresses that companies like Apple and HP have.

ARIN doesn't have the legal authority to do this.

Owners of the legacy allocations have not signed any kind of registration services agreement with ARIN, so there's no contract that ARIN can enforce, and they can't just take the property of others.

Steve — who's been trying to get IPv6 for a while as well
--
Stephen J. Friedl | Unix Wizard | Security Consultant | Orange County, California USA | my web site


elwoodblues
Elwood Blues
Premium
join:2006-08-30
Somewhere in
kudos:2
Reviews:
·VMedia
reply to 34764170

said by 34764170:

No one said you have to "expose" your devices but you're given the option of doing so as you please. Lots of people want that option of being able to do so.

Only people that know what they're doing should do so.

What have you been smoking? Are you going to sit there and seriously tell me that you'd expose a IPv6 corporate network to the internet, "because you know what you're doing"?

I know what I'm doing and and in no way in hell would I expose a home network, let alone a corporate one to the Internet.

I have /28 address space at work and for us, it's perfect.
--
No, I didn't. Honest... I ran out of gas. I... I had a flat tire. I didn't have enough money for cab fare. My tux didn't come back from the cleaners. An old friend came in from out of town. Someone stole my car. There was an earthquake.......

34764170

join:2007-09-06
Etobicoke, ON

1 recommendation

said by elwoodblues:

What have you been smoking? Are you going to sit there and seriously tell me that you'd expose a IPv6 corporate network to the internet, "because you know what you're doing"?

I know what I'm doing and and in no way in hell would I expose a home network, let alone a corporate one to the Internet.

I have /28 address space at work and for us, it's perfect.

I could say the same to you. If I need to access services provided by systems within the inside network, then yes. How am I supposed to do that without exposing them to the net? You're telling me you have never setup port forwarding for anything on your network with IPv4?

Gami00

join:2010-03-11
Mississauga, ON
reply to elwoodblues

Aren't there private blocks of IP6 as well? just like IP4?

i don't get this exposing all devices to the internet deal when it works so much similar to IP4, that all these fears and nonsense seem to be worthless.


stevey_frac

join:2009-12-09
Cambridge, ON
Reviews:
·TekSavvy Cable

1 recommendation

reply to elwoodblues

Just because you have a publicly routable IP address, doesn't mean that you have to disable your residential gateway's firewall. You can still get NAT levels of protection with public IPs.

You can still deny incoming connections by default, you can still set up exceptions lists, and do all those wonderful things. You just now have a unique IP in the entire world, instead of only unique within your household. No biggy.


34764170

join:2007-09-06
Etobicoke, ON

1 recommendation

reply to rogersmogers

said by rogersmogers :

ipv6 isn't a requirement yet so who/who doesn't have it does not matter.

Nice ignorance.

34764170

join:2007-09-06
Etobicoke, ON

1 recommendation

reply to Gami00

said by Gami00:

all these fears and nonsense seem to be worthless.

The fears and nonsense comes from a lack of understanding of how firewalls and NAT works.


Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

1 recommendation

reply to elwoodblues

said by elwoodblues:

I know what I'm doing

That's where you lost me.

It's perfectly possible to run an inside network with publicly-routable IP addresses and protect it with the same firewall you use for your residential network.

Many, possibly including you, confuse "NAT" with "firewall", and those who believe you can only protect with NAT are saying very clear that they do not know what they're doing.

Steve
--
Stephen J. Friedl | Unix Wizard | Security Consultant | Orange County, California USA | my web site


elwoodblues
Elwood Blues
Premium
join:2006-08-30
Somewhere in
kudos:2
Reviews:
·VMedia

1 recommendation

reply to 34764170

I think this is where we are confused.

Yes everything I have set-up is with port forwarding. I'm getting the impression from you that with IPv6 you would just open up an entire server (and perhaps workstations) to the net, since there would such a plethora of ip space
--
No, I didn't. Honest... I ran out of gas. I... I had a flat tire. I didn't have enough money for cab fare. My tux didn't come back from the cleaners. An old friend came in from out of town. Someone stole my car. There was an earthquake.......



elwoodblues
Elwood Blues
Premium
join:2006-08-30
Somewhere in
kudos:2

1 recommendation

reply to Steve

I don't confuse NAT with Firewall by any means.



Steve
I know your IP address
Consultant
join:2001-03-10
Foothill Ranch, CA
kudos:5

1 recommendation

reply to elwoodblues

said by elwoodblues:

I think this is where we are confused.

If you believe that running a standard, non-NAT, routed network is the same as being wide open to the internet, it's clearly you who are confused.

It's totally possible and straightforward to set up firewall rules that don't involve NAT but still provide the same level of protection you have with your NAT at home.

The thing is: It's not NAT that provide the security, it's the stateful inspection, that same inspection being part of the non-NAT firewall.

Steve
--
Stephen J. Friedl | Unix Wizard | Security Consultant | Orange County, California USA | my web site

34764170

join:2007-09-06
Etobicoke, ON

1 recommendation

reply to elwoodblues

said by elwoodblues:

I think this is where we are confused.

Yes everything I have set-up is with port forwarding. I'm getting the impression from you that with IPv6 you would just open up an entire server (and perhaps workstations) to the net, since there would such a plethora of ip space

No, firewalls whether in a business environment or at home should have a default block all policy. That results in having the same behaviour as NAT which "blocks" traffic since there is no mapping between the outside routable IP and inside address(es) until there is port forwarding implemented. I meant being able to apply pass/allow rules to a firewall to allow certain services to be accessible from the outside. Which is functionality equivalent as using port forwarding although with more flexibility since each device also has a routable address.

DSL_Ricer
Premium
join:2007-07-22
kudos:3

1 recommendation

reply to rogersmogers

said by rogersmogers :

What part of the internet can you not access?

Incoming connection to many mobile phones in Europe and Asia. Increasingly, regular internet subscribers too.
Certain forms of VPN also require unique source and destination IP address pairs. So two people/systems behind the same NAT can't connect to the same endpoint.
I'd assume that most NAT routers only support tcp, udp and icmp. So newer protocols would probably be unusable.


spock

join:2012-07-08
Reviews:
·TekSavvy DSL

1 recommendation

reply to Bill C

said by Bill C:

TSI may be similar to Skyway West, we assign a /48 to each customer with multiple sites and a /64 to each network segment/site. From our perspective, a /64 is the new /24 (also know as a class C).

No i have confirmed teksavvy in the west assigns ips from the same /64. Obviously it's just a beta so I can only assume in the future they will at least give each user a whole /60 so they could have a few subnets of their own. I personally have wireless on one, iptv on another and general inet on the last one. I currently do this all behind a nat. With ipv6 there will be no nat so I will need a few subnets from my ISP. Giving a customer just 1 subnet , /64 , is silly. Sure there is 2^64 ips in a /64 but we need to start thinking that a /64 is the old ipv4 /24. i could manually subnet a /64 but from my understanding to use all the current and future features of ipv6 the smallest I can go is /64

InvalidError

join:2008-02-03
kudos:5

1 recommendation

reply to stevey_frac

said by stevey_frac:

You can still get NAT levels of protection with public IPs.

People who believe NAT is magically more secure simply misunderstand why it is so. Stateful firewalling is an intrinsic prerequisite to NAT: can't do NAT without stateful connection tracking to determine which packets belong to which LAN client.

As you said, stateful firewall on IPv6 is every bit as secure as NAT on IPv4: incoming connections get denied by default.


SimonJones
MTS Allstream Alliance

join:2010-09-16
Mississauga, ON
reply to spock

Allstream went live on IPv6 about 18 months ago.

»www.allstream.com/solutions/it-n···Pv6.html


mactalla

join:2008-02-19
kudos:1

2 recommendations

reply to paul248

said by paul248:

Are you sure that you're actually limited to a single IP, or can you grab any number of addresses as long as you participate in Neighbor Discovery?

If it's the latter, then you might be able to hack something together using 6relayd:

»github.com/sbyx/6relayd

Thanks for mentioning this. I just tried it out (same ISP as the OP). Either I've misconfigured something or their config can't handle more than 1 IP per PPPoE connection.

Watching both the WAN and LAN interfaces I see the Router Advertisements get relayed. I don't actually see the Neighbour Solicitation/Advertisements relayed out to the WAN interface though I've asked 6relayd to relay it all and machines on the LAN are getting IPs in the correct prefix. It is updating the routing table to accommodate the IPs on the LAN and from the LAN I can ping either the LAN or WAN interfaces of the router. But when pinging out to the Net I see the echo requests go out but nothing entering the WAN port.

I expected to see the neighbour solicitation/advertisement relayed to the WAN. Not sure why I don't see that.