dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4421
share rss forum feed


dholm

@sicc-online.com

AT&T now blocking IPv6 tunnels

AT&T is deploying the 6.9.1.42-enh.tm firmware to their residential gateways with an "enhancement" to filter protocol 41.

"But wait, doesn't AT&T have 6rd deployed? Doesn't that use protocol 41?" Yes, they're even blocking their own 6rd deployment.

AT&T, blazing to the future.


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk
How did you determine they are actually "filtering" protocol 41? From what I have gathered with my engagement with them, it is actually an order of operations issue in the new firmware and not an explicit filter. I actually tested 6rd from my 3801 using their default settings on the RG when directly connected and it worked as expected. The problem is you can't run your own 6in4 tunnel or access their IPv6 tunnel off the RG from a router behind the RG. The RG sees the protocol 41 traffic with a destination IP of its outside WAN interface and it wants to terminate it itself first instead of NATing it and forwarding internally.
--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/

dholm

join:2013-08-05
My engagement with them was less fruitful.

As you say, one of the features of the new firmware is to allow them to turn on IPv6 at some unspecified date in the future. The problem is that until that day arrives -- and it could be months or over a year away -- they have completely broken IPv6 for everyone. That's also assuming that when they do finally turn it on, they also give us some way of routing a portion of the 6rd /60 internally.

It's frustratingly arrogant for them to decide that they'll just stop passing this entire protocol and nobody will mind.

Fortunately I have a VPS on which I can terminate the tunnel, and I've carved off a bit of the routed /48 to a UDP-based ethernet bridge that I've connected to my house.

duaneb87

join:2013-08-05
Atlanta, GA
reply to rolande
This helped me tremendously today! I have a smartphone connected over WiFi to my Linksys that is connected to the RG (in DMZ mode). My phone works over LTE and WiFi fine for EVERYTHING except syncing my email to Office 365. ??? Turns out the implementation of IPv6 on the phone and AT&T's handling of 6to4 blocks the Exchange Active Sync connection. Connecting the phone directly to the WiFi on the RG solves the problem. Note: IPv6 for everything else seems to work fine. Also, note that my RG firmware appears to be VERY old...


rolande
Certifiable
Premium,Mod
join:2002-05-24
Dallas, TX
kudos:6
Reviews:
·AT&T U-Verse
·ViaTalk
reply to dholm
said by dholm:

It's frustratingly arrogant for them to decide that they'll just stop passing this entire protocol and nobody will mind.

It is an order of operations problem with the CPE firmware. This was not an intentional or "arrogant" decision by any means. They overlooked a use case and didn't test for it. With less than 1% of anyone doing anything with IPv6 tunnels, it was obviously not on their radar.

They did enable 6rd on my 3801 RG as a test but I did discover that there is no way to use anything but the first /64 out of the /60 they assign and you must be directly attached to a LAN segment hanging off the RG. There is no option for routing the other 15 /64's. :/
--
Scott, CCIE #14618 Routing & Switching
»rolande.wordpress.com/

Paralel

join:2011-03-24
Michigan, US
kudos:4
Hopefully they will be fixing this in the not too distant future. I also experienced an issue syncing with a remote mail server.


DataRiker
Premium
join:2002-05-19
00000
reply to rolande
Why does ATT do everything proprietary and shitty?


Riusaki

join:2000-09-14
Space
Proprietary = Control


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2
Proprietary also means that AT&T knows that the device will work on their network. Why do you think most if not all of the cable companies are pushing to have you rent a cable modem from them? It's more than just a money grab (though some people say that's all it means) but also a way to make sure that each device on the cable network will work 100% the way it should.

It does tend to limit the headaches from the support side of things. They can log into your device, look at the stats, and see if things are broken. With a myriad of third-party devices it becomes much more of a headache to support those devices.
--
Tom
Tom's Tech Blog

Paralel

join:2011-03-24
Michigan, US
kudos:4

1 recommendation

said by trparky:

Proprietary also means that AT&T knows that the device will work on their network. Why do you think most if not all of the cable companies are pushing to have you rent a cable modem from them? It's more than just a money grab (though some people say that's all it means) but also a way to make sure that each device on the cable network will work 100% the way it should.

It does tend to limit the headaches from the support side of things. They can log into your device, look at the stats, and see if things are broken. With a myriad of third-party devices it becomes much more of a headache to support those devices.

Considering DOCSIS is a "standard" there is no reason any DOCSIS modem that passes CableLabs specifications for a given revision shouldn't work. That's the whole point of having a standard in the first place, if everyone is using the same standard, everything should be compatible and interchangeable.


trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2
It has been seen that some third-party modems have been fucked up due to a firmware push by the cable company.
--
Tom
Tom's Tech Blog

Paralel

join:2011-03-24
Michigan, US
kudos:4

1 recommendation

Why is a cable company pushing firmware updates to personally owned hardware? The cable company should be capable of pushing firmware to only the hardware they own. If there currently methodology prevents them from pushing it to only their own hardware then they need to improve their current implementation or invent a new method.

Matt7

join:2001-01-02
Columbus, OH
Reviews:
·AT&T U-Verse
·Insight Communic..

1 recommendation

said by Paralel:

Why is a cable company pushing firmware updates to personally owned hardware? The cable company should be capable of pushing firmware to only the hardware they own. If there currently methodology prevents them from pushing it to only their own hardware then they need to improve their current implementation or invent a new method.

Because if say the stock firmware has a security flaw the only way for the modem to be updated per DOCSIS Standards is the cable company pushing the firmware from the head end/CMTS ... There is no other (legal) way to update a firmware on a customer or rented modem per the DOCSIS standard.

34764170

join:2007-09-06
Etobicoke, ON
reply to trparky
said by trparky:

Why do you think most if not all of the cable companies are pushing to have you rent a cable modem from them? It's more than just a money grab (though some people say that's all it means) but also a way to make sure that each device on the cable network will work 100% the way it should.

Nonsense. It is a money grab and that is it.

34764170

join:2007-09-06
Etobicoke, ON

1 recommendation

reply to trparky
If anything that is the extreme exception not the norm. Pretty much any piece of hardware could potentially be bricked when pushing new firmware.

Secyurityet
Premium
join:2012-01-07
untied state
reply to Paralel
said by Paralel:

Considering DOCSIS is a "standard" there is no reason any DOCSIS modem that passes CableLabs specifications for a given revision shouldn't work. That's the whole point of having a standard in the first place, if everyone is using the same standard, everything should be compatible and interchangeable.

The neat thing about standards is that there's so many to choose from.


hyphenated

@bellsouth.net
What do you mean by standards?

As a consumer, in reality, most IT products/services you don't actually choose the standard, but from (for a lack if better words) a variety of chipsets/brands and options. The standard is defined by software/hardware engineers/vendors, companies like ISO which helped with the OSI model (or say Intel and PCI)

»en.m.wikipedia.org/wiki/OSI_model

But I see what you mean, there are a lot of options and that's good. Standards help supply those options. Although some things are proprietary and there is so much crap since standards were created a lot if that can go unnoticed sometimes.

Thsnks

melodybliss

join:2013-08-11
reply to dholm
You know, I really should just learn to look online before I start troubleshooting. I've spent the last hour trying to figure out how AT&T broke things again. *face palm* Any word on/if they're going to fix this?

dopamine5ht

join:2011-04-21
It is pretty much a done deal, because when it happend online the firmware changed. After much frustration, I gave up trying. It is not as clean as he.net, but I was able to get my ipv6 working via there sixxs ayiya. It uses something other than protocol 41. Still some day get my old he.net tunnel, after all I learned a great deal from that service. Unless the firmware patched, forget protocol 41.

Stumbles

join:2002-12-17
Port Saint Lucie, FL

1 recommendation

reply to Paralel
And that is why I sometimes think "standards" should be a law. Unless in AT&Ts case they botched the upgrade.


DataRiker
Premium
join:2002-05-19
00000
reply to hyphenated
said by hyphenated :

What do you mean by standards?

Seriously?

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:9

1 recommendation

reply to trparky
said by trparky:

Why do you think most if not all of the cable companies are pushing to have you rent a cable modem from them?

99% MONEY! Somewhere in the last 1% is making sure everyone is playing by the same "DOCSIS 3" rulebook. Just because it's a "standard" doesn't mean everyone follows it exactly without ever cutting corners or creating thousands of bugs. Even modems that have been heavily tested don't always work. For the record (again!), the *ONLY* way a cablemodem can receive a firmware update is over the cable network; firmware is not available to end users at all. (it takes specialized tools and complete disassembly of the modem to touch (read: "hack") the firmware.)