Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 3 [4]

Author Topic: UK ISPs shameful lack of IPv6  (Read 13875 times)

crgbt

  • Member
  • **
  • Posts: 21
Re: UK ISPs shameful lack of IPv6
« Reply #45 on: August 29, 2019, 05:09:58 PM »

Watch the presentation from a Microsoft employee about their efforts to get rid of IPv4 completely in their internal corporate network and now also the guest wireless LAN they offer to visitors..

That was a really good watch, thanks for the link Weaver. I’ll definitely be using some of that information in the future for work.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: UK ISPs shameful lack of IPv6
« Reply #46 on: August 29, 2019, 10:12:29 PM »

Unless it is a limitation of your particular router, there's no reason why enabling IPv6 in any form should impact your IPv4 home network other than a few more broadcasts floating around.    You might have to disable IPv6 on certain hosts if you want to keep them on IPv4.

That's the thing, I think the Xbox One is the sticking point as IPv6 is mandatory.  If you don't have native it will use Turedo, if it sees native it will use it.  But seeing as that's the client I have the biggest problems with trying to allow traffic, its a none-starter.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: UK ISPs shameful lack of IPv6
« Reply #47 on: August 29, 2019, 11:36:06 PM »

I block Teredo seeing as it would be a hole in my firewall and I don’t have the tools to inspect it’s tunnel payload. I have native IPv6 so there’s something suspicious or very broken about anything that would even want to use Teredo under these circumstances.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: UK ISPs shameful lack of IPv6
« Reply #48 on: August 30, 2019, 12:44:36 AM »

I block Teredo seeing as it would be a hole in my firewall and I don’t have the tools to inspect it’s tunnel payload. I have native IPv6 so there’s something suspicious or very broken about anything that would even want to use Teredo under these circumstances.

I gotta admit its kinda weird how Microsoft use Teredo as it still seems to open Xbox Live ports the same as it always did over IPv4, so what is it even using it for?  There were claims that Xbox One was "supposed" to exclusively use IPv6 for its networking, which surely makes no sense if its doing that?

I've also never seen evidence of Windows 10 using Teredo even when its installed.  So its either being very sneaky about it, or flawed.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: UK ISPs shameful lack of IPv6
« Reply #49 on: August 30, 2019, 02:34:57 AM »

In Vista, if you did not have native IPv6, then certain applications such as Windows Live Messenger demanded IPv6 and so the o/s kicked Teredo into action. I am guessing that an app might insist on sending something to a target IPv6 address, and so a source IPv6 address has to be created somehow for the operation to proceed. It worked well for me. A lot of people moaned about the unreliability of Teredo at some point later on, but I get the feeling that their problems may just reflect problems with UDP-based higher protocols in general, and might not necessarily be confined to Teredo, it’s just that TCP was holding everything together with duct tape, assumptions and retx. If in fact an application is sending way too fast, without TCP then it is maybe no longer getting away with it. Or if there is packet loss in general for no good reason, with UDP alone and lacking extra clue on top of it, then you’re in trouble.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: UK ISPs shameful lack of IPv6
« Reply #50 on: September 24, 2019, 10:59:12 AM »

This has come to a head and aaisp has been ordered, ipv6 on sky is practically completely broken on pfsense now, same for Ned also.
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: UK ISPs shameful lack of IPv6
« Reply #51 on: September 24, 2019, 11:02:44 AM »

This isn't the Wild West. The UK is one of the most Internet dependent economies in the world. We don't have the luxury of being 'technical leaders' when people can get fined, sued and taken to task by the regulator for downtime.

VM could've actually provided IPv6 a while ago, however they've rethought how they're implementing in return for a better solution.

Either way conservatism is baked into the UK model due to regulation, etc.

Interesting, do you mean a better ipv6 solution, or a better solution that doesnt utilise ipv6?
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: UK ISPs shameful lack of IPv6
« Reply #52 on: September 24, 2019, 11:29:29 AM »

The point is people are USED TO firewalling based on IP address, as this was necessary due to NAT and it simply works.  Also how is that much different to IP based routing, which is hardly an unusual thing to be doing?

So how exactly do I allow ALL incoming connections to the games consoles on v6 without allowing it for the entire LAN?

The answer is you get the message across to microsoft to fix their code.  They need to disable the dynamic DUID or make it optional.  However persistent ipv6 allocations can be done via other methods aside from DUID so its still possible.

One method I would use is exotic but should work.

Put the xbox one on its own VLAN
Setup a dhcp6 on that VLAN with only one ip in its pool also with a low ttl.
Make the appropriate firewall rule.

Another method is akin to what Carl mentioned in not using ip's statically in rules.

Setup an alias that automatically adds any ipv6 to its table, that it grabs from the dhcp6 mapping file.  From the hostname you would be able to tell if allocated to the console.  Then have a firewall rule that allows traffic to the ports that xbox live needs using the alias as the dest ip.  (not sure why you adding rules that allow *, you only need specific ports)
Logged

aesmith

  • Kitizen
  • ****
  • Posts: 1216
Re: UK ISPs shameful lack of IPv6
« Reply #53 on: September 27, 2019, 10:58:43 AM »

I would hope this isn't a problem for anyone. If anyone is firewalling based on IP addresses and require any manual programming they're doing it wrong.

Zone-based firewalls have been the cool thing for a long while now. No need to micromanage anything apart from any exceptions that may be needed.
I meant to chip in on this one.  By advising against creating firewall rules based on IP, and using zones instead, does that imply that any host needing special permissions needs to be placed in a different zone?  I must admit that when I hear or see "zone" I think only of Cisco's Zone Base Firewall, in which a Zone is a group of interfaces.  I don't think I've seen the term used in other firewall products that I've worked with, although they may have equivalent terms for groups of interfaces.  Is there a more generic industry-wide concept of what forms a "zone"?
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: UK ISPs shameful lack of IPv6
« Reply #54 on: September 28, 2019, 09:35:47 AM »

I have recently started using MAC address-based rules. A maintenance nightmare; on my wishlist for the firebrick is symbolic names/variable names available pervasively - allowed to be mentioned everywhere. They already have this feature - named sets of IP addresses and you could have a list with just one entry in it. However you cannot use this everywhere - it’s not universal and some things require literal addresses. Also you cannot name sets of MAC addresses, nor can you create named objects that are low…high address ranges nor can you use /nn notation for ranges in all cases. My wishlist item then is a universally valid ip-address expression that can contain sets of ranges and a range can use … or hyphen or /nn or a range can be a single address, and also the same set of ranges for MAC addresses instead.

It would be an aid to maintainability if I could make it easier to keep track of MAC addresses in the face of hw swap-outs.

I currently use a rule that says ”is_pondlife = !  ( mac_address == mac1 || mac_address == mac2 || … ) ; if is_pondlifr then go slow” so that guests get low traffic throttling, but I could use something like this to only allow certain administrators’ machines to access certain critical destinations, for example.
Logged

Alex Atkin UK

  • Addicted Kitizen
  • *****
  • Posts: 5260
    • Thinkbroadband Quality Monitors
Re: UK ISPs shameful lack of IPv6
« Reply #55 on: September 29, 2019, 04:42:54 AM »

The answer is you get the message across to microsoft to fix their code.  They need to disable the dynamic DUID or make it optional.  However persistent ipv6 allocations can be done via other methods aside from DUID so its still possible.

One method I would use is exotic but should work.

Put the xbox one on its own VLAN
Setup a dhcp6 on that VLAN with only one ip in its pool also with a low ttl.
Make the appropriate firewall rule.

Another method is akin to what Carl mentioned in not using ip's statically in rules.

Setup an alias that automatically adds any ipv6 to its table, that it grabs from the dhcp6 mapping file.  From the hostname you would be able to tell if allocated to the console.  Then have a firewall rule that allows traffic to the ports that xbox live needs using the alias as the dest ip.  (not sure why you adding rules that allow *, you only need specific ports)

I will probably give it another try if Fibre First do my area and I move back to only having Zen as my ISP.  Its a none-starter right now as I load balance between Plusnet and Zen to speed up downloads.
Logged
Broadband: Zen Full Fibre 900 + Three 5G Routers: pfSense (Intel N100) + Huawei CPE Pro 2 H122-373 WiFi: Zyxel NWA210AX
Switches: Netgear MS510TXUP, Netgear MS510TXPP, Netgear GS110EMX My Broadband History & Ping Monitors

highpriest

  • Reg Member
  • ***
  • Posts: 285
Re: UK ISPs shameful lack of IPv6
« Reply #56 on: October 08, 2019, 06:11:26 PM »

This has come to a head and aaisp has been ordered, ipv6 on sky is practically completely broken on pfsense now, same for Ned also.

How so? What have they changed?
Logged
Zen | Zyxel VMG8324-B10A (with RFC4638 patch) | EdgeRouter PoE | UniFi AP AC Pro + Lite

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 7382
  • VM Gig1 - AAISP L2TP
Re: UK ISPs shameful lack of IPv6
« Reply #57 on: October 08, 2019, 07:42:56 PM »

No idea what they changed, basically when initiating the connection it seems 50/50 it will come up, if it fails to come up the ipv6 requests will go unanswered for lifetime of session.  If it does come up, usually within a day the ipv6 dhcp6 server sky side will stop responding to renewals and then it will stay down until a new session is started.

It possibly still works ok on sky's own CPE.
Logged
Pages: 1 2 3 [4]
 

anything