Forum Discussion

dgcarter's avatar
dgcarter
Dialled in
16 years ago

IPv6 support on Virgin media

Does anyone know whether (and if so when) Virgin plan to implement IPv6 on its network?
17
VMCopperUser's avatar
VMCopperUser
Wise owl
14 years ago

I think they would still be able to see the mac if you dont enable privacy addressing.  It's just that the way ipv6 assigments happen local resources should not be available to the wider public.  I may have a misunderstanding of how some of the IPV6 system works.  For example I dont understand what will dictate the local link IP range and keep it from going global (if you were to connect straight to modem).  If the traffic is blocked by the layer of switch or if this is something the modem/gateway device should do.  I know it will be dictated, just not sure at what level. 

 

What I do know is that the transition from v4 to v6 will need to be done with a focus towards the non-tech users.

Nat devices have added a huge layer of security (through their firewall and lack of network discovery) that users have really been able to enjoy.  It will be important for users to get a gateway device that will still act as a typical "router" but without the NAT layer in it. It is just like a group of public IPV4 addresses that's behind a firewall. Data does know where to go, but when it gets to the firewall (Router) the traffic stops unless there is a rule set up.  In a way this is really sad, the world was running out of ipv4 addys and NAT was brought in as a temp solution.  Now we need to re-train users to go back to software firewalls or add in hardware firewalls, permissions will become more important for some things, but redudant for others.  VoIP, VPN, hosting games or web servers - all become much easier. ISP's must be afraid of it a little, imagine what might happen when the nat layer is gone and devices can be un-restricted.

 

In one way, this removal of the nat layer and extra routers could be a logical reason for VM getting rid of a "modem" and getting an all-in-one unit.  Knowing how they normally forward plan I doubt it ever crossed their mind (but I am sure if Alex reads this he'll say he had it marked from the start).

 

Granted I may be wrong in assuming that if we had a stand alone modem connected to a switch, that that all devices connected to that switch would be public facing.  This is how I imagine it working so if I am wrong drop me a line ;P.

  • Dagger's avatar
    Dagger
    Tuning in
    14 years ago
    VMCopperUser wrote:

    I think they would still be able to see the mac if you dont enable privacy addressing. ... For example I dont understand what will dictate the local link IP range and keep it from going global (if you were to connect straight to modem).

    Ah, yeah, there is the whole "your MAC address ends up in your IP" thing -- but even there it's not the MAC address that's leaking per se, but rather the IP address (which might just happen to contain your MAC).

     

    Routers don't route link-locals, so you can reach any machine that doesn't require going through a router.

    VMCopperUser wrote:
    Granted I may be wrong in assuming that if we had a stand alone modem connected to a switch, that that all devices connected to that switch would be public facing.

    It's possible to remove the router and hook multiple devices up to the modem via a switch, yeah. (In this case the ISP will be seeing the MACs of all your devices, which will all be connected directly to the ISP's network.) This setup is the one I called broken above, and has a number of problems.

     

    The right way to do it is to have a single router, which is in the same position and works the same as our current NAT boxes (except it has an IPv6 netblock routed to it, unlike in the v4 case where it doesn't), but just doesn't rewrite addresses. (And then you put a stateful firewall on this router, which gives you all the security that people often think you need NAT for.) We need this router anyway if we don't want to rely on VM doing NAT for v4 for us.

    legacy1 wrote:

    Does work like that again fact OK.

     

    NAT changes your client MAC to the WAN IP with a MAC for doing NAT from local LAN IP's to a WAN  IP thats how home routers work fact end of.

    ... OK, I'm not quite sure what more to say to that. My previous post provided a great big demonstration of why it isn't true; if you want to continue declaring it is then it would be nice if you could explain how that viewpoint is compatible with my previous post.
    • legacy1's avatar
      legacy1
      Alessandro Volta
      14 years ago
      Dagger wrote:
       
      ... OK, I'm not quite sure what more to say to that. My previous post provided a great big demonstration of why it isn't true; if you want to continue declaring it is then it would be nice if you could explain how that viewpoint is compatible with my previous post.

      There is no point in thinking your right when your wrong NAT changes the MAC because VM limits us to one MAC what your saying can't happen even if it changes the IP from local to your one WAN IPv4 it will not work unless it changes the MAC. And the problem for you not understanding this is your not seeing what happens after the NAT your only seeing what happens up to the NAT.

      ftp://bridgemode.bounceme.net/nat%20101.png

       Edit:corrected mistakes

      • Anonymous's avatar
        Anonymous
        14 years ago

        having all your ipv6 addresses public with no router is a really bad idea.

        you would be forced to put all your devices online if you wanted them to have a ip address.

        No router means no ipv6 address unless its passed from the isp.

         

        Think of all the devices you might have on your network that can't or dont have good security.

         

        Every games console. phone, ip cam, smart tv and every ipod/iphone thats jailbroken with the same root password for ssh. thats gonna be fun