Menu
Reply
legacy1
  • 18.58K
  • 771
  • 1.95K
Alessandro Volta
810 Views
Message 161 of 1,386
Flag for a moderator

Re: IPv6 support on Virgin media

Still not getting the piont I'm making....how does DHCP-PD IPv6 work again by one MAC to the gateway so one IPv4 and many IPv6 address yes?

When VM allocates you a IPv4 address its to that MAC along with a allocation of many IPv6 addresses. If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes?

Their is a difference to a DDOS being aimed to a IPv6 address your using then a IPv6 address that’s allocated to you but not in use and still receives incoming traffic even with no reply from the gateway.

 

In IPv4 terms think of it like this VM have a gateway with many IPv4 addresses not all (for the time being) are in use so when incoming wants to send to an IP not in use it does not have to send it it can drop it but of course if a IPv4 is in use then you have to send it to that IP regardless. Like I said there is a difference the question is how will IPv6 work to not send traffic to your allocation of a address you are not using in the same way as a IPv4 WAN IP in use to a IPv4 WAN IP not in use.

---------------------------------------------------------------
0 Kudos
Reply
craigj2k11
  • 1.11K
  • 17
  • 77
Rising star
777 Views
Message 162 of 1,386
Flag for a moderator

Re: IPv6 support on Virgin media


@Dagger2 wrote:

No, it doesn't. Having them behind a firewall gives that. Nobody is forcing you to run without a firewall, we just want to make it possible to do so, and at the same time fix all of the addressability issues that arise from rewriting src/dst addresses.

 

And port forwarding is a bigger pain than you realize. How do you set up port forwarding for two DNS servers behind the same NAT?


Under IPv4 you would be using a firewall and network address translation

 

And why would you have 2 DNS servers on the same IP?

0 Kudos
Reply
craigj2k11
  • 1.11K
  • 17
  • 77
Rising star
776 Views
Message 163 of 1,386
Flag for a moderator

Re: IPv6 support on Virgin media


@legacy1 wrote:


When VM allocates you a IPv4 address its to that MAC along with a allocation of many IPv6 addresses. If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes?


thats news to me

0 Kudos
Reply
legacy1
  • 18.58K
  • 771
  • 1.95K
Alessandro Volta
760 Views
Message 164 of 1,386
Flag for a moderator

Re: IPv6 support on Virgin media


@craigj2k11 wrote:

@legacy1 wrote:


When VM allocates you a IPv4 address its to that MAC along with a allocation of many IPv6 addresses. If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes?


thats news to me


 

Its how DHCP-PD works if used at the users end for IPv6 on some routers.

---------------------------------------------------------------
0 Kudos
Reply
Dagger2
  • 137
  • 3
  • 57
Superfast
743 Views
Message 165 of 1,386
Flag for a moderator

Re: IPv6 support on Virgin media


@legacy1 wrote:

If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes?


It would help if you'd take the time to write in coherent sentences. I have trouble working out what you're trying to say. It seems like you're saying "if somebody sends some traffic to you, that's a DDOS", which it isn't: that's just the internet, working normally.


@legacy1 wrote:

Their is a difference to a DDOS being aimed to a IPv6 address your using then a IPv6 address that’s allocated to you but not in use and still receives incoming traffic even with no reply from the gateway.


It's still traffic either way. What's the difference?


@craigj2k11 wrote:

Under IPv4 you would be using a firewall and network address translation


Um... really? I don't. Where would the firewall be, and what connections would it prevent?


@craigj2k11 wrote:

And why would you have 2 DNS servers on the same IP?


Why does the reason matter? The question I asked was how to set up port forwarding to do it.

craigj2k11
  • 1.11K
  • 17
  • 77
Rising star
729 Views
Message 166 of 1,386
Flag for a moderator

Re: IPv6 support on Virgin media


@legacy1 wrote:

@craigj2k11 wrote:

@legacy1 wrote:


When VM allocates you a IPv4 address its to that MAC along with a allocation of many IPv6 addresses. If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes?


thats news to me


 

Its how DHCP-PD works if used at the users end for IPv6 on some routers.


You said VM do it, I said it is news to me. VM dont use IPv6 AFAIK

0 Kudos
Reply
craigj2k11
  • 1.11K
  • 17
  • 77
Rising star
722 Views
Message 167 of 1,386
Flag for a moderator

Re: IPv6 support on Virgin media


@Dagger2 wrote:

@legacy1 wrote:

If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes?


It would help if you'd take the time to write in coherent sentences. I have trouble working out what you're trying to say. It seems like you're saying "if somebody sends some traffic to you, that's a DDOS", which it isn't: that's just the internet, working normally.


@legacy1 wrote:

Their is a difference to a DDOS being aimed to a IPv6 address your using then a IPv6 address that’s allocated to you but not in use and still receives incoming traffic even with no reply from the gateway.


It's still traffic either way. What's the difference?


@craigj2k11 wrote:

Under IPv4 you would be using a firewall and network address translation


Um... really? I don't. Where would the firewall be, and what connections would it prevent?


@craigj2k11 wrote:

And why would you have 2 DNS servers on the same IP?


Why does the reason matter? The question I asked was how to set up port forwarding to do it.


The reason matters becuase it wouldnt be done, you would have an IP address for each DNS server. Then you would forward

 

Enternal                          Internal

xxx.xxx.xxx.xx1:53   to   yyy.yyy.yyy.yy1:53

xxx.xxx.xxx.xx2:53   to   yyy.yyy.yyy.yy2:53

0 Kudos
Reply
VMCopperUser
  • 3.63K
  • 123
  • 452
Trouble shooter
689 Views
Message 168 of 1,386
Flag for a moderator

Re: IPv6 support on Virgin media

EditEditEdit UGH really  messed this post up (Quoting is a pain on these forums as the HTML format doesnt apply every time for me :/....


Dagger2 wrote:

legacy1 wrote:

If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes?


It would help if you'd take the time to write in coherent sentences. I have trouble working out what you're trying to say. It seems like you're saying "if somebody sends some traffic to you, that's a DDOS", which it isn't: that's just the internet, working normally.


 

Still dont have lines in correct place, Sthewpid forum..

What he is saying is the ISP may issue /120 blocks to everyone giving an effective 256 IP's per customer.  So when you have say 40 devices connected, and someone is packet flooding one of your unused IP's then will VM charge you for that packet flooding.  At least, I think that is what he is saying.  

 

Some ISPs have stated previously that they would like to charge a new fee to customers and it will be called something along the lines of a "Per Device" fee, so every IP you use, you pay for it.  Sadly I have trawled the interwibble but cant find references to the major ISP's that said they would do this....

 

 


craigj2k11 wrote:

And port forwarding is a bigger pain than you realize. How do you set up port forwarding for two DNS servers behind the same NAT?


Under IPv4 you would be using a firewall and network address translation

 

And why would you have 2 DNS servers on the same IP?



He said behind the same NAT, Not (kinda not) on the same IP.

I have ran multiple DNS servers in the past (when playing with routing tables and getting smart TV's to view American, Canadaian, and UK content all at the same time). 

Because it's behind the NAT then it is forcefully the "same IP" but eh.

 

 

----
I do not work for VM, but I would. It is just a Job.
Most things I say I make up and sometimes it's useful, don't be mean if it's wrong.
I would also make websites for them, because the job never seems to require the website to work.
0 Kudos
Reply
Dagger2
  • 137
  • 3
  • 57
Superfast
668 Views
Message 169 of 1,386
Flag for a moderator

Re: IPv6 support on Virgin media


@craigj2k11 wrote:

The reason matters becuase it wouldnt be done, you would have an IP address for each DNS server.


Well... yes, that's what you'd do. That's been my point this whole time: we need IPv6, because there isn't enough space to do that in IPv4. (Although I don't understand why you would bother NATing; if you have IPs for the servers then just assign the IPs to the servers. No need to make your life more complicated that it already is.)

 

But Nutty667 suggested I can simply do some port forwarding and be happy. I asked my question in an attempt to point out that it just can't be done in this situation, which means that NATs are not sufficient as a solution.

 

There's also the unaddressed issue of what will happen when VM end up with more customers than IPs. At that point, they'll be forced to do NAT themselves. How would you configure port forwards when the NAT isn't run by you and is completely out of your control?

 

There are other issues with NAT too, for instance the network clashes you get when two companies merge their networks or create a VPN between them, or when they create VPNs to employees' home networks. The problems those companies have when they run out of private IP space. The squatting on public space that e.g. Hamachi does to avoid clashes, which makes parts of the internet inaccessible to people using it. The problems caused by machines having a different IP on the local network vs externally, such as the need to configure and maintain split DNS or the protocols broken by it. The need to invent, and implement in all software/hardware, protocols like UPnP and STUN, debug the implementations and maintain external servers for those protocols where applicable. The problems caused by people getting their NAT implementations wrong (for instance routers that can't handle anything that isn't TCP/UDP/ICMP, or that can sorta handle it but fail to provide UI for configuring how it's handled), or things like the SuperHub and NAT acceleration causing breakage for some people. The hardware needed to handle NAT at speeds fast enough for our current and future networks.

 

And let's not forget the costs of all of the above. You need to understand the workarounds, buy appropriate equipment and software and spend effort setting it up, but then also on maintaining it and debugging it when any part breaks. The maintenance is an ongoing cost, forever, which is not small now and will only get worse as we try to stretch v4 even further. IPv6 deployment may cost money now, but some of it is integrated into existing upgrade cycles (for instance the need to upgrade a cable network to DOCSIS 3: VM are already doing that rollout for reasons that have nothing to do with IPv6) and it's a one-time thing that removes the ongoing maintenance cost of the pile of NATs and the workarounds associated with them.

 

I include all of the above issues in my "NAT is bad and we need IPv6 to get rid of it" position. It's perfectly ok to be ignorant of most of those issues; they're mostly just part of the everyday business of maintaining a network which is left to network administrators. But ignorance of the problems does not make them go away, and does not magically make NAT a viable solution for the future of the internet.

 

And just to head off the next few posts: if you are going to claim that removing NAT makes you oh-so-insecure, then you need to explain why you think that replacing the NAT with a stateful firewall that has a default-deny inbound policy doesn't give you that security back. (Because it does.)

0 Kudos
Reply
legacy1
  • 18.58K
  • 771
  • 1.95K
Alessandro Volta
666 Views
Message 170 of 1,386
Flag for a moderator

Re: IPv6 support on Virgin media


@Dagger2 wrote:

@legacy1 wrote:

Their is a difference to a DDOS being aimed to a IPv6 address your using then a IPv6 address that’s allocated to you but not in use and still receives incoming traffic even with no reply from the gateway.


It's still traffic either way. What's the difference?


 

The difference is Docsis in the downstream is a broadcast with per key encryption for traffic to a given modem and that the downstream bandwidth is limited and shared so if the gateway knows a IPv6 WAN address is not in use much like if a IPv4 WAN address is not in use then the gateway does not have to send the traffic but if the gateway knows a IPv6 WAN address is in use much like if a IPv4 WAN address is in use then it has to send the traffic regardless because you wouldn’t have internet other wise.

---------------------------------------------------------------
0 Kudos
Reply