IPv6 support on Virgin media
Does anyone know whether (and if so when) Virgin plan to implement IPv6 on its network?
Forum Discussion
legacy1 wrote:If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes?
It would help if you'd take the time to write in coherent sentences. I have trouble working out what you're trying to say. It seems like you're saying "if somebody sends some traffic to you, that's a DDOS", which it isn't: that's just the internet, working normally.
legacy1 wrote:Their is a difference to a DDOS being aimed to a IPv6 address your using then a IPv6 address that’s allocated to you but not in use and still receives incoming traffic even with no reply from the gateway.
It's still traffic either way. What's the difference?
craigj2k11 wrote:Under IPv4 you would be using a firewall and network address translation
Um... really? I don't. Where would the firewall be, and what connections would it prevent?
craigj2k11 wrote:And why would you have 2 DNS servers on the same IP?
Why does the reason matter? The question I asked was how to set up port forwarding to do it.
EditEditEdit UGH really messed this post up (Quoting is a pain on these forums as the HTML format doesnt apply every time for me :/....
Dagger2 wrote:
legacy1 wrote:If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes?
It would help if you'd take the time to write in coherent sentences. I have trouble working out what you're trying to say. It seems like you're saying "if somebody sends some traffic to you, that's a DDOS", which it isn't: that's just the internet, working normally.
Still dont have lines in correct place, Sthewpid forum..
What he is saying is the ISP may issue /120 blocks to everyone giving an effective 256 IP's per customer. So when you have say 40 devices connected, and someone is packet flooding one of your unused IP's then will VM charge you for that packet flooding. At least, I think that is what he is saying.
Some ISPs have stated previously that they would like to charge a new fee to customers and it will be called something along the lines of a "Per Device" fee, so every IP you use, you pay for it. Sadly I have trawled the interwibble but cant find references to the major ISP's that said they would do this....
craigj2k11 wrote:And port forwarding is a bigger pain than you realize. How do you set up port forwarding for two DNS servers behind the same NAT?
Under IPv4 you would be using a firewall and network address translation
And why would you have 2 DNS servers on the same IP?
He said behind the same NAT, Not (kinda not) on the same IP.
I have ran multiple DNS servers in the past (when playing with routing tables and getting smart TV's to view American, Canadaian, and UK content all at the same time).
Because it's behind the NAT then it is forcefully the "same IP" but eh.
craigj2k11 wrote:The reason matters becuase it wouldnt be done, you would have an IP address for each DNS server.
Well... yes, that's what you'd do. That's been my point this whole time: we need IPv6, because there isn't enough space to do that in IPv4. (Although I don't understand why you would bother NATing; if you have IPs for the servers then just assign the IPs to the servers. No need to make your life more complicated that it already is.)
But Nutty667 suggested I can simply do some port forwarding and be happy. I asked my question in an attempt to point out that it just can't be done in this situation, which means that NATs are not sufficient as a solution.
There's also the unaddressed issue of what will happen when VM end up with more customers than IPs. At that point, they'll be forced to do NAT themselves. How would you configure port forwards when the NAT isn't run by you and is completely out of your control?
There are other issues with NAT too, for instance the network clashes you get when two companies merge their networks or create a VPN between them, or when they create VPNs to employees' home networks. The problems those companies have when they run out of private IP space. The squatting on public space that e.g. Hamachi does to avoid clashes, which makes parts of the internet inaccessible to people using it. The problems caused by machines having a different IP on the local network vs externally, such as the need to configure and maintain split DNS or the protocols broken by it. The need to invent, and implement in all software/hardware, protocols like UPnP and STUN, debug the implementations and maintain external servers for those protocols where applicable. The problems caused by people getting their NAT implementations wrong (for instance routers that can't handle anything that isn't TCP/UDP/ICMP, or that can sorta handle it but fail to provide UI for configuring how it's handled), or things like the SuperHub and NAT acceleration causing breakage for some people. The hardware needed to handle NAT at speeds fast enough for our current and future networks.
And let's not forget the costs of all of the above. You need to understand the workarounds, buy appropriate equipment and software and spend effort setting it up, but then also on maintaining it and debugging it when any part breaks. The maintenance is an ongoing cost, forever, which is not small now and will only get worse as we try to stretch v4 even further. IPv6 deployment may cost money now, but some of it is integrated into existing upgrade cycles (for instance the need to upgrade a cable network to DOCSIS 3: VM are already doing that rollout for reasons that have nothing to do with IPv6) and it's a one-time thing that removes the ongoing maintenance cost of the pile of NATs and the workarounds associated with them.
I include all of the above issues in my "NAT is bad and we need IPv6 to get rid of it" position. It's perfectly ok to be ignorant of most of those issues; they're mostly just part of the everyday business of maintaining a network which is left to network administrators. But ignorance of the problems does not make them go away, and does not magically make NAT a viable solution for the future of the internet.
And just to head off the next few posts: if you are going to claim that removing NAT makes you oh-so-insecure, then you need to explain why you think that replacing the NAT with a stateful firewall that has a default-deny inbound policy doesn't give you that security back. (Because it does.)
Dagger2 wrote:
craigj2k11 wrote:The reason matters becuase it wouldnt be done, you would have an IP address for each DNS server.
Well... yes, that's what you'd do. That's been my point this whole time: we need IPv6, because there isn't enough space to do that in IPv4. (Although I don't understand why you would bother NATing; if you have IPs for the servers then just assign the IPs to the servers. No need to make your life more complicated that it already is.)
Of course there is enough space, how do you think you are accessing the internet at this very moment
Dagger2 wrote:
craigj2k11 wrote:The reason matters becuase it wouldnt be done, you would have an IP address for each DNS server.
But Nutty667 suggested I can simply do some port forwarding and be happy. I asked my question in an attempt to point out that it just can't be done in this situation, which means that NATs are not sufficient as a solution.
in what situation? I dont see what it is that you "cant" do?
Dagger2 wrote:
craigj2k11 wrote:The reason matters becuase it wouldnt be done, you would have an IP address for each DNS server.
There's also the unaddressed issue of what will happen when VM end up with more customers than IPs. At that point, they'll be forced to do NAT themselves. How would you configure port forwards when the NAT isn't run by you and is completely out of your control?
As I pointed out a couple of pages back, this isnt going to happen any time soon. But if you want to write a letter to my boss as to why he should spend ~£650k adopting IPv6 then be my guest, it was an issue brought up in a meeting a while back, and I couldnt justify why we would need IPv6. Apart from future proofing, there is absolutely no reason for companies to shell out the massive expense of adopting IPv6
VMCopperUser wrote:What he is saying is the ISP may issue /120 blocks to everyone giving an effective 256 IP's per customer. So when you have say 40 devices connected, and someone is packet flooding one of your unused IP's then will VM charge you for that packet flooding. At least, I think that is what he is saying.
Right, that's mostly what I got too. What I don't understand is how it's an IPv6 problem. You could make the same argument on v4, with somebody DDOSing you on an unused port instead of an unused IP. Either way a DDOS would be bad, but it's not an IPv6-specific bad and I don't see why it would be brought up as a potential problem that needs worrying about with v6. If you were going to worry about it, then you should already be worrying about it now.
VMCopperUser wrote:He said behind the same NAT, Not
(kinda not)on the same IP.I have ran multiple DNS servers in the past (when playing with routing tables and getting smart TV's to view American, Canadaian, and UK content all at the same time).
Because it's behind the NAT then it is forcefully the "same IP" but eh.
Ah, ok, let's clarify just in case. I meant a situation where
- Your ISP only gives you one IP.
- You have 20 machines, so you use NAT.
- You have DNS servers running on two of those machines.
- Both of the DNS servers need to be accessible from the internet.
... which you can't do. (This is not a contrived situation, I hit it myself trying to get iodine running.) To get it to work, you need another IP, but that's not doable with v4 (particularly in the long run) because there just aren't enough.
Dagger2 wrote:
VMCopperUser wrote:What he is saying is the ISP may issue /120 blocks to everyone giving an effective 256 IP's per customer. So when you have say 40 devices connected, and someone is packet flooding one of your unused IP's then will VM charge you for that packet flooding. At least, I think that is what he is saying.
Right, that's mostly what I got too. What I don't understand is how it's an IPv6 problem. You could make the same argument on v4, with somebody DDOSing you on an unused port instead of an unused IP. Either way a DDOS would be bad, but it's not an IPv6-specific bad and I don't see why it would be brought up as a potential problem that needs worrying about with v6. If you were going to worry about it, then you should already be worrying about it now.
VMCopperUser wrote:He said behind the same NAT, Not
(kinda not)on the same IP.I have ran multiple DNS servers in the past (when playing with routing tables and getting smart TV's to view American, Canadaian, and UK content all at the same time).
Because it's behind the NAT then it is forcefully the "same IP" but eh.
Ah, ok, let's clarify just in case. I meant a situation where
- Your ISP only gives you one IP.
- You have 20 machines, so you use NAT.
- You have DNS servers running on two of those machines.
- Both of the DNS servers need to be accessible from the internet.
... which you can't do. (This is not a contrived situation, I hit it myself trying to get iodine running.) To get it to work, you need another IP, but that's not doable with v4 (particularly in the long run) because there just aren't enough.
Well at the moment, ther is enough, but if it was that much of a major issue why not just load balance between the 2 DNS servers using the same external IP?
Hi all,
In case you weren't aware, our Head of Broadband Experience posted in this thread about IPv6 a couple of months ago. We are planning for IPv6 but the implimentation is not imminent as we currently have sufficient IPv4 addresses for the near/mid-term future.
