IPv6 support on Virgin media

So, as zeke kindly pointed out, you can use IPv6 with your Virgin Media connection (and probably with most/all other UK ISPs) by using 6to4 stateless tunnelling, http://en.wikipedia.org/wiki/6to4

I have tried it, it's working, and I'm writing to share the experience and some remarks -- only the "big picture", this is for the technically adventurous users.

Goals and Limitations

• With a 6to4 setup, all your computers (Windows, Mac or Linux) will work as hybrid IPv4 + IPv6. IPv4 will work as it is at the moment (a single public IPv4 address with the router, if you have a router). As for IPv6, rejoice!, you will get a whole /64 public subnet, which means 2^64 or almost 18 million million million (18x10^18) public, globally routable IPv6 addresses. Reckon it's enough for your house? :-) You don't have to "switch" between IPv4 and IPv6: they work side by side. If you try to access an IPv6-only website, such as http://ipv6.google.com, IPv6 will be used. If you try to access an IPv4-only website, IPv4 will be used. If the website is available as both IPv4 or IPv6, it's the application (eg, web browser) that decides what to do. (It seems that Safari on Mac 10.6.4 prefers IPv6, whereas IE on XP prefers IPv4.) Some IPv4+IPv6 websites will tell you which IP address you're using, so you'll know: eg, http://sixy.ch
• Now, let me stress that it will not allow you to access all IPv6 severs/peers in the world, because not all native IPv6 networks out there have access to a 6to4 gateway (2002::/16 route) in order to send data back to you. I don't know the statistics - what's the proportion of servers/peers that won't be reachable via 6to4, September 2010? If you know, please share. Anyway: 6to4 will certainly allow you to have fun with IPv6, but for full connectivity, Virgin Media has to provide it natively -- so don't get lazy and keep hassling them!
• Also, the 192.88.99.1  6to4 router I reached, probably physically located somewhere around London (as suggested by traceroute), had an average ping time of 24ms. If that's too high for your games, be warned. It's certainly fine for web browsing and file sharing, though.

Hardware

• You want to have a public IPv4 address for your computer or router (see below). This means you don't want to use a Virgin Hub such as the VMDG280. Instead, you want a regular cable modem that can give you a public IPv4 address via DHCP. It's OK if it's dynamic, but it must be public. Virgin's 255 or 256 modems are fine. (Note: theoretical speculation goes that it may be possible to use 6to4 behind NAT, i.e. behind a Virgin Hub. You'd have to configure your LAN's 6to4 router/computer to use the public/external IPv4 address (and update it if the IPv4 address changes), but I haven't found any specific instructions on how to do it.)
• zeke suggested using a router with a DD-WRT firmware (www.dd-wrt.com). That's all very good, but not what I did. Instead, I used a mini computer (nettop) running Linux (prices between 100 and 200 pounds). Any computer and any Linux distribution will do; mine is the Acer Revo R3600 (small, quiet, low power (20 to 30W) to run 24/7) and OpenSuse Linux. I installed it behind the LCD TV in the living room, connected with a HDMI cable and a wireless keyboard/trackpad. Nice for YouTube, BBC iPlayer and other media playing, besides being an IPv4 and IPv6 router and web/ftp/ssh server.
• Network interfaces: the mini computer needs to have at least two, one on the "WAN" side (Internet) and the other on the "LAN" side (local). The LAN-side interface could be either WiFi (wireless) or Ethernet (wired). The WAN-side interface is connected exclusively to the cable modem with an Ethernet cable. The LAN-side interface provides access to your other computers. The interfaces (WAN or LAN, wired or wireless) don't have to be built-in: they can be external USB adapters (USB-WiFi or USB-Ethernet). If your LAN interface is WiFi, you have to configure it to work in "master mode", or "access point mode". This will make the mini computer operate as a "wireless router", providing access to other computers. If you find it troublesome to make the WiFi interface operate in master mode, or if the range/speed aren't good enough, you can use wired interfaces for both WAN and LAN, then connect a separate "WiFi access point" box, configured in bridge mode, to the LAN interface.

IPv4/IPv6 Setup

• Your basic Linux setup should enable IPv6 support, routing and IPv4 masquerading (NAT). These are simply checkboxes with OpenSuse (Yast control panel), and probably most distributions. On the WAN interface (towards the cable modem), enable DHCPv4. On the LAN interface, if it's WiFi, you have to seek instructions on configuring it in master mode. If it's wired, no special configurations needed.
• The actual 6to4 setup: here I'll take a shortcut and link you to this great guide, "Quick and dirty IPv6 with 6to4":
  http://backreference.org/2010/06/27/quick-and-dirty-ipv6-with-6to4/
  The guide suggests installing radvd, IPv6 Router Advertiser daemon. It's great for IPv6 "autoconfiguration" of computers in your LAN. However, you don't need radvd if you choose to configure IPv6 manually, with static LAN addresses, perhaps for a quick testing. The downside of manual configuration is that you'll have to change the IPv6 addresses of every computer in your LAN when/if your dynamic IPv4 address changes.
• Router (mini computer) firewall: iptables6 allows you to configure a firewall with as many rules as you could possibly want. I just disabled it altogether, because that's what I wanted in the first place: a plain IP router for all my devices (VoIP, IP cameras, web servers, P2P, NAS, fridge twitters/messengers...), not an unreachable LAN behind NAT! My Windows machines have the Windows firewall enabled, and that shall do it. Importantly, note that network interfaces are normally configured with multiple IPv6 addresses, at least one of which is "link local", and another one being the global 6to4. If you configure your system or application to only shares files locally to your LAN/house, it can do two things: only accept connections on the link local address, or else, at least check that the source of packets belong to your LAN's global subnet. You don't need private IPv4 addresses to solve the security problem.

Future

Of course, all this trouble (configuring a mini computer or installing DD-WRT) would have been avoided if Virgin Media supported IPv6 natively and provided customers with IPv6 routers/hubs/modems.

In any case, have fun!