Menu
Reply
  • 180
  • 1
  • 126
Morgaine
Superfast
542 Views
Message 661 of 780
Flag for a moderator

Re: IPv6 support on Virgin media

@Shelke writes:

I'm not interested in IPV6.

Shelke, I have news for you.  You need IPv6, and badly, despite having convinced yourself of the opposite.  All of your problems are being caused by IPv4, so you *should* be interested.  From the sound of it, you have good cause to be a keen IPv6 advocate, as the bad situation with IPv4 is giving you grief.

what I am interested in this outlook of stick lots of customers behind a single IP address and thinking that it will work.

And guess why that is --- it's because IPv4 addresses are running out, so they need to be re-used dynamically, ie. shared.

That was the whole reason why NAT and address sharing were invented --- IPv4 addresses come from a small pool so shortage is inherent.  Even in the early days of the Internet, ISPs couldn't afford to dish out more than one address to residential customers without charging more (hence mostly a business option), yet those residential customers have always owned multiple computers or devices requiring Internet access. The pressure for a solution was immense, hence NAT was embraced with open arms, in the absence of any alternative.  IPv6 was being discussed, but it was far from ready back then.

And I do want to be able to host over IPV4 when I need it.

And you expect to get a public IPv4 address from where?  Do you realize that the address alone costs over $15 now, and rising rapidly, like everything else that is in short supply?  And that's on top of the provisioning ISP's subscription cost. You have an IPv4 address currently, but you don't own that address --- it is allocated to your ISP, and they will withdraw it from your exclusive use when that is the cost-effective thing to do.

In contrast, you can host on as many addresses as you wish on IPv6, and the addresses cost you nothing.

I think you need to pick apart the various issues that are contributing to your distress, instead of starting with the unstated but clearly expected fictional requirement of "I want IPv4 but I don't want to be affected by IPv4 address shortages." It's a non-realizable requirement, and you will be suffering for as long as you hold onto that fiction. It can be hard to un-program oneself from a long-held false belief, but it needs to be done if you expect your issues to be overcome. Your problem is IPv4.

Fortunately, the solution is nearly here.  And yes, I'm aware that there are some hurdles to overcome, mainly getting the majority onboard, but that's why I'm an IPv6 advocate.  It has to be done, as there is no other viable solution.  Looking backwards, or expecting fiction, are not viable solutions.

Morgaine.

"If it only does IPv4, it is broken." -- George Michaelson, APNIC.
  • 16.18K
  • 896
  • 6.19K
Superuser
Superuser
525 Views
Message 662 of 780
Flag for a moderator

Re: IPv6 support on Virgin media


@impromptu wrote:

The DS-Lite with public IPv4 address is an interesting one - it actually makes the problem a lot simpler.  Instead of needing a stateful CGNAT (that remembers the port and maps it to a client IP), the edge router just needs to (de)encapsulate the v4 packet in its v6 wrapper and send it on its way.  That's stateless, so can be done much more efficiently - could be done at line rate with suitable hardware. At this point the ISP network is v6 only, but customers have full v4 routing so it shouldn't break any apps.  Unlike DNS64 and friends it's completely transparent to the end user.

It doesn't solve the v4 exhaustion problem, but that could be done opportunistically (eg new customers don't get a public v4, or put lower tier customers on private v4, or some other criteria).

 


The thing is your forgetting that to be able to communicate you have to be able to deal with the return traffic.

There's no such thing as stateless NAT - The individual customers won't have an IPv4 address to themselves, to when that traffic comes back, unless you've stored a table telling you about the outbound traffic state, then there's no way to route the replies back to the correct customers IPv4 address.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

  • 102
  • 5
  • 13
jonathanm
Up to speed
510 Views
Message 663 of 780
Flag for a moderator

Re: IPv6 support on Virgin media

I was referring to scale in terms of the number of end-point devices being supported under GCNAT as opposed to raw bandwidth. Both are different challenges in scale.

0 Kudos
Reply
  • 180
  • 1
  • 126
Morgaine
Superfast
500 Views
Message 664 of 780
Flag for a moderator

Re: IPv6 support on Virgin media

This graphic of the exhaustion of IPv4 addresses across all five of the world's RiRs deserves circulating widely:

plotend

The IPv4 crunch isn't something that lies in the future, it is now. Even the least active of the regions (AFRINIC) finally ran out of spare /8 blocks, and that was last year, an eternity in Internet time,  Cutting and dicing the remaining scraps of address space has kept heads above water (while the price of dwindling IPv4 addresses skyrockets), yet even so all of the RiRs are now below half a /8.  New large IPv4 users are balancing on a precipice, hanging on for dear life.

Growth for services and company infrastructure on IPv4?  You jest ...

Those who are still in denial about IPv6 need to look at the year labels on the x-axis, carefully.

Morgaine.

"If it only does IPv4, it is broken." -- George Michaelson, APNIC.
  • 28
  • 0
  • 3
fyonn
On our wavelength
483 Views
Message 665 of 780
Flag for a moderator

Re: IPv6 support on Virgin media


@ravenstar68 wrote:

@impromptu wrote:

The DS-Lite with public IPv4 address is an interesting one - it actually makes the problem a lot simpler.  Instead of needing a stateful CGNAT (that remembers the port and maps it to a client IP), the edge router just needs to (de)encapsulate the v4 packet in its v6 wrapper and send it on its way.  That's stateless, so can be done much more efficiently - could be done at line rate with suitable hardware. At this point the ISP network is v6 only, but customers have full v4 routing so it shouldn't break any apps.  Unlike DNS64 and friends it's completely transparent to the end user.

It doesn't solve the v4 exhaustion problem, but that could be done opportunistically (eg new customers don't get a public v4, or put lower tier customers on private v4, or some other criteria).

 


The thing is your forgetting that to be able to communicate you have to be able to deal with the return traffic.

There's no such thing as stateless NAT - The individual customers won't have an IPv4 address to themselves, to when that traffic comes back, unless you've stored a table telling you about the outbound traffic state, then there's no way to route the replies back to the correct customers IPv4 address.

Tim


no, he's suggesting the use of DS-lite, but instead of your ipv4 session being behind CGNAT, your public ipv4 address is basically tunneled to you over ipv6 instead. this is why it would be stateless as there is no nat...

That would allow virgin to run an internal ipv6 network but still give out public IP addresses to those who want or need it...

Not convinced that's what virgin will want to do, but it's an interesting proposal...

I'm also worried that I'll be looking for a new router as I don't know whether my current pfsense box will support all this tunneling stuff..

  • 16.18K
  • 896
  • 6.19K
Superuser
Superuser
472 Views
Message 666 of 780
Flag for a moderator

Re: IPv6 support on Virgin media

Except the dual stack lite RFC 6333 specifies that NAT be carried out on the AFTR elements.

Here's the introduction to the RFC

1. Introduction

   The common thinking for more than 10 years has been that the
   transition to IPv6 will be based solely on the dual-stack model and
   that most things would be converted this way before we ran out of
   IPv4.  However, this has not happened.  The IANA free pool of IPv4
   addresses has now been depleted, well before sufficient IPv6
   deployment had taken place.  As a result, many IPv4 services have to
   continue to be provided even under severely limited address space.

   This document specifies the Dual-Stack Lite technology, which is
   aimed at better aligning the costs and benefits in service provider
   networks.  Dual-Stack Lite will enable both continued support for
   IPv4 services and incentives for the deployment of IPv6.  It also
   de-couples IPv6 deployment in the service provider network from the
   rest of the Internet, making incremental deployment easier.

   Dual-Stack Lite enables a broadband service provider to share IPv4
   addresses among customers by combining two well-known technologies:
   IP in IP (IPv4-in-IPv6) and Network Address Translation (NAT).

   This document makes a distinction between a dual-stack-capable and a
   dual-stack-provisioned device.  The former is a device that has code
   that implements both IPv4 and IPv6, from the network layer to the
   applications.  The latter is a similar device that has been
   provisioned with both an IPv4 and an IPv6 address on its
   interface(s).  This document will also further refine this notion by
   distinguishing between interfaces provisioned directly by the service
   provider from those provisioned by the customer.



Durand, et al.               Standards Track                    [Page 3]

 
RFC 6333                     Dual-Stack Lite                 August 2011


   Pure IPv6-only devices (i.e., devices that do not include an IPv4
   stack) are outside of the scope of this document.

   This document will first present some deployment scenarios and then
   define the behavior of the two elements of the Dual-Stack Lite
   technology: the Basic Bridging BroadBand (B4) element and the Address
   Family Transition Router (AFTR) element.  It will then go into
   networking and NAT-ing considerations.

Note that the idea behind dual stack lite is the fact that IPv6 deployment is nowhere near as complete as it should have been, it was hoped (which is something I mentioned earlier, even though I had not read this document before today), that we would have dual stacked IPv6 and IPv4 BEFORE we ran out of usable IPv4 space.

Because that hasn't happened, we now have to look at how to retain IPv4 access for and users while still growing the internet as a whole.

In short DS-Lite now requires NAT on the AFTR element.

While it does discuss port forwarding at the AFTR it also suggests that ISP's may choose not to forward some of the well known service ports to end users (i.e. Ports 0-1023 e.g. port 80 TCP)  Note that this won't affect outbound connections but will make it impossible to run web servers or personal mail servers.

So talking about Dual Stack-Lite with no NAT is to put it simply - a pipe dream.

Tim

________________________________________


Only use Helpful answer if your problems been solved.

  • 3.28K
  • 103
  • 366
VMCopperUser
Problem sorter
395 Views
Message 667 of 780
Flag for a moderator

Re: IPv6 support on Virgin media

I was reading through the RFC's the other day too.

I think that the RFC was written with the view that you would only use it when you needed it, and as such you should need CGNAT.  It doesn't seem to explicitly state that you cant use the IPv4 end as a single point per user.

AS5089 has about 26 million IPv4's (If my math is correct) under the "Virgin Media" name. I am not going to go through all the SUB AS's to see what looks customer-ish, someone else here probably knows how to pull that info from the database with ease and parse it (I would have to do it one by one by hand). 

They say they have 5.9 million cable customers, and 3.1 million mobile customers (hard for me to believe that one).  So that's 9.1 million IP's at a minimum.  Mobile customers have probably been under CGNAT since the start so lets cut that 3.1 million down.  Europol says some providers have thousands of people per IP, but lets say that virgin limits us to 250 people per IP...  So that knocks mobile down to 12,000 users..  Ignorable levels.  Their old TV boxes could have a public facing IP I think?  The new V6 box is now behind your NAT router (Designed to save on the v4 assignment?).  They don't give nearly enough stats to even take a rough guess on this.  But lets just take their numbers and shoot for 8 million.  So 8+6= 14 million IP addresses. 

I have a hard time seeing how they are out of IPv4 addresses.  It was only a couple of years ago that they suggested they were a really long way off from even needing to worry about IPv4, the V6 box should have reduced that worry by a huge amount, and now all of the sudden they want to add CGNAT.

 

----
I do not work for VM, but I would. It is just a Job.

I would also make websites for them, because the job never seems to require the website to work.
  • 106
  • 3
  • 8
MSX
Up to speed
367 Views
Message 668 of 780
Flag for a moderator

Re: IPv6 support on Virgin media

I am watching the IPv6 transition with a little interest.

Yesterday, I got put on a new CMTS with a new with a change of public IPv4 address and hop 2 (10.* IPv4) address. CMTS MAC identifies as Cisco, which it was before too. No such IPv6 activity reported by my CM though. Although this sounds obvious that it might be some sort of congestion clean-up/re-seg of some-sort, I was having absolutely no bandwidth/latency issues on 350meg even at very busy times so I call this move peculiar on my part. Would this sort of activity be evident of a transition?

0 Kudos
Reply
Highlighted
  • 132
  • 2
  • 53
Dagger2
Superfast
353 Views
Message 669 of 780
Flag for a moderator

Re: IPv6 support on Virgin media

They have a lot of announcements that look like this:

62.30.0.0/15 	Virgin Media Limited
62.30.0.0/16 	Virgin Media Limited
62.31.0.0/16 	Virgin Media Limited 

which is 65k IPs, not 131k. If you remove all of the overlapping announcements then I make it about 8.3 million IPs. bgp.he.net says "IPs Originated (v4): 9,471,488" including all of the customer prefixes, so that looks about right.

Comparing that 8.3 million figure vs your 14 million estimate... yeah. You didn't even account for infrastructure address use or allocation inefficiencies and you still ended up with an estimate that was 1.7x higher than the address space they have available. And you wonder why they want CGNAT?

  • 19
  • 0
  • 10
impromptu
On our wavelength
330 Views
Message 670 of 780
Flag for a moderator

Re: IPv6 support on Virgin media


@ravenstar68 wrote:

So talking about Dual Stack-Lite with no NAT is to put it simply - a pipe dream.


It's still NAT, but stateless 1:1 NAT.

For instance, imagine VM allocated everyone an address in 10.0.0.0/8.  There would be nearly enough addresses to go round there.  They could issue that to their customers, who would all have a unique IP.  However let's say they also owned the public IP space 99.0.0.0/8.  They could NAT 99.x.y.z to 10.x.y.z and it every customer would have a unique public IP address that they could be reached by.  IPv4 apps still work fine. Further, let's say instead of 99.0.0.0/8 they own 2^16 random public /24 subnets - by using 10.0.0.0/8 they can keep a uniform internal address space for management purposes, NATting them externally so users still get public IPs.

In the v6 case, a customer can be given v6 address of ab:cd:ef::10.x.y.z for their v4 packets (with whatever scheme for embedding the 32 bit v4 inside the v6 address).  Their CPE NATs 192.168.1.0/24 to v6 ab:cd:ef::10.x.y.z and sends that over the native v6 network.  The AFTR receives this, NATs it to 99.x.y.z and sends it out to the v4 internet.  Apart from the v4 NAT in the CPE, this path is stateless (each point just needs a general mapping rule, not a memory of what happened recently) and reversible.

I'm not saying it will happen like that, or even that routers can do it like this (I don't know), but that it would make the CGNAT easier if it did.

Once you have a scheme like this, you can start reallocating addresses according to marketing-driven policy.  People on the lowest tier might be a target here - they don't push as much data so aren't as much work for the CGNAT.  So the AFTR knows that when a packet from ab:cd:ef::10.1.y.z comes in, instead of doing the 1:1 NAT it needs to do a full stateful NAT behind a shared IP.  If the customer pays the extra £3 a month for the gaming bundle, they instead get a put in a pool with their own static public IP.

All hypothetical castles in the air of course, but just imagining how it could work.

0 Kudos
Reply