IPv6 support on Virgin media
Does anyone know whether (and if so when) Virgin plan to implement IPv6 on its network?
Forum Discussion
jem101 wrote:
ksim wrote:
legacy1 wrote:
IPv4 is all you need"640K ought to be enough for anybody."
Said nobody ever - it's an urban myth!
The same "urban myths" as:
"The protocol (41) is single threaded"
"IPv6 will not happen till it does NAT because sadly everyone knows NAT as a poor means of a firewall."
"IPv4 is all you need"
legacy1is the best representation of VM, that how you know VM customers will never see IPv6, as the tech team is full of "legacy1"s.I'm certainly not going to comment on what other posters say or claim with little foundation or basis. However you do seem to be fixated on an idea that VM's technical department is staffed with people who are simply unable or incapable of understanding how IPv6 works or how to implement it. Now unless you either work at VM or happen to know the technical expertise of the staff there - you're as guilty of making stuff up as anyone else!
Ask yourself this, what's most likely to be the case;
a) VM have deliberately employed engineers who are all incompetent or woefully ignorant of IPv6 for what ever reason but at the same time can keep the rest of the system working (well mostly working)
or
b) VM have made a business decision that they simply don't need to implement an IPv6 solution now as they have sufficient IPv4 addresses available to satisfy current and immediate future need. The number of VM users who will even know what IPv6 is, is infinitesimally tiny - and the number who would gain any benefit from it is even smaller.
Would you rather they rushed to implement a similar situation to the one they inherited in Ireland? DSLite which precludes you putting the hub in modem mode and using your own equipment? But still they've got IPv6 so everything's good yes?
John
In simple terms what is IPv6 ?
I think it is the IP number using 6 pairs not 4 as used currently.
MikeRobbo wrote:In simple terms what is IPv6 ?
I think it is the IP number using 6 pairs not 4 as used currently.
> a) VM have deliberately employed engineers
yes, buy cheap, get crap.> VM have made a business decision that they simply don't need to implement an IPv6 solution now as they have sufficient IPv4 addresses available to satisfy current and immediate future need.
limit of IPv4 addresses is not a reason not to implement IPv6, IPv6 has a lot of other benefits.> Would you rather they rushed to implement a similar situation to the one they inherited in Ireland?
LG has implemented IPv6 in many countries already, do not see their userbase going down because of that, and yes, would rather see DS-Lite, than IPv4 only.
ksim wrote:> a) VM have deliberately employed engineers
yes, buy cheap, get crap.Speculation based on no evidence at all then!
> VM have made a business decision that they simply don't need to implement an IPv6 solution now as they have sufficient IPv4 addresses available to satisfy current and immediate future need.
limit of IPv4 addresses is not a reason not to implement IPv6, IPv6 has a lot of other benefits.Such as? Care to say what these are? Oh and please don't just include 'no need to employ NAT' without saying why this is advantageous.
> Would you rather they rushed to implement a similar situation to the one they inherited in Ireland?
LG has implemented IPv6 in many countries already, do not see their userbase going down because of that, and yes, would rather see DS-Lite, than IPv4 only.
Of course their user base isn't going down, know why? Because for the vast, vast majority of users IPv6 is a complete irrelevance. Really; you would give up the ability to put the VM hub into modem mode just to gain the holy grail of IPv6 connectivity?
- > Speculation based on no evidence at all then!
Try to talk with them, I did.
> Such as?
is google not available over ipv4 for you?
Security and end-to-end encryption are some of the major ones, NAT also, I have tons of devices/services I want to access in my home/or they require external access, and the absence of NAT is a major one.
> Because for the vast, vast majority of users IPv6 is a complete irrelevance.
The vast majority do not care about even being behind NAT, that's why as a service provider I have to implement tons of stupid **bleep** proxies/forwarding rules to not throw away VM customers using my services.
> Really; you would give up the ability to put the VM hub into modem mode just to gain the holy grail of IPv6 connectivity?
Really I for one of probably millions of other users didn't know about IPV6 until I saw it mentioned on here and to be honest I don't care. What I have is good enough for me and when the time comes when IPV6 is actually needed I am sure that it will be implemented.
MikeRobbo wrote:In simple terms what is IPv6 ?
I think it is the IP number using 6 pairs not 4 as used currently.
IPv6 stands for Internet Protocol version 6. IPv5 was an experimental multimedia protocol that never got off the ground (in case anyone wants to know where that went).
IPv4 uses 32 bits (4 bytes) to represent an internet address. This gives a theoretical maximum of around 4 billion IP addresses.
IPv6 on the other hand uses 128 bits to represent an internet address giving a theoretical maximum of 3.4 x 10^17 addresses.HOWEVER - due to the way IPv6 is set up the minimum size of a single subnet is 64 bits.
Regarding NAT
NAT was never designed to be a firewall. NAT and RFC1918 addressing was all about making IPv4 last longer until it's successor was implemented. While NAT can appear to take the place of a stateful firewall it can cause issues when it comes to looking for security issues as it's impossible to tell which individual device on a NAT'ed IP address has sent traffic. Everything appears to come from the same public IP.
Regarding DS-Lite
To those who say they'd happily go with DS-Lite, unless you are a basic user who ONLY surfs the net and watches Netflix or youtube, you really don't want to go down that rabbit hole.
Tim
Sorry my maths was off earlier
2^128 = 3.4*10^38 potential IPv6 addresses
ravenstar68 wrote:Regarding DS-Lite
To those who say they'd happily go with DS-Lite, unless you are a basic user who ONLY surfs the net and watches Netflix or youtube, you really don't want to go down that rabbit hole.
Yes DS-Lite is evil.
Problems VM face is:
1.Can IPv6 work in modem mode along with 1 IPv4 on 3rd party routers that is standard for all ISP.
2.Even in router mode their will need to be a firewall to block inbound traffic with rules to allow given traffic and allow all outbound traffic without issue.
legacy1 wrote:
ravenstar68 wrote:Regarding DS-Lite
To those who say they'd happily go with DS-Lite, unless you are a basic user who ONLY surfs the net and watches Netflix or youtube, you really don't want to go down that rabbit hole.
Yes DS-Lite is evil.
Incompetence is evil. DS-Lite is absolutely fine.
legacy1 wrote:Problems VM face is:
1.Can IPv6 work in modem mode along with 1 IPv4 on 3rd party routers that is standard for all ISP.
2.Even in router mode their will need to be a firewall to block inbound traffic with rules to allow given traffic and allow all outbound traffic without issue.
those "problems" are solved by thousands of other companies and ISPs, there is nothing new or unique for VM to do. Firewall rules are even simpler for IPv6 than for IPv4 (properly offload NAT is a nightmare). My IPv6 firewall table twice smaller than IPv4, and much more secure. Or maybe you think that NAT doesn't require any firewall rules? I won't be surprised after all your other posts. Have you ever seen an IPv6 network?
You wouldn't last a day in Ireland with DS-Lite!
ksim wrote:
Or maybe you think that NAT doesn't require any firewall rules? I won't be surprised after all your other posts.Its called port forwarding or DMZ which acks like a firewall to allow inbound and outbound NAT acks like a allow all outbound firewall.
Would you like to justify your assertion that DS-Lite is perfectly fine? I'd like to know why you think this?
You do realise that one of the principles behind DS-Lite is putting multiple customers behind the same IPv4 address using NAT at the ISP end?
Dual-Stack Lite enables a broadband service provider to share IPv4 addresses among customers by combining two well-known technologies: IP in IP (IPv4-in-IPv6) and Network Address Translation (NAT).
Perhaps you'd like to tell us what affect this will have on things like IP camera's and game and media server access from outside the LAN over IPv4?
Tim
legacy1 wrote:You wouldn't last a day in Ireland with DS-Lite!
Its called port forwarding or DMZ which acks like a firewall to allow inbound and outbound NAT acks like a allow all outbound firewall.
Now we know, you never saw networking in your life, have you ever seen anything beyond webUI of the router? To implement the mentioned functionality devs are using software like iptables, as an example: how setting up NAT looks like in real life https://wiki.archlinux.org/index.php/Simple_stateful_firewall#Setting_up_a_NAT_gateway. before discussing IPv6 maybe you should learn networking?
- @ravenstar68
> You do realise that one of the principles behind DS-Lite is putting multiple customers behind the same IPv4 address using NAT at the ISP end?
Yes, I do, and with IPv4-only you are sitting behind NAT right now.
> Perhaps you'd like to tell us what affect this will have on things like IP camera's
fantastic, finally, you will be able to access it without port forwarding and with better access control.
> game and media server access
both are easier, there is no NAT, just use IPv6
> from outside the LAN over IPv4?
IPv4? who needs it?
ksim wrote:
@ravenstar68
> You do realise that one of the principles behind DS-Lite is putting multiple customers behind the same IPv4 address using NAT at the ISP end?
Yes, I do, and with IPv4-only you are sitting behind NAT right now.
Except on the IPv4 side there will be two layers of NAT One at the ISP and one at the router.
> Perhaps you'd like to tell us what affect this will have on things like IP camera's
fantastic, finally, you will be able to access it without port forwarding and with better access control.
Wrong on so many levels.
> game and media server access
both are easier, there is no NAT, just use IPv6
Which is fine should the server actually support IPv6 access. Plex in theory does BUT the Plex server still needs to talk to the Plex website, which still only uses IPv4. Plex's creators have employed a workaround for Dual Stack Lite that means you end up access the server indirectly via the Pex website.
Likewise there are very few games which currently support IPv6. Some games get round Dual-Stack Lite issues in a similar way to Plex by hosting the server on the developers network. But thinks like Splinter Cell Block Ops and Assasains Creed Black flag rely on unsolicited connections to your game instance. Something that can't happen behind DS-Lite.
> from outside the LAN over IPv4?
IPv4? who needs it?
It would certainly be nice to get rid of IPv4 altogether but for that to happen software needs updating to stop relying on IPv4- > Except on the IPv4 side there will be two layers of NAT One at the ISP and one at the router
after the first NAT, I do not care, there is a difference only in MTU.
> Wrong on so many levels.
Very informative, VIP level!
> Which is fine should the server actually support IPv6 access. Plex in theory does BUT the Plex server still needs to talk to the Plex website, which still only uses IPv4. Plex's creators have employed a workaround for Dual Stack Lite that means you end up access the server indirectly via the Pex website.
Are you sure you got it right? what a mess! plex server can access the plex website without any issue ipv4 LAN->WAN is not a problem in DSlite, but yes, you can't access your plex server (WAN->LAN IPv4) directly, this is NAT problem, not IPv6 or DSlite. Access it using IPv6! I am using a VPN to solve this, anyway, a VPN connection is a good practice on any IPv4 or public network.
> Something that can't happen behind DS-Lite.
how it is happening with "normal" IPv4 NAT, jumping with hoops over router settings for games, or you enable UPNP to expose security problems.
> It would certainly be nice to get rid of IPv4 altogether but for that to happen software needs updating to stop relying on IPv4
hundreds of thousands are living with DS-Lite. The difference between DS-Lite and IPv4-only is basically is the absence of IPv6.
Every OS, every network defaults to IPv6 if have a choice, it is faster, it is more secure, it is the future. VM stuck in the past. The service I am working on would be much easier and simpler if I can drop support for IPv4-only users, but because of VM and companies like that, I can't 😞
IPv6 easier in configuration, management, routing, requires fewer resources on equipment and the most importantly again secure! VM proved their incompetence fully in the topic about protocol 41. I had similar conversations with technicians during my complaints. Since when is IPv6 more secure?
Yes IPv6 MUST include the ABILITY to support IPSec BUT actual IPSec use is not mandatory. Furthermore IPsec was backported to IPv4, where again it's use is not mandatory. IPv6 has it's own vulnerabilities.
BTW the use of NAT at the ISP gateway as well as the Router doesn't just mean a different MTU value. Surely you must realise that? The issue with the Plex Server needing to use indirect mode is precisely down to the Double NAT issue. Oh and yes I did set up port forwarding for my game in the past. I've even set up my own FTP server using passive mode and set up the port forwarding to get that to work too.
Tim
jem101 wrote:I'm certainly not going to comment on what other posters say or claim with little foundation or basis. However you do seem to be fixated on an idea that VM's technical department is staffed with people who are simply unable or incapable of understanding how IPv6 works or how to implement it. Now unless you either work at VM or happen to know the technical expertise of the staff there - you're as guilty of making stuff up as anyone else!
Ask yourself this, what's most likely to be the case;
a) VM have deliberately employed engineers who are all incompetent or woefully ignorant of IPv6 for what ever reason but at the same time can keep the rest of the system working (well mostly working)
or
b) VM have made a business decision that they simply don't need to implement an IPv6 solution now as they have sufficient IPv4 addresses available to satisfy current and immediate future need. The number of VM users who will even know what IPv6 is, is infinitesimally tiny - and the number who would gain any benefit from it is even smaller.
Would you rather they rushed to implement a similar situation to the one they inherited in Ireland? DSLite which precludes you putting the hub in modem mode and using your own equipment? But still they've got IPv6 so everything's good yes?
John
As point B shows incompetence into what IPv6 is or why it is needed then your basically saying that they are picking between the same thing, but based on money.
Point B may be valid for CGNAT deployment that they wanted to roll out, but appears to be shelved. But CGNAT and IPv6 are not the same thing.
CGNAT (or even NAT in general I guess) is a way of dealing with a limited number of IP blocks available
IPv6 is a communications protocol that gives end to end connectivity in both directions (there's more than IP layers out there too, but meh).
Virgin media has shown their incompetence, or lets just show it miscomprehension, many times like you. They don't need IPv6 because they have enough IPv4 to cope. That view is wrong because the real problem is that all they are doing is not allowing fully unrestricted IP communications from end to end.
As long as all sites, users, and uses you need support IPv4, and your not NAT'ed, then you don't need IPv6. Virgin media wanting to move to CGNat however shows that they are probablbly on the end of running out of IPv4's to give out. CGNat (or NAT in general) is great at blocking users even when it's not intended.
I would imagine, using your A/B choice up top (both are the nearly the same, one is willful the other is not) we could add an option C.
C) VM have plenty of technical staff who understand and ask for IPv6 deployment, when the request is put up to management level there is a lot of leadership who don't fully understand it, but perhaps request funds to make it happen. Once they begin looking at it and see there is no real monetization value in the upgrade then no one will defend the upgrade.
That's just my guess. Just like how they allowed (as in, refused to care) broadband theft (cloned modems, modified config files) for so long it wasn't funny. That only stopped once high utilization started hitting paying customers (the people who leave). Tho I am sure that some VM staff fought hard to spend the money to stop that theft, there was no increase in profit for stopping it so it just didn't happen.
The second sentence in part B is also a little disturbing.
"The number of VM users who will even know what IPv6 is, is infinitesimally tiny - and the number who would gain any benefit from it is even smaller."
The number of VM users who know what IPv4 is, is also infinitesimally tiny. The number of users who would benefit from a move to IPv6 is not that large, HOWEVER, it would allow fully transparent changes going forward. That is what users need, a solution that they don't need to understand.
Virgin media staff do not know what DHCP, DNS, SNMP, IMAP or many of the other types of protocols are. Virgin media staff don't know what 1x1, 2x2, 3x3, MIMO, spatial streams, coding, channel width. That doesn't stop Virgin from offering Internet with WiFi. So just because users don't know what IPv6 is, doesn't mean they shouldn't get it.
MikeRobbo wrote:I for one of probably millions of other users didn't know about IPV6 until I saw it mentioned on here and to be honest I don't care. What I have is good enough for me and when the time comes when IPV6 is actually needed I am sure that it will be implemented.
I have seen enough people asking for "help" before on things that don't work to say that you are probably just like the majority of users out there. What you have is good enough for you to do what you do - good for you. I have met other people who can get along just find on a slow 2g phone connection with only a few hundred meg used each month. That doesn't mean it's okay for everyone else.
People like you were the ones who were happy to have PHORM, Targed ISP tracking and Adversiting - all of your browsing AND web submission data sent to external sources, rolled out. Many people in this thread are the ones who caused the storm to get that stopped.
People like you are happy to have CGNAT, what Virgin media really wanted as it was a easy bolt on solution. Luckily you don't have that now as your, whatever you do and your happy with, might not be good enough for you.
So hey, sure, sit back and be happy that a provider doesn't move to improve things. You can use that same view of yours to save on a new car if you want to buy one, look for Euro NCAP 0 star rating cars. They tend to be cheaper and for you, they are good enough.
ksim wrote:
legacy1 wrote:
ravenstar68 wrote:Regarding DS-Lite
To those who say they'd happily go with DS-Lite, unless you are a basic user who ONLY surfs the net and watches Netflix or youtube, you really don't want to go down that rabbit hole.
Yes DS-Lite is evil.
Incompetence is evil. DS-Lite is absolutely fine.
legacy1 wrote:Problems VM face is:
1.Can IPv6 work in modem mode along with 1 IPv4 on 3rd party routers that is standard for all ISP.
2.Even in router mode their will need to be a firewall to block inbound traffic with rules to allow given traffic and allow all outbound traffic without issue.
those "problems" are solved by thousands of other companies and ISPs, there is nothing new or unique for VM to do. Firewall rules are even simpler for IPv6 than for IPv4 (properly offload NAT is a nightmare). My IPv6 firewall table twice smaller than IPv4, and much more secure. Or maybe you think that NAT doesn't require any firewall rules? I won't be surprised after all your other posts. Have you ever seen an IPv6 network?
Companies and ISP's can set up firewall rules that are no big issues. End users (with IP's that change) can be a pain. I am unsure why your IPv6 firewall is smaller (less services I would imagine) but in the end the firewall rule count should be the same. CGNat solves no USER problem, it only creates a user problem. I see later on you seem to suggest double or triple NAT on IPv4 is not an issue. If you have access to every gatway so you can set up ALG rules then sure you can make it work. But CGNAT is managed by the Carrier (Hence the C in the name) so your not allowed to manage the forwarding from that gateway. If you, or anyone for that matter, thinks CGNAT is not an issue then you just don't understand what it is OR you have no need for anything beyond basic web services.
End users can not have complicated solutions, and CGNAT can be made "aware" but that's often complicated and at this point would be a waste of time.
Move to dual-stack IPv4/IPv6, when IPv4 runs out on VM's network then IPv6 adoption will be higher and NAT(v4) might be accepted by users.
ravenstar68 wrote:Since when is IPv6 more secure?
Since the beginning
Furthermore IPsec was backported to IPv4
Good luck having it working through NAT
IPv6 has it's own vulnerabilities.
Mostly for IPv4
mean a different MTU value. Surely you must realise that?
I do and do not care.
The issue with the Plex Server needing to use indirect mode is precisely down to the Double NAT issue.
There is no "Double/Tripple" NAT issues, there are only "NAT" issues.
Oh and yes I did set up port forwarding for my game in the past.
Lucky "one PC boy", I have 3 PC's, any recommendation on how I can do the setup for all of them? if a game uses only a specific port? or conflicts with something else in my system? or having bt-torrent working on every one of them. or have syncthing working without nat traversal enabled on the router?
I've even set up my own FTP server using passive mode and set up the port forwarding to get that to work too.
OMG, I used to do that few decades ago, FTP in 2020? it is something.... Try to setup several FTPs using freebsd router and pure ipfw for NATed IPv4 and IPv6. and come later with your thoughts.
VMCopperUser wrote:Companies and ISP's can set up firewall rules that are no big issues. End users (with IP's that change) can be a pain.
why it is "a pain" for enduser, for the most - default in the router is fine, for "power users" the same allow/block in web UI, for professionals it is simpler, no need for stupid NAT rules
I am unsure why your IPv6 firewall is smaller (less services I would imagine) but in the end the firewall rule count should be the same.
Because the firewall is not on/off port things you see in Windows, NAT rules and port forwarding are creating a mess, doing proper shaping with NAT, another mess.
CGNat solves no USER problem, it only creates a user problem. I see later on you seem to suggest double or triple NAT on IPv4 is not an issue. If you have access to every gatway so you can set up ALG rules then sure you can make it work. But CGNAT is managed by the Carrier (Hence the C in the name) so your not allowed to manage the forwarding from that gateway. If you, or anyone for that matter, thinks CGNAT is not an issue then you just don't understand what it is OR you have no need for anything beyond basic web services.
Ok, you are talking about IPv4 only CGNAT, can't agree less, it is a disaster, but if you have IPv6, you have direct connectivity, there are tons of options to get access to the resource you need. IPv4 is a fallback protocol if you have IPv6.
Move to dual-stack IPv4/IPv6, when IPv4 runs out on VM's network then IPv6 adoption will be higher and NAT(v4) might be accepted by users.
Fully agree with you, but we both know, this is not what VM is doing, and that won't the case as VM is part of LG, at best VM users in the UK will get DSLite, or realistically ipv4 only CGNAT.
People who say "I don't need IPv6 yet" are missing the point entirely.
The shortage of IPv4 addresses is causing all sorts of problems requiring complex workarounds. It has led to a totally artificial market in trading of IPv4 address space, leading to fragmentation of the global routing table. IPv6 solves these problems at a stroke, but only if we switch off IPv4.
The transition plan says that everybody should implement IPv6 alongside IPv4, and use it in preference. Then when almost all of the network traffic is using IPv6, the IPv4 internet can close down - not on one day, obviously, but once global transit for IPv4 starts shutting down it will fade away quite quickly, and we can actually start reaping the benefits of IPv6. (There will of course remain local enclaves of IPv4 for a long time thereafter, but that doesn't mean we need a global IPv4 Internet).
Operating system designers have by and large done their bit. The wide area network providers have too, and we have a well connected global IPv6 network. Major service providers are finally getting their act together too.
But if ISPs such as VM decline to offer IPv6 on the grounds that it's not needed because IPv4 is still there, we can never get to the point that the low level of IPv4 traffic justifies switching it off. It is holding up the transition.
We need IPv6 so that we can switch off IPv4 - it's as simple as that.
I think we have now reached the point that the regulators should step in. I don't think a company should be allowed to advertise its service as offering the Internet if it doesn't offer IPv6 connectivity alongside IPv4. They should have to declare their service as "legacy only" or "obsolescent" or some such.
