Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IPv6 support on Virgin media

dgcarter
Dialled in

on ‎27-03-2010 18:11

Does anyone know whether (and if so when) Virgin plan to implement IPv6 on its network?

1,493 REPLIES 1,493

Dagger2
Superfast
In response to VMCopperUser

on ‎10-12-2012 14:15

If you think we're going to hit 60% used in the next 40 years, then you really haven't got your head around the size of IPv6.

 

We could give 1 billion companies 100,000 /64s each, and give each of the 7 billion people on the planet 100,000 /64s each as well, and still only use 0.035% of the current usable v6 address space. Not 60%... 0.035%. And that's with way higher usage than you proposed. Your proposal was more like 0.000003% used.

 

(And there are of course reserved blocks in the v6 space; the above calculations are done out of the one single /3 that global allocations currently use. There are another five such /3s reserved. Even if we do run out of space, we can do it all over again another five times.)

 

Regarding Google owning 2^96 addresses... you're still thinking in v4 terms, where there's so few addresses that you have to (and can!) count individual addresses, and an IP block is handed out to just barely cover the precise number of computers it needs to contain. Stop that. v6 isn't like that. Google got a /32 because a /32 is the standard base allocation for LIRs.

 

Why is a /32 the standard base allocation for LIRs, even when most of them won't actually use most of the block? The reason is covered in RFC 1715 and RFC 3194: we use large blocks to reduce routing table fragmentation. We aren't "wasting" those addresses. They have a use, even if they aren't ever assigned to a computer.

 

Yes, I realize that routing table fragmentation is the kind of thing you guys ignore and leave to the network boffins who have spent a lifetime researching this stuff. But if you're going to argue that the v6 allocation policies are wasteful, then this is stuff you need to understand -- because it's the reason the policies aren't wasteful.

0 Kudos

legacy1
Alessandro Volta
In response to Dagger2

‎10-12-2012 20:03 - edited ‎10-12-2012 20:07

To understand the routing table fragmentation in IPv4 terms it would be like doing subnets at 255.255.255.252.

There is another problem that may need looking into which is DDOS to a IPv6 allocation even if a IPv6 address in that allocation is not in use it will still route to it and incoming traffic even with no reply will eat into ones speed and usage? Unless Neighbor Solicitation multicast even with DHCP-PD covers this so that the VM gateway knows what IPv6 are in use even if its a DDOS to ones that are in use?

---------------------------------------------------------------

BQM, Test for outgoing ports and SSL/L2TP VPN test

0 Kudos

Dagger2
Superfast
In response to legacy1

on ‎11-12-2012 00:05

If you send traffic in the direction of a customer, the traffic will go to the customer, yes. That's the current situation; you can send traffic to VM's customers right now (otherwise the internet wouldn't work). Introducing IPv6 won't change that.

0 Kudos

craigj2k11
Rising star
In response to Dagger2

on ‎11-12-2012 00:16

Was in a meeting with a cisco rep last month who said that Cisco cannot see IPv6 being deployed any time soon. It just isnt needed

0 Kudos

legacy1
Alessandro Volta
In response to craigj2k11

‎11-12-2012 02:19 - edited ‎11-12-2012 02:19

If we was to get a /32 and used 20 address out of it the rest are unused and not need (unless you add more devices) now the rest that are not in use out of /32 could any traffic like DDOS affect the users speed and data usage?

---------------------------------------------------------------

BQM, Test for outgoing ports and SSL/L2TP VPN test

0 Kudos

craigj2k11
Rising star
In response to legacy1

on ‎11-12-2012 15:52

NAT isnt used in IPv6 so there is no security in that sense

0 Kudos

legacy1
Alessandro Volta
In response to craigj2k11

‎11-12-2012 16:56 - edited ‎11-12-2012 17:02

@craigj2k11 wrote:

NAT isnt used in IPv6 so there is no security in that sense

 Not taking about NAT this is about a IPv6 address not in use by you but allocated to you and how incoming traffic could still route to you from the gateway as a DDOS.

---------------------------------------------------------------

BQM, Test for outgoing ports and SSL/L2TP VPN test

0 Kudos

craigj2k11
Rising star
In response to legacy1

on ‎11-12-2012 18:10

I dont see how that would happen, there would be no device to reply and the packets would be dropped

0 Kudos

Nutty667
On our wavelength
In response to craigj2k11

on ‎11-12-2012 21:04

I'm not sure why you'd want every internet capable device exposed directly to the internet. Having everything behind a NAT makes things much safer from a security point of view.  Its not that much work setting up port forwarding anyway.  Any device with uPnP shouldn't need it setting up manually anyway.

0 Kudos

Dagger2
Superfast

on ‎11-12-2012 22:02

@craigj2k11 wrote:

Was in a meeting with a cisco rep last month who said that Cisco cannot see IPv6 being deployed any time soon. It just isnt needed

That seems like a somewhat head-in-the-sand position to take, considering that it is needed and is being deployed. It's also not the position that Cisco's own website takes.

@legacy1 wrote:

If we was to get a /32 and used 20 address out of it the rest are unused and not need (unless you add more devices) now the rest that are not in use out of /32 could any traffic like DDOS affect the users speed and data usage?

I covered that above. Adding extra details doesn't change anything. If you send data to a VM customer, then the data will go to the VM customer. Obviously that traffic is going to go over their internet connection and contribute towards their caps. None of that is new to IPv6 -- it works the same way in IPv4 -- so I'm not sure why you're bringing it up as an IPv6 problem.

@craigj2k11 wrote:

NAT isnt used in IPv6 so there is no security in that sense

If you want security, use a firewall. Firewalls still work in IPv6, and give you any security you got as a side-effect of NAT.

@Nutty667 wrote:

I'm not sure why you'd want every internet capable device exposed directly to the internet. Having everything behind a NAT makes things much safer from a security point of view. Its not that much work setting up port forwarding anyway.

No, it doesn't. Having them behind a firewall gives that. Nobody is forcing you to run without a firewall, we just want to make it possible to do so, and at the same time fix all of the addressability issues that arise from rewriting src/dst addresses.

 

And port forwarding is a bigger pain than you realize. How do you set up port forwarding for two DNS servers behind the same NAT?

Top