shire_dweller
On our wavelength
Joined 15 years ago
User Profile
User Widgets
Contributions
Re: IPv6 support on Virgin media
So, as zeke kindly pointed out, you can use IPv6 with your Virgin Media connection (and probably with most/all other UK ISPs) by using 6to4 stateless tunnelling, http://en.wikipedia.org/wiki/6to4 I have tried it, it's working, and I'm writing to share the experience and some remarks -- only the "big picture", this is for the technically adventurous users. Goals and Limitations With a 6to4 setup, all your computers (Windows, Mac or Linux) will work as hybrid IPv4 + IPv6. IPv4 will work as it is at the moment (a single public IPv4 address with the router, if you have a router). As for IPv6, rejoice!, you will get a whole /64 public subnet, which means 2^64 or almost 18 million million million (18x10^18) public, globally routable IPv6 addresses. Reckon it's enough for your house? :-) You don't have to "switch" between IPv4 and IPv6: they work side by side. If you try to access an IPv6-only website, such as http://ipv6.google.com, IPv6 will be used. If you try to access an IPv4-only website, IPv4 will be used. If the website is available as both IPv4 or IPv6, it's the application (eg, web browser) that decides what to do. (It seems that Safari on Mac 10.6.4 prefers IPv6, whereas IE on XP prefers IPv4.) Some IPv4+IPv6 websites will tell you which IP address you're using, so you'll know: eg, http://sixy.ch Now, let me stress that it will not allow you to access all IPv6 severs/peers in the world, because not all native IPv6 networks out there have access to a 6to4 gateway (2002::/16 route) in order to send data back to you. I don't know the statistics - what's the proportion of servers/peers that won't be reachable via 6to4, September 2010? If you know, please share. Anyway: 6to4 will certainly allow you to have fun with IPv6, but for full connectivity, Virgin Media has to provide it natively -- so don't get lazy and keep hassling them! Also, the 192.88.99.1 6to4 router I reached, probably physically located somewhere around London (as suggested by traceroute), had an average ping time of 24ms. If that's too high for your games, be warned. It's certainly fine for web browsing and file sharing, though. Hardware You want to have a public IPv4 address for your computer or router (see below). This means you don't want to use a Virgin Hub such as the VMDG280. Instead, you want a regular cable modem that can give you a public IPv4 address via DHCP. It's OK if it's dynamic, but it must be public. Virgin's 255 or 256 modems are fine. (Note: theoretical speculation goes that it may be possible to use 6to4 behind NAT, i.e. behind a Virgin Hub. You'd have to configure your LAN's 6to4 router/computer to use the public/external IPv4 address (and update it if the IPv4 address changes), but I haven't found any specific instructions on how to do it.) zeke suggested using a router with a DD-WRT firmware (www.dd-wrt.com). That's all very good, but not what I did. Instead, I used a mini computer (nettop) running Linux (prices between 100 and 200 pounds). Any computer and any Linux distribution will do; mine is the Acer Revo R3600 (small, quiet, low power (20 to 30W) to run 24/7) and OpenSuse Linux. I installed it behind the LCD TV in the living room, connected with a HDMI cable and a wireless keyboard/trackpad. Nice for YouTube, BBC iPlayer and other media playing, besides being an IPv4 and IPv6 router and web/ftp/ssh server. Network interfaces: the mini computer needs to have at least two, one on the "WAN" side (Internet) and the other on the "LAN" side (local). The LAN-side interface could be either WiFi (wireless) or Ethernet (wired). The WAN-side interface is connected exclusively to the cable modem with an Ethernet cable. The LAN-side interface provides access to your other computers. The interfaces (WAN or LAN, wired or wireless) don't have to be built-in: they can be external USB adapters (USB-WiFi or USB-Ethernet). If your LAN interface is WiFi, you have to configure it to work in "master mode", or "access point mode". This will make the mini computer operate as a "wireless router", providing access to other computers. If you find it troublesome to make the WiFi interface operate in master mode, or if the range/speed aren't good enough, you can use wired interfaces for both WAN and LAN, then connect a separate "WiFi access point" box, configured in bridge mode, to the LAN interface. IPv4/IPv6 Setup Your basic Linux setup should enable IPv6 support, routing and IPv4 masquerading (NAT). These are simply checkboxes with OpenSuse (Yast control panel), and probably most distributions. On the WAN interface (towards the cable modem), enable DHCPv4. On the LAN interface, if it's WiFi, you have to seek instructions on configuring it in master mode. If it's wired, no special configurations needed. The actual 6to4 setup: here I'll take a shortcut and link you to this great guide, "Quick and dirty IPv6 with 6to4": http://backreference.org/2010/06/27/quick-and-dirty-ipv6-with-6to4/ The guide suggests installing radvd, IPv6 Router Advertiser daemon. It's great for IPv6 "autoconfiguration" of computers in your LAN. However, you don't need radvd if you choose to configure IPv6 manually, with static LAN addresses, perhaps for a quick testing. The downside of manual configuration is that you'll have to change the IPv6 addresses of every computer in your LAN when/if your dynamic IPv4 address changes. Router (mini computer) firewall: iptables6 allows you to configure a firewall with as many rules as you could possibly want. I just disabled it altogether, because that's what I wanted in the first place: a plain IP router for all my devices (VoIP, IP cameras, web servers, P2P, NAS, fridge twitters/messengers...), not an unreachable LAN behind NAT! My Windows machines have the Windows firewall enabled, and that shall do it. Importantly, note that network interfaces are normally configured with multiple IPv6 addresses, at least one of which is "link local", and another one being the global 6to4. If you configure your system or application to only shares files locally to your LAN/house, it can do two things: only accept connections on the link local address, or else, at least check that the source of packets belong to your LAN's global subnet. You don't need private IPv4 addresses to solve the security problem. Future Of course, all this trouble (configuring a mini computer or installing DD-WRT) would have been avoided if Virgin Media supported IPv6 natively and provided customers with IPv6 routers/hubs/modems. In any case, have fun!Re: IPv6 support on Virgin media
The migration to IPv6 is mostly fuelled by dreams, as is the case with many things. With a proper migration, each computer will have a couple of permanent addresses that will ignore usual NAT pathways and allow more seamless connections so wherever you are you can find a specific computer. The security risks of this are obvious, which might explain why takeup has been slow... sure, anyone can find anyone else, but won't you miss the security of a changing IP? Getting rid of NAT and private IP addresses can only be a good thing. This blog post elaborates on issues of Security and Privacy related to your worries: http://www.deepdarc.com/2010/02/06/ipv6-security/ As the blog mentions, RFC 3041 tackles the "problem" of an IPv6 address identifying an specific network interface (laptop or PC), for embodying its worldwide unique (unless modified) MAC address. As for the privacy derived from dynamically allocated IPv4 addresses, I'd argue it's fictitious: even if you get a different IPv4 address from Virgin when changing your router's MAC address, Virgin is still able (maybe even legally required?) to detect and log which house had which IP address at which date and time. Outside Virgin, anyone can anyway obtain the information of which ISP a certain IP address is assigned to, be it dynamic or static. In summary, so far I haven't been convinced that IPv6, when/if well configured, is any worse than IPv4+NAT in terms of privacy and security. But I agree that "when/if well configured" is a very strong reservation, and it will take years until security software and hardware settles on best IPv6 security practices.15KViews1like2CommentsRe: IPv6 support on Virgin media
Indeed, UDP was being blocked. TCP was even worse, at least with the traceroute tool I'm using: command line on Mac OS X 10.6.4. However, ICMP went through: $ traceroute -P icmp 192.88.99.1 traceroute to 192.88.99.1 (192.88.99.1), 64 hops max, 72 byte packets 1 revo (10.203.29.1) 0.913 ms 0.335 ms 0.361 ms 2 10.128.192.1 (10.128.192.1) 34.570 ms 9.515 ms 6.676 ms 3 cmbg-cam-1a-ge912.network.virginmedia.net (80.1.202.73) 24.142 ms 17.251 ms 8.749 ms 4 cmbg-core-1a-ge-013-0.network.virginmedia.net (195.182.179.206) 34.858 ms 9.383 ms 9.004 ms 5 popl-bb-1a-ae2-0.network.virginmedia.net (212.43.163.141) 16.861 ms 15.970 ms 49.994 ms 6 brnt-bb-1b-as4-0.network.virginmedia.net (62.255.81.238) 37.789 ms 28.749 ms 16.969 ms 7 telc-ic-1-as0-0.network.virginmedia.net (62.253.185.74) 32.951 ms 13.514 ms 14.404 ms 8 ge-3-22-0-cr1.thn.as9153.net (195.66.226.71) 14.949 ms 24.046 ms 15.256 ms 9 po-2-0-700-cr2.sov.as9153.net (82.136.0.205) 13.060 ms 13.432 ms 25.085 ms 10 gi0-1-warlock.sov.kewlio.net.uk (82.136.1.142) 45.193 ms 22.543 ms 20.411 ms 11 192.88.99.1 (192.88.99.1) 51.425 ms 23.340 ms 31.785 ms Tony, why BurstFire? Are you implying it's BurstFire who owns or operates the 192.88.99.1 router I'm reaching from Virgin Cable? BurstFire describe themselves as a Tier 2 ISP, which Wikipedia kindly and graphically clarified. Am I to understand that Virgin Media is a Tier 3 ISP, purchasing (some) IP transit from BurstFire? Clearly if you were hopping across the "pond" then your latency would be a tad more than 30-50ms anyway! ;-) Right - I couldn't remember the typical values and was lazy to do calculations. Google Maps tells me it's some 6,000Km from New York to London, and this Internet Monitoring Tutorial suggests 60% of speed of light (0.6c) as a reference fastest bit-propagation speed (green line on the Round-trip time versus distance graph). With these, I should expect at least 66ms (33ms each way) ping result if the 6to4 gateway was in New York. Very well, it must be somewhere nearer.15KViews0likes1CommentRe: IPv6 support on Virgin media
zeke, thanks for the suggestion! It prompted me to learn more about 6to4, which really seems to be a great way of playing with IPv6 behind an IPv4 ISP ( http://en.wikipedia.org/wiki/6to4 , http://www.ipv6tf.org/index.php?page=using/connectivity/6to4 , http://packetlife.net/blog/2010/mar/17/using-6to4-ipv6-home/ ) And apparently, it's been in actual use for many years. I've found this forum where people were discussing, back in 2003, the traceroutes of the 192.88.99.1 6to4 gateway from their (mostly USA) ISPs: http://www.dslreports.com/forum/r17914554-Where-does-your-6to4-relay-address-19288991-go I am using Virgin Media cable at home in Cambridge-UK and this what I get from ping and traceroute: $ ping 192.88.99.1 PING 192.88.99.1 (192.88.99.1): 56 data bytes 64 bytes from 192.88.99.1: icmp_seq=0 ttl=247 time=23.030 ms 64 bytes from 192.88.99.1: icmp_seq=1 ttl=247 time=24.794 ms 64 bytes from 192.88.99.1: icmp_seq=4 ttl=247 time=22.051 ms 64 bytes from 192.88.99.1: icmp_seq=5 ttl=247 time=39.947 ms 64 bytes from 192.88.99.1: icmp_seq=7 ttl=247 time=22.488 ms $ traceroute 192.88.99.1 traceroute to 192.88.99.1 (192.88.99.1), 64 hops max, 52 byte packets 1 [home router] 0.947 ms 0.328 ms 0.340 ms 2 10.128.192.1 (10.128.192.1) 7.625 ms 7.111 ms 8.074 ms 3 cmbg-cam-1a-ge912.network.virginmedia.net (80.1.202.73) 7.388 ms 8.881 ms 18.748 ms 4 cmbg-core-1a-ge-013-0.network.virginmedia.net (195.182.179.206) 8.637 ms 8.670 ms 9.633 ms 5 popl-bb-1a-ae2-0.network.virginmedia.net (212.43.163.141) 13.839 ms 15.044 ms 10.564 ms 6 brnt-bb-1b-as4-0.network.virginmedia.net (62.255.81.238) 35.893 ms 12.642 ms 13.835 ms 7 telc-ic-1-as0-0.network.virginmedia.net (62.253.185.74) 13.170 ms 14.120 ms 13.566 ms 8 ge-3-22-0-cr1.thn.as9153.net (195.66.226.71) 31.567 ms 13.200 ms 15.818 ms 9 po-2-0-700-cr2.sov.as9153.net (82.136.0.205) 12.648 ms 14.701 ms 12.949 ms 10 gi0-1-warlock.sov.kewlio.net.uk (82.136.1.142) 21.112 ms 23.631 ms 19.267 ms 11 * * * 12 * * * 13 * * * Unfortunately, traceroute doesn't complete (went on to 45 * * * until I killed it). I hope this isn't an indication that 6to4 would fail; after all, ping worked. A ping time of 24ms isn't great, but I suppose it could be worse. I'm guessing/hoping the 6to4 gateway answering to my ping was located at some London exchange, e.g. http://as9153.net It would be sad if it was going via the Americas, China, Japan... What are you getting from traceroute, especially from other UK ISPs? (Other than Virgin Media cable)15KViews0likes7CommentsRe: IPv6 support on Virgin media
IPv6 is definitely not limited to any local network. IPv6 is "already" (after only 15 years put forward as an Internet standard) in use by 1 to 6% of the global Internet, depending on how you measure it (data traffic, source address of website requests or BGP table advertisements). Check this article: http://arstechnica.com/tech-policy/news/2010/03/as-much-as-one-percent-of-the-internet-is-now-using-ipv6.ars To name two big services you can right now access natively with IPv6: Google and YouTube. There are thousands more websites that are already IPv6 enabled, all over the world. Just search for them. In the UK, there doesn't seem to be that many ( http://www.ipv6.org.uk , http://en.wikipedia.org/wiki/IPv6_deployment ) , but it would change radically if just one big provider like BT or Virgin Media started offering it to residential customers. As for the smaller providers, it's not just AAISP to offer it in the UK, there are a few others too. This search tool allows you to check the UK providers offering IPv6: http://www.thinkbroadband.com/search/package/advanced.html In the USA, Comcast and Verizon have already started trials of IPv6 with residential customers. They are very large providers. ( http://www.dslreports.com/shownews/Verizon-Begins-Residential-IPv6-FiOS-Test-107761 , http://www.internetnews.com/infra/article.phpr/3825696/Comcast+Embraces+IPv6.htm ) Obviously, in the transition period you can use both IPv4 and IPv6 simultaneously, it's not a matter of choosing one over the other. Personally, what I look forward to gain from IPv6 is to eventually get rid of NAT completely and have plenty of public IP addresses to each household (hundreds, thousands), one for each and every Interned-enabled device, free of charge (many ISPs currently charge for blocks of IPv4 addresses). This would enable so many P2P applications -- not just file sharing, but mainly voice/video communications and all sorts of push/pull notifications -- that currently struggle to become popular because of the costs of getting around NAT. (Most of the big and popular comms services, say Skype, spend a lot of money on centralised server farms just because direct P2P comms are blocked by NAT. Yes, there are ways around NAT, but they are mostly non-standard and often require complex router port forwarding configurations that are beyond most users' comprehension, time or interest.) (Also: there are very many articles on how to achieve the private-network security which comes as a side effect of NAT while using public IPv6 addresses, for instance: http://www.deepdarc.com/2010/02/06/ipv6-security/ )15KViews1like12CommentsRe: IPv6 support on Virgin media
While Virgin ignores their customer requests for IPv6, you can switch to ADSL2+ (BT landline) and get the best native IPv6 support in the UK with AAISP, www.AAISP.net.uk . It's been a few years that AAISP provides native IPv6. They also give you a block of static, public IPv4 addresses as standard, no extra charges. "Real Internet", as they call it. NAT is completely optional -- I strongly recommend against NAT, especially if you'd also like to try using SIP VoIP. (I'm not in any way affiliated with AAISP, other than being one of their happy customers at work, where we get a clean 16Mbps with ADSL2+. At home I still have Virgin Media, but that's only because ADSL gives me at most 3Mbps, while Virgin gives me 10Mbps or more.)68KViews2likes17Comments