ContributionsMost RecentMost LikesSolutionsRe: IPv6 support on Virgin media Dagger2 wrote: VMCopperUser wrote: What he is saying is the ISP may issue /120 blocks to everyone giving an effective 256 IP's per customer. So when you have say 40 devices connected, and someone is packet flooding one of your unused IP's then will VM charge you for that packet flooding. At least, I think that is what he is saying. Right, that's mostly what I got too. What I don't understand is how it's an IPv6 problem. You could make the same argument on v4, with somebody DDOSing you on an unused port instead of an unused IP. Either way a DDOS would be bad, but it's not an IPv6-specific bad and I don't see why it would be brought up as a potential problem that needs worrying about with v6. If you were going to worry about it, then you should already be worrying about it now. VMCopperUser wrote: He said behind the same NAT, Not (kinda not) on the same IP. I have ran multiple DNS servers in the past (when playing with routing tables and getting smart TV's to view American, Canadaian, and UK content all at the same time). Because it's behind the NAT then it is forcefully the "same IP" but eh. Ah, ok, let's clarify just in case. I meant a situation where Your ISP only gives you one IP. You have 20 machines, so you use NAT. You have DNS servers running on two of those machines. Both of the DNS servers need to be accessible from the internet. ... which you can't do. (This is not a contrived situation, I hit it myself trying to get iodine running.) To get it to work, you need another IP, but that's not doable with v4 (particularly in the long run) because there just aren't enough. Well at the moment, ther is enough, but if it was that much of a major issue why not just load balance between the 2 DNS servers using the same external IP? Re: IPv6 support on Virgin media legacy1 wrote: Dagger2 wrote: legacy1 wrote: Their is a difference to a DDOS being aimed to a IPv6 address your using then a IPv6 address that’s allocated to you but not in use and still receives incoming traffic even with no reply from the gateway. It's still traffic either way. What's the difference? The difference is Docsis in the downstream is a broadcast with per key encryption for traffic to a given modem and that the downstream bandwidth is limited and shared so if the gateway knows a IPv6 WAN address is not in use much like if a IPv4 WAN address is not in use then the gateway does not have to send the traffic but if the gateway knows a IPv6 WAN address is in use much like if a IPv4 WAN address is in use then it has to send the traffic regardless because you wouldn’t have internet other wise. AFAIK most of VMs kit is already IPv6 compatible, even the (not so) superhub. The only issue would be migrating users to DOCSIS3, and supplying new CPEs to thousands of users. Im not entirely sure if the VMNG300 is IPv6 ready, but that would probably be solved with a firmware update Re: IPv6 support on Virgin media Dagger2 wrote: craigj2k11 wrote: The reason matters becuase it wouldnt be done, you would have an IP address for each DNS server. Well... yes, that's what you'd do. That's been my point this whole time: we need IPv6, because there isn't enough space to do that in IPv4. (Although I don't understand why you would bother NATing; if you have IPs for the servers then just assign the IPs to the servers. No need to make your life more complicated that it already is.) Of course there is enough space, how do you think you are accessing the internet at this very moment Dagger2 wrote: craigj2k11 wrote: The reason matters becuase it wouldnt be done, you would have an IP address for each DNS server. But Nutty667 suggested I can simply do some port forwarding and be happy. I asked my question in an attempt to point out that it just can't be done in this situation, which means that NATs are not sufficient as a solution. in what situation? I dont see what it is that you "cant" do? Dagger2 wrote: craigj2k11 wrote: The reason matters becuase it wouldnt be done, you would have an IP address for each DNS server. There's also the unaddressed issue of what will happen when VM end up with more customers than IPs. At that point, they'll be forced to do NAT themselves. How would you configure port forwards when the NAT isn't run by you and is completely out of your control? As I pointed out a couple of pages back, this isnt going to happen any time soon. But if you want to write a letter to my boss as to why he should spend ~£650k adopting IPv6 then be my guest, it was an issue brought up in a meeting a while back, and I couldnt justify why we would need IPv6. Apart from future proofing, there is absolutely no reason for companies to shell out the massive expense of adopting IPv6 Re: IPv6 support on Virgin media Dagger2 wrote: legacy1 wrote: If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes? It would help if you'd take the time to write in coherent sentences. I have trouble working out what you're trying to say. It seems like you're saying "if somebody sends some traffic to you, that's a DDOS", which it isn't: that's just the internet, working normally. legacy1 wrote: Their is a difference to a DDOS being aimed to a IPv6 address your using then a IPv6 address that’s allocated to you but not in use and still receives incoming traffic even with no reply from the gateway. It's still traffic either way. What's the difference? craigj2k11 wrote: Under IPv4 you would be using a firewall and network address translation Um... really? I don't. Where would the firewall be, and what connections would it prevent? craigj2k11 wrote: And why would you have 2 DNS servers on the same IP? Why does the reason matter? The question I asked was how to set up port forwarding to do it. The reason matters becuase it wouldnt be done, you would have an IP address for each DNS server. Then you would forward Enternal Internal xxx.xxx.xxx.xx1:53 to yyy.yyy.yyy.yy1:53 xxx.xxx.xxx.xx2:53 to yyy.yyy.yyy.yy2:53 Re: IPv6 support on Virgin media legacy1 wrote: craigj2k11 wrote: legacy1 wrote: When VM allocates you a IPv4 address its to that MAC along with a allocation of many IPv6 addresses. If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes? thats news to me Its how DHCP-PD works if used at the users end for IPv6 on some routers. You said VM do it, I said it is news to me. VM dont use IPv6 AFAIK Re: IPv6 support on Virgin media legacy1 wrote: When VM allocates you a IPv4 address its to that MAC along with a allocation of many IPv6 addresses. If you use 20 address out of IPv6 the rest are not used as of yet now if incoming traffic even with no reply to a not in use IPv6 address this will still route to you and will eat into ones speed and usage should it be a DDOS yes? thats news to me Re: IPv6 support on Virgin media Dagger2 wrote: No, it doesn't. Having them behind a firewall gives that. Nobody is forcing you to run without a firewall, we just want to make it possible to do so, and at the same time fix all of the addressability issues that arise from rewriting src/dst addresses. And port forwarding is a bigger pain than you realize. How do you set up port forwarding for two DNS servers behind the same NAT? Under IPv4 you would be using a firewall and network address translation And why would you have 2 DNS servers on the same IP? Re: IPv6 support on Virgin media I dont see how that would happen, there would be no device to reply and the packets would be dropped Re: IPv6 support on Virgin media NAT isnt used in IPv6 so there is no security in that sense Re: IPv6 support on Virgin media Was in a meeting with a cisco rep last month who said that Cisco cannot see IPv6 being deployed any time soon. It just isnt needed