I need an ISP that offers IPv6. Virgin Media: Whatevs, nerd

That sounds like their approach to dealing with over-subscribed areas. They say they're going to review demand in three months. Then three months later they say it's been delayed and will be reviewed... in three months".

This seems to be a bizarre way that Virgin work.

I popped my email into their "we will let you know when we are coming to your area" website as our estate was built after they initially ran their fibre so we lucked out.

That was three years ago.

18 months ago I got a "great news! we're coming to your area" email.

SInce then...nothing. I asked them on Twitter and was told to register my interest on the same website.

So "coming soon" seems to be their default operating model.

SOP for Virgin

Many years ago I had a Virgin phone line for dial-up. When it was installed I asked about broadband. Coming in 3 months, they said. I occasionally asked them again, for the three years I was at that house. Always the same answer.

After moving house, I had them install a line in the new house. Again asked about broadband, again the same answer. After another three years of this, I found an ISP who could supply broadband for less than I was paying Virgin for dial-up. So I called to cancel my line.

"But we're rolling out broadband in your area soon!" "When?" "In about three months!" I explained that I'd been told that for the last six years, and still didn't believe him. The line was cancelled.

Three months later, I got a flyer through the door to say that Virgin broadband was available. It's a shame that the only honest answer got the cancellation. :)

It is the engineers that keep announcing it but they must be being continually delayed by lack of support from the rest of the business.

Re: If in the UK, I recommend

+1 for this. I switched to them when I wanted a decent IPv6 set-up some years ago, although then I left the country and had to cancel the service.

Re: If in the UK, I recommend

Likewise. I changed to A&A when the previous v6 support I had from Enternet broke and they never bothered to fix it. It was apparently something cobbled together for customers on BT's 20C network.

Re: If in the UK, I recommend

They also offer a L2TP service you can use over another ISP - £10 a month for 1Tb.

Okay, so it's not unlimited, but it comes with a fixed IPv4 address and a block of IPv6.

SIXXS may be shutting down, but Hurricane Electric still offer free IPv6 tunnels AND tutorials to get you up and running.

Re: If in the UK, I recommend

Zen Internet offer IPv6 on request which works very well. And they are not as pricey as AA. I am a customer of theirs.

Re: If in the UK, I recommend

Surely that should be AAAA? We are still talking about ipv6, no?

Re: need? really?

My Comcast cable supports IPv6, and my T-Mobile phone also seems to manage it.

Re: need? really?

Indeed. If the guy *needs* IPv6 one would have thought he'd have gone with an ISP that definitely supported it rather than putting his services through a third party freebie tunnel. He doesn't need to change ISP now, there are other tunnel providers including Hurricane Electric as you've pointed out.

Re: need

I run an elitist technical forum that is ipv6 only to stop plebs from swamping it with noob questions.

It also keeps out DMCA troll bots, and is unreachable to booters and the vast majority of botnet infected home users.

Highly recommended.

Re: need? really?

That's not how it works.

ISPs provide v6 and v4 in parallel allocating both a v4 address, for which the customer is generally obliged to supply NAT for themselves, as well as an IPv6 prefix so that the customer's computers can configure themselves with SLAAC if they haven't explicitly set up DHCPv6.

All consumer operating systems are smart enough to send both AAAA and A requests when they do DNS lookups, so when I talk to google on my laptop here I get their v6 addresses, but when I talk the register (who still have no v6 configured, SHAME) I get the v4. v6 traffic goes out over the ADSL in v6 records, v4 goes out in v4 records and never the twain shall meet. The ISP provides no 6to4 gateway, and I'm pretty sure if I tried to ping IPv4 address in the IPv6, my ISP would just drop the packets.

Re: need? really?

> I would think ISPs will deploy carrier grade NAT before they deploy IPv6 to the end user, especially for existing customers,

Many ISPs already are doing CGN.

> since the provider has to provide IPv6 to IPv4 NAT anyway, what is the advantage to not just doing IPv4 NAT ?

No, they don't have to provide IPv6 to IPv4. ISPs are generally providing dual stack. This works well for ISPs that have to use CGN, as it takes load off their CGN infrastructure for those connections that use IPv6. Given that FB, Google, Netflix etc are all on IPv6, this is a good chunk of traffic that is the CGN infrastructure doesn't have to deal with. For ISPs in organizations that need to log CGN traffic, this is particularly useful.

> I've been running networks for nearly 20 years now and I have never, ever heard IPv6 come up in any conversations with regards to networking with the people/companies I have worked with/at. I have no doubt it is a factor at ultra large scale providers, but that's not what I deal with.

I too have been working in and around networks for around 20 years, and I have heard IPv6 come up in conversations many times. Those were not with ultra-scale providers. They were ISPs outside ARIN, that did not have vast legacy allocations. My point? Your experience is not universal. Nor is mine.

> When the time comes to finally allow inbound IPv6 into the sites I manage the infrastructure for I will use NAT again - but at the CDN layer.

If you're talking about commercial CDNs (Cloudflare, Cloudfront, Akamai, etc,) they're all using IPv6 already.

> I checked my comcast cable link and that has a real IPv4

Most (all?) Comcast cable connections have IPv6 available by default. Mine does.

> meanwhile my AT&T mobile phone is still behind CGNAT on a 10.x IP.

CGNAT range is 100.64.0.0/10. See RFC 6598. Your AT&T phone is probably also using IPv6. Most US carriers are.

Re: need? really?

The world gets along with various kludges born of necessity...

Not many things are peer to peer, most services are centralised these days which is very bad for privacy.

Back in the days if you wanted to transfer a file to one of your IM contacts the file transfer would be sent directly to them (the im server would only handle text messages and directory services to keep bandwidth usage down), but now transfers are sent via the central service and get mangled (eg image quality is reduced, only limited filetypes are supported etc).

Game servers are now generally centralised, in the days of quake anyone could run a local quake server and start playing... Now modern games usually connect to centralised game servers which means you'll have to stop playing multiplayer when the game publisher decides to shut off the servers, theres typically no lan games, and if you happen to be in a country which is far away from where the game servers are hosted then your gameplay will be laggy.

Bittorrent and similar protocols can distribute data very efficiently, but depend on peers being able to connect directly to each other.

The internet was always meant to be end to end addressable, NAT breaks that and adds unnecessary complexity and headaches, ipv6 just restores it to how it was always supposed to work.

Re: need? really?

"I would think ISPs will deploy carrier grade NAT before they deploy IPv6 to the end user, "

You're behind reality. The ISPs that deployed CGN a few years ago are trying hard to put in solutions that cost them less money and less help desk grief. The favoured approach now is native IPv6 to the customer equipment plus 464XLAT to carry legacy IPv4 traffic over the native IPv6.

- coming to you from the IETF v6operations meeting currently in progress in Chicago

Re: need? really?

I know this topic is a couple of weeks old, but your post is the exact reason why IPv6 is not getting deployed.

Morons are in charge.

"I would think ISPs will deploy carrier grade NAT before they deploy IPv6 to the end user"

That statement right there shows that you lack understanding that the user cant reach the web services running on IPv6.

CGNat does nothing to help users gain access to IPv6 ONLY services that exist on the internet.

CGNat ONLY allows a ISP to use a IPv4 addy between users... Virgin Media have said the same idiotic statement that you said.

Re: need? really?

Hard to imagine there would be any services out there that would be IPv6 only.

The biggest plus for home users, as far as I can see, is that if you want to run servers from your home network, then going ipv4 means that you need a static ipv4 address which costs more. If you have native ipv6 and a reasonable amount of tech knowledge you can partition your network and transition from an ipv4-style DMZ into the equivalent ipv6 version. So, all those family-shared photos can go straight to your secure ftp/webdav server instead of Facebook or other cloud servers.

I'm pretty sure that a big factor in ISPs not supporting ipv6 is that they realise that it means that they won't be able to charge extra for static IPs. That, and not wanting to spend money on staff training.

In their defence, they did get around to offering ssl by default after a few years complaining about everyone else not offering it.

They'll get there.

Eventually.

Re: Non Story

Note true, they have removed the option for new customers to have 5 static IP addresses with their business service (for an extra £5 a month).

All in all their service while fast has never be configured to offer a high level of service to business users.

Re: Non Story

I think its got more to do with the fact that the don't want to invest and would prefer to profit gouge for as long as they can get away with it.

If you're still with these assholes, I suggest you switch, and let market forces take care of them.

Why are people still posting this? Why are people still upvoting it??

It'll probably be with a /56-/60, which should be enough address space to avoid NAT. They're unlikely to do NAT on their managed CPEs. This is fine and not mad. It's not a problem for your IoT stuff to have a globally unique address; the important question is whether or not random people can connect to it, and you don't need NAT to stop that from happening.

VM doing v6 won't suddenly render it possible to connect to any of your devices without your permission. Inbound connections will still be blocked by default.

Curious, if they adopt ipv6 will that be nat or would all the devices on my network get unique ipv6 addresses and bypass the firewall?

It doesn't affect me because I would set my separate router to do nat anyway but what about everyone else? IoT devices with unique ipv6 addresses would be madness.

Currently on your IPv4 network every device gets a unique address, so IPv6 is no different, other than there can also be secondary addresses that are internet routable in addition to the local ones (starting with fe80::/16)

Everything works the same on IPv6 as it does on IPv4 in regard to things like routing and firewalls. If you have a firewall and use it to filter traffic, then you can do the same on IPv6 as you do today. Its exactly the same solution to exactly the same problem. Obviously for as long as you dual-stack, you need to do the firewall config on both IPv4 and IPv6 independently, but this is hardly a difficult thing to do as all the principles still remain the same.

As to allowing device access to things like IoT widgets, that's your choice. NAT is not a security mechanism, it never was and never will be. You can NAT on IPv6 if you must, but there is absolutely no need to do so. Why add another layer of translation that just consumes memory on the router, takes time to process and limits your options for end-to-end connectivity where you want it ? You can do all separation you need with just the firewall, just like you used to before NAT arrived with its attempts to conserve IPv4 addresses.

The silly thing with IPv6 is that there are so many false observations from those who don't know - who state how hard it is and how badly broken things are, but nobody seems to look objectively at the current situation and ask WHY is it done like this in IPv4 and then realise that actually there is a heck of a lot that is the same between the two protocols. Generally, those things that are different have been done for a reason - generally very good reasons.

Curious, if they adopt ipv6 will that be nat or would all the devices on my network get unique ipv6 addresses and bypass the firewall?

It's a good question, but it has been asked a lot of times before.

Normally, if you have only IPv4 equipment you won't get any IPv6 traffic, so there's no need to worry about firewalling.

If you are connecting to an IPv6-enabled ISP, you must have equipment that can 'speak' IPv6. Any half-decent IPv6 router (say) is going to contain an IPv6 firewall, and in its default state is going to refuse any external connection unless you configure the firewall to let it through.

So, no, nothing is going to "bypass" the firewall; IPv6 traffic should have its own firewall. IPv6 connections will not be seen by the IPv4 firewall -- and if you currently have a dedicated firewall that only speaks IPv4 you're going to have to upgrade it when you switch to IPv6.

If, however, you use a system that tunnels IPv6 traffic through an IPv4 network, then the IPv6 traffic will pass through the IPv4 firewall unchecked (so long as the firewall is configured to allow the tunnel). This should come as no surprise -- you need to add an IPv6 firewall to be safe.

This last point is one of the reasons that it is better to have native IPv6 support from the ISP rather than relying on some tunnelling scheme: You don't have to worry about firewalling the tunnel if there isn't one.

IoT devices with unique ipv6 addresses would be madness.

Making IoT devices visible on the internet-at-large is madness however you address them. IPv6 doesn't change that, it just means that the devices you do want to make publicly visible can have individual, unique, addresses, rather than having to be addressed through some complicated port-forwarding scheme.

If you think NAT protects your network, then I am sorry to break the news that NAT alone is little more than closing your front door without locking it when you go on holiday for 2 weeks sun.

Firewalls blocking packets provide protection whether you are ip6 or ip4.

> Curious, if they adopt ipv6 will that be nat or would all the devices on my network get unique ipv6 addresses and bypass the firewall?

All devices on your network can assign themselves an IPv6 address from the /64 prefix announced by the router. The ISP router is likely to have an IPv6 stateful firewall that is on by default.

Re: Non Story

""The Register" you are about to ruin things with your lack of streets."

The Reg is a town or city, or something like that?

I'm confused.

Re: Am I the only one...

"Preferring" IPv4 doesn't fix the shortage of addresses, it just says you are comfortable with what you learned years ago. Its like that old pair of slippers or the old chair - it might be nice and may have been comfy, but you can guarantee that the new ones work just as well once you get used to them.

Why do you think IPv6 is "madness" - is it just that you don't understand it or are you worried to learn something new ?

IPv6 is actually very logical when you look at how it works and what it fixes in its predecessors shortcomings.

Re: Am I the only one...

No!

For many things in industry it makes perfect sense, especially when nothing goes out of the building.

Re: Am I the only one...

If you never need to open a connection to another NAT user, and don't mind your connections silently disappearing because a NAT table got bored or filled, or you never throw enough UDP to make it meltdown, then sure.

Most home user's NAT stuff is cheap crap and the above is a pervasive affliction.

Re: My tweet was mentioned...

"turn the lovely SuperHub into a Modem and thus disable over half the device"

I did that the day they changed my old modem into a SuperHub. I prefer my own gear over ISP given "stuff". Less problems.

Re: My tweet was mentioned...

You do not need a static IPv4 address in order to use Hurricane Electric's tunnel service. Before my BT Infinity got IPv6, I was using HE. They have a way for you to tell them your non-static IP address. I'm sure you can find it on their web site.

On another note, BT, to their infinite shame, do not do static IPv6, either for domestic or business customers. I got that from one of their techies. You get a nice /56 delegated prefix, but if your line goes down, when it comes up again, you've got a different prefix. Stupid.

Re: My tweet was mentioned...

FWIW... HE doesn't need a static IPv4 address, works fine with dynamic, including a REST API to update your endpoint address.

Re: I'm Ok with IPV4 for now

An IPV6 address that's really hard to remember.

Re: I'm Ok with IPV4 for now

"Why would I need IPV6? What will it bring me?"

The ability to address and talk to the half of the planet which doesn't yet have Internet at all in any form ? So I was happy with my short 1960ies style telephone number - what did adding extra digits give me ?

That's the most obvious benefit. Not having to talk through proprietary cloud servers due to loss of end to end connectivity with Carrier Grade NAT at both ends between which a connection could usefully be made is the next compromise best avoided, and not having to pay a price to rent an IPV4 address in a market shortage so you can run your own cloud server is a further compromise best avoided, otherwise required to save a limited addressing scheme gone smelly due to being way past its use by date.

Re: Considering

@Rob Crawford their tech support claimed that you can't use the 5GHz channels unless you are using Apple devices as it is specifically for Apples use.

What the blithering F? There is so much wrong with this. My head hurts. Did you have trouble keeping a straight face as they were telling you this??

> Never mind IPv6, let VM sort out stable connections, a working mail system and over subscription, before they try the technical stuff !

If they focused more on techical stuff then they wouldn't have so many technical problems.