02-14-2013 01:18 PM
Hello,
I'm wondering what the current IPv6 status is within Rogers. A search on the forums only shows 10 topics over the past year that even mention IPv6, and there doesn't appear to be any official communications from Rogers since IPv6 day last year.
I know that Rogers (supposedly) supports IPv6 tunneling (although the only person to ask about it did not get any responses).
Solved! Solved! Go to Solution.
10-12-2016 02:41 PM
Thanks @RogersDave for the info.
My modem is model is a Quectel EC20-A Mini PCIe.
http://www.quectel.com/product/prodetail.aspx?id=84
I have query the modem using AT commands and says it supports IPv4v6.
10-12-2016 02:48 PM - edited 10-12-2016 02:49 PM
@HeavyMetal wrote:Thanks @RogersDave for the info.
My modem is model is a Quectel EC20-A Mini PCIe.
http://www.quectel.com/product/prodetail.aspx?id=84
I have query the modem using AT commands and says it supports IPv4v6.
Can you give me the output of "AT+CDGCONT?", this should list your current APN configuration and will be a good starting point.
10-12-2016 02:55 PM
@RogersDave AT+CDGCONT? gives "ERROR"
But AT+CDGCONT? shows
AT+CDGCONT? ERROR AT+CGDCONT=? +CGDCONT: (1-16),"IP",,,(0-2),(0-4) +CGDCONT: (1-16),"PPP",,,(0-2),(0-4) +CGDCONT: (1-16),"IPV6",,,(0-2),(0-4) +CGDCONT: (1-16),"IPV4V6",,,(0-2),(0-4) OK
10-12-2016 03:17 PM
You will need to issue the following command to set your primary APN as dual-stack. Hopefully that will be sufficient.
at+cgdcont=1,"IPV4V6","ltedata.apn","0.0.0.0",0,0
There might be more to be done, depending on what OS you are using. It is always tricky to get these modems to work correctly with IPv6 from my experience.
Dave
10-14-2016 06:53 PM
10-14-2016 10:11 PM - edited 10-14-2016 10:11 PM
@gp-se looking at my Asus RT-AC68U, here are the settings that should resemble what you have on your R7000.
Connection type: Native
DHCP-PD: Enable
Configuration: Stateless or Statefull (either one should work without issue. I usually use Statefull)
IPV6 DNS Setting:
Connect to DNS Server Automatically: if enabled, uses the Rogers DNS
if disabled, uses the DNS specified by the user
OpenDNS: IPV6 DNS address:
2620:0:ccc::2
2620:0:ccd::2
Google IPV6 DNS address:
2001:4860:4860:0:0:0:0:8888
Router Advertisement: Enabled
Just to note, Netgear routers filter IPv6 ICMP. ICMP is required to run IPv6, so, this is a definite problem. See the following thread:
https://community.netgear.com/t5/Nighthawk-WiFi-Routers/IPv6-ICMP-Filtered/td-p/1088538
There are probably other threads on the net that discuss the same situation.
You could consider using XWRT-VORTEX. There are a couple of people in the forum who use that firmware on their R7000. I haven't seen any complaints, so, don't know if there are any issues with it. My only concern is that its hosted on a russian server.
10-14-2016 11:14 PM
"As I have mentioned in other threads here I worked with Netgear for months last year trying to get them to simply stop filtering the ICMP/v6 packets by changing a firewall rule and they have refused saying its a security risk. I don't understand why the network engineers at Netgear don't get that these packets must NOT be filtered for IPv6 to work properly."
It's amazing how some companies/people can be so clueless. It reminds me of an incident I had with Adtran, about 5 years ago. I was working for a contractor on the Rogers LTE rollout project. We were installing Ethernet switches, along with other gear. I asked an Adtran sales rep about their equipment, as I had previous experience with them. I asked if their equipment supported IPv6. He said the switches did, but routers didn't (any switch, of any vintage that doesn't support IPv6 is defective, as it doesn't operate at layer 3). The switch management interface was also IPv4 only. He said no one used IPv6. Well at the time, I was already running it at home. We also had it at the office and Rogers is now providing IPv6. I told him that we wouldn't be buying any gear that didn't fully support IPv6, as it was obsolete. More recently, I set up a VoIP system for a small comany, a few weeks ago. I noticed Rogers was providing them with IPv6, as well as IPv4. However, the company's IT guy blocked IPv6. I have found many otherwise competent IT guys are unable or unwilling to work with IPv6. Sad.
10-15-2016 01:48 AM - last edited on 10-15-2016 03:29 PM by RogersPrasana
Anybody knows what happened to IPv6 at least in Richmond Hill? Everything was up and running and suddenly I've noticed that however my network saying everything is fine and I've got IPv6 from Rogers it doesn't work, seems like route is broken somewhere? Here's simple tracert from my network:
tracert 2001:4860:4860::8888
Tracing route to google-public-dns-a.google.com [2001:4860:4860::8888]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 2607:fxxxx:xxx:xxxx:xx
2 166 ms 132 ms 158 ms 2607:f798:804:1e2::1
3 112 ms 113 ms 103 ms 2607:f798:10:c9c:0:690:6325:5049
4 * ^C
Can ping last address but nothing after that.
ping 2607:f798:10:c9c:0:690:6325:5049
Pinging 2607:f798:10:c9c:0:690:6325:5049 with 32 bytes of data:
Reply from 2607:f798:10:c9c:0:690:6325:5049: time=96ms
Reply from 2607:f798:10:c9c:0:690:6325:5049: time=103ms
Reply from 2607:f798:10:c9c:0:690:6325:5049: time=126ms
Reply from 2607:f798:10:c9c:0:690:6325:5049: time=90ms
Ping statistics for 2607:f798:10:c9c:0:690:6325:5049:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 90ms, Maximum = 126ms, Average = 103ms
Thanks,
K.
10-15-2016 07:31 AM
10-15-2016 09:34 AM - edited 10-15-2016 09:43 AM
@gp-se whatever you do buy, look for a processor that runs faster than 1 Ghz. The RT-1900P is an upgraded RT-AC68U. I believe it has a 1.4 Ghz processor. Other than that its the same router. I can vouch for my RT-AC68U. I've never had any problems with it and its only down when I update the firmware. It only has an 800 Mhz processor so for 1 Gb/s speeds its underpowered now.
I don't believe there is a router on the market that will support 1 Gb/s speeds. The processors just don't have the capability. Now its getting to the point where one has to seriously consider something like a PfSense router, which can be built on just about anything in order to run those speeds and any functions like traffic monitoring, packet inspection, etc, etc. With that you would run an additional wifi access point whose function is solely to provide the ethenet to wifi bridge. The router would do all of the heavy lifting.
Later today or tomorrow I'll post some speed test results from my RT-AC68U which really show how much of an effect the router functions can have on the throughput speeds. That will really show the necessity to look for faster processors, beyond 1 Ghz, when purchasing a router to go along with 1 Gb/s service.
Also have a look at the http://www.smallnetbuilder.com/ site to check some of the wan to lan speeds of the newer routers.
http://www.smallnetbuilder.com/tools/charts/router/bar/179-wan-to-lan-tcp
Those are interesting numbers. The one problem on the site is that they don't detail the various functions that are running and those functions can have a huge impact on the throughput,so, you have to look at the indicated numbers with a very critical eye, so to speak.
I noticed your upload speed from the other post. I'm assuming that your modem has V4.5.8.21 loaded. For now, stay on that version. It looks like .22 and above has reduced the upload rates for some reason. Hopefully we'll see more info regarding that problem next week.
10-15-2016 10:08 AM - edited 10-15-2016 10:35 AM
@Pashator, that looks like a misconfigured server, or, the server has some files that are missing and as a result, the returning IPV6 data heading back to your pc can't make it past the last server that has a full IPV6 address. You could try calling tech support and ask to speak with a Level II tech. The Level I tech can't help. The Level II tech should understand when you tell him or her that the server is misconfigured or has files missing, to, any IPV6 data beyond that server is not returned. He or she won't be able to fix that, but, should be able to recognize the issue and pass that on to the network engineering staff to rectify. Please try that and let me know if that works. If it doesn't work, there is a plan B.
My guess would be that if it worked before, someone has gone into the server configuration and done something, or possibly the server has been replaced and the replacement hasn't been properly configured.
Edit: I've sent a message to the mods to edit your modem's IPv6 address out of the above post. I'd prefer that IPV6 addresses and MAC addresses to not be left out in the open.
10-15-2016 01:35 PM
@JKnott wrote:I have found many otherwise competent IT guys are unable or unwilling to work with IPv6. Sad.
Well, I disabled IPv6 at home after tests indicated that neither the modem in gateway mode (CGNM-3552, firmware 4.5.8.21) nor my router (TP-Link Archer C7) perform ingress traffic filtering on IPv6. Perhaps I am being paranoid, but I feel a need for some more warms and fuzzies than a statistical "it is next to impossible to scan a /64 for potentially vulnerable devices".
Could Rogers pull some strings at Hitron to implement support for RFC6092 on their gateways? Or at the minimum have the gateway do some basic SPI on IPv6...
In the meantime, I will start saving for a D-Link DIR-895L...
10-15-2016 02:00 PM
10-15-2016 02:05 PM
@djubre wrote:
@JKnott wrote:I have found many otherwise competent IT guys are unable or unwilling to work with IPv6. Sad.
Well, I disabled IPv6 at home after tests indicated that neither the modem in gateway mode (CGNM-3552, firmware 4.5.8.21) nor my router (TP-Link Archer C7) perform ingress traffic filtering on IPv6. Perhaps I am being paranoid, but I feel a need for some more warms and fuzzies than a statistical "it is next to impossible to scan a /64 for potentially vulnerable devices".
I also have a Hiltron modem and put it in bridge mode. I have pfSense running on an old computer for my firewall/router. Works fine.
10-15-2016 02:27 PM - edited 10-15-2016 02:28 PM
pfSense is a good idea. I might acquire an old small form factor PC to be my firewall.
But most Rogers customers will just run the Hitron gateway in the default configuration, and will get no security over IPv6. As more and more woefully insecure IoT devices enter the market, and are being deployed in full view of the good old Internet, things may get real ugly. The gateway really needs some security added to it in the default configuration.
/steps off the soapbox
10-15-2016 03:50 PM
@djubre wrote:
pfSense is a good idea. I might acquire an old small form factor PC to be my firewall.
I have been running PC-based devices as my main NAT router for 15 years now. Wow, do I ever feel old...
I would be very nervous about any 'older' PC as a firewall, or really any PC if you're going to be getting into gigabit world.
Before I got my current box, the previous one was a ~2000-2 Celeron 600. By the time I retired that box in 2011 or so, it was unable to actually handle the Rogers connection I had then. That would have been the D3 'Extreme' with a Cisco DPC 3825 - I feel like it was either 35 or 45 megabits/sec down? I actually could get that speed in speedtests... but no speedboost. When I replaced the box, suddenly I was seeing speedboost.
My current box is a SFF Shuttle box, LGA775, running a 'Pentium' E5200 with two onboard Realtek NICs. It seems to handle my 250 megabit/sec service just fine, but...
If you wanted a set up able to do line rate on two gigabit interfaces (remember, when you're looking at I/O buses, what comes in one interface needs to come out of another), then I don't know whether anything older/home-grade could do it. (Sure, I presume a fancy PCI-E x4 or whatever server NIC would be fine... but... eeek that would get pricy)
10-15-2016 03:57 PM
10-15-2016 05:24 PM
@VivienM wrote:
@djubre wrote:pfSense is a good idea. I might acquire an old small form factor PC to be my firewall.
I have been running PC-based devices as my main NAT router for 15 years now. Wow, do I ever feel old...
I would be very nervous about any 'older' PC as a firewall, or really any PC if you're going to be getting into gigabit world.
Speaking of old, the last time I ran a PC as a firewall, it was a Pentium with 512M of RAM running OpenBSD 3.0.. Good times.
The performance point is well taken, and in most cases a commercial router would be cheaper to acquire and operate in the long run. Especially for those of us paying Ontario electricity rates.
But I'd rather have Hitron fix the IPv6 firewall in the modem firmware, and benefit everyone... 🙂
10-15-2016 07:23 PM
I'll try to reach 2nd level on Monday. And yes everything was perfectly fine since service was started somewhere back in June, I don't check it every day and IPv4 runs fine so just noticed couple of days ago. I'll post an update when have it.
P.s. Thanks for the edit, completely skiiped my mind.
Thanks,
K.
10-15-2016 10:28 PM
10-16-2016 12:01 AM
That all depends on how many and what type of functions are running on the router. If you followed any of the discussions above, you might want to consider something like a pfsense router, microtik, etc. Personal opinion, in order to run high data rates and functions like packet inspection, traffic monitoring etc, etc, its going to take a router with a lot more horsepower than is currently available on the consumer market. It looks like consumer routers are topping out at 1.7 Ghz processors at the current time. Is that fast enough to run whatever functions you would like to use? Thats the question.
I'd like to see examples of data rates for routers like pfsense, microtik, and others, along with a list of the functions that are running for security purposes and the processor speeds. I'd specifically like to see those rates from individuals running the 1 Gb/s plan. That would give people like yourself, and myself as well, some idea of the capability of those routers. I'll post the data rates thru my RT-AC68U tomorrow, both IPV4 and IPV6 for comparison purposes. IPV6 rates take a real beating when some of the AI Protection is up and running.
If you think down the road, possibly near road, Docsis 3.1 will be emerging with multi-gigabit speeds. That's going to take serious horsepower to support multi-gig rates with various security functions running. There is also the issue of multi-gig ports which @VivienM mentioned. That's going be built into the motherboard or added with an expensive 10 Gig card. There is also the issue of the recent spec IEEE approval of multi-gig data rate specs, specifically 2.5 over Cat 5e and 5 Mb/s over Cat 6. When that percolates down into the consumer market, its going to make 1 Gb/s and multi Gb/s data rates easier to handle within local networks. Hopefully it will reduce some of the cost as well. Only problem is, its not here yet!
http://arstechnica.com/gadgets/2016/09/5gbps-ethernet-standard-details-8023bz/
So, what to do at the present time? Consider restricting your search to routers that have 1.7 Ghz processors if you're looking to go with a consumer type of router. Here's an example of what Asus is currently working on:
I think Netgear has 1.7 Ghz processors in some of their products, but, with their filtering of IPV6 ICMP I wouldn't go there.
Or, consider biting the bullet and build a router with 10Ge ports onboard. That should suffice well down the road.
Maybe others might have some suggestions??