02-14-2013 01:18 PM
Hello,
I'm wondering what the current IPv6 status is within Rogers. A search on the forums only shows 10 topics over the past year that even mention IPv6, and there doesn't appear to be any official communications from Rogers since IPv6 day last year.
I know that Rogers (supposedly) supports IPv6 tunneling (although the only person to ask about it did not get any responses).
Solved! Solved! Go to Solution.
03-20-2021 09:22 PM
yup i checked - it's up to date!
trying to follow the instructions in this link... Using-the-Ignite-TV-Modem-Gateway-in-Bridge-Mode but can't say my knowledge of networking isn't much more than moderate.
i have horrendous latency (Rogers investigating for a while now) but also have about 20 devices on my network, so I algo got a proper router (with more than 2 ports) that offers QoS to at least manage what's on my network.
03-28-2021 03:50 PM
Does anyone know how to get a /56 from Rogers? My pfSense it set to request a /56, but everything on the firewall seems to indicate it's only a /64.
The only reason I think maybe I'm getting a /56 is because when I run ipconfig it shows this:
IPv6 Address. . . . . . . . . . . : 2607:fea8:5b00:e1a:b5ac:4450:1ef6:72dd(Preferred)
IPv6 Address. . . . . . . . . . . : 2607:fea8:5b25:2c15:b5ac:4450:1ef6:72dd(Preferred)
I'm not sure why else I'd have an IP from two different subnets.
03-28-2021 04:09 PM
I have no problem getting a /56 from Rogers. Did you request one on the WAN page with DHCPv6 Prefix Delegation size? Where are you seeing those 2 addresses? It seems strange that the last 64 bits are the same for both, but the prefix is different. Also, the prefixes are too far apart to be explained by prefix ID. With a /56, the prefix ID is the rightmost 8 bits of the prefix. Are you trying to manually provide a prefix, in addition to that provided by SLAAC?
I've been running pfsense for about 5 years and it's always worked well. Currently on 2.5.0.
BTW, an easy way to see what's being provided is to look at the available prefixes, when you select prefix ID on a LAN interface. With 2.5.0, it's listed below the box where you enter the value. IIRC, on previous versions, you could select from available prefixes from a drop down list.
03-28-2021 04:21 PM
So I'm going to be honest, I just changed a couple of characters of the prefix just to illustrate they were different, but the suffix part is identical for some reason.
What's strange is I only see a text box for prefix ID. I'm not sure if this is why, but on the LAN page I have IPv6 configuration type set to Track Interface on WAN. Should I be using DHCP6 or SLAAC these days?
03-28-2021 04:33 PM
Here's what I have:
IIRC, this was a drop down list in previous versions, but here it actually specifies the valid range. The suffix is usually determined by the MAC address, so it is possible to have multiple addresses with the same suffix. However, the prefix should be different. Again, where are you seeing those addresses? At a command prompt? The interface page? The dashboard? The LAN page should say track interface and WAN.
03-28-2021 04:35 PM
03-28-2021 05:26 PM
Ahhh I see now! I see it says 0-ff but I didn't realize it was a description that changed. I changed my prefix to /64 and I see it says just 0.
So all is well!
Thank you for your help Jknott!
11-21-2021 02:53 AM - edited 11-21-2021 03:00 AM
Hey guys, can I get a delegated IPv6 prefix from Hitron CGN3ACR modem in Gateway mode on an OpenWRT router connected to it as a Wireless Client? Or its only available directly from CMTS in the modem Bridge mode via wired hookup of the downstream router? Did someone try that or can link a relevant post? If YES, would it be /56 or /64 length prefix? In other words, can Hitron obtain an IPv6 prefix from CMTS and delegate /64 part of it to a downstream router via WiFi?
11-21-2021 07:05 AM
11-21-2021 09:08 PM - edited 11-21-2021 09:17 PM
Gateway mode is often preferred when a house is not ethernet wired, so there is no simple or cheap way to wire hook a remote router directly to the modem. I have a router in WiFi Client mode behind the modem in Gateway mode. The router IPv6 options are switched to relay, and its PC clients receive IPv6 traffic normally.
But their IPv6 addresses are still assigned by the modem and exposed to websites. I want the router clients IPv6 addresses assigned by its own DHCPv6 server to have my IPv6 LAN segment isolated behind NAT6. For that the modem should be able to request from Rogers server, truncate and delegate an IPv6 prefix to the router. I ask if someone succeeded in getting IPv6 prefix delegated to their router in Gateway mode, and of what length? If you don't know that, just ignore my post. 😉
11-21-2021 09:42 PM - edited 11-21-2021 09:51 PM
@arnym21 wrote:
Gateway mode is often preferred when a house is not ethernet wired, so there is no simple or cheap way to wire hook a remote router directly to the modem. I have a router in WiFi Client mode behind the modem in Gateway mode. The router IPv6 options are switched to relay, and its PC clients receive IPv6 traffic normally.
But their IPv6 addresses are still assigned by the modem and exposed to websites. I want the router clients IPv6 addresses assigned by its own DHCPv6 server to have my IPv6 LAN segment isolated behind NAT6. For that the modem should be able to request from Rogers server, truncate and delegate an IPv6 prefix to the router. I ask if someone succeeded in getting IPv6 prefix delegated to their router in Gateway mode, and of what length? If you don't know that, just ignore my post. 😉
Is there any technical reason why you want to implement NAT on an IPv6 network?
NAT was a necessary evil in the IPv4 world due to the problem of address space exhaustion, and it enabled the use of private address space. However, one of the benefits of IPv6 is that we can do away with NAT and all the headaches that it causes.
You may want to read this blog post on NAT66. Yes, there are reasons for implementing it... but it has its downsides as well and it introduces unnecessary complexity.
11-21-2021 09:58 PM
Gateway mode has nothing to do with wheter a house is wired, unless you insist on using the built in WiFi. I don't as I prefer to use a proper access point, mounted in a better location than the modem.
There is no need for NAT with IPv6 as you get a /56 prefix from Rogers. This provides 2^72 addreses, split into 256 /64 prefixes. Also, you cannot delegate prefixes from a modem in gateway mode. It would have only a single /64 and no support for DHCPv6-PD on the LAN side. DHCPv6-PD is how the prefix is provided. I agree with the other post about not using NAT. NAT was created to get around the IPv4 address shortage and breaks some things. It's better left on IPv4 and not contaminate IPv6. Also, NAT does nothing for security that a decent firewall can do.
11-21-2021 10:31 PM - edited 11-21-2021 10:55 PM
@JKnott wrote:
Gateway mode has nothing to do with wheter a house is wired, unless you insist on using the built in WiFi. I don't as I prefer to use a proper access point, mounted in a better location than the modem.
If I understand correctly, @arnym21 is connecting an OpenWrt router to the Rogers gateway via Wi-Fi and apparently wants to masquerade or obfuscate the addresses of the end systems behind it using NAT66. It's an unusual configuration.
11-22-2021 01:42 PM - edited 11-22-2021 01:54 PM
I'm not comfortable with my PCs IPv6 addresses exposed to WAN, other modem WiFi users and browsed websites. Are you comfortable with that for your devices?
Anyway, many folks switch the modem to Bridge mode namely for security reasons regardless of modem, router or end devices firewall existence and settings. I don't see why would Rogers refuse to provide proper length prefix in modem Gateway mode to customers who want their IPv6 LAN be isolated behind NAT6 in a similar way??? In particular, those customers who are accustomed to popular OpenWRT and DD-WRT router freedom firmware allowing more customization and security.
In short, this is not their business to restrict how the end user configures their LAN. They are expected to provide means to not hamper legitimate LAN config options, whether such options are more or less popular among users. In fact, most users have no idea about LAN config at all, but Rogers should not target such users as prime and only customers deserving attention. 😚
11-22-2021 02:00 PM - edited 11-22-2021 02:04 PM
No I don't get a /56 prefix from Rogers on my WiFi Client router, or any prefix for that matter. This is seriously hampering my right to configure own IPv6 LAN segment in a manner preferred by me as a Rogers customer. In fact, providing modem Bridge mode for Rogers modem-routers was caused in the past by massive customer demand for LAN security, and by now nobody even questions whether it was needed or not.
11-22-2021 02:19 PM
@arnym21 wrote:
I'm not comfortable with my PCs IPv6 addresses exposed to WAN, other modem WiFi users and browsed websites. Are you comfortable with that for your devices?
Yup. I'm totally fine with it.
Anyway, many folks switch the modem to Bridge mode namely for security reasons regardless of modem, router or end devices firewall existence and settings.
I do as well. Similar to what @JKnott described, I also request either a /56 or /60 PD. Even if you do not subnet internally, a /64 delegation gives you more address space than the entire IPv4 Internet. My firewall provides me with all the protection that I need, and implementing NAT66 would not significantly improve security or privacy... and any miniscule gains are not worth the downsides.
I don't see why would Rogers refuse to provide proper length prefix in modem Gateway mode to customers who want their IPv6 LAN be isolated behind NAT6 in a similar way??? In particular, those customers who are accustomed to popular OpenWRT and DD-WRT router freedom firmware allowing more customization and security.
In short, this is not their business to restrict how the end user configures their LAN. They are expected to provide means to not hamper legitimate LAN config options, whether such options are more or less popular among users. In fact, most users have no idea about LAN config at all, but Rogers should not target such users as prime and only customers deserving attention. 😚
I'm not sure what you are hoping to achieve or why you are asking for what you were originally asking for. If you are implementing NAT66, you should be fine with the single IPv6 address that you get from the gateway. If you want a pool of IPv6 addresses to NAT 1-1 onto, then there is still no practical gain.
If you want to live in a NAT-only world, you would be better off just disabling IPv6 on your own internal router and use IPv4 in a double-NAT configuration. That would make you "extra extra secure".
11-22-2021 02:25 PM
Your IPv6 addresses are not exposed to the Internet. They are behind a firewall. Also, with IPv6, you have a consistent IPv6 address and up to 7 privacy addresses. You use the privacy addresses when you connect to something, such as a web site and you get a new one every day. The consistent address is used when you want others to reach you for a server etc. That address has to be made available to the world if you want it to be. You configure the firewall to allow access to that address. You never allow access to the privacy addresses. Also, unlike IPv4, with the IPv6 address space so sparsely populated, scanning for a target is virtually impossible. A single /64 prefix contains 18.4 billion, billion addresses, which is the entire IPv4 address space squared. As for Rogers not providing a longer prefix, it's not them. In gateway mode, only a single /64 is provided. There is nothing left to pass on to other routers. And, again, there is no provision for prefix delegation behind gateway mode. As for those who have no idea about LAN config, Rogers provides a modem in gateway mode that can be used right out of the box, without configuration. For others, such as me (I'm a Cisco CCNA BTW), bridge mode is available, which can be used with a customer provided router and the customer then becomes responsible for configuring it. In my case, I run pfsense for my firewall/router. This allows me to take the /56 prefix from Rogers and split it into 256 /64s. I currently use 4. I can do much more with pfsense than you can with the modem in gateway mode or that you can do with *WRT. It's all a matter of the right tool for the job. Wishful thinking won't change that.
11-22-2021 02:30 PM
@arnym21 wrote:No I don't get a /56 prefix from Rogers on my WiFi Client router, or any prefix for that matter. This is seriously hampering my right to configure own IPv6 LAN segment in a manner preferred by me as a Rogers customer. In fact, providing modem Bridge mode for Rogers modem-routers was caused in the past by massive customer demand for LAN security, and by now nobody even questions whether it was needed or not.
Where are you getting that nonsense from? Gateway mode provides an easy to use box that the customer can just plug in and go. Bridge mode is for more sophisticated users who know how to properly set up networks and have the appropriate equipment to do so. Bridge mode does not provide any security. It provides a bare connection to the Internet and it's up to the customer to provide a firewall and configure it properly.
11-22-2021 08:18 PM - edited 11-22-2021 08:24 PM
If you are implementing NAT66, you should be fine with the single IPv6 address that you get from the gateway. If you want a pool of IPv6 addresses to NAT 1-1 onto, then there is still no practical gain.
Would you care to explain for other interested Rogers customers, how exactly they can setup NAT66 on their downstream routers with clients getting IPv6 traffic by using a single IPv6 address received from the modem in Gateway mode without any IPv6 prefix? Or pls provide a weblink with some example of such setup, for example for an OpenWRT router, since its more flexible in config compare to consumer routers with factory firmware?
11-22-2021 11:02 PM - edited 11-22-2021 11:43 PM
@arnym21 wrote:
If you are implementing NAT66, you should be fine with the single IPv6 address that you get from the gateway. If you want a pool of IPv6 addresses to NAT 1-1 onto, then there is still no practical gain.Would you care to explain for other interested Rogers customers, how exactly they can setup NAT66 on their downstream routers with clients getting IPv6 traffic by using a single IPv6 address received from the modem in Gateway mode without any IPv6 prefix? Or pls provide a weblink with some example of such setup, for example for an OpenWRT router, since its more flexible in config compare to consumer routers with factory firmware?
The blog post that I referenced earlier outlines the basic technique. However, I can't provide you with specific configuration advice on how to do this; it would not occur to me to set such a thing up. I don't even know how well it would work in practice.
Rogers only supports the default configuration that they provide. For most users, this is sufficient. If you have more advanced requirements, you may need to put the Rogers gateway into Bridge Mode, supply your own equipment, and configure it according to your needs, subject to the constraints of what you can and cannot do with a residential Internet service.
11-23-2021 12:54 AM - last edited on 11-23-2021 08:02 AM by RogersCorey
Thank you guys for providing interesting comments beyond typical consumer rant. The referenced blog is quite interesting as well, especially its readers comments. Its not practical enough for a home internet user to implement as it doesn't rely on a typical router IPv6 GUI or config options. Hence the router IPv6 config in the modem Gateway mode remains a mystery because Rogers fails to provide IPv6 prefix to downstream equipment in that mode. Furthermore, some folks are so used to such nonsense they defend it as the only possible while it is NOT. It all depends on us Rogers customers to demonstrate the need for improvement.