For IPv6 one must use the modem/router from the provider. When
the modem/router from the provider is set in bridge mode, the
connection becomes IPv4 only.
This looks very similar to what I've heard from a Rostelecom
representative. This probably means that the IPv6 is not really
"native" and there is some kind of tunnel terminated at the
provider-owned CPE.
The odd thing is that on a premium bussines account there is no such restriction. With such an account one has dual stack with the modem in bridge. So I don't think your theory is correct.
Do you see the WAN address of the router in the `traceroute -6`
output?
I do. I never checked this before... The line number 1 is the address
of my router. What did I win? :)
tommi@pyx:~$ traceroute6 dns.google
traceroute to dns.google (2001:4860:4860::8888) from 2001:14bb:1c6:e06f::15, 30 hops max, 16 byte packets 1 dyjdry78ccrbs--1pt5ty-4.rev.dnainternet.fi (2001:14bb:1c6:e06f:8213:82ff:feac:8660) 0.568 ms 0.437 ms 0.406 ms
2 * * *
3 * * *
4 2001:4860:1:1::2305 (2001:4860:1:1::2305) 23.58 ms 37.876 ms
23.834 ms 5 2001:4860:1:1::2304 (2001:4860:1:1::2304) 32.267 ms
28.794 ms * 6 2a00:1450:805f::1 (2a00:1450:805f::1) 32.423 ms *
27.819 ms 7 dns.google (2001:4860:4860::8888) 24.711 ms 17.996 ms 28.852 ms
>> Do you see the WAN address of the router in the `traceroute -6`
>> output?
TK> I do. I never checked this before... The line number 1 is the address
TK> of my router. What did I win? :)
Your router's WAN interface is probably not unnumbered. It's just fun to know.
The odd thing is that on a premium bussines account there is no
such restriction. With such an account one has dual stack with
the modem in bridge. So I don't think your theory is correct.
Maybe it is not. Is this an arbitrary marketing restriction then, what
do you think?
Those of you lucky to have a *native* IPv6 connection from your
ISP, could you please share what network topology your ISP
offers. E.g.
Do you see the WAN address of the router in the `traceroute -6` output?
tracert -6 dns.google
2. A /64 on the internal interface of ISP-owned CPE
2. A /64 on the internal interface of ISP-owned CPE
If appears that 2 is the closest.
Additionally, I can ping my router's public IPv6 address from the LAN side, don't know about the WAN side. I also can make IPv6 connections
to sites on the Internet, infact, macOS 11+ default to IPv6 first; and
my Linux system has been updated to do the same.
Additionally, I can ping my router's public IPv6 address from
the LAN side, don't know about the WAN side. I also can make
IPv6 connections to sites on the Internet, infact, macOS 11+
default to IPv6 first; and my Linux system has been updated to do
the same.
OK, so you have outgoing IPv6 capbility. But incoming is still a
problem. Can you expand a bit on what attempts you have made to
achieve incoming and why you think it didn't work?
Those of you lucky to have a native IPv6 connection from your ISP,
could you please share what network topology your ISP offers. E.g.
OK, so you have outgoing IPv6 capbility. But incoming is still a
problem. Can you expand a bit on what attempts you have made to
achieve incoming and why you think it didn't work?
Ah, two reasons.
a) I'm not in direct control of the router, my roommate is the
"customer" on the account and he is non-techincal. Thus I have to
walk him through the changes on the Xfinity app to allow pin-holes in
the default firewall/router.
b) After much of the "walking through", Xfinity/Comcast would 'clean'
the firewall rules of the required settings; both for IPv4 and IPv6.
Neither of these are probably Comcast's issues; more likely my /non-techincal/ roommate.
For a real solution, I am awaiting for permanent employment before I
just into getting my very own connection.
Very odd. A normal reboot would not do that, only a factoy reset. ISPs
can initiate both, and a reboot is not all that strange, but a factory reset would not normally be done by an ISP.
Long story short: She's using the box from her ISP with the settings imposed upon her from that horrible box that provides fantastic
speeds.
A modem/router that factory resets at power down?
What can I say? I thought the my ISP provided modem/router was crap, but this is worse than I ever thought could happen...
The box they provide her (which is also her wifi router) "factory[...]
resets" every time there is a power outage. When she first got the
Long story short: She's using the box from her ISP with the
settings imposed upon her from that horrible box that provides
fantastic speeds.
Very odd. A normal reboot would not do that, only a factoy reset.My Mom has a fiber-to-the-house connection with symmetrical gigabit
ISPs can initiate both, and a reboot is not all that strange, but
a factory reset would not normally be done by an ISP.
speeds at her house (which isn't available here, and I'm totally not jealous) from her local power company.
The box they provide her (which is also her wifi router) "factory
resets" every time there is a power outage. When she first got the connection she was using the default wifi SSID which was a prefix
and the mac-address of the router, along with a super long and
complicated password.
I made it more simple for them by making the wifi name more personal
to them and giving them a memorable passphrase instead of that
complicated password, sure enough the next time the power went out it reverted back to factory settings. "No big deal" I thought, I just
set their box to bridge mode and added my own wifi box and set her up
that way.
What can I say? I thought the my ISP provided modem/router was crap,Yeah, I didn't really believe it when my Mom told me that's what
but this is worse than I ever thought could happen...
it does, but sure enough, she was right. While he default SSID is
gnarly looking, at least the default password isn't insecure.
To help in that department I made a wifi QR code for her using https://qifi.org so that guests can just scan that QR code instead
of typing in that super long password.
2. A /64 on the internal interface of ISP-owned CPE
If appears that 2 is the closest.
Xfinity / Comcast of Dover, Delaware (USA)
I've got a dynamic IPv6 Address on my router WAN side reporting (via a FUGLY web interface):
WAN IP Address (IPv6): 2001:558:6027:19:c4e3:1bee:faf8:939d
WAN Default Gateway Address (IPv6): fe80::201:5cff:fe80:6846
Delegated prefix (IPv6): 2601:48:c500:9340::/64
Interally::
Mac worstation [ifconfig en0] [GbE]
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO>
ether 14:98:77:33:fb:b5
inet6 fe80::14ad:ef4c:c045:132f%en0 prefixlen 64 secured scopeid
0x6
inet6 2601:48:c500:9340::c0e3 prefixlen 60 dynamic
OK, so you have outgoing IPv6 capbility. But incoming is still a
problem. Can you expand a bit on what attempts you have made to
achieve incoming and why you think it didn't work?
Jay Harris wrote to Michiel van der Vlist <=-
To help in that department I made a wifi QR code for her using https://qifi.org so that guests can just scan that QR code instead of typing in that super long password.
What can I say? I thought the my ISP provided modem/router was
crap, but this is worse than I ever thought could happen...
Yeah, I didn't really believe it when my Mom told me that's what
it does, but sure enough, she was right. While he default SSID is
gnarly looking, at least the default password isn't insecure.
To help in that department I made a wifi QR code for her using
https://qifi.org so that guests can just scan that QR code
instead of typing in that super long password.
Entering your WiFi prameters on an external resource is a very unwise idea.
echo 'WIFI:T:WPA;S:Muzenirres;P:ds4tN3oxUzku61WD;;' \
| qrencode -s 50 -l H -8 -d 600 -o my_wifi.png
inet6 2601:48:c500:9340::c0e3 prefixlen 60 dynamic
This is very interesting. Why "prefixlen 60" on the LAN?
inet6 2601:48:c500:9340::c0e3 prefixlen 60 dynamic
This is very interesting. Why "prefixlen 60" on the LAN?
Perhaps - an educated guess here - Comcast's provided gateway has, potentially, 4 internal LAN interfaces. It could be configured with a 5GHz WiFi subnet, a 2.4GHz one, the GbE ports, and a 'Xfinity Home'
port. I haven't investigated what the "Home" port is used for, but
that may explain the breaking down of the /64 to /60. Again, just a theory.
inet6 2601:48:c500:9340::c0e3 prefixlen 60 dynamic
This is very interesting. Why "prefixlen 60" on the LAN?
Whatever Comcast's intentions, are you sure that a LAN with a
prefixlen different from /64 will work properly? Will a non-standard prefix not break SLAAC and other things?
This is where my theoretical knowledge is lacking, but I've always
been warned against using anything different from /64 on a LAN
segment.
The gateway and my dozen+ devices do not seem to have any issues
getting dynamic IPv6 addresses, and since most are Apple, IPv6 is the prefered connection method. As an "end-user", I don't know why
Comcast has chosen to give my network MORE address space; like 1800000000000000000+ addresses wasn't enough; they've given me 295000000000000000000+ addresses.
In reality, for an end user network, /96 is plenty with 2^32 addreses,
and /112 is even more reasonable with 2^16 addresses; especially when
you compare it to the default settings on every consumer IPv4 gateway
with 2^8 addresses.
The gateway and my dozen+ devices do not seem to have any issues
getting dynamic IPv6 addresses, and since most are Apple, IPv6 is
the prefered connection method. As an "end-user", I don't know
why Comcast has chosen to give my network MORE address space;
like 1800000000000000000+ addresses wasn't enough; they've given
me 295000000000000000000+ addresses.
Actually compared to other ISP they are a bit miserly. They only give
you a /60. My ISP gives me a /56 and many others issue a /48.
WAN IP Address (IPv6): 2001:558:6027:19:c4e3:1bee:faf8:939d
WAN Default Gateway Address (IPv6): fe80::201:5cff:fe80:6846
Delegated prefix (IPv6): 2601:48:c500:9340::/64
Sysop: | Fercho |
---|---|
Location: | La Plata, Buenos Aires |
Users: | 31 |
Nodes: | 10 (0 / 10) |
Uptime: | 106:48:01 |
Calls: | 104 |
Files: | 15,520 |
Messages: | 31,944 |