Re: [AFMUG] DSL Router Recommendations

[Jesse DuPont]

(Background: all our SM's are bridged). For IPoE, we're having to do both SLAAC and DHCPv6-PD towards customers. SLAAC gives their router a global v6 address on their router's WAN port (needed if it's originating any v6 traffic such as DNS proxy, NTP, etc., but no customer LAN traffic is coming from that address whatsoever). We're also advertising the "managed-config" flag, which tells their router to ask for a prefix via DHCPv6-PD. Once our router assigns them the prefix, it installs a route to that prefix (via the customer's WAN link-local address) and the customer's router installs that prefix on it's LAN with SLAAC. For PPPoE, we just configure that same v6 pool for both the "Remote IPv6 Prefix Pool" (the PPPoE SLAAC equivalent) and the "DHCPv6 PD Pool" (MikroTik speak). In this scenario, each customer router receives a /64 for its LAN and a separate /64 for it's WAN. Once prefixes are assigned, v6 routes are installed by the PPPoE process for each prefix assigned, pointing to that customer's PPPoE iface. Works the same on Cisco (and others, I assume). Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 5/3/16 10:41 AM, Josh Luthman wrote: Do you mind if I ask how you're managing v6?  How are you allotting customer blocks/IPs? How do you hand off the v6?  DHCPv6?  SLAAC? Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Tue, May 3, 2016 at 12:30 PM, Jesse DuPont <jesse.dup...@celeritycorp.net> wrote: We're 100% dual-stacked, v4/v6. If a customer's router supports v6, they'll get a prefix from us. Here are the interesting points: About 40% of all our customer have a v6 prefix (i.e. at a minimum their routers support v6). Any router we sell is configured by the installer for v6 (forcing the adoption :) ) We do graph v4 and v6 separately (at the edge) and about 10-12% of all our traffic is consistently v6. Sometimes it jumps up to 20% for a while. This holds true for both directions. To expand on what Dennis said, just because someone gets a v6 prefix, doesn't mean they'll have a lot of v6 traffic. It seems while most modern mobile phones, tablets and Win 8/10 and Mac OS X (combined with modern browsers and apps) readily use v6, most smart TVs/streaming boxes AREN'T using v6 yet (I think the new Apple TV might be). So even though Netflix is v6 capable, the majority of playing devices aren't so therefore it happens over v4. Other somewhat interesting, slightly OT v6 stuff: As an experiment, I watched Torch of an iPad streaming a Netflix movie. The iPad had both v4 and v6 global. Of course, with any HLS, the player is downloading 10s or 20s segments at a time. When it would download the next segment it did it with 4 separate TCP substreams (not abnormal), but it would switch between v6 and v4, often times using both at the same time. One segment would be three v6 substreams and one v4 substream, next time it would be 2/2, and so on. Contrast that with Youtube, which on a v6 device, will be 100% over v6; same with Facebook. Separately: I had a customer call in last week; his DirecTV DVR quit working consistently (no guide data, couldn't connect) and when it did, it would only work for a while, then quit again. Two things were happening: I had one v6 DNS server down for a few days. Most everything used the secondary DNS server, but not his network. 2nd thing: At that site, I was only doing prefix delegation (PD). This meant his router was receiving a global v6 prefix and advertising it on his LAN, but wasn't getting a global V6 address on it's WAN port (which isn't needed for v6 routing, but could be needed if the router is doing DNS proxy using v6 DNS servers, for example). Once I let his router's WAN port have a global v6 address along with his delegated prefix for the LAN, all was golden again. Jesse DuPont Network Architect email: jesse.dup...@celeritycorp.net Celerity Networks LLC Celerity Broadband LLC Like us! facebook.com/celeritynetworksllc Like us! facebook.com/celeritybroadband On 5/3/16 8:23 AM, Ty Featherling wrote: I'm curious why my traffic isn't' reflecting this. I'll look into routes and make sure it all looks right. On another note; has anyone been following this whole Google - Comcast IPv6 kerfluffle?  -Ty -Ty On Tue, May 3, 2016 at 9:20 AM, Mike Hammett <af...@ics-il.net> wrote: Yeah, I think AWS is the last thing that people really care about *not* on IPv6. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP From: "Josh Reynolds" <j...@kyneticwifi.com> To: af@afmug.com Sent: Tuesday, May 3, 2016 9:11:38 AM Subject: Re: [AFMUG] DSL Router Recommendations OH REALLY?!? WOW! *whistles" SO NOW I KNOW!!! :O .... *grin* I think one of the last remaining large holdouts is AWS as a whole. (There are parts ipv6 enabled, but it's still a mess.) Other than that, as Service Providers we're probably going to end up having at least a rudimentary CGNAT deployment for a decade if not more, especially for those of us with large/old industrial/banking/healthcare customers... ... For stuff that should have been retired 20 years ago but is CRITICAL to their business, and won't run ipv6. (For a perfect example of old tech still in use, Google "Compaq laptop McLaren" :P ) On May 3, 2016 8:45 AM, "Mike Hammett" <af...@ics-il.net> wrote: Traffic going IPv6 will bypass NAT end-to-end. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP From: "Josh Reynolds" <j...@kyneticwifi.com> To: af@afmug.com Sent: Tuesday, May 3, 2016 8:41:28 AM Subject: Re: [AFMUG] DSL Router Recommendations To be technical, it's not going to remove NAT on your network for the foreseeable future unless when you add IPV6 that you also give everybody a public IPV4 as well :P Maybe a decade from now we'll be able to ditch NAT :( Yes, there are several v6/v4 and v4/v6 translation mechanisms, but those are really just different types of Network Address Translation, regardless of if they are officially called that or not. (Not that you don't know this Mike, I just don't want the nice people following along with the list to get the wrong information about the ipv6 transition.) On May 3, 2016 8:35 AM, "Mike Hammett" <af...@ics-il.net> wrote: Having NAT problems? Having problems tracking down DMCA or subpoena targets? It's impacting your functionality. Moving to IPv6 will also increase performance due to the removal of NAT. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP From: "Paul McCall" <pa...@pdmnet.net> To: af@afmug.com Sent: Tuesday, May 3, 2016 8:18:33 AM Subject: Re: [AFMUG] DSL Router Recommendations Seth, I think it is pick your battles when you can.  Some of use run at 100% capacity in execution, and we have to carve out additional time to do whatever the "other" things are.  And there are a LOT of those "other" things for growing companies. We all know it's important.  But, if it is so easy, then when it's time to hit it head on as it will being impacting our functionality, we can "easily" take that time, at that time :) -----Original Message----- From: Af [mailto:af-boun...@afmug.com] On Behalf Of Seth Mattinen Sent: Tuesday, May 03, 2016 12:55 AM To: af@afmug.com Subject: Re: [AFMUG] DSL Router Recommendations On 5/2/16 11:18 PM, Mike Hammett wrote: > Everyone *SHOULD* be caring about IPv6. > Why people running ISPs refuse to or are resistant to learn about things directly related to the business they claim to be in baffles me. ~Seth