IPv6 discussions

[joeltng]

You need to discard the v4 NAT/PAT behaviour/concept that is prevalent in the old setup

thats why i assumed he my nework/gateway ip would all follow the WAN IP tbh, I mistakenly assumed that with the abundance of IPV6 we'll get out own little slice of the network and hence all clients/devices will just be a "child" to the Given IP.


If anything, this way of doing it seems more akin to rthe way we did IPV4 (unless I'm missing somethign out)

 

[liangtam]

It actually is exactly the same as IPv4 routing (Not NAT) setup that is only seen in business connectivity. A static route is installed on the router to route the public IP block on the LAN side i.e. /24 to use the WAN point-to-point as the exit interface out to the internet
Just the novel part of IPv6 is, its automated

 

[xiaofan]

thats why i assumed he my nework/gateway ip would all follow the WAN IP tbh, I mistakenly assumed that with the abundance of IPV6 we'll get out own little slice of the network and hence all clients/devices will just be a "child" to the Given IP.

If anything, this way of doing it seems more akin to rthe way we did IPV4 (unless I'm missing somethign out)

I believe you are getting /64 prefix delegation from Starhub side, for your LAN devices: 2406:3003:2000:xxxx

It is just your WAN IPv6 address is in a different IPv6 addgress segment, but it is still acting as the gateway.

Trying to see whats up with starhub IPV6 for affected people, wanted to ask you guys as ipV6 is really new/foreign to me.

My WAN IPv6 Address shows as 2406:3003:1000::xxxx so I would expect the gateway IP WAN to be 2406:3003:1000:xxxx::1/64 correct? Cause currently its 2406:3003:2000:xxxx::1/64 and conversely all my client devices also start off with 2406:3003:2000:xxxx::xxxx. if so it might be some kind of misconfiguration going on.

 

[xiaofan]

It actually is exactly the same as IPv4 routing (Not NAT) setup that is only seen in business connectivity. A static route is installed on the router to route the public IP block on the LAN side i.e. /24 to use the WAN point-to-point as the exit interface out to the internet
Just the novel part of IPv6 is, its automated

@liangtam and @Mach3.2

I actually have a question here.

Last time when I was using Singtel ONT and native Singtel IPv6, I got /56 prefix delegation. I can sub-delegate each LAN interface with a different /64 prefix when using OpenWRT/pfSense as the main router (but not possible with my Asus RT-AX86U)

Now I am using Singtel ZTE F8648P XGS-PON ONR and it is hard to see what is going on. I cannot even confirm that it is /56 or /64 now. But effectively it is like /64 to me. I can only see the WAN public IPv6 address of the ONR but not LAN public IPv6 address of the ONR from the Web UI.

ONR WAN IPv6 address: 2400:d802:d10::xxxx
All the clients have IPv6 address with the following /64 prefix: 2400:d802:dd3:xxxx::/64

If I follow the comment, the WAN IPv6 address will be one of the hop when using mtr. But it does not. Or maybe my understanding of the comment is wrong.

The first hop seems to be the IPv6 address of the ONR LAN address (LAN Gateway). The second hop is Singtel side already.

LLA fe80::xxxx:xxxx:xxxx:63ae (last 64 bits matching the last 64 bits of the first hop in the mtr record: 2400:d802:dd3:xxxx:xxxx:xxxx:xxxx:63ae, which makes sense)
GUA 2400:d802:d10::xxxx
DNS 2400:d800::1 and 2400:d800::2
IPv6 Gateway fe80::200:xxxx:xxxx:145 (LLA address of the WAN? Edit to add: yes this is)

Singtel ZTE F8648P ONR --> Asus TUF-BE6500 router

xiaofan@TUF_6500-5020:/tmp/opt/root/ookla# mtr dns.cloudflare.com
                                                My traceroute  [v0.95]
TUF_6500-5020 (2400:d802:dd3:3f00:127c:61ff:fedc:5021) -> dns.cloudflare.com (2606:4700::6810:82024-10-12T11:48:44+0000
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                                                               Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 2400:d802:dd3:xxxx:xxxx:xxxx:xxxx:63ae                                    0.0%    25    0.6   0.6   0.5   1.1   0.1
 2. 2400:d801:4001:611::                                                      0.0%    25    1.2   1.4   1.1   3.6   0.5
 3. 2001:c20:3c00::6                                                          0.0%    25    2.7   2.7   2.5   3.5   0.2
 4. 2001:c20:3c00::7                                                          0.0%    25    2.4   2.7   1.9   9.7   1.6
 5. 2001:c20:0:3::35                                                          0.0%    25    2.3   5.4   2.1  46.6   9.1
 6. 2001:c20:0:3::a                                                           0.0%    24    2.0   1.9   1.7   2.2   0.2
 7. 2001:cb0:2103:2:15::1                                                    58.3%    24    3.6   3.3   2.8   5.7   0.9
 8. 2403:e800:508:300::a2                                                     0.0%    24   33.0   7.2   3.1  33.0   8.2
 9. 2400:cb00:633:3::                                                         0.0%    24    3.2   9.1   2.9  44.5  10.1
10. 2606:4700::6810:84e5                                                      0.0%    24    3.2   3.1   2.6   3.5   0.2

This is the same as IPv4. The first hop is the ONR LAN gateway address, the second hop is Singtel site already.

                                                 My traceroute  [v0.95]
TUF_6500-5020 (192.168.1.20) -> dns.cloudflare.com (104.16.133.229)                            2024-10-12T11:53:12+0000
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                                                               Packets               Pings
 Host                                                                        Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 192.168.1.254                                                             0.0%    21    0.5   0.5   0.5   0.5   0.0
 2. bb115-xx-xx-254.singnet.com.sg                                            0.0%    21    1.1   1.2   1.0   2.0   0.2
 3. 165.21.193.22                                                             0.0%    21    6.0   2.6   1.7   6.7   1.6
 4. 165.21.193.21                                                             0.0%    21    1.7   3.8   1.5  40.0   8.3
 5. 165.21.138.245                                                            0.0%    21    1.7   3.3   1.5  22.0   4.6
 6. SN-SINQT1-BO403-ae1.singnet.com.sg                                        0.0%    21    2.0   1.9   1.6   2.2   0.2
 7. ip-202-147-32-136.asianetcom.net                                          0.0%    21   35.4  43.8  35.3 143.1  24.8
 8. unknown.telstraglobal.net                                                 0.0%    21   42.5  46.3  40.9  82.9   9.6
 9. 162.158.160.145                                                           0.0%    20   40.5  37.7  36.5  48.2   2.6
10. 104.16.133.229                                                            0.0%    20   36.8  36.7  36.5  36.9   0.1

BTW, we can see IPv6 has better latency than IPv4 in this case, from Singtel to Cloudflare DNS server.

 

[xiaofan]

It actually is exactly the same as IPv4 routing (Not NAT) setup that is only seen in business connectivity. A static route is installed on the router to route the public IP block on the LAN side i.e. /24 to use the WAN point-to-point as the exit interface out to the internet
Just the novel part of IPv6 is, its automated

@liangtam and @Mach3.2

I actually have a question here.

ONR WAN IPv6 address: 2400:d802:d10::xxxx
All the clients have IPv6 address with the following /64 prefix: 2400:d802:dd3:xxxx::/64

If I follow the comment, the WAN IPv6 address will be one of the hop when using mtr. But it does not. Or maybe my understanding of the comment is wrong.

The first hop seems to be the IPv6 address of the ONR LAN address (LAN Gateway). The second hop is Singtel side already.

Okay, Google seems to say that some routers respond to traceroute/mtr command with internal / LAN side IPv4/IPv6 address and some respond with external / WAN side IPv6 address. But I have only seen the first case (internal, LAN side IPv4/IPv6 address).

LLA fe80::xxxx:xxxx:xxxx:63ae (last 64 bits matching the last 64 bits of the first hop in the mtr record: 2400:d802:dd3:xxxx:xxxx:xxxx:xxxx:63ae, which makes sense)
GUA 2400:d802:d10::xxxx
DNS 2400:d800::1 and 2400:d800::2
IPv6 Gateway fe80::200:xxxx:xxxx:145 (LLA address of the WAN??)

Still have two questions (still got a lot to learn about IPv6).
1) How do I confirm the above IPv6 gateway address is the LLA of the WAN interface?

Okay, I can answer this one, from the Web UI I know the WAN MAC address and from there I can get the LLA address. So yes the above IPv6 gateway is the LLA of the WAN interface.

Lazy to do it manually, just used the online tool here.
https://nettools.club/mac2ipv6

2) How do I confirm that I have /56 or /64?

Maybe the answer to the second question is that it is not possible to know since I cannot SSH into the Singtel ONR, the price to pay now that I cannot bridge the Singtel XGS-PON ONR...

 

[joeltng]

It actually is exactly the same as IPv4 routing (Not NAT) setup that is only seen in business connectivity. A static route is installed on the router to route the public IP block on the LAN side i.e. /24 to use the WAN point-to-point as the exit interface out to the internet
Just the novel part of IPv6 is, its automated

UI see, do you have any recommended reading regarding this so tha tme and whoever else would like to learn more about these matters can learn from it (esp in a network configuration setting etc. would definitely want to learn more about ipv6

 

[xiaofan]

Sometimes you will have this warning when carrying out IPv6 tests using https://test-ipv6.com/.

Your browser is avoiding IPv6.​

• What we found What causes a preference for IPv4 Why this worries us

This document explains why we worry when IPv4 is preferred over IPv6.

What we found
This section applies only when we offered to show you this page from inside the test.

First of all, we detected you had a working IPv6 connection. We also found that your IPv6 connection, was using a "real" IPv6 address; meaning not a Teredo or a 6to4 address.
Second, we detected that when given the choice, your browser decided it would prefer to use IPv4 instead of IPv6. This has some concerns for us.
Causes for preferring IPv4
There are several possible reasons why a browser might prefer IPv4 instead of IPv6.

• Google's "Chrome" has a "fast fallback" mechanism. On the first try to a site, it will prefer IPv6. If connections take longer than a third of a second, IPv4 is attempted in parallel; and the better of the two will be used for that site. (more info)
• Firefox (recent builds) does the same as Chrome. (more info)
• Since Windows 7, the operating system will periodically test to see if IPv6 works. If the health check fails, then many applications (including Internet Explorer) will use IPv4, to insulate you from any local IPv6 misconfiguration. (more info)
• Apple's Lion and Mountain Lion updates will prefer whichever is "faster" for a given destination. As of OS X 10.11 "El Capitan" and iOS 9, IPv6 is given a slight preference; but will fall back to IPv4 if network conditions warrant it. (more info)

 

[xiaofan]

FAQ and Troubleshooting IPv6 related issues.
https://test-ipv6.com/faq.html.en_US
https://test-ipv6.com/broken.html

Q: What do you mean by broken?

A percentage of users today have IPv6 enabled, but are either using a public tunnel that is currently giving poor performance; or otherwise have a route that is installed but broken or suboptimal. However, because they have a route at all, in many cases the address selection algorithm of RFC3484 will pick using it, and trying to use this broken route. It can take towards 75+ seconds before the browser gives up!
From the perspective of a user with these conditions, a web site offering both A and AAAA DNS records (ie, "dual stack") will appear to time out; and the user will move on to another site that offers a similar product. This is the quandary content providers have.

If we detect that you will have problems reaching dual-stack web sites, we recommend you see the Broken User FAQ. It provides several steps to try and identify your root cause for being broken; and barring that, what you can do to disable IPv6 until your ISP offers native IPv6 connectivity.

 

[xiaofan]

2) How do I confirm that I have /56 or /64?

Maybe the answer to the second question is that it is not possible to know since I cannot SSH into the Singtel ONR, the price to pay now that I cannot bridge the Singtel XGS-PON ONR...

Looks like there is no way to confirm that because of the blackbox Singtel XGS-PON ONR.

I actually tried to set downstream router with static IPv6 but no success.

1) WAN IPv6 --> /128 IPv6 address 2400:d802:dd3:xxxx::xxxx

2) WAN IPv6 Gateway, tried two options
WAN GUA: 2400:d802:d10::xxxx
WAN LLA: fe80::200:xxxx:xxxx:145

3) DNS --> tried to use Singtel IPv6 DNS and Cloudlfare/Quad IPv6 DNS
DNS 2400:d800::1 and 2400:d800::2

 

[xiaofan]

1. Interesting blog from APNIC chief scientist about the IPv6 Transition. The comments section is also interesting.

https://blog.apnic.net/2024/10/22/the-ipv6-transition/

The IPv6 transition​

By Geoff Huston on 22 Oct 2024
...

The data shows that the level of IPv6 use in the US has remained constant since mid-2019. Why is there no further momentum to continue with the transition to IPv6 in this part of the Internet? I would offer the explanation that the root cause is a fundamental change in the architecture of the Internet.

Changes to the Internet architecture​

The major change to the Internet’s architecture is a shift away from a strict address-based architecture. Clients no longer need the use of a persistent unique public IP address to communicate with servers and services. And servers no longer need to use a persistent unique public IP address to provide clients with access to the service or content. Address scarcity takes on an entirely different dimension when unique public addresses are not required to number every client and every distinct service.
...
The implication of these observations is that the transition to IPv6 is progressing very slowly not because this industry is chronically short-sighted. There is something else going on here. IPv6 alone is not critical to a large set of end-user service delivery environments. We’ve been able to take a 1980s address-based architecture and scale it more than a billion-fold by altering the core reliance on distinguisher tokens from addresses to names. There was no real lasting benefit in trying to leap across to just another 1980s address-based architecture (with only a few annoying stupid differences, apart from longer addresses!).
...

2. You can compare the above post versus a ealier post in 2022.
https://blog.apnic.net/2022/09/15/the-future-is-still-ipv6/

The future is still IPv6​

By George Michaelson on 15 Sep 2022

 

[xiaofan]

Report from The Register about the above blog post. You can compare the report and the blog to see whether the title from The Register is just a click bait or really captures the gist of the blog post.

https://www.theregister.com/2024/10/23/ipv6_relevance/

IPv6 may already be irrelevant – but so is moving off IPv4, argues APNIC's chief scientist​

There was always more pressing work to do than migrate, and CDNs have changed the rules​

 

[xiaofan]

From what I see, IPv6 will get more popular esspeically with 5G SA deployment (and 6G in the future), but IPv4 (along with NAT and CGNAT) will be there for a long time.

Countries like India, China and Malaysia may push for adoption of IPv6, due to the lack of IPv4 address. Many other coutries may not. China's push for IPv6 and de-NAT may also one measure to boost the economy (probably as well as security) by getting the ISPs and consumers to upgrade their old equipments.

RIght now there are issues with Starhub IPv6 which cause IPv6 usage rate to drop a lot for Starhub, but only a few users noted this issue and disable IPv6. If there is an issue with IPv4 for Starhub, then majority of the users will get affected.

And we can also understand why other ISPs like VQ/MR/WC do not care about IPv6. Only SIMBA cares -- since it may not have the IPv4 pool to offer static IPv4 add-on.

Same for many large corporations which do not care about IPv6 either.

 

[xiaofan]

For my use case, IPv6 seems to provide better latency to Cloudflare DNS which I use as the main DNS. This was different from my own report in June 2024 (IPv4 had lower latency than IPv6 at that time).

But then it gives much worse latency to M1 SpeedTest server and some other places.

I will still use IPv6 myself. After all, it is not easy to get native IPv6 to work for Singtel ONR users.

PS C:\work> ping -4 family.cloudflare-dns.com

Pinging family.cloudflare-dns.com [1.1.1.3] with 32 bytes of data:
Reply from 1.1.1.3: bytes=32 time=40ms TTL=50
Reply from 1.1.1.3: bytes=32 time=43ms TTL=50
Reply from 1.1.1.3: bytes=32 time=42ms TTL=50
Reply from 1.1.1.3: bytes=32 time=43ms TTL=50

Ping statistics for 1.1.1.3:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 40ms, Maximum = 43ms, Average = 42ms
PS C:\work> ping -6 family.cloudflare-dns.com

Pinging family.cloudflare-dns.com [2606:4700:4700::1113] with 32 bytes of data:
Reply from 2606:4700:4700::1113: time=7ms
Reply from 2606:4700:4700::1113: time=9ms
Reply from 2606:4700:4700::1113: time=8ms
Reply from 2606:4700:4700::1113: time=9ms

Ping statistics for 2606:4700:4700::1113:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 7ms, Maximum = 9ms, Average = 8ms

 

[YWCLeeZeroSix]

Now I dont have IPv6, I asked Singtel and they said they dont provide any native IPv6. Then how should I get one?

 

[xiaofan]

Now I dont have IPv6, I asked Singtel and they said they dont provide any native IPv6. Then how should I get one?

Tell the front end support guy that this is an advanced topic and typical Singtel technical people can not help (beyond their pay grade). Need backend network team to do it.

I am lucky that the front end staff knew the issue is beyond his capability (since I emphasized to him and show the screenshots in the two threads about IPv6 for Singtel ONR users. He managed to get the right Singtel staff to come to my flat. And the staff who came to my flat knew the way to talk to the backend people to enable Singtel native IPv6 on my account.

Reference:
https://forums.hardwarezone.com.sg/threads/singtel-5gbps-ipv6.7053976/page-2

My timeline to get Singtel IPv6:

1) Create the technical support case on 15-Aug-2024 with the front end technical support staff.
2) Finally got the update on 31-Aug-2024 from the front end technical support staff that Singtel would send a technical staff to visit me on Tuesday 3-Sept-2024.
3) Singtel staff visited me on the afternoon of 3-Sept-2024 and he managed to get the backend staff to enable native IPv6 on my account.

The two staff are all pretty good in this case.

 

[xiaofan]

I am able to bridge Singtel ZTE F8648P ONR now. Good thing is that Singtel native IPv6 still works with my own router connected to the bridged port.

I am using Asus TUF-BE6500 (only capable of 2.5Gbps) as a temp router before I set up my Intel N100 CPU based Miniroute R1 mini PC (dual 10G SFP+ ports and dual 2.5G ports) with OpenWRT (or pfSense).

I can see that IPv6 prefix length is 56. Need to check if I can get the sub-router to use /64 prefix delegation.

 

[xiaofan]

Starhub side IPv6 isues seem to last quite some time now.
https://forums.hardwarezone.com.sg/...on-disable-ipv6.7067651/page-8#post-154198035

Starhub had ≥ 60% IPv6 usage rate a few months ago but nosedived to 34% now.

My take is that this cannot be due to ONT/ONR or router issues. So my assumption is that it is a Starhub backend issue which probably affects very significant portions of the user base. Some users will have no problems yet the others will have the problem (even though they may not know).

https://stats.labs.apnic.net/ipv6/AS55430?c=SG&p=1&v=1&w=30&x=1

 

[xiaofan]

On the other hand, it is interesting Starhub is still the better ones among all ISPs here in Singapore, along with SIMBA and M1.

https://stats.labs.apnic.net/ipv6/AS55430?c=SG&p=1&v=1&w=30&x=1

IPv6 is more or less non-existent for MR, VQ and WC. Singtel Fibre is also very bad (since it is so difficult for ONR users to get native Singtel IPv6).

 

[xiaofan]

I am able to bridge Singtel ZTE F8648P ONR now. Good thing is that Singtel native IPv6 still works with my own router connected to the bridged port.

I am using Asus TUF-BE6500 (only capable of 2.5Gbps) as a temp router before I set up my Intel N100 CPU based Miniroute R1 mini PC (dual 10G SFP+ ports and dual 2.5G ports) with OpenWRT (or pfSense).

I can see that IPv6 prefix length is 56. Need to check if I can get the sub-router to use /64 prefix delegation.

Changed to use Virtual OpenWRT running on top of Proxmox PVE 8.2 (using an Intel N100 CPU based CWWK mini PC with quad 2.5G ports) as the main router.

Again I can see /56 IPv6 delegation. However, I can not get the LAN (/64 IPv6 delegation) clients to work with IPv6 (got IPv6 address but can not reach internet using IPv6). Need to troubleshoot.

When using TUF-BE6500 as main router, LAN and wireless clients have no issues with IPv6. But then the sub-routers can not get proper /64 prefix delegation.

Interesting that I am working on this again. Last November I had no issues with OpenWRT and Asus, but I had big problems with pfSense/OPNsense (later somehow it worked).

 

[xiaofan]

My experiences with Singtel IPv6.

1) Singtel GPON ONT, with Singtel 6rd, Dec 2018 to Nov 2023 --> Iniitally using single network. Later using a VLAN capable switch to split the network into two, both with its public IPv4 and /64 IPv6 (both networks use Singtel 6rd IPv6)

2) Singtel GPON ONT with native Singtel IPv6, Nov 2023 to August 2024 --> using a VLAN capable switch to split the network into two, both with its public IPv4 and /56 IPv6, no need to use Singtel 6rd any more.

I was able to have /64 prefix delegations on the sub-routers (Double NAT) as well, using either OpenWRT or pfSense as the main router.

3) Unbridged Singtel XGS-PON ONR with native Singtel IPv6 working on the ONR, 3 Sept 2024 to 24 Oct 2024. The ONR sets the limit and effectively I can only use /64.

Then I used 6rd in the Asus router as well as NAT66 on the OpenWRT virtual routers to have IPv6 to work after sub-routers (Double NAT). pfSense/OPNsense do not support NAT66.

4) Bridged Singtel XGS-PON ONR, native IPv6 working on my own router connected to the bridged port. 25 Oct 2024 (yesterday) onwards. Still carry out testing.