Most IPv6-certified Home Network Gear Buggy 174
Julie188 writes "The University of New Hampshire InterOperability Lab held an IPv6 consumer electronics Plugfest on Feb. 14 and CableLabs has scheduled two more for this year. UNH is tight-lipped about the results, but the sad fact is that most home routers and DSL/cable modems certified as IPv6-compliant by the IPv6 Forum are so full of implementation bugs that they can't be used by ISPs for IPv6 field trials. And that's not helping the Internet have a smooth, fast transition to IPv6. Though OpenWRT and DD-WRT solve the problem, ISPs point out that requiring the average consumer to upgrade their own firmware, because the manufacturer can't do IPv6 right, isn't a practical solution."
Re:The exceptions (Score:4, Informative)
And even their not-so-current products; all Apple routers have supported IPv6 since March 2008.
ipv6 cpe survey (Score:4, Informative)
Very thorough survey here [ripe.net].
Re:IPv6 for older hardware (Score:5, Informative)
Some of their models might suck, but their WRT54GL line has been pretty awesome. We've probably sent out a few hundred ourselves, and a half dozen failures a year would be a bad year. Uptimes with third party firmware like DDWRT or Tomato are pretty much "since the last power failure". We replaced one that was on battery backup to upgrade to 802.11n, and the uptime before disconnecting it was over 600 days.
Netgear's pretty good too, but D-Link? They couldn't code a DHCP server to save their lives.
Re:IPv6 for older hardware (Score:4, Informative)
Sure, I do see other brands fail after a year or two, but I've seen more brand new defective Linksys routers than I have Netgear routers that dies of old age.
I've got a WRT54GS, a WRT54GL, and a WRT54Gv8 scattered around my house acting as dumb access points. The oldest is probably seven years old. Once configured, I haven't had to touch any of them. Meanwhile, my pair of Netgear gigabit switches are awful. I've replaced them each twice. Good thing they have a lifetime warranty. I get some issue where they will just start flooding the network with traffic, preventing anything from getting through, and requiring a power cycling. The 24-port Netgear switches at work have the same exact behavior. The only thing I can think of is some sort of STP failure.
One possible transition technology (Score:4, Informative)
I think we're going to see a transition period (which might last a long time - decades, perhaps) where ISPs will offer native IPv6 transport for their customers who are all setup for it, and for those still using older gear (or a mix of new and old gear), they will setup IPv4 to IPv6 translation servers.
Kind of similar in concept to NAT, but instead of translating from public IPv4 to private IPv4 addresses, it will translate back and forth between IPv4 and IPv6. So, your computer will think it's talking to an IPv4 server (but the address of that IPv4 Server will be a 10.* private address allocated on the ISP's network (on a temporary, as-needed basis). That 10.* address will be mapped by the IPv4-to-IPv6 NAT Server to have all it's traffic forwarded to the public IPv6 address of the computer you are trying to contact.
IPv6 computers will not be able to initiate an 'inbound' connection to the IPv4 host (because it is hidden behind the ISP's NAT server), but IPv4-only devices inside the ISP network will be able to talk 'out' to IPv6-only servers.
At least, probably. This is how it *should* work. If you have working IPv6 cable/dsl modem, this could be done by the cable/dsl modem, hypothetically, with the traffic from your modem to the ISP being IPv6-only, so that there's no need to run your traffic through your ISPs NAT device, but I think that, because of the types of equipment problems this article is about, it's likely ISPs will end up offering such a v4-v6 NAT service to customers.
Re:Why IPv6 is a pipe dream (Score:5, Informative)
NAT needs a connection state tracker to work anyway (which forms the basis of a stateful firewall). Slap a stateful firewall on v6, no need for actual NAT, and you get better security without the drawbacks. As for dynamic IPs, every IPv6 customer gets at least 18,446,744,073,709,551,615 IPv6s to himself. It's pretty easy to make computers pick one at random. This alone makes IPv6 a lot more resistant to attack than IPv4, since IP netblock scanning becomes all but impossible.
Re:OpenWrt isn't exactly a poster child for IPv6 (Score:4, Informative)
What about 6to4 with anycast?
The problem with 6to4 is that it is asymmetric. Your outgoing packets will be going through that 192.88.99.1 node you found by traceroute. But your return packets will be going through whatever gateway is closest to the IPv6 host you are accessing.
This means that you will be using a lot of different gateways all around the world. And a lot of those are badly configured and give poor quality. One usual problem is badly configured MTU such that all larger packets do not make it through. Ping will work but any actual download fails.
The 6rd protocol is a small tweak to 6to4 such that the return gateway is forced to be one operated by your ISP. This way the ISP can ensure it is working properly and give you a good experience.
Re:I run IPv6 at Home (Score:4, Informative)
Really the only big problem on the PC side is legacy XP installations, Win7 has IPv6 enabled OOTB.
Windows XP is not a problem either. All it takes is one command, on the command line, and IPv6 is active. It even assigns itself an address using router advertisements. For the DNS server address you will still need IPv4, but in an internal network that isn't really an issue.
Re:The exceptions (Score:5, Informative)
Why not use ISATAP at the ISP level? (Score:5, Informative)
In Windows Vista and 7, if DNS resolves the name "isatap", Windows will automatically try to acquire an IPv6 prefix using an IPv4 tunnel to the ISATAP server, and use that server to route all your IPv6 traffic. Windows XP SP1+ will as well, once you enable IPv6.
When an ISP implements IPv6, why can't they also add an ISATAP server? With ISATAP, customers with IPv4 routers will have computers that notice the ISP's IPv6 router and start using it through their IPv4 NAT router automatically.
Cisco could implement ISATAP into their routers so that ISPs' internal routers could provide the ISATAP interface, which would be better than a normal machine being a single point of failure. Is this an ISATAP packet destined for the fake IP address we set up as the isatap DNS result? Yes. Let's translate this packet to IPv6 and send it on its way.
Since this is effectively bypassing the customer's IPv4 router's pseudo-security inherently present in NAT, the ISP could have a policy that those using ISATAP as opposed to an IPv6-capable router will have incoming IPv6 traffic blocked, to maintain the status quo in security.
Sometimes, I feel like this transition process is being handled the wrong way, and that there are much easier solutions to these seemingly difficult migration problems.
Re:I run IPv6 at Home (Score:5, Informative)
I don't know about the person you're responding too but I actually routinely get better latency via IPv6 tunneled via Hurricane Electric than IPv4 through my own ISP.
Fact of the matter is that IPv6 should be slightly faster since the routers don't have to recalculate a CRC for every hop. HE has multiple tunnel broker servers around the world. So you can pick one close to your network and the only CRC latency you'll eat will be the hops between you and the tunnel broker site.
Example:
--- leguin.freenode.net ping6 statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 205.932/215.147/262.156/16.624 ms
--- leguin.freenode.net ping statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 280.228/329.908/374.605/31.503 ms
And I just picked a random IPv6 host that I knew I could target the same machine via either network. I didn't dig around to find a machine that gave me better latency via IPv6 than IPv4.