Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
125 posts

Master Geek
+1 received by user: 32

Lifetime subscriber

  # 974244 25-Jan-2014 18:53
Send private message

Just wanted to post here as I moved to VDSL yesterday, and was delighted to discover that IPv6 is enabled on my connection!

I've been taking a look at it, and thought it might be worth making a couple of points, for Orcon (and in particular a shoutout to Sounddude, who was asking earlier!) as much as anyone else:

     

  1. Despite a couple of little problems, it's excellent that Orcon's moving IPv6 support forward - great job!
  2. Absolute, definite +1 / double thumbs up on static prefixes for all. In fact, mine hasn't changed since I've been migrated to VDSL, so is this happening already? Apart from the usefulness of being able to allocate a static IP for any device if necessary, it's in the spirit of what was intended for IPv6 deployment in the first place; and obviously devices also allocate themselves random addresses within their subnet, so there won't be any customer perception of increased risk of exposure.
  3. At time of writing there appears to be a problem with IPv6 DNS resolution. Orcon's two advertised servers (2400:4800:1::1 and 2400:4800:1:1::1) aren't responding, which will be causing name resolution delays for all IPv6-enabled customers that have machines that prioritise IPv6 (ie recent Windows). Are those two the permanent addresses for IPv6 DNS resolution? Also, dns1.orcon.net.nz and dns2.orcon.net.nz have no AAAA records.
I'm connecting with Orcon's new Genius router for VDSL - the white NetComm NF4V model. Its IPv6 support seems to be confused in general, but in particular there's a showstopping problem that NetComm really must fix urgently:

In the LAN configuration UI for IPv6 (Advanced Setup -> LAN -> IPv6 Autoconfig), there's one tickbox that enables or disables support for both DHCPv6 and RADVD, with no further configuration options available. This will outright break many customers' networks, including mine. For example, in my network I have my own recursive DNS server, and I need to ensure that all clients use it for name resolution - of course this is a common configuration in SOHO environments. There are also a number of other reasons why customers might not want to be forced to use Orcon's DNS servers by default (such as - cough - UnoTelly) and wouldn't want to manually specify DNS servers in the network configuration on their devices. The bottom line is that at the absolute least there needs to be a way to:

     

  1. Configure which DNS servers are included in the router's support of option 23 in DHCPv6 and RFC 6106 in RADVD, in the same way that you can change the primary and secondary DNS servers in its support for IPv4 DHCP, including the ability to specify no DNS servers at all;
  2. Enable or disable DHCPv6 separately from RADVD;
  3. Enable or disable RFC 6106 support in RADVD separate from RADVD in its entirety.
Furthermore, I can't see any legitimate reason why anyone would want to disable RADVD entirely if the router has IPv6 support enabled and a working IPv6 connection. Can anyone think of a reason why this might be a desirable option?

Whatever, this problem means that I'm going to have to disable IPv6 entirely in the router until it's fixed / improved, which is a terrible shame.

Also:

     

  1. The Firewall configuration UI (Advanced Setup -> Security -> Firewall) appears to just about work if you're gentle with it (use -1 in the TC field, by the way), but is almost psychotically wrongheaded and desperately needs to be improved. Dealing with it will be a real problem for customers who want to open up particular ports for devices with a static IP.
  2. You really ought to be able to specify a static IP address for the router without having to use a ULA address.
  3. At one point I saw the router send IPv6 packets that should have been routed internally out onto the Internet (where they were sent back again), but I can't recreate the problem now. Perhaps I was mistaken, or perhaps there's (ironically) a routing bug somewhere - if there is indeed a bug, it would be a major security risk.
  4. This isn't related to IPv6, but when WPS is enabled the router appears to allow enrollees to broadcast SSDP messages onto the network. This makes some devices (particularly neighbours' recent Android phones casting about for a WiFi connection!) appear on the network as 'ghost' UPnP devices in Windows, even when they shouldn't have access. The workaround is to disable WPS support in the router. I don't think this presents a particular security risk itself, but could well be indicative of an underlying (and potentially critical) security flaw. Some other routers (presumably using the same code) also exhibit this problem - see here for an illustration.

I fix stuff!
1754 posts

Uber Geek
+1 received by user: 424

Trusted
Vocus
Subscriber

  # 974263 25-Jan-2014 19:40
Send private message

Hi :-)

I have disabled the ipv6 Dns servers in the BNG, so you wont be allocated those Ipv6 DNS server address'ess anymore. Reboot your modem and see how it goes for you.

The ipv6 addresses are currently not static, but they are sticky. Aslong as your connection remains on the current BNG (It generally will unless their is a fault) it will remain the same.

As for the RADVD setup and DNS, its best to probably change the DNS setup on the local machines itself. I am not sure why you can't override the DNS, but something we look at with our vendors. From memory the modems are set to use RADVD and not DHCPv6, as OSX (Mac's) don't support DHCPv6 clients.

Cheers for the feedback, very useful. We are still testing ipv6.

 
 
 
 


125 posts

Master Geek
+1 received by user: 32

Lifetime subscriber

  # 975528 28-Jan-2014 08:29
Send private message

Hi Sounddude! Hope you had a great weekend.

Thanks for sorting out the DNS - that's nailed the problem I had!

First of all, thinking about what you said about addresses being sticky, it's lead me to come across a nasty problem with formerly allocated prefixes not being deprecated when a new one is issued. On my connection at least, the prefix usually changes every time I connect - 2400:4800:8141:xx (/56), with the subnet ID changing almost every time. Presumably you're deprecating disused prefixes internally (ie preferred lifetime = 0, valid lifetime slightly > 2 hrs, or whatever), but when a new prefix is allocated the deprecated prefixes aren't also being delegated to the CPE (unless it's another bug in the NF4V!).

This is a bit of a disaster - in fact it really screws things up - because if the connection drops or the router is restarted client machines never realise that their old, existing preferred IP addresses are actually deprecated. Although they allocate new addresses after the new prefix is advertised by their router, they continue to use (and in most cases prioritise) the old addresses until eventually they stop being routed anywhere and all the IPv6 goodness on the machine breaks. It'll end up affecting every customer eventually. Although you wouldn't have to worry about it if the prefixes were statically allocated, of course -- hint hint!

Back to DNS: I think I've found a workaround in the NF4V for Saturday's DNS issue, although it's not particularly intuitive. If it has no DNS server addresses to dole out, the router doesn't start its DHCPv6 daemon the next time it's booted, no matter whether the Enable DHCPv6 Server and RADVD option in Advanced Setup -> LAN -> IPv6 Autoconfig is ticked or not. I haven't tested this thoroughly, but it should be possible to force the router to not start its DHCPv6 daemon by going to Advanced Setup -> DNS -> DNS Server, ensuring Obtain IPv6 DNS info from a WAN interface is selected, and then specifying an unused WAN interface. (You can also specify your own DNS servers there, which it'll send out through its DHCPv6 daemon again.) Changes to these settings only seem to be applied when the router is rebooted, which is presumably a bug. As far as I've noticed, it doesn't actually advertise DNS server addresses through RADVD at all, which as you alluded to is fine for Windows clients but might be suboptimal for others.

Cheers!

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18


E-scooter share scheme launches in Wellington
Posted 17-Jun-2019 12:34


Anyone can broadcast with Kordia Pop Up TV
Posted 13-Jun-2019 10:51


Volvo and Uber present production vehicle ready for self-driving
Posted 13-Jun-2019 10:47


100,000 customers connected to fibre broadband network through Enable
Posted 13-Jun-2019 10:35


5G uptake even faster than expected
Posted 12-Jun-2019 10:01


Xbox showcases 60 anticipated games
Posted 10-Jun-2019 20:24


Trend Micro Turns Public Hotspots into Secure Networks with WiFi Protection for Mobile Devices
Posted 5-Jun-2019 13:24


Bold UK spinoff for beauty software company Flossie
Posted 2-Jun-2019 14:10


Amazon Introduces Echo Show 5
Posted 1-Jun-2019 15:32



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.