There are 2 major ISPs in my town, Cox and Comcast. I have routers on each of them.
Comcast hands out an IP and /60 prefix and it has stayed the same for at least 6 months.
Cox hands out an IP and a /56 prefix but it changes every few days.
This is highly frustrating because I’m hoping to do an IoT + IPSEC project. As far as I know, IPSEC wants you to use static addresses in the configs…
Why do they do this? I called them and they want me to have a business account to get a “static IP” (answer?). I tried to confirm if this is true for IPv6 as well and they wouldn’t acknowledge that they knew anything about IPv6.
You’d think with 18 quintillion /64 networks available they wouldn’t be so stingy about it.
They already gave you the answer: they want you to pay more for a “service” that actually means that they
have to do less (NOT changing your address all the time).
But thy know that having a static address is an advantage, so they can make you pay more for that.
This kind of thing works differently in every market. Here in the Netherlands, static IP address has always
been standard on consumer lines, also for IPv4. I have a static address and it has only changed when I
changed ISP or changed connection technology within my ISP.
(e.g. you likely get another address when going from DSL to FTTH)
In neighboring Germany, dynamic address is standard for everyone and it changes every day. It appears
that they defend it with “having a dynamic address protects your privacy”. But sure it is inconvenient
for everyone except the user that only browses the internet.
Just depends on their network management techniques and styles. If they have a service for a static IP as an upsell they definitely aren’t going to intentionally make your DHCP issued prefix last longer or be any more “static” than it needs to be to fit their needs.
You are seeing how one provider manages their IP space over the other.
I sort of “can’t”. I’m stuck. I’m on cable. DSL service in my neighborhood maxes out at 1.5 megabit.
This is my experience when talking to local WISPs about it:
The most reputable one: Got back to me very quickly and told me they hadn’t implemented IPv6 yet. (I offered to help.)
Another one known to be slightly shady: No reply after repeated attempts. They subscribed me to some internal ticket for some reason so now I get spammed. Time to call them.
Just found another one yesterday, need to check it out.
Haven’t even tried Satellite yet, will check on it. Seems expensive.
I’m also concerned about the lack of flexibility - They want me to use their routers, often WiFi only without an extra charge. Ugh.
Streaming services want to use IPv6, and when they see the tunnel they think I’m trying to break the rules. Maybe there is a simple fix for this, I haven’t looked into it. I stopped using the tunnel for that reason.
The other alternative is to go 100% DHCPv6 internally and not hand out IPv6 addresses to devices which stream data. Not ideal either. It’s an option but I’m really shooting to go 100% IPv6 native as much as possible without having to jump through hoops that shouldn’t be there in the first place.
It’s just an academic exercise, but hey, I’m trying to learn stuff right.
You could stand up the tunnel and only put the IPv6 from the tunnel onto a bridge (vlan) that your experimental devices are on.
You can then use your normal geo-allocated IPv6 from your provider on your LAN for your streaming devices and regular desktops and such. If your desktop needs to talk to your IoT thing it will route there via your MikroTik.
I think that one problem is that the culture around IPv6 hasn’t yet matured enough to reflect the realities of this protocol vs. the well-worn culture of IPv4+NAT.
ISPs need to realize that changing the prefix causes undue hardship on customers with IPv6 where the public IP didn’t make nearly as much difference to the vast majority of SOHO end users.
One thing that could help in this scenario would if Mikrotik were to implement stateless IPv6 prefix translation (NAT) so that at least you could keep a consistent internal numbering scheme.
I’m generally in the “let’s abandon NAT” camp when it comes to IPv6 but unlike the purists, I have come to realize that there are certain things that can be improved by using NAT in IPv6, but like the purists, I’m worried that it will be over-used to do things that should be addressed in other ways.
Yeah, I hadn’t thought about this angle. This is “hoops”. but interesting ones. Using a separate tunnel for devices that need static IPs (wired and not) presents an interesting challenge for an eternal student
In this case, I’m fairly convinced that the ISP is clinging onto this outdated idea that static IP = business. It’s pathetic. Although it serves their goal of keeping people from doing interesting stuff at home.
I’m thinking about this one, trying to decide how I would implement it. Would I use a private or global prefix behind the NAT?
This is another complicated solution I’m being backed into by my ISP… Doesn’t matter to 99.5% of their customers…
Tunnels are desperate solution, and not a long-term one anyway. E.g. SixXS is shutting down soon, and when you think about it, there’s no reason why others would go on forever. Tunnels might have made some sense in the beginning when there was no other way to get IPv6. But as a continuing free service that helps greedy ISP’s more than users? I don’t think so. I know it sucks, but it looks the the only right way really is to complain as loudly as possible and take the first chance to go elsewhere when it doesn’t help.
I’d just go w/my solution. It can be stood up in minutes.
Create a tunnel to Hurricane Electric. Request a prefix, assign it to an ipv6 pool like you do on the edge w/your provider. Create a bridge, assign it an IPv6 address from the HE pool. Add ports to bridge as necessary, rinse and repeat. (bridge = vlan).
It’s an extremely simple work-around.
I do agree that prefix changes will cause havoc, the common thought is that everything should be addressed automatically. The missing link is service discovery / DNS. Another weak area of MikroTik in particular. They have no mechanism (scripts are hacks) to keep the local DNS cache / resolver in RouterOS up to date based on DHCP. They also don’t have a DHCP server other than Prefix Delegation. That said as long as you don’t need to traverse a router you can always add your printer/trinkent by it’s link local IPv6 IP. But this is beginning to derail the thread.
Hos, get yourself a tunnel setup a VLAN and quit whining about how mean your ISP is or buck up and get a static prefix.
Difference between the long fix and the short fix. If working on his project is being affected because his prefix changes relatively frequently he’s better off tunneling now while complaining to his ISP. Unless he wants to hold up progress on his idea indefinitely.
I would use one of those ULA prefixes (read about them here) internally. To follow the spec, you must choose one at random (there are websites that generate them for you randomly). However, the problem is that Mikrotik doesn’t currently support any form of NAT in the IPv6 side of the house, not even prefix-translation.
It’s been griped about on these forums many times. It’s been the subject of nerd holy wars (NAT vs. NO-NAT) however, Mikrotik themselves tend to fall into the “no nat” camp for now, so I’m not holding my breath for any such feature.
Ah, it was my impression that that are in the “don’t waste your time on IPv6” camp…
There simply is no or very little change in the IPv6 functionality, and NAT is just one of the aspects.
Juniper does it. Reading up on it now. I use Juniper at my “real” job. I just practice stuff at home on MikroTik. Would be cool to use it professionally at some point.
This is the beauty of IPv6. It’s globally routable. You get loads of addresses (and sometimes, /64s). You can do whatever you want. Given that the ISP plays ball. But there are ways around that, as we’ve seen above.
Yeah - if I make it to MUM USA this year, I’m going to mention this to them. You’re definitely right in the assessment of Mikrotik’s apparent view of IPv6.
Other than the 4 to 6 transition stuff, what is the #1 thing that is missing?
The only major block I’ve hit is IPv6 route filtering, and I’m not sure if it’s my problem or not. I’ve noticed that you have to put your IPSEC stuff in the ip->ipsec area instead of ipv6->ipsec which doesn’t exist…
I will try to make it to the one in Denver, not sure yet.
