Dear All,

Those of you lucky to have a native IPv6 connection from your ISP, could you please share what network topology your ISP offers. E.g.

1. One IPv6 address
2. A /64 on the internal interface of ISP-owned CPE
3. A /64 for the link and a /56 for your devices (like HE does on its tunnels) 4. Unnumbered for the link and a /56 for your devices
5. ??? (other variants)

I have native IPv6 only on my GSM mobile phone (MTS), and it's Case 1, from the MTS-Mobile-ipv6-Siberia netblock.


Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Dear All,

Those of you lucky to have a *native* IPv6 connection from your ISP, could you please share what network topology your ISP offers. E.g.

1. One IPv6 address
2. A /64 on the internal interface of ISP-owned CPE
3. A /64 for the link and a /56 for your devices (like HE does on its tunnels) 4. Unnumbered for the link and a /56 for your devices (looks like what the Russian ISP https://nts.su/ offers)
5. ??? (other variants)

I have native IPv6 only on my GSM mobile phones and tablets (ISP http://mts.ru), and it's Case 1, from the MTS-Mobile-ipv6-Siberia netblock.


Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Good ${greeting_time}, Victor!

16 Oct 2021 15:12:36, you wrote to All:

Those of you lucky to have a native IPv6 connection from your ISP,
could you please share what network topology your ISP offers. E.g.
1. One IPv6 address
2. A /64 on the internal interface of ISP-owned CPE
3. A /64 for the link and a /56 for your devices (like HE does on
its tunnels)
4. Unnumbered for the link and a /56 for your devices
5. ??? (other variants)
I have native IPv6 only on my GSM mobile phone (MTS), and it's Case
1, from the MTS-Mobile-ipv6-Siberia netblock.

One address for the link and /48 routed in.

It appears very similar to the topology that is expected to become a common requirement for all ISPs here in Russia for the nearest future (hopefully 2022, possibly 2023): at least one address for the link and at least /64 for the internal network.


--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii

... :wq!
--- /bin/vi
* Origin: ::1 (2:5020/545)

Dear Michiel,

16 Oct 21 11:23, you wrote to me:

Those of you lucky to have a *native* IPv6 connection from your
ISP, could you please share what network topology your ISP
offers. E.g.

3. A /64 for the link and a /56 for your devices

I think #3 comes closest.

Thanks for replying.

I am not sure about the /64 for the link. The only visible part of the link is the IPv6 WAN address of the router. It is outside the /56
assigned to the user, the link may just use a /128.

Do you see the WAN address of the router in the `traceroute -6` output?

The modem/router supplied by the ISP assigns one /64 for the LAN and another /64 for the guest network. More /64 out of the /56 can be obtained by connecting extra routers.

Very little flexibility IMHO. Can you at least assign a static IPv6 address within the LAN /64?

For IPv6 one must use the modem/router from the provider. When the modem/router from the provider is set in bridge mode, the connection becomes IPv4 only.

This looks very similar to what I've heard from a Rostelecom representative. This probably means that the IPv6 is not really "native" and there is some kind of tunnel terminated at the provider-owned CPE.

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Dear Alexey,

16 Oct 21 12:24, you wrote to me:

Those of you lucky to have a native IPv6 connection from your
ISP, could you please share what network topology your ISP
offers. E.g. 1. One IPv6 address 2. A /64 on the internal
interface of ISP-owned CPE 3. A /64 for the link and a /56 for
your devices (like HE does on its tunnels) 4. Unnumbered for the
link and a /56 for your devices 5. ??? (other variants) I have
native IPv6 only on my GSM mobile phone (MTS), and it's Case 1,
from the MTS-Mobile-ipv6-Siberia netblock.

One address for the link and /48 routed in.

Sounds luxurious. Is it a contract for a home or for a business? What ISP? Do they permit you to have the IPv6 link address on your own router?

It appears very similar to the topology that is expected to become a common requirement for all ISPs here in Russia for the nearest future (hopefully 2022, possibly 2023): at least one address for the link and
at least /64 for the internal network.

Would be great. I'm yet to find an ISP in Tomsk who could make such an offer.

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

On 16.10.2021 18:06, Victor Sudakov wrote:

Do you see the WAN address of the router in the `traceroute -6` output?

I do. I never checked this before... The line number 1 is the address of my router. What did I win? :)

tommi@pyx:~$ traceroute6 dns.google
traceroute to dns.google (2001:4860:4860::8888) from 2001:14bb:1c6:e06f::15, 30 hops max, 16 byte packets
1 dyjdry78ccrbs--1pt5ty-4.rev.dnainternet.fi (2001:14bb:1c6:e06f:8213:82ff:feac:8660) 0.568 ms 0.437 ms 0.406 ms
2 * * *
3 * * *
4 2001:4860:1:1::2305 (2001:4860:1:1::2305) 23.58 ms 37.876 ms 23.834 ms
5 2001:4860:1:1::2304 (2001:4860:1:1::2304) 32.267 ms 28.794 ms *
6 2a00:1450:805f::1 (2a00:1450:805f::1) 32.423 ms * 27.819 ms
7 dns.google (2001:4860:4860::8888) 24.711 ms 17.996 ms 28.852 ms

'Tommi

---
* Origin: rbb.fidonet.fi - Lake Ylo - Finland (2:221/1.0)

Hi Victor!

16 Oct 2021 15:12, from Victor Sudakov -> All:

2. A /64 on the internal interface of ISP-owned CPE

CU, Ricsi

... We are MicroSoft. You will be assimilated - Resistance is futile!
--- GoldED+/LNX
* Origin: I'm out of bed and dressed. What more do you want? (2:310/31)

Dear Michiel,

16 Oct 21 14:13, you wrote to me:

[dd]

For IPv6 one must use the modem/router from the provider. When
the modem/router from the provider is set in bridge mode, the
connection becomes IPv4 only.

This looks very similar to what I've heard from a Rostelecom
representative. This probably means that the IPv6 is not really
"native" and there is some kind of tunnel terminated at the
provider-owned CPE.

The odd thing is that on a premium bussines account there is no such restriction. With such an account one has dual stack with the modem in bridge. So I don't think your theory is correct.

Maybe it is not. Is this an arbitrary marketing restriction then, what do you think?

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Dear Tommi,

16 Oct 21 17:40, you wrote to me:

Do you see the WAN address of the router in the `traceroute -6`
output?

I do. I never checked this before... The line number 1 is the address
of my router. What did I win? :)

Your router's WAN interface is probably not unnumbered. It's just fun to know.

tommi@pyx:~$ traceroute6 dns.google
traceroute to dns.google (2001:4860:4860::8888) from 2001:14bb:1c6:e06f::15, 30 hops max, 16 byte packets 1 dyjdry78ccrbs--1pt5ty-4.rev.dnainternet.fi (2001:14bb:1c6:e06f:8213:82ff:feac:8660) 0.568 ms 0.437 ms 0.406 ms
2 * * *
3 * * *
4 2001:4860:1:1::2305 (2001:4860:1:1::2305) 23.58 ms 37.876 ms
23.834 ms 5 2001:4860:1:1::2304 (2001:4860:1:1::2304) 32.267 ms
28.794 ms * 6 2a00:1450:805f::1 (2a00:1450:805f::1) 32.423 ms *
27.819 ms 7 dns.google (2001:4860:4860::8888) 24.711 ms 17.996 ms 28.852 ms

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

On 16.10.2021 23:08, Victor Sudakov wrote:

>> Do you see the WAN address of the router in the `traceroute -6`
>> output?

TK> I do. I never checked this before... The line number 1 is the address
TK> of my router. What did I win? :)

Your router's WAN interface is probably not unnumbered. It's just fun to know.

Well, that's all I know. I can log into the router only via web... It is just a basic piece of huawei shit but it works good enough for now. :)

The info page just shows:

WAN IP Address: 37.136.236.6
WAN IPv6 Address: 2001:14bb:01c6:e06f:8213:82ff:feac:8660

'Tommi
---
* Origin: nntp://news.fidonet.fi (2:221/6.0)

On 16 Oct 2021, Victor Sudakov said the following...

Those of you lucky to have a *native* IPv6 connection from your
ISP, could you please share what network topology your ISP
offers. E.g.

On my router I show a /128 address on the WAN interface and a /64 address on the LAN interface. I've played around a bit with this and I can request a /56 from my ISP and split that up into multiple /64's on subinterfaces.

Do you see the WAN address of the router in the `traceroute -6` output?

I see the ::1/64 address from the LAN interface:

tracert -6 dns.google

Tracing route to dns.google [2001:4860:4860::8888]
over a maximum of 30 hops:

1 1 ms 1 ms 2 ms 2607:fea8:ab00:e1c::1
2 14 ms 18 ms 13 ms 2607:f798:804:2eb::1
3 14 ms 12 ms 13 ms 2607:f798:10:e420:0:241:5615:1161
4 15 ms 13 ms 17 ms 2607:f798:10:3b2:0:2091:4823:7093
5 56 ms 22 ms 22 ms 2607:f798:10:35c:0:2091:4823:5222
6 28 ms 17 ms 12 ms 2607:f798:14:83::2
7 16 ms 28 ms 16 ms 2001:4860:0:17::1
8 20 ms 21 ms 16 ms 2001:4860:0:1::5b67
9 17 ms 73 ms 17 ms dns.google [2001:4860:4860::8888]

The current /128 address on my WAN interface is 2607:f798:804:2eb:19b0:e74b:fc6:d707/128 so it looks like hop 2 is the ::1 address from that prefix.


Jay

... I'd love to help you out. Which way did you come in?
--- Mystic BBS v1.12 A47 2021/09/29 (Raspberry Pi/32)
* Origin: Northern Realms (1:229/664)

***NOTE: Reposted; original message didn't make it to the backbone, feed connection issues; now resolved.

Hello Victor!

16 Oct 21 15:35, you wrote to all:

2. A /64 on the internal interface of ISP-owned CPE

If appears that 2 is the closest.

Xfinity / Comcast of Dover, Delaware (USA)

I've got a dynamic IPv6 Address on my router WAN side reporting (via a FUGLY web interface):
WAN IP Address (IPv6): 2001:558:6027:19:c4e3:1bee:faf8:939d
WAN Default Gateway Address (IPv6): fe80::201:5cff:fe80:6846
Delegated prefix (IPv6): 2601:48:c500:9340::/64


Interally::
Mac worstation [ifconfig en0] [GbE]
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO>
ether 14:98:77:33:fb:b5
inet6 fe80::14ad:ef4c:c045:132f%en0 prefixlen 64 secured scopeid 0x6
inet6 2601:48:c500:9340::c0e3 prefixlen 60 dynamic
inet 10.0.0.160 netmask 0xffffff00 broadcast 10.0.0.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active


Linux 'server' [ifconfig enp2s0] [GbE]
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.219 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 2601:48:c500:9340:52e5:49ff:fec3:646a prefixlen 60 scopeid 0x0<global>
inet6 fe80::52e5:49ff:fec3:646a prefixlen 64 scopeid 0x20<link>
inet6 2601:48:c500:9340::7da prefixlen 128 scopeid 0x0<global>
ether 50:e5:49:c3:64:6a txqueuelen 1000 (Ethernet)
RX packets 967924 bytes 238763058 (227.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 986053 bytes 541541895 (516.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[netstat -6 -rn]
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: Un 0 11 0 lo
2601:48:c500:9340::7da/128 :: Un 0 4 0 enp2s0
2601:48:c500:9340:52e5:49ff:fec3:646a/128 :: Un 0 4 0 enp2s0
2601:48:c500:9340::/60 :: U 2 3 0 enp2s0
fe80::52e5:49ff:fec3:646a/128 :: Un 0 3 0 enp2s0
fe80::/64 :: U 256 2 0 enp2s0
ff00::/8 :: U 256 10 0 enp2s0
::/0 fe80::cc83:d8ff:fea0:bbf7 UG 2 9 0 enp2s0


Additionally, I can ping my router's public IPv6 address from the LAN side, don't know about the WAN side. I also can make IPv6 connections to sites on the Internet, infact, macOS 11+ default to IPv6 first; and my Linux system has been updated to do the same.

Cheers,
Scott


---
* Origin: -={ The Digital Post }=- (1:266/420)

Hello Michiel!

20 Oct 21 08:51, you wrote to me:

Additionally, I can ping my router's public IPv6 address from
the LAN side, don't know about the WAN side. I also can make
IPv6 connections to sites on the Internet, infact, macOS 11+
default to IPv6 first; and my Linux system has been updated to do
the same.

OK, so you have outgoing IPv6 capbility. But incoming is still a
problem. Can you expand a bit on what attempts you have made to
achieve incoming and why you think it didn't work?

Ah, two reasons.
a) I'm not in direct control of the router, my roommate is the "customer" on the account and he is non-techincal. Thus I have to walk him through the changes on the Xfinity app to allow pin-holes in the default firewall/router.
b) After much of the "walking through", Xfinity/Comcast would 'clean' the firewall rules of the required settings; both for IPv4 and IPv6.

Neither of these are probably Comcast's issues; more likely my /non-techincal/ roommate. For a real solution, I am awaiting for permanent employment before I just into getting my very own connection.

I was able to get the IPv4 connection with upnpc, which I run in a cron job several times a day.
command::
upnpc -e "BINKP Incoming Mail" -a `upnpc -l | grep "Local LAN ip" | cut -d: -f2` 24554 24554 tcp

The bits after -a; `...` get the Linux machines IPv4 address (dynamically), since the router, too, likes to change all of the addresses on, what appears to be, random basis. The IPv6 address change at the same time. Which is a real bear, as I often leave terminal (ssh) sessions open from my Mac to the Linux machine, and of course, when the addresses change my sessions are killed. Again, all of which I hope to solve with my own connection, the sooner the better.



Scott


---
* Origin: -={ The Digital Post }=- (1:266/420)

Hello, Victor.

16 Oct 21 15:12, you wrote to All:

Those of you lucky to have a native IPv6 connection from your ISP,
could you please share what network topology your ISP offers. E.g.

Solely /64 on the link. 100mb Ethernet is connected directly to my PC
which also serves as the router.

Best regards, Ivan.
--- GoldED+/LNX 1.1.5-b20180707
* Origin: Area 51 (2:5057/53)

On 22 Oct 2021, Michiel van der Vlist said the following...

Very odd. A normal reboot would not do that, only a factoy reset. ISPs
can initiate both, and a reboot is not all that strange, but a factory reset would not normally be done by an ISP.

My Mom has a fiber-to-the-house connection with symmetrical gigabit speeds at her house (which isn't available here, and I'm totally not jealous) from her local power company.

The box they provide her (which is also her wifi router) "factory resets" every time there is a power outage. When she first got the connection she was using the default wifi SSID which was a prefix and the mac-address of the router, along with a super long and complicated password.

I made it more simple for them by making the wifi name more personal to them and giving them a memorable passphrase instead of that complicated password, sure enough the next time the power went out it reverted back to factory settings. "No big deal" I thought, I just set their box to bridge mode and added my own wifi box and set her up that way.

Next time I was over I noticed two wifi connections, the one I installed and the fiber modem's was back on. A little digging showed that that box had factory reset again which meant it was no longer in bridge mode and the wifi my Mom was using is double NAT'ed.

Long story short: She's using the box from her ISP with the settings imposed upon her from that horrible box that provides fantastic speeds.


Jay

... Money is better than poverty, if only for financial reasons.

--- Mystic BBS v1.12 A47 2021/09/29 (Raspberry Pi/32)
* Origin: Northern Realms (1:229/664)

On 22 Oct 2021, Michiel van der Vlist said the following...

A modem/router that factory resets at power down?

What can I say? I thought the my ISP provided modem/router was crap, but this is worse than I ever thought could happen...

Yeah, I didn't really believe it when my Mom told me that's what it does, but sure enough, she was right. While he default SSID is gnarly looking, at least the default password isn't insecure.

To help in that department I made a wifi QR code for her using https://qifi.org so that guests can just scan that QR code instead of typing in that super long password.


Jay

... Someone stole the jalapenos from my cheese, I've been pepper jacked!
--- Mystic BBS v1.12 A47 2021/09/29 (Raspberry Pi/32)
* Origin: Northern Realms (1:229/664)

Hi, Jay -- on Oct 22 2021 at 17:22, you wrote:

The box they provide her (which is also her wifi router) "factory
resets" every time there is a power outage. When she first got the

[...]

Long story short: She's using the box from her ISP with the
settings imposed upon her from that horrible box that provides
fantastic speeds.

Stick a UPS on it!!


Cheers... Dallas

--- timEd/386 1.10.y2k+
* Origin: The BandMaster, Vancouver, CANADA (1:153/7715)

Good ${greeting_time}, Jay!

22 Oct 2021 17:22:06, you wrote to Michiel van der Vlist:

Very odd. A normal reboot would not do that, only a factoy reset.
ISPs can initiate both, and a reboot is not all that strange, but
a factory reset would not normally be done by an ISP.

My Mom has a fiber-to-the-house connection with symmetrical gigabit
speeds at her house (which isn't available here, and I'm totally not jealous) from her local power company.
The box they provide her (which is also her wifi router) "factory
resets" every time there is a power outage. When she first got the connection she was using the default wifi SSID which was a prefix
and the mac-address of the router, along with a super long and
complicated password.

And, most likely, WPS turned on. If that's the case, it's very dangerous.

I made it more simple for them by making the wifi name more personal
to them and giving them a memorable passphrase instead of that
complicated password, sure enough the next time the power went out it reverted back to factory settings. "No big deal" I thought, I just
set their box to bridge mode and added my own wifi box and set her up
that way.

When you need a bridge, you may like to use a simple media converter. https://www.aliexpress.com/item/1005001709518778.html could be a good start (requires the SFP module complimentary to those your ISP uses). Small combo switch is also ok if you know how to configure 802.1q VLANs there.

Once you have the link, set up the hardware you'd use as a server / router / whatever. Inexpensive RPi4 with 4 or 8 Gb RAM would be a wise choise for the nearest 5...10 years.

If you need WiFi, you may buy a cheap Ralink RT5370 dongle and use hostapd:

% cat /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
bridge=wifi
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=1
ctrl_interface_group=wheel
country_code=RU
hw_mode=g
channel=11
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=-1
fragm_threshold=-1
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wmm_enabled=0
eapol_key_index_workaround=0
eap_server=0
wps_state=0
ssid=Muzenirres
wpa=2
wpa_pairwise=CCMP
wpa_passphrase=ds4tN3oxUzku61WD

(obviously enough, ssid and wpa_passphrase were just generated - first as a pronounceable word, second as a pure 96-bit entropy wrapped in base64).


--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii

... :wq!
--- /bin/vi
* Origin: ::1 (2:5020/545)

Good ${greeting_time}, Jay!

22 Oct 2021 20:51:08, you wrote to Michiel van der Vlist:

What can I say? I thought the my ISP provided modem/router was crap,
but this is worse than I ever thought could happen...

Yeah, I didn't really believe it when my Mom told me that's what
it does, but sure enough, she was right. While he default SSID is
gnarly looking, at least the default password isn't insecure.
To help in that department I made a wifi QR code for her using https://qifi.org so that guests can just scan that QR code instead
of typing in that super long password.

Entering your WiFi prameters on an external resource is a very unwise idea.

echo 'WIFI:T:WPA;S:Muzenirres;P:ds4tN3oxUzku61WD;;' \
| qrencode -s 50 -l H -8 -d 600 -o my_wifi.png

would do everything for you (using the example from the previous message).


--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-ccxxix-lxxix-xlii

... god@universe:~ # cvs up && make world
--- /bin/vi
* Origin: ::1 (2:5020/545)

Dear Scott,

19 Oct 21 00:32, you wrote to me:

2. A /64 on the internal interface of ISP-owned CPE

If appears that 2 is the closest.

Xfinity / Comcast of Dover, Delaware (USA)

I've got a dynamic IPv6 Address on my router WAN side reporting (via a FUGLY web interface):
WAN IP Address (IPv6): 2001:558:6027:19:c4e3:1bee:faf8:939d
WAN Default Gateway Address (IPv6): fe80::201:5cff:fe80:6846
Delegated prefix (IPv6): 2601:48:c500:9340::/64

Interally::
Mac worstation [ifconfig en0] [GbE]
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=50b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV,CHANNEL_IO>
ether 14:98:77:33:fb:b5
inet6 fe80::14ad:ef4c:c045:132f%en0 prefixlen 64 secured scopeid
0x6
inet6 2601:48:c500:9340::c0e3 prefixlen 60 dynamic

This is very interesting. Why "prefixlen 60" on the LAN?

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Dear Alexey,

23 Oct 21 11:40, you wrote to Jay Harris:

What can I say? I thought the my ISP provided modem/router was
crap, but this is worse than I ever thought could happen...

Yeah, I didn't really believe it when my Mom told me that's what
it does, but sure enough, she was right. While he default SSID is
gnarly looking, at least the default password isn't insecure.
To help in that department I made a wifi QR code for her using
https://qifi.org so that guests can just scan that QR code
instead of typing in that super long password.

Entering your WiFi prameters on an external resource is a very unwise idea.

The https://qifi.org site says that everything happens locally in your browser. Of course it is your right to disbelieve them.

echo 'WIFI:T:WPA;S:Muzenirres;P:ds4tN3oxUzku61WD;;' \
| qrencode -s 50 -l H -8 -d 600 -o my_wifi.png

The site above also suggests piping the string "WIFI:S:<SSID>;T:<WPA|WEP|>;P:<password>;;" into your favourite QR-code generator, which is IMHO very courteous and responsible of them.

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Hello Victor!

23 Oct 21 19:51, you wrote to me:

inet6 2601:48:c500:9340::c0e3 prefixlen 60 dynamic

This is very interesting. Why "prefixlen 60" on the LAN?

Perhaps - an educated guess here - Comcast's provided gateway has, potentially, 4 internal LAN interfaces. It could be configured with a 5GHz WiFi subnet, a 2.4GHz one, the GbE ports, and a 'Xfinity Home' port. I haven't investigated what the "Home" port is used for, but that may explain the breaking down of the /64 to /60. Again, just a theory.

I'd tinker with the gateway to see if that is true; but, I think I've broken enough things this week. I just spent the last 48 hours recovering my VM server from an 'upgrade' that would break my primary network interface on the server. (The first 36 trying to figure out the problem and 'fix' it, the remaining 12 hours rebuild and restore.)


Scott


---
* Origin: -={ The Digital Post }=- (1:266/420)

Dear Scott,

23 Oct 21 15:24, you wrote to me:

inet6 2601:48:c500:9340::c0e3 prefixlen 60 dynamic

This is very interesting. Why "prefixlen 60" on the LAN?

Perhaps - an educated guess here - Comcast's provided gateway has, potentially, 4 internal LAN interfaces. It could be configured with a 5GHz WiFi subnet, a 2.4GHz one, the GbE ports, and a 'Xfinity Home'
port. I haven't investigated what the "Home" port is used for, but
that may explain the breaking down of the /64 to /60. Again, just a theory.

Whatever Comcast's intentions, are you sure that a LAN with a prefixlen different from /64 will work properly? Will a non-standard prefix not break SLAAC and other things?

This is where my theoretical knowledge is lacking, but I've always been warned against using anything different from /64 on a LAN segment.

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Hello Victor!

24 Oct 21 13:26, you wrote to me:

inet6 2601:48:c500:9340::c0e3 prefixlen 60 dynamic

This is very interesting. Why "prefixlen 60" on the LAN?

Whatever Comcast's intentions, are you sure that a LAN with a
prefixlen different from /64 will work properly? Will a non-standard prefix not break SLAAC and other things?

This is where my theoretical knowledge is lacking, but I've always
been warned against using anything different from /64 on a LAN
segment.

The gateway and my dozen+ devices do not seem to have any issues getting dynamic IPv6 addresses, and since most are Apple, IPv6 is the prefered connection method. As an "end-user", I don't know why Comcast has chosen to give my network MORE address space; like 1800000000000000000+ addresses wasn't enough; they've given me 295000000000000000000+ addresses.

In reality, for an end user network, /96 is plenty with 2^32 addreses, and /112 is even more reasonable with 2^16 addresses; especially when you compare it to the default settings on every consumer IPv4 gateway with 2^8 addresses.

I found this nice table from IBM on IP address subnet masks: https://www.ibm.com/docs/en/ts3500-tape-library?topic=formats-subnet-masks-ipv4-prefixes-ipv6
(its odd that they buried it in a tape library document, but almighty Google found it! - Google KNOWS EVERYTHING!) :)


Cheers,

Scott


---
* Origin: -={ The Digital Post }=- (1:266/420)

Dear Michiel,

25 Oct 21 13:44, you wrote to Scott Street:

The gateway and my dozen+ devices do not seem to have any issues
getting dynamic IPv6 addresses, and since most are Apple, IPv6 is
the prefered connection method. As an "end-user", I don't know
why Comcast has chosen to give my network MORE address space;
like 1800000000000000000+ addresses wasn't enough; they've given
me 295000000000000000000+ addresses.

Actually compared to other ISP they are a bit miserly. They only give
you a /60. My ISP gives me a /56 and many others issue a /48.

A /60 means 16 /64 nets which should be sufficient for a home user (main network, guest network, IoT network, kids' network, what else can you imagine?). But configuring a single lan with a /60 prefixlen (instead of splitting the block into 16 standard nets) makes no sense to me whatsoever.

Victor Sudakov, VAS4-RIPE, VAS47-RIPN
--- GoldED+/BSD 1.1.5-b20170303-b20170303
* Origin: Ulthar (2:5005/49)

Hello Scott!

19 Oct 2021 00:32, Scott Street wrote to Victor Sudakov:

WAN IP Address (IPv6): 2001:558:6027:19:c4e3:1bee:faf8:939d

slaac

WAN Default Gateway Address (IPv6): fe80::201:5cff:fe80:6846

link back route

Delegated prefix (IPv6): 2601:48:c500:9340::/64

your own full ipv6 /64 range here

add 1 after :: will be you first ipv6
add 2 after :: will be your next ipv6

you got it :=)

btw do not use slack ipv6 to send mail !!!!!!


Regards Benny

... too late to die young :)
--- Msged/LNX 6.1.2 (Linux/5.15.14-gentoo-dist (x86_64))
* Origin: gopher://fido.junc.eu/ (2:230/0)