IPV6 Dynamic Prefix Community Fibre

So I got IPV6 working nicely on OPNSense router. IPV4 and IPV6 connectivity is as expected. I get and can assign publicly available IPV6 addresses within my allocated prefix range. I can run my wireguard VPN and route IPV6 across it. All great except that community fibre regularly changed my IPV6 prefix.

This can give a slight service disruption on IPV6 clients but more importantly for me it breaks any configuration (like my vpn) that relies on my IPV6 prefix. It also means that I can not assign DNS names to my IPs without resorting to dynamic dns services.

This is not the way IPV6 is intended to be implemented according to RIPE and others.

https://www.ripe.net/publications/docs/ripe-690/

https://www.6connect.com/blog/is-your-isp-constantly...

There is really no need for dynamic prefixes in the world of IPV6 which does not have address space scarcity like IPV4.



Anyone had any luck getting CF to switch to a fixed IPV6 prefix on 1Gbs service. Support are clueless.

Ultimately, in many ISP's, Support have no influence and fist level support are often out of their depth with IPv4. There is a mistaken idea that NAT and dynamic IP are security measures. I think you just have to face up to a protracted campaign of complaining every time your IP address is changed, arm your self with chapter and verse on the standards and pursue your complaint though to the ombudsman eery single time. Plus make the complaint in every possible review opportunity.

Or change ISP.

In reply to a post by DFScale:

Or change ISP.

The downside when the network provider and the ISP are one and the same. Why I am surprised too many AltNets are also network builders.

One of the challenges in USA is that you can't (in reality) change ISP without moving town/city, unless you want to use mobile data, and it is becoming similar in the UK with the altnet FTTP deployment.

There are good technical reasons for ISPs giving out dynamic IPv6, and they are the same as dynamic IPv4: you can route a large block of IPs to an LNS for a pool, and it can hand out smaller allocations from that to each connected user. It means there are no changes to routing in the core network when individual users disconnect and reconnect.

Doing static IP (v4 or v6) generally means tunnelling the user to a separate LNS farm dedicated to that function, which increases cost for the provider.

Ideally, market forces would be the solution here: switch to a different provider that gives you the service that you want. But with an Altnet who is also the service provider, it's a case of take-it-or-leave-it if their service offering doesn't include it. In general, Altnets cater to the lowest common denominator: people who just browse and stream, and don't care about addressing or even CGNAT. Whinging at them isn't going to make a difference.

I think the solution you should look at is to use AAISP's L2TP service, which will give you static addresses. There are speed and data caps on that, but if your usage fits within those, it could be a good solution (although AAISP's LNSes are showing a tendency to fall over at the moment)

If you configure your router with two networks/VLANs, a "server" network on AAISP address space and an "access" network on CF's dynamic address space, and you do a bit of policy routing so that traffic from AAISP source addresses goes down the L2TP tunnel, then you'd have the best of both worlds: full-speed Internet access without data cap for general browsing and downloading, but access to and from servers on static addresses.

In reply to a post by candlerb:

There are good technical reasons for ISPs giving out dynamic IPv6, and they are the same as dynamic IPv4: you can route a large block of IPs to an LNS for a pool, and it can hand out smaller allocations from that to each connected user. It means there are no changes to routing in the core network when individual users disconnect and reconnect.

Doing static IP (v4 or v6) generally means tunnelling the user to a separate LNS farm dedicated to that function, which increases cost for the provider.

I don't really see that. If the ISP allocates from a pool at an LNS, anything they allocate dynamically, they could also allocate statically. There are more than enough IPv6 addresses available. Plus with things like VOIP, we are moving towards routers being on and having an IP address 24/7 (if we are not at that point already). So there is absolutely no economy of IP address utilisation arising from dynamic IPv6. The only benefit I see is for the ISP having a reduced admin burden of not needing to reserve IP blocks to customers. Which may be the true reason.

Locked into a contract. They do not make their particular implementation clear before you sign up. New to IPV6 and set it up as they use CGNAT. Initially I was oh this is cool. Then hit the problem with dynamic prefixes. They absolutely have the ability to do this as you can get it on their 3Gbs service. I really have no need for 3Gbs and would also entail having to upgrade all of my home network with kit that would not be cheap.

In reply to a post by davekp72:

I really have no need for 3Gbs and would also entail having to upgrade all of my home network with kit that would not be cheap.

You shouldn't have to upgrade you home network. The worst would be if the ONT would not step down to the capability of your router, which I assume has 1000M ethernet. In that case you need only change the router. But I would expect the ONT to adapt to the router.

In reply to a post by DFScale:

I don't really see that. If the ISP allocates from a pool at an LNS, anything they allocate dynamically, they could also allocate statically.

Only if you hit the same LNS. If they have multiple LNSes for redundancy or load-balancing, then if you reconnect to a different LNS and have a static assignment, routing changes need to happen to make inbound traffic for your IP hit the new LNS instead of the old one. Whereas if you're allocated a block out of the pool belonging to whichever LNS you connect to, routing does not change.

I'm not saying it's impossible, and if you design it carefully you would keep the scope of the routing updates within a geographical group of LNSes, as long as a user always hits one in the same cluster.

But the risks of getting it wrong are high: if there's a network outage and you get a "thundering herd" of people reconnecting, you may also get a thundering herd of routing updates which can lead to instability. That's why in general, it's done using tunnelling rather than dynamic routing.

Historical aside: in the ancient days of the 1980's and 1990's, Demon Internet gave all its dialup customers static IPv4 addresses. In order to handle the routing updates when customers connected and disconnected, they implemented their own routing protocol to handle updates in the core. It was called BURP - "Bloody Useless Routing Protocol".

In reply to a post by DFScale:

There are more than enough IPv6 addresses available.

It's nothing to do with address availability, it's all to do with how you route the traffic to the customer's assigned address block.

In reply to a post by DFScale:

The only benefit I see is for the ISP having a reduced admin burden of not needing to reserve IP blocks to customers. Which may be the true reason.

That is part of the job but it's relatively minor. You have an IPAM, you stick an entry in the RADIUS server for each customer, job done.

In reply to a post by candlerb:

In reply to a post by DFScale:

I don't really see that. If the ISP allocates from a pool at an LNS, anything they allocate dynamically, they could also allocate statically.

Only if you hit the same LNS. If they have multiple LNSes for redundancy or load-balancing, then if you reconnect to a different LNS and have a static assignment, routing changes need to happen to make inbound traffic for your IP hit the new LNS instead of the old one. Whereas if you're allocated a block out of the pool belonging to whichever LNS you connect to, routing does not change.

I'm not saying it's impossible, and if you design it carefully you would keep the scope of the routing updates within a geographical group of LNSes, as long as a user always hits one in the same cluster.

But the risks of getting it wrong are high: if there's a network outage and you get a "thundering herd" of people reconnecting, you may also get a thundering herd of routing updates which can lead to instability. That's why in general, it's done using tunnelling rather than dynamic routing.

Historical aside: in the ancient days of the 1980's and 1990's, Demon Internet gave all its dialup customers static IPv4 addresses. In order to handle the routing updates when customers connected and disconnected, they implemented their own routing protocol to handle updates in the core. It was called BURP - "Bloody Useless Routing Protocol".

In reply to a post by DFScale:

There are more than enough IPv6 addresses available.

It's nothing to do with address availability, it's all to do with how you route the traffic to the customer's assigned address block.

In reply to a post by DFScale:

The only benefit I see is for the ISP having a reduced admin burden of not needing to reserve IP blocks to customers. Which may be the true reason.

That is part of the job but it's relatively minor. You have an IPAM, you stick an entry in the RADIUS server for each customer, job done.

Then the database of static assignments needs to be replicated or accessible across all of the clusters. Other ISPs allocate static Ipv6 as the norm and don't make a big song and dance about it.

In reply to a post by DFScale:

Then the database of static assignments needs to be replicated or accessible across all of the clusters.

Yes. RADIUS databases are easy to replicate.

In reply to a post by DFScale:

Other ISPs allocate static Ipv6 as the norm and don't make a big song and dance about it.

I think you'll find it's not the "norm". The largest ones (BT, EE, Sky) provide dynamic IPv6 - for the reasons I gave above. Talktalk, Vodafone and Plusnet don't provide IPv6 at all, but if and when they do I would expect them to be dynamic. Mobile networks give dynamic IPv6.

The ones who provide static IPv6 are the more boutique crew, the largest of which is probably Zen. This is market forces in play: there are some people who want this, and there are providers who meet their needs (for a price).

But it does cost them more to do this, in terms of additional equipment and complexity in their network. That's the reason it's not done as standard: ISPs are a low-margin business, and they are not going to spend money implementing a service feature that few will notice. (TBH, most customers won't even notice that they have IPv6).