VOIP - IP version

I have not seen any mention of !P v6 or IP v4 on any discussion on VOIP so I have re-joined this forum to ask a question.

When we get (or are forced to have) VOIP telephone over FTTP (not yet available via Openreach for my address - last heard they were still negotiating to use the overhead power distribution pole in my garden for fibre, this is currently used by Openreach for telephone) for both voice and Internet I assume we will get a new router. Swish have installed fibre ducts in the road so that is still potentially an option.

I have no real issue with IPV6 on the external service into my home but I prefer to continue use IPV4 on my home network due to the additional protection against inbound traffic due to the router blocking inbound traffic. I am also not certain that my heating controls (available via my phone through the Honeywell server) will continue to work as they only support as far as I know IP4.

My internal network has my Evohome heating controls, a NAS, and several TVs plus a PVR all currently using IPv4 for catch-up services and would also need to be looked at and these may not all work over IPv6.

Well, if you want something on VOIP and ipv6, this contains some discussion, but it's a bit heavy https://discovery.ucl.ac.uk/id/eprint/1417486/2/Kirs... . This indicates that most of the protocols and kit for VOIP are ipv6 capable already.

ipv4 and ipv6 will coexist on the internet for years to come and Fig 1 in the referenced document shows an ipv4-ipv6 boundary interface unit. These will be in place right now and operating transparently. Shoot me down in flames, but I would guess that the majority of the internet is working on ipv6 already, only translating to ipv4 close to pesky customers. So from that perspective, we are close to the endgame for ipv4, because FTTP supports and indeed I have a dual ipv4 ipv6 service. Although the endgame will probably take decades to conclude.

Ultimately, I expect service to the premises to become ipv6 only, at which point customer routers may well accommodate by incorporating an ipv4-ipv6 boundary interface operating much like NAT, at a time when most enduser devices will be ipv6 capable anyway. All speculation on my part. But already, I think we should be checking that any tcp/ip devices and systems we buy are ipv6 capable, although I think any ipv4 kit you have right now will reach a natural End-of-Life long before it is obsoleted by cessation of ipv4 support.

I understand it differently

The transport be it IPv4 or IPv6 is irrelevant to VOIP, if both the customer and the VOIP provider have IPv6 enabled then it will typically use it end to end, if IPv4 is only available then it will use that. Currently some ISPs only provider IPv4 to the end user so until they all have added IPv6 support most companies are not going to limit themselves to just IPv6 customers.

I struggle to see how that is different?

In reply to a post by steelej02:

I have no real issue with IPV6 on the external service into my home but I prefer to continue use IPV4 on my home network due to the additional protection against inbound traffic due to the router blocking inbound traffic.

That is an often misquoted reason with no factual basis, whilst IPv4 NAT does implicitly prevent inbound connections to LAN devices it is trivial to block IPv6 from the WAN with firewall rules. I would expect consumer routers to do so by default, certainly AVM on their FRIZT!Box routers and Mikrotik do on their SOHO & mid-range routers too.

In reply to a post by tdw42:

I would expect consumer routers to do so by default, certainly AVM on their FRIZT!Box routers and Mikrotik do on their SOHO & mid-range routers too.

Asus routers do by default also.

In reply to a post by DFScale:

I struggle to see how that is different?

One example, I said if IPv4 is used its used end to end and if IPv6 is used its used its used end to end whereas you said

In reply to a post by DFScale:

I would guess that the majority of the internet is working on ipv6 already, only translating to ipv4 close to pesky customers.

I would suggest IPv4 is still the most used protocol.

I had been a network security specialist for many years until I retired about 5 years ago but that was just as IPv6 was beginning to be available. I have several devices on my current IPv4 local network which do not mention IPv6 in their documentation. These include two quite recent LG TVs, a much older TV that can all connect to the Internet and a Humax PVR and a Honeywell Evohome heating controller that all use IPv4 and I am not sure whether any of these are capable of IPv6. My Synology NAS may do, and my two Dell laptops certainly will support IPv6.

I am not yet in a position to get FTTP from Openreach (they need to negotiate a pole sharing with the Electricity DNO that owns the pole) but could from Swish as they have installed fire ducting in the road. I currently am using FTTC with a Plusnet router with an IPv4 internal network.

I am just wanting to know what to expect in terms of compatibility with the routers that will be supplied when we are forced to go to VOIP. If the routers provided support either firewall rules or IPv4 on the local LAN then I know what to do (at least in principle). If they expect to use IPv6 on the internal LAN then I can see many problems.

NAT on the router prevents inbound traffic. I am quite happy to set up firewall rules in the router but I am certain that none of our non technical friends will know what to do unless this s the default configuration. I have not yet had access t an IPv6 router that is likely to be provided by an ISP or VOIP provider.

In reply to a post by jchamier:

In reply to a post by tdw42:

I would expect consumer routers to do so by default, certainly AVM on their FRIZT!Box routers and Mikrotik do on their SOHO & mid-range routers too.

Asus routers do by default also.

I support many friends and family locally having been a network architect for 30 years until I retired and I can personally confidently access a router and make changes but none of my friends would have a clue how to do it! I have never had access to IPv6 though. None of us NEED inbound connections for day to day use.

If the DEFAULT is for ISP/VOIP provided routers is to block inbound traffic then that is the answer I was looking for. Is this actually the case however?

In reply to a post by jchamier:

In reply to a post by tdw42:

I would expect consumer routers to do so by default, certainly AVM on their FRIZT!Box routers and Mikrotik do on their SOHO & mid-range routers too.

Asus routers do by default also.

Indeed and all stateful firewalls block unsolicited incoming traffic by default on IPv6 and IPv4. NAT doesn't really add any security. Also we should remember that IPv6 gives us trillions of IP addresses in our own homes, so even if the firewall was open to all IPv6 incoming traffic, it would take some doing to find legitimate IPv6 addresses to connect to.

I'm running IPv6 and I get no attempts to connect or scan my IPv6 address space.

In reply to a post by steelej02:

I support many friends and family locally having been a network architect for 30 years until I retired and I can personally confidently access a router and make changes but none of my friends would have a clue how to do it! I have never had access to IPv6 though. None of us NEED inbound connections for day to day use.

None of the fixed line ISPs I've had access to at home have supported v6. Plusnet was my last FTTC/VDSL ISP, and I'm now on Virgin Media cable.

EE mobile is often an IPv6 only network, with 6to4 gateways on the boundary to enable access to the v4 network. There is a NANOG presentation about this if interested. Still doesn't provide any inbound access.

Some VoIP providers (e.g. A&A) are vocal about avoiding NAT, and using a "proper IP that is firewalled" (sic)... maybe a plug for their broadband, but not an option for many using VoIP.

I'm using VoIP with Sipgate on IPv6, no problems at all. Means I can disable keepalives and have no need to add NAT entries or STUN servers and it works as VoIP was designed to work using public to public IP address.

In reply to a post by PCJM40:

In reply to a post by DFScale:

I struggle to see how that is different?

One example, I said if IPv4 is used its used end to end and if IPv6 is used its used its used end to end whereas you said

In reply to a post by DFScale:

I would guess that the majority of the internet is working on ipv6 already, only translating to ipv4 close to pesky customers.

AIUI ipv4 would be tunnelled across an ipv6 network. By 'translating to ipv4' I mean detunnelling. So ipv4 is used end to end over an ipv6 network. But this leaves the core of the network operating on single ipv6 stacks with no need for ipv4 hardware.

I had been a network security specialist for many years until I retired about 5 years ago but that was just as IPv6 was beginning to be available.

Eh? IPv6 has been 'available' for over two decades. My own ISP - IDNet - has been providing dual-stack IPv4/6 for over fifteen years.

NAT on the router prevents inbound traffic. I am quite happy to set up firewall rules in the router but I am certain that none of our non technical friends will know what to do unless this s the default configuration. I have not yet had access t an IPv6 router that is likely to be provided by an ISP or VOIP provider.

I'd be surprised if any router shipped with a default configuration that allowed unsolicited packets to pass through. A router that didn't have a built in firewall would of course but who would buy such a thing?

Edited by Andrue (Sat 10-Feb-24 21:09:50)

In reply to a post by PCJM40:

I understand it differently

The transport be it IPv4 or IPv6 is irrelevant to VOIP, if both the customer and the VOIP provider have IPv6 enabled then it will typically use it end to end, if IPv4 is only available then it will use that. Currently some ISPs only provider IPv4 to the end user so until they all have added IPv6 support most companies are not going to limit themselves to just IPv6 customers.

For what it's worth I'm with IDNet and have dual-stack IPv4/6. I even run a mail server that is configured to accept connections on both. However I just did a quick test and my router showed IPv4 data flow when I made a phone call using my Vonage line. It's not conclusive because my router doesn't appear able to show IPv6 flow and I can't be bothered to install Wireshark but it appears that even with IPv6 available the Vonage HT801 prefers IPv4.

Edited by Andrue (Sat 10-Feb-24 21:29:58)

In reply to a post by Andrue:

For what it's worth I'm with IDNet and have dual-stack IPv4/6. I even run a mail server that is configured to accept connections on both. However I just did a quick test and my router showed IPv4 data flow when I made a phone call using my Vonage line. It's not conclusive because my router doesn't appear able to show IPv6 flow and I can't be bothered to install Wireshark but it appears that even with IPv6 available the Vonage HT801 prefers IPv4.

In your case (with dual stack) the two questions I would ask

1) Does the Vontage HT801 device support IPv6?
2) Does the remote Vontage service resolve to IPv4 or IPv6?

For example someone with a dual stack and a N300 is always going to use IPv4 as this device doesn't support IPv6.

Edited by PCJM40 (Sat 10-Feb-24 23:21:56)

I'm not sure this is going to be as much of an issue as you may think.

By all means when new ISP services are available you will be in a position to review who meets your requirements and at the right price point.

This includes whether you want the ISP to provide / offer a router and preconfigured for your service (but not locked down by them). Or whether you prefer to choose your own router independently and the ISP must be transparent about the settings you will need to configure.

Personally I would not choose an ISP who either insists you must use their router or makes it hard find the configuration to set another router up. I can however understand consumer ISPs wanting you to try with their supplied router as the first step in troubleshooting.

As regards IPv4/6 the default behaviour for any LAN device that has zero IPv6 support and does not configure its interface with IPv6 is that it will merely remain ignorant of it and continue to use IPv4.
You are very unlikely to encounter a consumer ISP whose router does not provide a v4 LAN subnet by default, and both if dual stack by default.

We are mostly in the dual stack phase now for the mainstream ISPs aside from the well known laggards of Virgin Media and Plusnet. The transition of the BT consumer and Sky brands to dual stack shifted the balance some years ago.

VM are already effectively a meme at this point with questions to them on when they are going to introduce it spanning multiple years (including a dedicated parody website) whereas I think Plusnet assume there will be no technology-driven demand from whatever proportion of their customers choose an ISP service primarily on cost - i.e. they don't see it as a problem they need to face yet.

IPv4/6 is not an either/or question and while people do create networks to specifically test IPv6-only and IPv6 mostly behaviour you aren't being pushed into this phase any time soon. The period of overlap is expected to be decades more.

I will make a follow up post shortly.

Edited by prlzx (Sun 11-Feb-24 00:11:40)

If you need more control over your LAN network I would choose a router that supports multiple LAN networks.
This includes the venerable Draytek as well as appliance or DIY approaches such as OpenWRT or pfSense or even Mikrotik, depending on how involved you want to get.

In that scenario you will have enough flexibility to run a default dual-stack LAN and a secondary IPv4-only LAN on which to drop devices which have incomplete IPv6 support.

The devices that can have trouble are ones that try to implement it partially and make a hash of it.
Specifically this means devices that configure/register an address for their interface but then fail to listen on both v4 and v6 for all relevant services or sharing.
In other words things that advertise themselves to the LAN but whose services aren't actually accepting connections for IPv6.

Whereas devices that have supported it for years and devices that have zero implementation will both have no problems being on a dual stack network.

For transparency I am on Zen with the supplied Fritz!box and using their DV service, so VoIP sessions terminate on the router anyway on the public-facing interface. The call internally is distributed over the built-in DECT base so the handset is not even IP aware.

But I could have an app or wired handset talk to the Fritz!box as a local handset/extension if I wished.
And I believe there is documentation if I wished to have an app register with Zen directly so that it could work outside the home (or I could use VPN to connect back the Fritz!box anyway).

On my LAN I have set it up to always provide the ULA network (fd… /64 prefix) which can be used for stable addressing whose scope remains inside the LAN.

Zen's delegated /48 is also static so if you want to make use of the global addressing you can do.
Similar applies if you use IDNet or AAISP, I cannot speak for whether Sky or BT do this or try to make static delegations a chargeable / business class service.

The Fritz!box has a dual stack firewall with default deny on inbound (unsolicited) as others have commented,
and the section where you'd configure port forwarding for IPv4 also has settings for opening the corresponding port (no NAT) to the global IPv6 address of the same device.
It's not a seperate part of the UI to hunt down, You just choose whether you want to allow v4, v6 or both when defining external access to a service.

I use this to allow incoming Wireguard connections to reach a couple of targets on different ports listening inside the LAN and can use the global v6 address of the LAN device or the outer v4 NATTed address of the router if coming in from a v4-only network when away.

Edited by prlzx (Sun 11-Feb-24 00:10:03)

Thanks for your reply.

As it happens I am currently with Plusnet for both my landline phone and broadband have been with them for many years. I have however been getting increasingly dissatisfied with their technical support - the only way now seems to be via their forum!

My phone/broadband (FTTC) contract however has another year to run and I have been unable to easily get any answer as to what my cancellation charge would be.

Due entirely to the increasing difficulty with Plusnet support and recent outages I have moved my own domain email hosting and web site to another provider. This makes it much easier to switch to an alternative supplier. I have also moved my mobile phone to another provider (and saved myself about £4 per month!

I am just trying to understand what will happen to my home network when I am forced to go FTTP. I could probably use Swish now, at a cost, as their fibre duct now passes our property. I do not have a date for when BT Openreach will be able to provide FTTP which will probably, and more conveniently, use overhead distribution from the shared pole in my garden (it is owned by the Power DNO - I get a wayleave payment from both). This handles about 20 lines for our neighbours.

I don't want any unexpected surprises which is why I was asking about the likely router capabilities. Other friends are more likely to get fibre sooner and will also expect me to know all the answers!

Thanks - my longer answers and the more technical follow-up were in anticipation of some assumptions that often follow from going from no IPv6 to potentially having it available.

The short answer though is to reassure that you won't be prevented at the router from using IPv4 primarily or even exclusively on your LAN if you choose to.

Do be aware though that a few of the new ISPs have been selling their service in a more locked-down way (treat the router as a black box owned by the ISP).
It can be related to ISPs offering a semi-portable connection where no traditional service is possible.
I have heard of customers having to call the ISP to change their SSID/password but that is the extreme example of this.

- - - - -

I would still check before sign up though that you are not being sold a CGNAT service because that just adds complications for accessing services inside your LAN.

It's a generalisation but the providers who readily offer static IPv4 and IPv6 as standard and have done for more than a decade may be a safer bet for for you having full control over how you run your LAN and what router to use, and are more likely to be able to respond to specific support questions beyond general 1st-line scripted replies.

The ISPs with a recurring extra charge for static public addressing, there is always a risk that they will try to squeeze a higher margin from those customers when they want to raise more revenue.

Edited by prlzx (Sun 11-Feb-24 00:46:13)

In reply to a post by PCJM40:

1) Does the Vontage HT801 device support IPv6?
2) Does the remote Vontage service resolve to IPv4 or IPv6?

According to its web page it has software version 1.1.1.5. According to the Administration Guide IPv6 support was introduced in 1.0.214.4. So it should support it.

The unit ships pre-configured from Vonage so I think they've probably decided to configure it for IPv4 on the grounds that it keeps things simple. From their perspective if a customer is having problems they at least know they've ruled IPv6 out of the equation.

And anyway - as long as Vonage have an IPv4 address to hang a server(*) off they have no need to go to IPv6. It doesn't offer them any advantages.

(*)Most likely a load balancing server.

Edited by Andrue (Sun 11-Feb-24 08:10:27)

In reply to a post by steelej02:

As it happens I am currently with Plusnet for both my landline phone and broadband have been with them for many years. I have however been getting increasingly dissatisfied with their technical support - the only way now seems to be via their forum!

That was why I left them several years ago. There were a couple of instances of poor single thread throughput and it took ages for me and others to persuade them to investigate.

The final straw was when they announced that they were 'building' a new network and that they were closing down their IPv6 beta programme because the new network didn't support it. The idea that an established ISP would rebuild their network and not bake IPv6 support in from the start was just too farcical for me. So I switched to IDNet. They don't just have IPv6 support they embrace it and from the conversations I had while configuring my mail server they are fully competent to support it.

I guess that's why they cost more than PlusNet. If you want an ISP with good support and technical competence you have to pay for it. Shocker

Edited by Andrue (Sun 11-Feb-24 08:17:05)

In reply to a post by jchamier:

Some VoIP providers (e.g. A&A) are vocal about avoiding NAT, and using a "proper IP that is firewalled" (sic)... maybe a plug for their broadband, but not an option for many using VoIP.
[/quote

Do you know how this is achieved? A&A certainly advise this on their website, but was not offered as an option when I asked them about a VoIP problem I had (when using A&A for one line and Telappliant for the other line).

Cheers!