In reply to a post by steelej02:

I support many friends and family locally having been a network architect for 30 years until I retired and I can personally confidently access a router and make changes but none of my friends would have a clue how to do it! I have never had access to IPv6 though. None of us NEED inbound connections for day to day use.

None of the fixed line ISPs I've had access to at home have supported v6. Plusnet was my last FTTC/VDSL ISP, and I'm now on Virgin Media cable.

EE mobile is often an IPv6 only network, with 6to4 gateways on the boundary to enable access to the v4 network. There is a NANOG presentation about this if interested. Still doesn't provide any inbound access.

Some VoIP providers (e.g. A&A) are vocal about avoiding NAT, and using a "proper IP that is firewalled" (sic)... maybe a plug for their broadband, but not an option for many using VoIP.

I'm using VoIP with Sipgate on IPv6, no problems at all. Means I can disable keepalives and have no need to add NAT entries or STUN servers and it works as VoIP was designed to work using public to public IP address.

In reply to a post by PCJM40:

In reply to a post by DFScale:

I struggle to see how that is different?

One example, I said if IPv4 is used its used end to end and if IPv6 is used its used its used end to end whereas you said

In reply to a post by DFScale:

I would guess that the majority of the internet is working on ipv6 already, only translating to ipv4 close to pesky customers.

AIUI ipv4 would be tunnelled across an ipv6 network. By 'translating to ipv4' I mean detunnelling. So ipv4 is used end to end over an ipv6 network. But this leaves the core of the network operating on single ipv6 stacks with no need for ipv4 hardware.

I had been a network security specialist for many years until I retired about 5 years ago but that was just as IPv6 was beginning to be available.

Eh? IPv6 has been 'available' for over two decades. My own ISP - IDNet - has been providing dual-stack IPv4/6 for over fifteen years.

NAT on the router prevents inbound traffic. I am quite happy to set up firewall rules in the router but I am certain that none of our non technical friends will know what to do unless this s the default configuration. I have not yet had access t an IPv6 router that is likely to be provided by an ISP or VOIP provider.

I'd be surprised if any router shipped with a default configuration that allowed unsolicited packets to pass through. A router that didn't have a built in firewall would of course but who would buy such a thing?

Edited by Andrue (Sat 10-Feb-24 21:09:50)

In reply to a post by PCJM40:

I understand it differently

The transport be it IPv4 or IPv6 is irrelevant to VOIP, if both the customer and the VOIP provider have IPv6 enabled then it will typically use it end to end, if IPv4 is only available then it will use that. Currently some ISPs only provider IPv4 to the end user so until they all have added IPv6 support most companies are not going to limit themselves to just IPv6 customers.

For what it's worth I'm with IDNet and have dual-stack IPv4/6. I even run a mail server that is configured to accept connections on both. However I just did a quick test and my router showed IPv4 data flow when I made a phone call using my Vonage line. It's not conclusive because my router doesn't appear able to show IPv6 flow and I can't be bothered to install Wireshark but it appears that even with IPv6 available the Vonage HT801 prefers IPv4.

Edited by Andrue (Sat 10-Feb-24 21:29:58)

In reply to a post by Andrue:

For what it's worth I'm with IDNet and have dual-stack IPv4/6. I even run a mail server that is configured to accept connections on both. However I just did a quick test and my router showed IPv4 data flow when I made a phone call using my Vonage line. It's not conclusive because my router doesn't appear able to show IPv6 flow and I can't be bothered to install Wireshark but it appears that even with IPv6 available the Vonage HT801 prefers IPv4.

In your case (with dual stack) the two questions I would ask

1) Does the Vontage HT801 device support IPv6?
2) Does the remote Vontage service resolve to IPv4 or IPv6?

For example someone with a dual stack and a N300 is always going to use IPv4 as this device doesn't support IPv6.

Edited by PCJM40 (Sat 10-Feb-24 23:21:56)

I'm not sure this is going to be as much of an issue as you may think.

By all means when new ISP services are available you will be in a position to review who meets your requirements and at the right price point.

This includes whether you want the ISP to provide / offer a router and preconfigured for your service (but not locked down by them). Or whether you prefer to choose your own router independently and the ISP must be transparent about the settings you will need to configure.

Personally I would not choose an ISP who either insists you must use their router or makes it hard find the configuration to set another router up. I can however understand consumer ISPs wanting you to try with their supplied router as the first step in troubleshooting.

As regards IPv4/6 the default behaviour for any LAN device that has zero IPv6 support and does not configure its interface with IPv6 is that it will merely remain ignorant of it and continue to use IPv4.
You are very unlikely to encounter a consumer ISP whose router does not provide a v4 LAN subnet by default, and both if dual stack by default.

We are mostly in the dual stack phase now for the mainstream ISPs aside from the well known laggards of Virgin Media and Plusnet. The transition of the BT consumer and Sky brands to dual stack shifted the balance some years ago.

VM are already effectively a meme at this point with questions to them on when they are going to introduce it spanning multiple years (including a dedicated parody website) whereas I think Plusnet assume there will be no technology-driven demand from whatever proportion of their customers choose an ISP service primarily on cost - i.e. they don't see it as a problem they need to face yet.

IPv4/6 is not an either/or question and while people do create networks to specifically test IPv6-only and IPv6 mostly behaviour you aren't being pushed into this phase any time soon. The period of overlap is expected to be decades more.

I will make a follow up post shortly.

Edited by prlzx (Sun 11-Feb-24 00:11:40)

If you need more control over your LAN network I would choose a router that supports multiple LAN networks.
This includes the venerable Draytek as well as appliance or DIY approaches such as OpenWRT or pfSense or even Mikrotik, depending on how involved you want to get.

In that scenario you will have enough flexibility to run a default dual-stack LAN and a secondary IPv4-only LAN on which to drop devices which have incomplete IPv6 support.

The devices that can have trouble are ones that try to implement it partially and make a hash of it.
Specifically this means devices that configure/register an address for their interface but then fail to listen on both v4 and v6 for all relevant services or sharing.
In other words things that advertise themselves to the LAN but whose services aren't actually accepting connections for IPv6.

Whereas devices that have supported it for years and devices that have zero implementation will both have no problems being on a dual stack network.

For transparency I am on Zen with the supplied Fritz!box and using their DV service, so VoIP sessions terminate on the router anyway on the public-facing interface. The call internally is distributed over the built-in DECT base so the handset is not even IP aware.

But I could have an app or wired handset talk to the Fritz!box as a local handset/extension if I wished.
And I believe there is documentation if I wished to have an app register with Zen directly so that it could work outside the home (or I could use VPN to connect back the Fritz!box anyway).

On my LAN I have set it up to always provide the ULA network (fd… /64 prefix) which can be used for stable addressing whose scope remains inside the LAN.

Zen's delegated /48 is also static so if you want to make use of the global addressing you can do.
Similar applies if you use IDNet or AAISP, I cannot speak for whether Sky or BT do this or try to make static delegations a chargeable / business class service.

The Fritz!box has a dual stack firewall with default deny on inbound (unsolicited) as others have commented,
and the section where you'd configure port forwarding for IPv4 also has settings for opening the corresponding port (no NAT) to the global IPv6 address of the same device.
It's not a seperate part of the UI to hunt down, You just choose whether you want to allow v4, v6 or both when defining external access to a service.

I use this to allow incoming Wireguard connections to reach a couple of targets on different ports listening inside the LAN and can use the global v6 address of the LAN device or the outer v4 NATTed address of the router if coming in from a v4-only network when away.

Edited by prlzx (Sun 11-Feb-24 00:10:03)

Thanks for your reply.

As it happens I am currently with Plusnet for both my landline phone and broadband have been with them for many years. I have however been getting increasingly dissatisfied with their technical support - the only way now seems to be via their forum!

My phone/broadband (FTTC) contract however has another year to run and I have been unable to easily get any answer as to what my cancellation charge would be.

Due entirely to the increasing difficulty with Plusnet support and recent outages I have moved my own domain email hosting and web site to another provider. This makes it much easier to switch to an alternative supplier. I have also moved my mobile phone to another provider (and saved myself about £4 per month!

I am just trying to understand what will happen to my home network when I am forced to go FTTP. I could probably use Swish now, at a cost, as their fibre duct now passes our property. I do not have a date for when BT Openreach will be able to provide FTTP which will probably, and more conveniently, use overhead distribution from the shared pole in my garden (it is owned by the Power DNO - I get a wayleave payment from both). This handles about 20 lines for our neighbours.

I don't want any unexpected surprises which is why I was asking about the likely router capabilities. Other friends are more likely to get fibre sooner and will also expect me to know all the answers!

Thanks - my longer answers and the more technical follow-up were in anticipation of some assumptions that often follow from going from no IPv6 to potentially having it available.

The short answer though is to reassure that you won't be prevented at the router from using IPv4 primarily or even exclusively on your LAN if you choose to.

Do be aware though that a few of the new ISPs have been selling their service in a more locked-down way (treat the router as a black box owned by the ISP).
It can be related to ISPs offering a semi-portable connection where no traditional service is possible.
I have heard of customers having to call the ISP to change their SSID/password but that is the extreme example of this.

- - - - -

I would still check before sign up though that you are not being sold a CGNAT service because that just adds complications for accessing services inside your LAN.

It's a generalisation but the providers who readily offer static IPv4 and IPv6 as standard and have done for more than a decade may be a safer bet for for you having full control over how you run your LAN and what router to use, and are more likely to be able to respond to specific support questions beyond general 1st-line scripted replies.

The ISPs with a recurring extra charge for static public addressing, there is always a risk that they will try to squeeze a higher margin from those customers when they want to raise more revenue.

Edited by prlzx (Sun 11-Feb-24 00:46:13)