cancel
Showing results for 
Search instead for 
Did you mean: 

UK among nations that have done least

ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: UK among nations that have done least

The only available release notes for the 10.2 firmware for technicolor routers including the 582n mentions IPv6 stateful firewall support in the new features added in 10.2.
Unfortunately there's no firewall that will protect you from largely nonsensical forum posts sprinkled with technical jargon.
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: UK among nations that have done least

Googling around I can see that advice for some routers is to disable SPI for port forwarding but this doesn't apply to *all* routers...  Even those that do suggest turning off SPI don't suggest that this leaves the router with no firewall at all.
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: UK among nations that have done least

indeed that's because NAT is considered to be some sort of firewall, even though it will totally ignore all traffic targeted at the open ports.....which is why upnp is far superior to static entries, of course upnp doesn't work for allowing external access on the fly through a router, for that you require a gateway server of some description to provide the discrimination between allowed and disallowed traffic.

@Krazneh
theres a wealth of information on the problems caused by routers that were not initially designed to support ipv6 functionality and how its been flashed into them at the operating system level which whilst providing the capability is causing problems in other aspects of the device either by disabling functions or through limiting the number of devices
as for the nominal number of devices supported on a retail connection that information is provided by the various isp's, I have in the past made enquiries about such things and been informed that the majority have picked 8 per dynamic or fixed ip (some have lower numbers) for retail and as contracted for business connections, if that is correct and they "choose" to change this over to a "per connection" (as was indicated would be the case in a whitepaper on the issue) basis under ipv6, then this would give each residential customer a maximum of 8 connected devices including there router, unless of course your ipv6 network is different
just because your paranoid doesn't mean they aren't out to get you
MJN
Pro
Posts: 1,318
Thanks: 160
Fixes: 5
Registered: ‎26-08-2010

Re: UK among nations that have done least

Nanotm, you are getting very confused (again).
ISPs do not limit the number of devices you can connect, only the number of addresses they assign to you.
Thus, in IPv4, you would typically need to use NAT (actually PAT) to allow a greater number of devices to connect than you have IPv4 addresses assigned. For dynamic allocations you would usually get just a single IPv4 address, but static blocks of upto 8 are often available (for an additional fee or as part of a business connection agreement).
With IPv6 you will at the very least get a /64 but more likely a /58 or greater so there's no concerns there and certainly no need for any NAT to multiplex it further.
PLEASE stop spreading misinformation. You do not know enough about the subject and a little knowledge is dangerous.
Anonymous
Not applicable

Re: UK among nations that have done least

Are you sure that you are not getting confused with the maximum WAN address block size that an ISP might allocate a residential customer ?
i.e. a /29 block of 8 IPv4 addresses.

If you are right though, if a customer is using NAT on a single WAN IP address, what difference does it make to the ISP how many devices are using the customers LAN ?
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: UK among nations that have done least

its to do with throughput allocation support,
I don't think they actually care how many devices sit behind your router, but they will at there discretion refuse to provide help for people with "more than the supported amount" something to do with how much horsepower is required in a router to provide the connectivity share for larger numbers (for instance a PlusNet rep told me there limit is 8 whilst BT have previously told me there's is 5)
as to if they could truly tell without accessing the router I have no idea (I rather suspect not) but I have heard and seen on a certain isp's router that it will not allow more than 7 devices to have internet access at the same time (you can hack the thing and override it but why bother when it breaks there ToS and allows them to cancel your contract)
the problem comes into play though (and its widely expected to be a problem) when you look at just how many people seek out a router that supports there requirements because the supplied router cant cope with all there stuff online at the same time (overheating/freezing/connection dropping etc)
with ipv6 they would have to figure out either providing more capable routers (better cpu/more ram/better cooling) or enforce the limit
then your into the realms of how do people plug there lan connected kit together so its always available for use, and still maintain privacy control over it along with the problems of who or what can be in use, or will everything be able to be used even, if I plug in a router a couple of pc's turn on some tablets and phones and add in some laptops (at least 5 of everything) which ones will be getting populated into the ipv6 address list and allowed internet connectivity (yes I have a large family and most of the time at least 2 devices are switched on if not in use)
how will things work in terms of creating home networks (auto population of routing tables and firewall allow rules for file sharing etc or all totally isolated by default and manual population on a per device basis)
with ipv4 and everything sharing 1 wan ip the connectivity internally of the lan is simple, with ipv6 that will all change, how will a cheap ass router be able to cope with kids being kids and turning stuff on and off (more a problem with tablets and phones)  how will you manage to receive an ipv6 address for each piece of kit on your home network from your isp's dns list (because if 1 devices gets it they all will need to)
clearly NAT has been a great boon for years in terms of allowing people to have simple home networks (plug stuff in and turn it on) and indeed that's still possible with ipv6 stateless auto config, the problem comes when your getting given the external ip which means using a statefull setup and suddenly everything is getting its ip address allocated by the isp and not the router, but there fixed per device or dynamic ?
of course allowing all routers to provide stateless configuration wont work or every customer will have the same address on there first device creating conflicts up the ying yang
I don't know many people who are pc competent never mind network competent but they all have a multitude of connected equipment and there all going to scream loudly if things don't work as expected,
if the isp is going ot provide a statefull address under dhcp auto config for every device who's going to tell them which one is the media store and the printer, who's going to keep the records up to date when stuff gets moved (and thus moves its connection number)
don't get me wrong all of this should have ben sorted out 20 + years ago and fully supported ipv6 implemented back then, unfortunately the privacy lobby got there way and ipv6 was put back on the shelf for another day, now its being vaunted as the only way to go despite the problems still being multitude
just because your paranoid doesn't mean they aren't out to get you
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: UK among nations that have done least

When in hole, stop digging!
MJN
Pro
Posts: 1,318
Thanks: 160
Fixes: 5
Registered: ‎26-08-2010

Re: UK among nations that have done least

Quote from: nanotm
with ipv4 and everything sharing 1 wan ip the connectivity internally of the lan is simple, with ipv6 that will all change, how will a cheap ass router be able to cope with kids being kids and turning stuff on and off (more a problem with tablets and phones)  how will you manage to receive an ipv6 address for each piece of kit on your home network from your isp's dns list (because if 1 devices gets it they all will need to)

Nanotm, you really don't understand how this works.
The ISP will allocate a subnet to your router, not individual addresses as required.
Based on this subnet your devices will obtain their addresses one of three ways:
1. Automatically configured by adding on a 64-bit identifier (e.g. random number or based on the MAC address) to the subnet advertised by the router
2. Automatically via DHCPv6
3. Manually configured by the user
The router will be free to route and implement the firewall; it won't have any of the overhead of NAT and its related header modifications.
I won't comment on the rest of your post as it made no sense whatsoever.
PLEASE stop spreading misinformation. You do not know enough about the subject and a little knowledge is dangerous.
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: UK among nations that have done least

so theres no basis for the rumour that isp's are being encouraged to limit subnet allocation down to 16 out of the 65,536 possible addresses per residential customer then?
and if its true how does the larger home get round the problem of not being able to address the remainder of there items ?
if the isp allows unlimited allocations how does it manage the dns + routing information information, as has already been mentioned there isn't a database capable of doing it on such a large number of addresses never mind doing it in near instantaneous format as it manages now, if the isp is going to limit residential users to smaller entries in the dns +routing table's then how will it prevent a wiley customer from allocating there /64 through a secondary router to multiple /64 clients, indeed how is it going to prevent customers from contravening current accepted practice over the addresses used within subnets ?


just because your paranoid doesn't mean they aren't out to get you
pwatson
Rising Star
Posts: 2,470
Thanks: 8
Fixes: 1
Registered: ‎26-11-2012

Re: UK among nations that have done least

Quote from: nanotm
so theres no basis for the rumour that isp's are being encouraged to limit subnet allocation down to 16 out of the 65,536 possible addresses per residential customer then?
and if its true how does the larger home get round the problem of not being able to address the remainder of there items ?

What rumour?  This is plainly nonsense!
Quote from: nanotm
if the isp allows unlimited allocations how does it manage the dns + routing information information

You will have a routed subnet so where does your concern about routing info come from?  DNS doesn't even come into it!
MJN
Pro
Posts: 1,318
Thanks: 160
Fixes: 5
Registered: ‎26-08-2010

Re: UK among nations that have done least

Quote from: nanotm
so theres no basis for the rumour that isp's are being encouraged to limit subnet allocation down to 16 out of the 65,536 possible addresses per residential customer then?

You tell us. Where have you heard this rumour? Tell us that and we can tell you what basis it has (hint: I can tell you now it'll be baseless as it is complete nonsense - the figures are wrong anyway).
Quote
if the isp allows unlimited allocations how does it manage the dns + routing information information, as has already been mentioned there isn't a database capable of doing it on such a large number of addresses

Various people keep pointing this out to you but you are refusing to take it on board. Routing is not done per-address. Routing entries represent summarised ranges of addresses i.e subnets. Through hierarchical allocation the routing tables can therefore be kept lean. For example, an ISP will be allocated a /32 and thus it can represent all its customers as a single entry in the routing announcements to its peers. This /32 will be chopped up internally, again following a hierarchy, so that each customers gets, say, a /56. Each /56 is a single route in the ISP's internal routing tables regardless how many devices a customer then connects. Those mutliple internal routes are not propogated outside the ISP as they are already summarised in the /32.
DNS plays no part in this - your ISP does not need to host any zones/entries for you to access the Internet. If you want to run a server at home then you would likely want a DNS entry but that'd be a single entry for that single device and wouldn't necessarilly (or indeed usually) be done by your ISP anyway.
Quote
how will it prevent a wiley customer from allocating there /64 through a secondary router to multiple /64 clients

What do you mean by 'multiple /64 clients'? The '/64' refers to a subnet size and, in IPv6, is the de facto standard sized of subnet for a single LAN. (There are smaller subnet sizes often used on point-to-point links and loopbacks but don't let them cloud the issue).
Quote
indeed how is it going to prevent customers from contravening current accepted practice over the addresses used within subnets ?

I have no idea what you mean by that.
nanotm
Pro
Posts: 5,756
Thanks: 156
Fixes: 2
Registered: ‎11-02-2013

Re: UK among nations that have done least

the accepted standard for subnet routing is to use or allocate as /64, larger or smaller subnets will just cause problems, if theres no entry in the isp dns server how does online gaming over ipv6 work (all clients will need to direct connect to each other)
if theres no routing table how does the peer node figure out which network traversal will provide the shortest path,
without a dns entry it wont be possible for peer to peer connections, without a routing table a dns entry is largely pointless,
its also accepted practice that you wouldn't allocate more than a few hundred addresses on each /64 in order to maintain address separation and randomization levels (which is listed as a positive security measure given the possible number of /64 addresses that could be in use) for the same reason its also recommended practice that all point to point's are done on a /64
now if I told you where I got my info that would take the fun out of things
just because your paranoid doesn't mean they aren't out to get you
ejs
Aspiring Hero
Posts: 5,442
Thanks: 631
Fixes: 25
Registered: ‎10-06-2010

Re: UK among nations that have done least

nanotm, do you remember when you said "makes me wonder why people think its easier to understand something that's completely wrong and then wonder why its even harder to dislodge the incorrect concept" ? Well, you don't need to wonder anymore!
MJN
Pro
Posts: 1,318
Thanks: 160
Fixes: 5
Registered: ‎26-08-2010

Re: UK among nations that have done least

Nanotm: I give up.
I am more than happy to help someone understand the intricacies of how IPv6 works however they've got to be willing to open their mind. You think you know it all already, yet very clearly don't, and are not willing to actually listen to what people are telling you. There's no bragging to be had here - we are afterall all on the same path of learning, just at different stages - so there's no shame in admitting when you don't understand something.
Your understanding of the fundamentals is flawed and until you are prepared to accept that there is probably little to we can do to help you.
Anonymous
Not applicable

Re: UK among nations that have done least

Exasperating !