Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. ipv6
Residential subscribers: numbered or unnumbered?
philip_matthews at magma
Mar 25, 2014, 10:29 AM
Post #1 of 15 (6772 views)
Permalink
Folks:

Until recently, I was under the impression that most people were using numbered v6 links to residential subscribers, allocating the WAN address using DHCPv6. However, recently two people have told me about a number of providers that are doing unnumbered instead.

So for anyone who has deployed or is planning to deploy residential IPv6, I am curious to know which way you are going, and more importantly why you selected that approach? My interest is primarily in IPoE, but I don't mind hearing about PPPoE as well.

The arguments I know or have heard for going numbered are:
* Have a WAN address that one can ping remotely to verify connectivity (here I am assuming using DHCPv6 to assign a specific IID like ::1)
* Want to use TR-069

The arguments I can think of for going unnumbered are:
* Greater security
* Plan to ping the loopback address on the CPE


Additional questions for those who have chosen the unnumbered approach or are using SLAAC to number the WAN address.
* What are you doing wrt having an address to ping to confirm the CPE is reachable?
* For those doing unnumbered, do all CPEs implement the same algorithm for selecting the loopback address according to WAA-7 in RFC 7084? If not, how do you handle this? For example, do you only select CPEs that implement the same algorithm? Do you just try the likely candidates until one works? Or something else?


- Philip
Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
corbe at corbe
Mar 25, 2014, 11:49 AM
Post #2 of 15 (6708 views)
Permalink
Along these lines I'd like to see an example of how an unnumbered
configuration would work; because I'm using DHCPv6 for anything
customer-facing today.

Philip Matthews <philip_matthews@magma.ca> writes:

> Folks:
>
> Until recently, I was under the impression that most people were using
> numbered v6 links to residential subscribers, allocating the WAN
> address using DHCPv6. However, recently two people have told me about
> a number of providers that are doing unnumbered instead.
>
> So for anyone who has deployed or is planning to deploy residential
> IPv6, I am curious to know which way you are going, and more
> importantly why you selected that approach? My interest is primarily
> in IPoE, but I don't mind hearing about PPPoE as well.
>
> The arguments I know or have heard for going numbered are:
> * Have a WAN address that one can ping remotely to verify connectivity
> (here I am assuming using DHCPv6 to assign a specific IID like ::1)
> * Want to use TR-069
>
> The arguments I can think of for going unnumbered are:
> * Greater security
> * Plan to ping the loopback address on the CPE
>
>
> Additional questions for those who have chosen the unnumbered approach
> or are using SLAAC to number the WAN address.
> * What are you doing wrt having an address to ping to confirm the CPE is reachable?
> * For those doing unnumbered, do all CPEs implement the same algorithm
> for selecting the loopback address according to WAA-7 in RFC 7084? If
> not, how do you handle this? For example, do you only select CPEs that
> implement the same algorithm? Do you just try the likely candidates
> until one works? Or something else?
>
>
> - Philip
Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
f at zz
Mar 25, 2014, 12:13 PM
Post #3 of 15 (6718 views)
Permalink
On Tue, Mar 25, 2014 at 01:29:39PM -0400, Philip Matthews wrote:
> Folks:
>
> Until recently, I was under the impression that most people were using
> numbered v6 links to residential subscribers, allocating the WAN
> address using DHCPv6. However, recently two people have told me about
> a number of providers that are doing unnumbered instead.
>
> So for anyone who has deployed or is planning to deploy residential
> IPv6, I am curious to know which way you are going, and more
> importantly why you selected that approach? My interest is primarily
> in IPoE, but I don't mind hearing about PPPoE as well.
>
> The arguments I know or have heard for going numbered are:
> * Have a WAN address that one can ping remotely to verify connectivity
> (here I am assuming using DHCPv6 to assign a specific IID like ::1)
> * Want to use TR-069
>
> The arguments I can think of for going unnumbered are:
> * Greater security
> * Plan to ping the loopback address on the CPE
>
> Additional questions for those who have chosen the unnumbered approach or are using SLAAC to number the WAN address.
> * What are you doing wrt having an address to ping to confirm the CPE
> is reachable?
> * For those doing unnumbered, do all CPEs implement the same algorithm
> for selecting the loopback address according to WAA-7 in RFC 7084? If
> not, how do you handle this? For example, do you only select CPEs that
> implement the same algorithm? Do you just try the likely candidates
> until one works? Or something else?

We are doing PPPoE with SLAAC and DHCP-PD for a /56 - simple -
straightforward and works like a charm with our AVM CPE installbase.
Shipping IPv6 default enabled CPEs for 2 years.

PPPoE solves all the v6 L2 security problems of legacy L2 networks and
also solves the connectivity issues from your second paragraph. PPP
comes with keepalives. Combined with multiple BRASes the fallback
with a delayed PADO you are basically done with a failover scenario.

We have some small footprints with IPoE and we dont even plan to offer
v6 in that situation.

Flo
--
Florian Lohoff f@zz.de

Attached Files:

Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
Holger.Zuleger at hznet
Mar 25, 2014, 12:30 PM
Post #4 of 15 (6713 views)
Permalink
Am 25.03.14 20:13, schrieb Florian Lohoff:
> On Tue, Mar 25, 2014 at 01:29:39PM -0400, Philip Matthews wrote:
>> Folks:
>>
>> Until recently, I was under the impression that most people were using
>> numbered v6 links to residential subscribers, allocating the WAN
>> address using DHCPv6. However, recently two people have told me about
>> a number of providers that are doing unnumbered instead.

> We are doing PPPoE with SLAAC and DHCP-PD for a /56 - simple -
> straightforward and works like a charm with our AVM CPE installbase.
> Shipping IPv6 default enabled CPEs for 2 years.
We are doing the same.
But it's questionable to provide a /64 on the PPP link. So the same
model works quite well with link-local addresses.

The use of a numbered link has the benefit that in case of TR69, you can
use the WAN address for CPE management wich can be easily filtered.
Otherwise you need a loopback address out of the customer address space.
So for unmanaged devices I would prefer unnumbered links, for managed
devices the numbered one.

Btw. for PPPoE I don't see any benefit in using DHCPv6-IA instead of SLAAC.

> PPPoE solves all the v6 L2 security problems of legacy L2 networks and
> also solves the connectivity issues from your second paragraph. PPP
> comes with keepalives. Combined with multiple BRASes the fallback
> with a delayed PADO you are basically done with a failover scenario.
+1

Holger

Attached Files:

Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
gert at space
Mar 25, 2014, 1:29 PM
Post #5 of 15 (6703 views)
Permalink
Hi,

On Tue, Mar 25, 2014 at 01:29:39PM -0400, Philip Matthews wrote:
> Until recently, I was under the impression that most people were using numbered v6 links to residential subscribers, allocating the WAN address using DHCPv6. However, recently two people have told me about a number of providers that are doing unnumbered instead.
>

All large scale deployments I know about are using RA for WAN, and DHCP-PD for
LAN - so that's a third variant...

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
tarko at lanparty
Mar 25, 2014, 1:31 PM
Post #6 of 15 (6707 views)
Permalink
hey,

> So for anyone who has deployed or is planning to deploy residential IPv6, I am curious to know which way you are going, and more importantly why you selected that approach? My interest is primarily in IPoE, but I don't mind hearing about PPPoE as well.

Unnumbered WAN

CPE will get /56 with PD, will not allocate /64 to loopback just yet but
will do that when CPE management over IPv6 becomes possible.

--
tarko
Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
sander at steffann
Mar 25, 2014, 5:03 PM
Post #7 of 15 (6715 views)
Permalink
Hi Philip,

> Until recently, I was under the impression that most people were using numbered v6 links to residential subscribers, allocating the WAN address using DHCPv6. However, recently two people have told me about a number of providers that are doing unnumbered instead.
>
> So for anyone who has deployed or is planning to deploy residential IPv6, I am curious to know which way you are going, and more importantly why you selected that approach? My interest is primarily in IPoE, but I don't mind hearing about PPPoE as well.

I'm doing unnumbered PPPoE to residential, which works fine. Each customer gets a prefix through DHCPv6-PD. The PPPoE routers (ASR1k) talk DHCPv6-PD to the customer and RADIUS to our management system. It automatically injects the route for the delegated prefix towards the link + link-local address of the customer.

The reason for this is simplicity in the addressing plan. This way we have one prefix per customer, which we completely delegate to them. If the link was numbered we would need another /64 for the link. Which would mean that we have to assign and track two prefixes to each customer: the link /64 and the delegated /56. We would very probably never see any traffic from the /64, but we do need to track it (legal stuff etc).

> Additional questions for those who have chosen the unnumbered approach or are using SLAAC to number the WAN address.
> * What are you doing wrt having an address to ping to confirm the CPE is reachable?

The CPEs we give to customers have a pingable address from the delegated prefix (prefix::1). And we can always see if the CPE is online by checking the PPPoE session.

> * For those doing unnumbered, do all CPEs implement the same algorithm for selecting the loopback address according to WAA-7 in RFC 7084?

As far as I know: yes. Almost all customers use the CPE that we provide though, so I might just be lucky :)

Cheers,
Sander
Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
philip_matthews at magma
Mar 25, 2014, 7:28 PM
Post #8 of 15 (6712 views)
Permalink
Are these PPPoE or IPoE deployments?

And more importantly, any insights as to WHY they went this route? Were the other options considered?

For IPoE with RA/SLAAC, I am curious to know how the provider learns of an address on the CPE for pings or whatever? Or do they just not care?

- Philip

On 2014-03-25, at 16:29 , Gert Doering wrote:

> Hi,
>
> On Tue, Mar 25, 2014 at 01:29:39PM -0400, Philip Matthews wrote:
>> Until recently, I was under the impression that most people were using numbered v6 links to residential subscribers, allocating the WAN address using DHCPv6. However, recently two people have told me about a number of providers that are doing unnumbered instead.
>>
>
> All large scale deployments I know about are using RA for WAN, and DHCP-PD for
> LAN - so that's a third variant...
>
> Gert Doering
> -- NetMaster
> --
> have you enabled IPv6 on something today...?
>
> SpaceNet AG Vorstand: Sebastian v. Bomhard
> Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
> D-80807 Muenchen HRB: 136055 (AG Muenchen)
> Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
>
Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
philip_matthews at magma
Mar 25, 2014, 7:30 PM
Post #9 of 15 (6707 views)
Permalink
What were your reasons for selecting this option?

- Philip

On 2014-03-25, at 16:31 , Tarko Tikan wrote:

> hey,
>
>> So for anyone who has deployed or is planning to deploy residential IPv6, I am curious to know which way you are going, and more importantly why you selected that approach? My interest is primarily in IPoE, but I don't mind hearing about PPPoE as well.
>
> Unnumbered WAN
>
> CPE will get /56 with PD, will not allocate /64 to loopback just yet but will do that when CPE management over IPv6 becomes possible.
>
> --
> tarko
>
Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
achatz at forthnet
Mar 25, 2014, 10:47 PM
Post #10 of 15 (6709 views)
Permalink
We do numbered: SLAAC for WAN (TR-069 is done over IPv6, although still fighting to make it work correctly in DS-Lite from all vendors) and DHCPv6-PD for LAN for all our PPPoE subscribers.

Recently we added the option of doing DHCPv6 for WAN too, since we found CPEs that do not behave gently to the BRAS/BNG if that's not the case.

--
Tassos

Philip Matthews wrote on 25/3/2014 19:29:
> Folks:
>
> Until recently, I was under the impression that most people were using numbered v6 links to residential subscribers, allocating the WAN address using DHCPv6. However, recently two people have told me about a number of providers that are doing unnumbered instead.
>
> So for anyone who has deployed or is planning to deploy residential IPv6, I am curious to know which way you are going, and more importantly why you selected that approach? My interest is primarily in IPoE, but I don't mind hearing about PPPoE as well.
>
> The arguments I know or have heard for going numbered are:
> * Have a WAN address that one can ping remotely to verify connectivity (here I am assuming using DHCPv6 to assign a specific IID like ::1)
> * Want to use TR-069
>
> The arguments I can think of for going unnumbered are:
> * Greater security
> * Plan to ping the loopback address on the CPE
>
>
> Additional questions for those who have chosen the unnumbered approach or are using SLAAC to number the WAN address.
> * What are you doing wrt having an address to ping to confirm the CPE is reachable?
> * For those doing unnumbered, do all CPEs implement the same algorithm for selecting the loopback address according to WAA-7 in RFC 7084? If not, how do you handle this? For example, do you only select CPEs that implement the same algorithm? Do you just try the likely candidates until one works? Or something else?
>
>
> - Philip
Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
gert at space
Mar 26, 2014, 2:33 AM
Post #11 of 15 (6704 views)
Permalink
Hi,

On Tue, Mar 25, 2014 at 10:28:06PM -0400, Philip Matthews wrote:
> Are these PPPoE or IPoE deployments?

PPPoE for the large-scale DSL deployments in DE.

"Cable" for the large-scale cable deployments :-) (As far as I know, cable
has a shared /64 on the WAN side).

> And more importantly, any insights as to WHY they went this route? Were the other options considered?

No idea about the reasoning behind. *Our* small-scale deployment truly
doesn't count, as everything is fully managed and fixed-config on the CPE
(so neither SLAAC nor DHCPv6 involved), mostly due to "when we set this
up, DHCPv6 didn't exist in IOS" and we never came around to rebuilding the
plattform...


> For IPoE with RA/SLAAC, I am curious to know how the provider learns of an address on the CPE for pings or whatever? Or do they just not care?

I have no idea how TR69 management works (will the CPE just call in?),
but besides that, in those large-scale deployments I know about, the
ISP couldn't care less - most CPEs are unmanaged.

Gert Doering
-- NetMaster
--
have you enabled IPv6 on something today...?

SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
swmike at swm
Mar 26, 2014, 4:08 AM
Post #12 of 15 (6711 views)
Permalink
On Tue, 25 Mar 2014, Philip Matthews wrote:

> What were your reasons for selecting this option?

I see a few up-sides.

You get clean /56 handoff to customer, and you don't need to have any of
the customer GUA addresses on the ISP router, meaning control plane
protection is easier. You also lessen amount of table entries you need for
uRPF.

Downside:

People actually need CPE, they can't connect a computer directly (at least
not without turning on Internet Connection Sharing or alike).

--
Mikael Abrahamsson email: swmike@swm.pp.se
Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
tarko at lanparty
Mar 26, 2014, 5:11 AM
Post #13 of 15 (6706 views)
Permalink
hey,

> What were your reasons for selecting this option?

- one prefix per customer, don't need to track separate wan and PD prefixes

- hope that we can advertise default-route (pointing to virtual
link-local address) with dhcpv6 in the future and can get rid of RA on
the wan

- certain scaling aspects on the susbcriber management platforms we are
using

--
tarko
Re: Residential subscribers: numbered or unnumbered? [ In reply to ]
philip_matthews at magma
Mar 26, 2014, 6:36 PM
Post #14 of 15 (6696 views)
Permalink
Many thanks to everyone who replied, even though most people were telling me about PPPoE rather than IPoE.
I am not all that familiar with PPPoE (need to educate myself!!), but I can see how many of the issues I mentioned go away with it.

- Philip

On 2014-03-25, at 13:29 , Philip Matthews wrote:

> Folks:
>
> Until recently, I was under the impression that most people were using numbered v6 links to residential subscribers, allocating the WAN address using DHCPv6. However, recently two people have told me about a number of providers that are doing unnumbered instead.
>
> So for anyone who has deployed or is planning to deploy residential IPv6, I am curious to know which way you are going, and more importantly why you selected that approach? My interest is primarily in IPoE, but I don't mind hearing about PPPoE as well.
>
> The arguments I know or have heard for going numbered are:
> * Have a WAN address that one can ping remotely to verify connectivity (here I am assuming using DHCPv6 to assign a specific IID like ::1)
> * Want to use TR-069
>
> The arguments I can think of for going unnumbered are:
> * Greater security
> * Plan to ping the loopback address on the CPE
>
>
> Additional questions for those who have chosen the unnumbered approach or are using SLAAC to number the WAN address.
> * What are you doing wrt having an address to ping to confirm the CPE is reachable?
> * For those doing unnumbered, do all CPEs implement the same algorithm for selecting the loopback address according to WAA-7 in RFC 7084? If not, how do you handle this? For example, do you only select CPEs that implement the same algorithm? Do you just try the likely candidates until one works? Or something else?
>
>
> - Philip
RE: Residential subscribers: numbered or unnumbered? [ In reply to ]
Ragnar.Anfinsen at altibox
Mar 27, 2014, 1:17 AM
Post #15 of 15 (6700 views)
Permalink
Hi Philip,

We are doing IPv6 over IPoE in our labs (for now), and we will use DHCPv6 for numbering the CPE. The reason for this is that we support putting the CPE in bridge mode, where the customer can either connect a 3. party router or a computer. When connecting a computer, it needs an IP address and using DHCPv6_IA for this will make the traceability and legal issues easier to handle.

Best Regards
Ragnar


> -----Original Message-----
> From: ipv6-ops-bounces+ragnar.anfinsen=altibox.no@lists.cluenet.de
> [mailto:ipv6-ops-bounces+ragnar.anfinsen=altibox.no@lists.cluenet.de] On
> Behalf Of Philip Matthews
> Sent: 27. mars 2014 02:36
> To: ipv6-ops@lists.cluenet.de
> Subject: Re: Residential subscribers: numbered or unnumbered?
>
> Many thanks to everyone who replied, even though most people were telling
> me about PPPoE rather than IPoE.
> I am not all that familiar with PPPoE (need to educate myself!!), but I can see
> how many of the issues I mentioned go away with it.
>
> - Philip
>
> On 2014-03-25, at 13:29 , Philip Matthews wrote:
>
> > Folks:
> >
> > Until recently, I was under the impression that most people were using
> numbered v6 links to residential subscribers, allocating the WAN address using
> DHCPv6. However, recently two people have told me about a number of
> providers that are doing unnumbered instead.
> >
> > So for anyone who has deployed or is planning to deploy residential IPv6, I am
> curious to know which way you are going, and more importantly why you
> selected that approach? My interest is primarily in IPoE, but I don't mind
> hearing about PPPoE as well.
> >
> > The arguments I know or have heard for going numbered are:
> > * Have a WAN address that one can ping remotely to verify connectivity (here
> I am assuming using DHCPv6 to assign a specific IID like ::1)
> > * Want to use TR-069
> >
> > The arguments I can think of for going unnumbered are:
> > * Greater security
> > * Plan to ping the loopback address on the CPE
> >
> >
> > Additional questions for those who have chosen the unnumbered approach or
> are using SLAAC to number the WAN address.
> > * What are you doing wrt having an address to ping to confirm the CPE is
> reachable?
> > * For those doing unnumbered, do all CPEs implement the same algorithm
> for selecting the loopback address according to WAA-7 in RFC 7084? If not, how
> do you handle this? For example, do you only select CPEs that implement the
> same algorithm? Do you just try the likely candidates until one works? Or
> something else?
> >
> >
> > - Philip
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal