[pfSense] Request for help: Seeking pfSense user with access to 6RD IPv6 WAN

Wed Feb 1 11:18:41 EST 2012

Op 1-2-2012 16:41, Chris Bagnall schreef:
> On 1/2/12 2:15 pm, Seth Mos wrote:
>> I am seeking a user(s) that has access to a 6RD IPv6 connection so we
>> can test our development 6RD code.
>
> Out of curiosity (and this is more aimed at ISPs than end users), is 
> implementing the various IPv6 'workarounds' - for want of a better 
> word - actually any easier/cheaper than just implementing proper 
> native IPv6?
There are just so many factors here. Let me see if I can explain some of it.

The short summary, no, it's cheaper to deploy native then it is to 
implement "workarounds".

Except for:

- You are a ISP and you didn't put IPv6 as a hard demand on the 
equipment you purchased in 2008. Buying a new 120K euro core router is 
not a option, you only make "x" euros profit per year per user. If they 
call the helpdesk once it's gone.
- The vendor sold the equipment in 2008 promising a firmware update 
supporting IPv6 "soon". Now 4 years later the vendor still hasn't 
shipped firmware.
- Vendors asking new licenses for IPv6 to get feature parity to actually 
deploy to users. Seems really stupid, but it happens. It's not something 
that should be licensed, that's stupid.
- The 2008 Equipment has the features and the licenses but they 
encountered a show stopping bug that brings the chassis to it's knees 
and it's so ingrained in the hardware that it can't be solved except for 
forklift upgrades.
- Backend systems for deployment, provisioning and billing don't support 
it, this is pretty much true on the larger ISPs where these are very 
heavily integrated.
- Time to deploy using 6RD is just very fast from a ISP standpoint. 
Considering the 1st impact in europe might be somehwere this summer this 
is another factor. It's basically ISP controlled 6to4 with added smarts.

> I can't help but think that if half the effort that has gone into 
> developing workarounds had gone into native IPv6 implementation, we'd 
> (as an industry) be a lot further on than we are.

Yes we would, like starting in 2002 instead of waiting to "next year". 
Whenever that is. And now we need it this summer for real and it sucks, 
because that just got you 5 months and a hard deadline.

To be fair, I only started the IPv6 work in pfSense in december 2010, 
that's over a year ago and I'm finally getting round to this. We did 
have dhcp-pd summer 2011 which is a actual native solution and static 
addressing in feb 2011.

6RD is fast to deploy because you can bring up a big 6RD broker on your 
huge ass chassis with multiple 10GE pipes.
Each client enables the 6RD knob and presto they can use a /60 (in the 
case of Swisscom) on their own router.
Everything in between can be ignored from the ISP standpoint.

Swisscom communicated with me that this platform will be here for the 
next 5 years. Which I don't believe because the will run out of their 
public IPv4 allocation way before then and that stops 6RD from working 
iirc.

Tunneling is still one of the more native connections. You get good 
throughput because the tunnel goes over the same pipe as your v4 path. 
And you have control of where it terminates.

The current CPE situation is absolutely quite horrid right now. The 
amount of support in stuff they still sell is almost nonexistant. Some 
support IPv6 in the 100~200 euro models but no such luck in the 35 euro 
devices everybody ships with the dsl subscription they just got.

As far as workarounds go, 6RD is not bad. It's quite usable. Some other 
dynamic tunneling options are highly disapproved of. Like 6to4 or 
Teredo. Sure those work too, but any sort of performance guarantees 
can't be given for those.

Regards,

Seth