Hurricane Electric IPv6 Tunnel Broker with Sky ISP

News and views, and should we control them?

Moderator: embleton

Locked
User avatar
embleton
Site Admin
Posts: 771
Joined: Sat Aug 02, 2014 2:40 pm
Location: Plymouth
Contact:

Hurricane Electric IPv6 Tunnel Broker with Sky ISP

Post by embleton » Fri Aug 21, 2015 9:17 am

After doing research to obtain IPv6 connectivity on my hybrid fibre connection with Sky I decided to implement connectivity by using an IPv6 Tunnel Broker Neither the Sky SR102 Hub or the current firmware supports IPv6 in my setup, but a router that I use behind the Sky router supports IPv6 natively or by an IPv6 in an IPv4 tunnel, that router is the 6th generation Apple AirPort Extreme, it was just a matter of getting it all to work together.

The AirPort Extreme was configured in bridge mode behind the SR102 originally and in this configuration, I thought IPv6 will not work because the clients need to obtain IP addresses from the AirPort Extreme. The Sky router cannot support pure bridge mode, so it only acts as a VDSL2 modem, so the internal connection had to be double NATed and the AirPort Extreme will scream about being configured in this way, which you just need to ignore completely. One needs to then configure DMZ on the Sky router to the AirPort Extreme, this ensures that IPv4 protocol 41 gets forwarded to the AirPort Extreme without difficulty and the Sky router will do so with this configuration modification.

I switched the AirPort Extreme back to bridge mode after this and with it is in the DMZ of the Sky SR102 router IPv6 still works correctly, so it would seem that an IPv4 DHCP and DHCPv6 server can reside on the local area network from different routers supplying addresses without difficulty, Sky's SR102 router supplies the IPv4 private IP addresses and the AirPort Extreme supplies public IPv6 addresses from its DHCPv6 server and my block of /64 addresses.

Once I'd done the above I create an account with Hurricane Electric and then set up a tunnel with the clear instructions they provide on configuring the AirPort Extreme, and after this was done the IPv6 tunnel was up and running providing IPv6 connectivity to the AirPort Extreme router. Effectively I now have a dual-stack IPv4/IPv6 network working quite nicely with standard IPv4 routing going via Sky and IPv6 going via Hurricane Electric to their London POP via the AirPort Extreme. It was now time to do some tests of IPv6 connectivity in a world that hasn't really adopted IPv6 to a great extent or worked out the difficulties that really do occur in the real world with connectivity in the UK.

I did test IPv6 when double NATing IPv4 for a couple of days and it worked nicely, but this causes issues with my FTP server when trying to connect to it with passive FTP on IPv4, and Remote Desktop Protocol (RDP) wouldn't work correctly through double NAT on IPv4 either, which is rather a headache to solve until I switched the AirPort Extreme back into bridge mode and to my surprise IPv6 still worked correctly on my internal network with only a single NAT for IPv4.

I had issues with Windows 7 and Windows 10 assigning temporary IPv6 addresses at first but through Google I found out that this security feature can be switched off so that a static IPv6 address is assigned to these machines so that servers could be run on the IPv6 side of the connectivity, something I require so that multiple web servers can be run publicly on my network. It is all working nicely without double NATing IPv4 now and the performance of both protocols are much better than my previous configuration, as monitored by a SamKnows WhiteBox. I now have FTP, HTTP web servers, RDP, SSH and OpenVPN running on both IPv4 and IPv6 on my network with complete success and it only took a couple of hours to setup and test.

With IPv6 connectivity, Apple's FaceTime works nicely switching between the O2 mobile 3G network and the dual stack IPv4/IPv6 on a fixed broadband connection on wifi. When I lost wifi connectivity FaceTime automatically switched to the mobile O2 3G network and back again once wifi connectivity was restored, so that's an improvement in the real world and thumbs up for IPv6 connectivity that I noticed during my testing.

I'm now waiting for the new firmware for the Sky SR102 router to see whether it will break this configuration, but my thoughts are that only the DHCPv6 server in the Sky SR102 will need to be switched off for it to operate correctly in this configuration.

User avatar
embleton
Site Admin
Posts: 771
Joined: Sat Aug 02, 2014 2:40 pm
Location: Plymouth
Contact:

Re: Hurricane Electric IPv6 Tunnel Broker with Sky ISP

Post by embleton » Sun Apr 07, 2019 10:49 am

The method does not apply to Sky routers for they've blocked the facility,

Locked