IPv6 on Home Routers: FAIL
When it comes to IPv6 support, consumer home networking gear lags far behind other devices, like enterprise equipment and PC operating systems. Most devices certified as IPv6-compliant by the IPv6 Forum are full of implementation bugs, experts say.
Consumer electronics vendors have procrastinated in providing IPv6 support for a long time, says Frank Bulk, who has been testing devices for his job as technology and product development manager for Premier Communications, an ISP serving northwestern Iowa. "Some vendors point out that the 'IPv6 CE router requirements' IETF draft is only now working through the final stages of the standards process and that the Broadband Forum documents were completed only a few months ago. But I've been working with the D-Link product manager for the last five months. If one vendor can do an adequate job of IPv6, why can't its competitors?"
If there is a bright side, home equipment vendors are aware they are an adoption bottleneck and are working to fix the problems, some more feverishly than others. The University of New Hampshire InterOperability Lab held an IPv6 consumer electronics Plugfest on Feb. 14, and CableLabs has stepped up to organize two more this year in April and September in Denver. While the UNH-IOL and CableLabs are typically tight-lipped about Plugfest results, a white paper will be published to those on the V6ops IETF mail server.
But equipment makers don't have an endless supply of time to get it right. IPv4 depletion for U.S. companies is fully expected to occur in 2011. ARIN says it has around 80 million IPv4 addresses left and expects to run out of these addresses within nine months. We will soon see a day when new computers, servers, mobile devices and the so-called Internet of Things can only get an IPv6 address. Carrier-grade NAT (CGN, also known as large-scale NAT) will suffice as a stopgap measure, but it comes with its own set of problems.
"I am not a big fan of carrier-grade network address translation. Part of the reason is the whole notion of network address translation is brittle and it doesn't permit servers to be available on the consumer premises," Vint Cerf, chief Internet evangelist for Google, told Network World in a recent interview. "But it may turn out that NATs are needed in order to facilitate the transition during this period when we have to run both protocols."
LSN contrasts with the ideal solution: to move all devices to using native IPv6 as quickly as reasonably possible -- not tunneled, not translated, but native. That's difficult to do when it's 2011 and customer premises equipment (CPE) and consumer networking gear don't yet properly support IPv6.
Some, such as Cisco's Linksys consumer routers, don't have IPv6 yet at all, although Cisco has promised to add IPv6 to its new routers by mid-2011. (Ironically, Cisco is otherwise ears-deep in the Plugfests, supplying a DHCPv4/DHCPv6 server for the tests.) A Cisco spokesperson confirmed, "Linksys routers being launched this spring will have IPv6 support -- also the E4200 we launched in January will have a firmware upgrade planned for April."
However, Cisco isn't sure yet if routers bought prior to 2011 will get IPv6. "We are currently looking into which 'legacy' Linksys product can support IPv6. (There are many things that influence us being able to do it -- including if there is enough memory, as well as other factors.) The engineer teams are working on that," the spokesperson said.
Network professionals are comfortable with "rooting" their home networking gear and can always wipe out the vendor's firmware and install OpenWRT or DD-WRT. But that's not the kind of task an average consumer can or will do, nor is it a saleable tactic for an ISP to recommend and support.
ISPs, in particular, are in a bind. To date, residential ISPs running IPv6 trials have provided the customer router. Service providers offering IPv6 expect that through 2012 they will need to, at the very least, provide customers a short list of tested routers and configuration instructions, Premier Communications' Bulk says. "It's the desire of service providers that big box electronic stores be able to point customers to boxes with 'IPv6-ready' logos. The Wi-Fi Alliance has done a great job in communicating to customers which wireless products will work well -- it's an open question at this time if the IPv6 Forum will be able to replicate that with IPv6."
With the exception of some products by D-Link and Apple's AirPort Express and AirPort Extreme, none of today's CPE can operate using IPv6 well enough for a field test trial, Bulk says.
He, like other ISPs, would like to be installing IPv6-ready gear in customer homes and small businesses right now. "Every day that goes by is one more day we're assisting customers with IPv4-only routers and installing our IPv4-only DSL modems. While we know the amount of IPv6-only content on the Internet is very little today, we want to avoid rolling trucks three years from now to help people with configuring their IPv6-capable router or to replace our DSL modem. And it's not just the cost of the truck roll, but also the gear."
Bulk has tested about a dozen consumer-grade routers and DSL modems that claim IPv6 support and documented some of his test results on ARIN's IPv6 Wiki site.
"In general, it's been disappointing," he says, and he has long given up on firmware upgrades. "Most of the low-cost consumer-grade routers of the last few years have insufficient memory to support an adequate set of IPv6 features, and even those routers that do, it's not in the vendor's best interest to spend development dollars on adding features to an older product with razor-thin margins."
For instance, he says that despite earning IPv6 Forum certification for several of its WNDR products, Netgear's wares aren't ready. Last month he tested the WNDR3700v2, a unit specifically recommended by a Netgear service provider support engineer.
Bulk found bugs with how the devices implemented IPv6 support on the LAN (client) side of the router.
"In our IPv6 trial we hand out a /56 to each router. When I discovered that the PC attached to the Netgear router didn't have an IPv6 address, a little poking around revealed that the router was attempting to perform SLAAC with the full /56, rather than select a /64 out of the delegated prefix. In compliance with IETF standards, the PC wasn't getting an IPv6 address. I can only speculate, but it appears that in its testing Netgear was only handing out a /64 to each router, which likely would have resulted in a successful test. "
He alerted Netgear to the problems and reports that the company is working on fixing them.
Netgear isn't alone. David Thompson, product marketing director for CPE provider ZyXEL, recently boasted about how the company implemented IPv6 support in its home networking gear way back in 2006.
Bulk responds, "David speaks positively about ZyXEL's IPv6 support, but the unfortunate reality is that their CPE is not IPv6 ready, at least not in our environment. In less than an hour of testing I showed that: PPPoEv6 was not starting/attempting to connect; the DSL modem doesn't respond to DHCPv6 solicit requests in either stateful DHCPv6 or stateless DHCPv6 mode; clients are unable to obtain an IPv6 address when the LAN interface is configured for SLAAC, etc."
Again, ZyXEL engineers are aware of these issues and are working to fix them.
Bulk names D-Link as one of the few bright spots. Several of the company's older "IPv6-ready" models operate well, but due to storage limitations still lack a stateful firewall for IPv6, an IPv4 feature that is not synonymous with, but generally bound to most implementations of consumer-grade NAT. Hardware revisions are coming this year to address those limitations and support a stateful firewall for IPv6, but Bulk said that one D-Link model has a firewall today.
"We're using the D-Link DIR-655 in our private trial, and feedback from customers has been very positive," shares Bulk. "We'd like to offer our trial customers a few other vendors to choose from, but other than Apple (which I have yet to test), I've found no other consumer-grade IPv6-ready routers in the market."
To be sure, the foot-dragging on the part of consumer equipment makers won't exactly cause an Internet Armageddon.
Homes and small business that currently have IPv4-only routers will be OK for the next couple of years, says Doyle. "For existing users, the impact should be minimal -- they already have IPv4 addresses, so there should be no problems. It's new users that will need IPv6-capable routers (or DSL modems or cable modems), and it will be up to the broadband providers to be sure they are using the right units. Eventually existing users can be retrofitted, either through firmware upgrades or through normal purchase of new routers that have IPv6 capability."
Still, it's aggravating that it's the network gear makers themselves holding things up.
Ultimately, few can disagree with Cerf's take on the matter: "It's important to get both protocols running smoothly at home. Already laptops and desktops have the capability. It's usually firewall, the NAT box and maybe the broadband modem that you have at home that haven't been configured for IPv6. So when we turn on IPv6 on a worldwide basis on June 8 as a 24-hour test (World IPv6 Day), I'm sure there will be things that don't work and those need to be addressed (no pun intended). I would much rather see a concerted effort to get everybody up and running on IPv6, and then the transition is smooth at that point because it doesn't matter if the destination is running IPv4 or 6 -- everyone can talk to everyone. That would be the desirable outcome."
Julie Bort is the editor of Network World's Cisco Subnet community site. She also writes the Microsoft Update and Source Seeker blogs. Follow Bort on Twitter @Julie188.
Read more about lan and wan in Network World's LAN & WAN section.