For years I have been using a third party ISP for my IPv6-enabled internet. Alas, third party ISPs rely on last mile incumbent carriers to connect to their customers. It all works well, until it doesn’t. This fall, the last mile was disconnected from my ISP not once, but three times. After sitting in the Internet darkness for over a week, I decided to go with another ISP.
Earlier this year, Rogers, a large ISP in Canada, bought Shaw Communications, an incumbent ISP here in Western Canada. Having been a Rogers customer about 10 years ago, I knew that they knew IPv6. Unfortunately, the same can not be said about Shaw, as they were only giving out /64s, and only for their top tier (read: most expensive) customers. Shaw had a /32 from ARIN, so they would have to have 4 billion customers before having to request another /32.
I was hoping that Rogers would be able to teach the Shaw folks a bit more about IPv6. And they kind of have, but the Shaw ways are still strong.
Installing Rogers/Shaw Internet Service
I learned when working at the University of Hawaii, that one does things differently when having to scale the task up. For example, say it takes 2 minutes to add a new user to your systems. No problem, until you have 30,000 new users to add every semester, now it takes 41 days! Better come up with a more scalable system.
Rogers/Shaw supports self install, where they send the customer a DOCSIS cable modem/router. The customer unboxes the cable modem/router and plugs it into the cable, and power. It is expected that the customer will connect to the router-half via Wifi. And the customer is online.
A word about modem/routers
Modem comes from Modulator/Demodulator. Its purpose it to put a signal on a wire (phone lines, coax, etc). A router is something that routes IP packets. In this modern age, ISPs often send/sell customers a single box that does both functions.
XB6 with a sloped top, prevents you from stacking things on it
Cable Modem/Router XB6 defaults to a single /64
After following the self install instructions, it was clear that I had only received a prefix delegation (PD) with a single /64.
And the software in the XB6 router does not permit changing the Prefix Delegation size! Clearly the old Shaw ways are hard to stamp out.
Bridge Mode
Fortunately, Rogers/Shaw knows that their router may not be up to the task, and provide documentation on how to put their router in bridge mode, effectively turning their device into just a cable modem.
Once the ISP provided router (an XB6) has been placed into bridge mode, it is easy to use one of the Ethernet ports to connect to an OpenWrt router, and let it handle the routing of IP packets.
Unfortunately, bridge mode does not disable the Wifi as the documentation states. Instead, it leaves a SSID with the name ShawMobileHotspot turned on. This is a shadow network, that Shaw used/uses for their cellular customers. It is possible to log into the my.shaw.ca page, and disable ShawMobileHotspot, but unfortunately, it doesn’t actually disable the Wifi.
Using OpenWrt’s Channel Analysis, you can see that disabling the ShawMobileHotspot only changed the SSID to “hidden”. And it is still transmitting on Channel 44 (and one can’t change the channel either).
After searching online a bit, I found a note in the Comcast forums which described the steps to disable the Wifi in bridge-mode:
- Plug your laptop directly into the XB6 modem/router Ethernet port
- Statically define your laptop as 10.0.0.10/24
- Point your browser at 10.0.0.1, and log into the XB6
- Switch the XB6 out of bridge mode, let it reboot
- Log back into the XB6, and disable the Wifi on both 2.4Ghz and 5Ghz
- Switch back to bridge mode, and let it reboot again
Once all that is done, plug your OpenWrt router back into the XB6, and the Channel 44 spectrum should look much clearer. The XB6 Wifi has actually been disabled.
Now you can actually see my two routers which were obscured (and interfered with) by the XB6 Wifi.
OpenWrt to the rescue
OpenWrt has excellent IPv6 support, and the defaults are usually enough to get you up and running. That was my first attempt, and I received a prefix delegation (PD) of /64. Dang!
Fortunately, OpenWrt has the ability to request a specific size of PD. By requesting a /56, I was pleasantly surprised to get a /56! Now I had address space room to prefix-delegate down to the ten IPv6 subnets I run in my house.
Note the “Request IPv6-prefix of length” at the bottom
What doesn’t work
I no longer have a static prefix (my old ISP rented one for $3/mo). Fortunately, the prefix is on a long DHCPv6 lease (about 14 days), which allows me to keep the same prefix through router reboots.
However, there are still things which rely on the IPv6 prefix:
- Firewall rules – Some are host specific, and therefore a prefix change will make the firewall rules stop working
- Self assigned prefix delegations – Because of OpenWrt’s algorithm to divide a prefix address space by four, and allocate 1/4 address space to the downstream routers, it can be challenging to get everything to automatically address downstream PD. Therefore on a couple of routers, I disable “Request IPv6-prefix of length” and in
/etc/config/networkof the router I assign my own delegated prefixes (from the delegated /56):
config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'
list ip6prefix 'fd01:0db8:CAFE:fd60::/60'
list ip6prefix '2001:0db8:1381:5f60::/60'
option reqprefix 'no'
option reqaddress 'try'
I’ll need to create a script which will renumber the few routers which have the Rogers/Shaw prefix configured to make the change scale better (for now I am using sed)
Using ULA address space as a Management Plane
I usually recommend against using ULAs. However, I quickly discovered when my internet was down that I couldn’t get to any of my routers or hosts by name. My DNS server had GUAs (Global Unique Addresses) with a non-existent delegated prefix.
And because my Roger’s prefix is not guaranteed to not change, I have opted to use a ULA address space as a management plane to get to my local routers and hosts (I do not have IPv4 A records in my DNS server, as that would prevent the ULA address from being used).
Happy with Rogers
Overall, I’d have to say I am pretty happy being a Rogers customer again, now that I have a relatively stable /56 prefix. Thanks goodness the ISP supplied routers have bridge-mode, and I can use my OpenWrt router.